Slashdot Mirror
Guerrilla IT, Embracing the Superuser?
snydeq writes "First it's letting users manage their own PCs and now it's sanctioning the shadow IT projects they do on the down low: 'You probably know them. They're the ones who installed their own Wi-Fi network in the break room and distribute homemade number-crunching apps to their coworkers on e-mail. They're hacking their iPhones right now to work with your company's mail servers. In short, they're walking, talking IT governance nightmares. But they could be your biggest assets, if you use them wisely. The reason superusers go rogue is usually frustration, says Marquis. "It's a symptom of the IT organization being unable to meet or even understand the needs of its customers," he says. "Otherwise, it wouldn't be happening." The solution? Put them to work.'"
In which case they should toe the god damn line, because they're fucking shit up for other people.
Yes, enterprise IT can be frustrating. But your cheeky little wifi hack maybe just took down three buildings of network, resulting in thousands of dollars of lost productivity. Actually happened, in my org - 100% true story.
I don't like meaningless limitations any more than the next guy, but these know alls who think they're 'superusers' because they can set up a wifi network need to lay off - they don't have the big picture, they just think they're being clever. Guerilla? Arse-scratching chimp, more like.
I don't think that's true. Lots of people just want to screw around with things and get an ego boost out of flouting authority or trying to show-up the IT staff. You know, there's always going to be that guy who wants to install games on his PC, and figure out how to tunnel past the porn filter. Maybe it's because he wants those things, but also it's because he gets a kick out subverting the rules. Either way, it doesn't mean the IT staff isn't doing their jobs.
Please tell me people don't really talk like that. "Grew the solution"? "Drive business value"? These people need to get a hold on themselves and listen to the feces streaming out of their mouths.
hahaha, let the users have admin rights?
does the author have **any** experience of the commercial environment?
Remind me why we even have an IT dept. again?
Depends on the company but generally because they were told to have one, not because the department itself operates well. Honestly, while I could fully be a "rogue superuser" I prefer to let them do most of their work because I just don't get paid to do what they get paid to do.
Will I install applications, use applications and write applications as necessary to get *my own* job done? Yes. Will I go out of my way to do it so that others can do their job better? No. I am the first to tell someone who sends me an IM that asks, "Bill, can you come down and help with foo?" to go and submit an IT work order and wait it out. But I'm certainly not going to wait for them to come and fix my machine when I know full well I can do it myself without watching work backup for minutes, hours or days.
I've been on both ends of the IT/user divide. I've administered networks of several hundred machines and am well aware of what some people will try to do with them. In my current position, however, I'm just a regular user. So when people in the department start talking about doing something that IT wouldn't approve of, I can usually explain to them in their terms why it wouldn't be such a good idea. OTOH, there have also been times where I've been called in by my boss to take care of a situation that IT hasn't been able to resolve, but that I've figured out because I face the problem daily. In those instances, I don't mind making a quick lap around the department and tweaking the machines a bit, because I know that it's exactly what IT would be doing anyways if they could be bothered to figure it out. And before someone says anything, I've contacted IT before to explain the problem and the fix. It's just that it's usually such an esoteric issue that they can't even begin to get their heads around it (e.g., font caching issues involving using certain programs in a certain sequence).
This guy's the limit!
My last employer had firewalls that only allowed traffic through ports 80, 443, and an unusual port for VPN. I heard they also sniffed unencrypted packets, mostly to watch for viruses and breakins. Some of my coworkers wanted to use IM, although it was banned on the network. So I set up an encrypted squid proxy through my work desktop and home server. My whole team had IM and was able to communicate more efficiently.
One day I got called into the boss's office. He says, "I hear you've installed IM on everyone's desktop." So immediately I think I'm in trouble. Then he says, "Would you mind setting it up for me? How did you get it on the network?" He realized it increased productivity and any personal use wasn't seriously inhibiting work.
The point is don't hinder technology for a whole company only because you're afraid one ignorant user will bring in a virus. If power users want something, it's typically because it'll make them better at their job. Figure out a way to let them have it.
Developers: We can use your help.
Exactly. I'll generally deal with my own machine (up to a point) and will take full responsibility for any issues that might arise due to my actions. That said, if I encounter a problem, I'll do what I can to take care of it within the rights limits of what IT has given me. When I go beyond that I know that I'm on my own and can't particularly expect IT to fix it if I screw something up.
This guy's the limit!
I think most good IT departments are okay with allowing a certain amount of freedom. Where I work we don't give out admin logons, but we do allow some users to admin their local machine, and we do allow some users the privileges to do basic crap on other people's machines. If you have a guy who is willing and capable of doing annoying little changes for people and taking some of the headache off of the IT staff, more power to 'em.
But that stuff should always come with a "screw it up, and you're going to have to fix it yourself" caveat. If you pick your people well, then they should be okay with that in the first place.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
And while you're creating this community, your network is busily being infested with malware, unlicensed software and pirated music.
As much as we love to believe that everyone would be an ideal user with just a little education, most people simply do not care about computers outside of the fact that they have to use them for checking their emails and inputting data into "Application X". I admit that I work in the NHS, so there's an abnormally high percentage of IT illiterate users, but I see very few users with an actual interest in learning.
It really depends on the organization. There may be some overriding legal or safety reasons why you don't want to let anyone out of the sandbox: end user apps may not place nice with air traffic control or nuclear plants. ;)
On the other hand, some IT departments fully live up to the Dilbert character, Mordac, Preventer of Information Services. My IT department happens to be one of those, and the main consequence of my supervisor's blanket refusal to do anything that bothers him is that everyone, including his boss, comes to me to get things done. And that's okay with my boss, because his real objection is to doing anything unfamiliar, not the fact that it's being done somewhere.
But that's obviously a dysfunctional situation. The problem is that our IT department -- and presumably many others, including some of the snitty, arrogant posters in this thread -- isn't doing its job. By definition, if the IT department is either preventing necessary work from being done, failing to help get it done, or imposing arbitrary obstacles to get out of doing work in the first place, the solution is not necessarily giving end users IT responsibilities; the solution is for upper management to kick ass and, if necessary, hire IT people willing to do their jobs.
Contrary to some of the polarized views I've seen here, IT isn't always the problem, nor are end-users always the problem. Most often, it's a failure of both to work constructively and flexibly together and a failure of upper management to insist that they do.
Of course, if the dysfunctionality in your company isn't going anywhere anytime soon, you may have to look for workarounds, and the solution proposed by the original poster might work in some situations.
Proud member of the Weirdo-American community.
Well your caveat only works to a point. How long would your department let him spin his wheels while work is not getting done? Who then gets blamed for the downtime? The power user or IT?
We did this at my employer, one of the departments decided they wanted to maintain their own desktops as a group. As no self-respecting admin actually enjoys taking care of desktops, we let them do it.
It wasn't a total break, they're still subject to the site's security policies and their home directories still mount from an nfs server we maintain, but no one in our group has had to install a machine or fix a dead hard drive in 5 years. They understand their needs far better than I ever could, so it really was a win-win situation.
It's worked surprisingly well, the admins are all volunteers from within the group, and they even maintain a batch system that all the workstations use for running jobs.
If any company has a group of people willing to take on that kind of responsibility, I'd say it deserves serious consideration.
...and even I think this is a BAD idea. You want to mess with your own PC, okay - there's some merit there for some people. Mess with the network - hell no. There are too many things that need to get done, and the ability for one person - even an otherwise knowledgeable person - outside of IT to screw things up is just too much of an unknown.
I'm not usually one to chime in on the side of IT, as they often throw out the baby with the bath water, but letting people who's primary function is something other than keeping the network up mess with the network is just a massively bad idea. Screw up a workstation and one guy is dead for a day. Screw up the network and the whole company can go toes up.
Is it just my observation, or are there way too many stupid people in the world?
I can relate to this issue. My co-workers often come to me to fix their email and various other apps that have been screwed up by an incompetent IT staff. I try, I really do try to get my coworkers to call IT if their is a problem, but sadly, they often don't trust them. I have been accused of all sorts of things by various IT employees and none of it true or even provable if it was. The truth is mine is the only computer they are _not_ regularly fixing (or screwing up) here in my office.
It's like antivirus programs. I have no problems with having it installed on my computer, but I DO have a problem with it kicking off in the middle of the danged day when I am trying to work. The problem with some of the power tripping IT staff (hey I am in IT) is that they don't think....what time of day should these run?? They accept all defasults.....and that sucks.
Gorkman
Remind me why we even have an IT dept. again?
Because for every one of you, we have a hundred people who can barely manage to get around in MS Office, and most dangerous of all, three or four people who think they know computers (yet strangely manage to cause more restore-from-backup sessions that all other users combined).
That said, if I didn't work in IT, I sure as hell wouldn't do the same work unrelated to my job description. Dealing with helpless coworkers without having it go into my pay or performance reviews? Not bloody likely!
Are you seriously saying that the company you work for would support you NOT helping an employee recover his system just because he broke it himself?No, seriously, the company supports that position for you?Again, and the company supports that position?That's a LOT different from what you've been saying.
We only support our standard configuration. Yet if a machine breaks, whether from an employee's actions or not, we still repair/recover as much as we can.
I'm fascinated that you seem to be claiming to work for a company that values your self-esteem over actual customer contracts.
Well, this rogue moron has to install stuff on his own, because our IT support department treats the development teams as if we don't know what we're doing, and applies the same policies for business users to us.
How can I be expected to do my work, if I can't even install an IDE, because it doesn't fit the standard image they have?
Anyway, it's more a problem in the structure I have here than anything else. I just wanted to state the point of view from a rogue moron.
Live forever, or die trying.
Hey powerusers... how much privs do you need? You say you want to install whatever you want on your PC. Which btw you didn't purchase. You say you want to pick our the exact model of server your app runs on, but you don't want to be the one to stock the 97.56GB drives as replacements, nor do you want to carry a duty pager to swap out parts when they break at 2am.
Why stop there? Why not just ask for the admin password on the core routers. I'm sure your expansive knowledge of networking (and installing dd-wrt on your linksys does not make a BGP expert out of you) could provide invaluable when the DWDM gear is malfunctioning. We're upgrading to AIX6 shortly, maybe your vast experience in managing/installing mysql at home will help us optimize a 10TB DB/2 database. Please help us out, since you installed parallels on your mac, you can lend us some of your expertise in VMs when we consolidate two z990s into a z10.
You say you manage a 5TB nfs server at home? Please show us the wisdom of your ways as we try to consolidate 50 EMC DMX arrays so we can save on power and cooling.
When we fuck-up, an entire company and its' customers feel the pain. When you fuck up, you prevent us from doing our job as we clean up your mess.
Users should be given just enough privileges to do their job. This is why you do not have root on your server, you download pre-packaged software from the intranet, you do not have admin on the core routers, physical access to the datacenter and why we don't "tinker." You want to tinker, go work in your garage where you can tell your wife that you built a jumpstart server for the two linux boxes in your home media center and thump your chest. We support hundreds, thousands of users whom would rather spend their days focusing on doing their job.