Guerrilla IT, Embracing the Superuser?

snydeq writes "First it's letting users manage their own PCs and now it's sanctioning the shadow IT projects they do on the down low: 'You probably know them. They're the ones who installed their own Wi-Fi network in the break room and distribute homemade number-crunching apps to their coworkers on e-mail. They're hacking their iPhones right now to work with your company's mail servers. In short, they're walking, talking IT governance nightmares. But they could be your biggest assets, if you use them wisely. The reason superusers go rogue is usually frustration, says Marquis. "It's a symptom of the IT organization being unable to meet or even understand the needs of its customers," he says. "Otherwise, it wouldn't be happening." The solution? Put them to work.'"

Superusers?

[wild_quinine]

Yes, they're end users. But they don't sound like customers. They sound like employees.

In which case they should toe the god damn line, because they're fucking shit up for other people.

Yes, enterprise IT can be frustrating. But your cheeky little wifi hack maybe just took down three buildings of network, resulting in thousands of dollars of lost productivity. Actually happened, in my org - 100% true story.

I don't like meaningless limitations any more than the next guy, but these know alls who think they're 'superusers' because they can set up a wifi network need to lay off - they don't have the big picture, they just think they're being clever. Guerilla? Arse-scratching chimp, more like.

Re:Superusers?

[diamondsw]

If they're truly breaking things, this means your network is so poorly designed that they are even capable of it. Get off your BOFH horse and do a decent job before yelling at people who are just trying to do their job reasonably.

My mother's laptop takes over 5 minutes to boot because of all of the scripts and login items the company forces her to run. This is not an uncommon occurrence because the various shit also prevents it from waking from sleep about 50% of the time. It's so locked down she can't install anything - not even a driver so she can plug in her company-supplied Sprint EVDO card for remote access. Nope, she has to drive into the office (about an hour away) just so they can pop in the card. Need to change an IP setting for the home wifi network? No-can-do (truly, the firewall and VPN cannot be trusted against the awesome power of the home LAN...). Maybe use something secure like Firefox instead of IE 5.5 (yes, 5.5!). Nope, can't install it. Use a USB memory stick to copy a file? Nope.

"Enterprise IT" policies are almost always to make IT's life easier at the expense of the end user. Now who was supposed to be supporting whom?

Re:Superusers?

[wild_quinine]

If they're truly breaking things, this means your network is so poorly designed that they are even capable of it. I knew someone would come back with a smart comment like this, but I'm not yet jaded enough to include disclaimers in my posts. For your benefit: the wifi router in use was very poorly designed, using some horrific bridging tricks. Shutting down three buildings was actually an automatic fallback, to protect our larger network.

"Enterprise IT" policies are almost always to make IT's life easier at the expense of the end user. Now who was supposed to be supporting whom? Now this is exactly what those chimps with their cheeky tricks believe. But in any decent organisation, of which I'm fortunately part, the people at the top really do care about supporting users, to our own convenience. It's our job, so we get it done. And nothing gives us greater satisfaction that a system that runs for the benefit of its users.

The job is supporting users, and that's what we do.

And that just precisely means making decisions about what can and what cannot safely be allowed in certain circumstances, and the sheer size of the operation means not being able to turn on a dime if somebody wants a completely different config. That's the way it is. We're not being unhelpful, we're making sure you don't butcher things for every other person in the zone by being a smartass.

Re:So, I get two salaries, right?

[garcia]

Remind me why we even have an IT dept. again?

Depends on the company but generally because they were told to have one, not because the department itself operates well. Honestly, while I could fully be a "rogue superuser" I prefer to let them do most of their work because I just don't get paid to do what they get paid to do.

Will I install applications, use applications and write applications as necessary to get *my own* job done? Yes. Will I go out of my way to do it so that others can do their job better? No. I am the first to tell someone who sends me an IM that asks, "Bill, can you come down and help with foo?" to go and submit an IT work order and wait it out. But I'm certainly not going to wait for them to come and fix my machine when I know full well I can do it myself without watching work backup for minutes, hours or days.

Bypassing network lockdowns

[truthsearch]

My last employer had firewalls that only allowed traffic through ports 80, 443, and an unusual port for VPN. I heard they also sniffed unencrypted packets, mostly to watch for viruses and breakins. Some of my coworkers wanted to use IM, although it was banned on the network. So I set up an encrypted squid proxy through my work desktop and home server. My whole team had IM and was able to communicate more efficiently.

One day I got called into the boss's office. He says, "I hear you've installed IM on everyone's desktop." So immediately I think I'm in trouble. Then he says, "Would you mind setting it up for me? How did you get it on the network?" He realized it increased productivity and any personal use wasn't seriously inhibiting work.

The point is don't hinder technology for a whole company only because you're afraid one ignorant user will bring in a virus. If power users want something, it's typically because it'll make them better at their job. Figure out a way to let them have it.

Re:So, I get two salaries, right?

[SatanicPuppy]

I think most good IT departments are okay with allowing a certain amount of freedom. Where I work we don't give out admin logons, but we do allow some users to admin their local machine, and we do allow some users the privileges to do basic crap on other people's machines. If you have a guy who is willing and capable of doing annoying little changes for people and taking some of the headache off of the IT staff, more power to 'em.

But that stuff should always come with a "screw it up, and you're going to have to fix it yourself" caveat. If you pick your people well, then they should be okay with that in the first place.

Maybe, maybe not

[Angst+Badger]

It really depends on the organization. There may be some overriding legal or safety reasons why you don't want to let anyone out of the sandbox: end user apps may not place nice with air traffic control or nuclear plants. ;)

On the other hand, some IT departments fully live up to the Dilbert character, Mordac, Preventer of Information Services. My IT department happens to be one of those, and the main consequence of my supervisor's blanket refusal to do anything that bothers him is that everyone, including his boss, comes to me to get things done. And that's okay with my boss, because his real objection is to doing anything unfamiliar, not the fact that it's being done somewhere.

But that's obviously a dysfunctional situation. The problem is that our IT department -- and presumably many others, including some of the snitty, arrogant posters in this thread -- isn't doing its job. By definition, if the IT department is either preventing necessary work from being done, failing to help get it done, or imposing arbitrary obstacles to get out of doing work in the first place, the solution is not necessarily giving end users IT responsibilities; the solution is for upper management to kick ass and, if necessary, hire IT people willing to do their jobs.

Contrary to some of the polarized views I've seen here, IT isn't always the problem, nor are end-users always the problem. Most often, it's a failure of both to work constructively and flexibly together and a failure of upper management to insist that they do.

Of course, if the dysfunctionality in your company isn't going anywhere anytime soon, you may have to look for workarounds, and the solution proposed by the original poster might work in some situations.

Re:So, I get two salaries, right?

[Xzzy]

We did this at my employer, one of the departments decided they wanted to maintain their own desktops as a group. As no self-respecting admin actually enjoys taking care of desktops, we let them do it.

It wasn't a total break, they're still subject to the site's security policies and their home directories still mount from an nfs server we maintain, but no one in our group has had to install a machine or fix a dead hard drive in 5 years. They understand their needs far better than I ever could, so it really was a win-win situation.

It's worked surprisingly well, the admins are all volunteers from within the group, and they even maintain a batch system that all the workstations use for running jobs.

If any company has a group of people willing to take on that kind of responsibility, I'd say it deserves serious consideration.

Re:So, I get two salaries, right?

[pla]

Remind me why we even have an IT dept. again?

Because for every one of you, we have a hundred people who can barely manage to get around in MS Office, and most dangerous of all, three or four people who think they know computers (yet strangely manage to cause more restore-from-backup sessions that all other users combined).

That said, if I didn't work in IT, I sure as hell wouldn't do the same work unrelated to my job description. Dealing with helpless coworkers without having it go into my pay or performance reviews? Not bloody likely!