That’s a good point.
On the other hand, I have worked in offices where people would absolutely install the Zynga toolbar and the flashy smilies and the dressup dolls, and the minute the malware was removed it would be reinstalled because wow, free screen savers! Freedom has its downside.
I have clicked through to one too many genuinely disturbing YouTube videos to completely leave a nine year old alone with the service. Co-surfing is an obvious solution, but it is untenable for any reasonable period of time. I feel like I am waiting for some magical point in time where a child a) can construct meaningful queries, and b) identify when those results aren’t what they were looking for. Many adults I know can’t even do that.
When XP gave the security guys the ability to lock down most of the employees to user level only they got it figured out quite quickly and locked most of the people out of installing that stuff. Hell if I didn’t support Rational I would happily go back to not needing local admin rights (stupid software isn’t even smart card aware so I HAVE TO USE USERID/PASSWORD as well). Since we use different account for server stuff it worked out that we honestly don’t need local admin for 99% of what we had to do.
Umm no. It still happens. Despite at the time damn near monthly ‘don’t click on the attachment you idiot’ messages at the time I spent an entire weekend running restores from tape along with most of the admins in the company because someone did click and it got loose and not only was destroying data on local drive but any mapped drives. Sorry just no. There are some people who will just do the stupid thing and make life a living hell for the admins and if it takes locking them out of stuff I will lock them out.
@doctorow I like you for a lot of things but you can’t fix stupid. For the application I support we have groups where we could essentially go here is your sandbox, have at and play nice, they will and we have others who can’t create a file without asking us for help and there is no working around that and they are the sort that no matter how many videos you show them, lectures you give them, classes you send them to will go oh hey I wonder if this untrusted obviously spam attachment will do and then I have to clean the crap up.
Have you ever worked in a secure environment Cory? Have you ever had to audit changes BEFORE AND AFTER for Sarbanes Oxley? Even simple changes like a web page update? Have you ever seriously thought well crap the DO NOT TOUCH servers just got auto patched and rebooted by mistake again and I am gonna be looking for a new job tomorrow even though you personally had nothing to do with it? Do you work with sensitive corporate information and DOD information? Bringing in random devices to that world just because Bob wants to use his iPad is a major risk.
…ever taken down a production dns server during a change control process, then get escorted out of the building?
(I’ll escort myself out)
Yeah it was close that day for us. I was just going oh ping ticket, hmm it is back up if it was down so lets check the event logs. Oh yep HFNetcheck patching… oh wait this is a SOX server and one of the ones we did this to just 2 months ago, crap crap crap crap, I still have no clue how we kept the support contract after that other than maybe they just can’t bring it all back in house overnight.
This article seems more like how to be a sysadmin with your kids computers than how to be a parent. It also does a better job saying that a sysadmin should be more like a parent to their users. I’m also not sure that saying ‘don’t be a dick to your children’ is a good similarity between the two since parents tend not to be ‘dicks’ and sysadmins usually are ‘dicks’
Or maybe parents tend to care more about their kids, while sysadmins tend to care more about the systems.
There’s also the aspect that a sysadmin’s duty to their users is first and foremost to provide them with what they need; not necessarily what they want.
This certainly doesn’t cover all possible flavors of messing with the peons, sometimes that is just for fun; but a lot of common restrictions boil down to ‘You expect your computer to work, these are the things I need to nail down to ensure that your computer stays working.’
Especially when both the admin and the user are cogs in a larger hierarchy that expects the computers to work and the users to work on the working computers; you really don’t have the option to provide people with the “Do as you will; but don’t say I didn’t warn you.” choice; you have to do unto the user whatever is necessary to ensure that they get the working computer that they need.
Yeah…I’m with @TobinL. “You can’t fix stupid.”
In my limited experience, the biggest issues are poor systems design (thanks, management) and loads of hostility pouring on IT from other departments. IT is almost always treated like the red-headed step-child and has its hands tied when it comes to actually being able to change the way things are done. This is a problem with the organization, not with how sysadmins handle the shit sandwich handed to them from on high.
This topic was automatically closed after 5 days. New replies are no longer allowed.