Guerrilla IT, Embracing the Superuser? 423
snydeq writes "First it's letting users manage their own PCs and now it's sanctioning the shadow IT projects they do on the down low: 'You probably know them. They're the ones who installed their own Wi-Fi network in the break room and distribute homemade number-crunching apps to their coworkers on e-mail. They're hacking their iPhones right now to work with your company's mail servers. In short, they're walking, talking IT governance nightmares. But they could be your biggest assets, if you use them wisely. The reason superusers go rogue is usually frustration, says Marquis. "It's a symptom of the IT organization being unable to meet or even understand the needs of its customers," he says. "Otherwise, it wouldn't be happening." The solution? Put them to work.'"
End users (Score:3, Funny)
Re:End users (Score:5, Funny)
Re:End users (Score:5, Funny)
Re: (Score:2, Funny)
So, I get two salaries, right? (Score:5, Funny)
Re:So, I get two salaries, right? (Score:5, Insightful)
Depends on the company but generally because they were told to have one, not because the department itself operates well. Honestly, while I could fully be a "rogue superuser" I prefer to let them do most of their work because I just don't get paid to do what they get paid to do.
Will I install applications, use applications and write applications as necessary to get *my own* job done? Yes. Will I go out of my way to do it so that others can do their job better? No. I am the first to tell someone who sends me an IM that asks, "Bill, can you come down and help with foo?" to go and submit an IT work order and wait it out. But I'm certainly not going to wait for them to come and fix my machine when I know full well I can do it myself without watching work backup for minutes, hours or days.
Re:So, I get two salaries, right? (Score:5, Insightful)
Re:So, I get two salaries, right? (Score:5, Insightful)
But that stuff should always come with a "screw it up, and you're going to have to fix it yourself" caveat. If you pick your people well, then they should be okay with that in the first place.
Re:So, I get two salaries, right? (Score:5, Insightful)
Re:So, I get two salaries, right? (Score:4, Interesting)
I'm in favor of allowing the leeway, but its a two way street. When someone like that screws their machine, it's usually not pretty, and it's not the sort of thing that can be easily fixed. I'm happy to restore an old image if you asked me to make one. I'm happy to recover files if it's possible.
But I'm not responsible for rebuilding a machine that has been rendered non-functional by a user who insisted that he knew what he was doing. I always make this stuff clear when a manager requests these sorts of permissions for one of their people. We support the standard configuration, once you deviate from that, all bets are off.
Where do you work? (Score:3, Insightful)
Yeah. And?
Are you seriously saying that the company you work for would support you NOT helping an employee recover his system just because he broke it himself?
No, seriously, the company supports that position for you?
Again,
Re:Where do you work? (Score:5, Insightful)
If you build a system with tons of unsupported software, I am not responsible for reinstalling and reconfiguring all that software. Period. And that is absolutely a position that is supported by my boss and my bosses boss, and the only guy higher than that only talks to shareholders.
I'll restore an image. I'll recover files, though frankly they should already be on the network share. I'll give you a fresh install. That's it.
Why, you ask, would any corporate IT support such a radical position? Because that guy's time isn't worth more than mine.
We've all got jobs to do and if I have to spend a week fixing a screwed install (and it'd have to be me or one of the other senior guys because the regular techs aren't equipped to do it), then a weeks worth of my work won't be getting done. That's more unacceptable to everyone involved than making one guy reinstall his own unsupported apps.
If you're going to give them any extra permissions, they have responsibilities there. If they can't be trusted not to make a complete mess of it, then they should never be granted those permissions in the first place.
The whole goal should be to make things more efficient and get more work done. If those things aren't happening, you're doing it wrong.
Re: (Score:3, Insightful)
That's true today, but don't expect the status quo to last. This is no different from when people started bringing PCs into the office 25 years ago. Corporate IT said, "no way...use the mainframes", and the users brought PCs a
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
And no, I don't believe that it is IT's job to spoonfeed users. That is old thinking. You should be teaching them to do basic tasks themselves. 70% of the IT work here is in developing and deploying new systems, and the rest of the work is split between
Re: (Score:2)
Re: (Score:3, Interesting)
I allow users to be a local admin or power user on their machine for two reasons:
Important for me:
1. We are STRICT about A/V and system updates.
Important for them:
2. Users often times (when given a laptop) start to use the laptop as their primary machine. They will use it to do their taxes, do all their online shopping/browsing/webmail etc. and use it for entertainment etc... It consumes too much of my departments time dealing with little complaints about apps like IM FTP webex etc...
The user should
Re: (Score:3, Interesting)
Will I install applications, use applications and write applications as necessary to get *my own* job done? Yes. Will I go out of my way to do it so that others can do their job better? No. I am the first to tell someone who sends me an IM that asks, "Bill, can you come down and help with foo?" to go and submit an IT work order and wait it out. But I'm certainly not going to wait for them to come and fix my machine when I know full well I can do it myself without watching work backup for minutes, hours or days.
Agreed, it has been my personal experience that tier-1 help desk people are usually of the college intern type. While they may be knowledgeable overall it takes too much time to get things done. Why put in a support ticket, or proposal for a new software package when I can do my own fixes, write my own apps, or use a FOSS to get things done quicker and more efficiently.
This is far different from giving me admin status over the network. I think it also boils down to tow different kinds of people, some
Re: (Score:3, Interesting)
Agreed, it has been my personal experience that tier-1 help desk people are usually of the college intern type. While they may be knowledgeable overall it takes too much time to get things done. Why put in a support ticket, or proposal for a new software package when I can do my own fixes, write my own apps, or use a FOSS to get things done quicker and more efficiently.
From the other side, the problem with people just like you is that when you leave, your replacement will not be hired for his ability to write apps or use FOSS. So the IT department will no doubt get a call from your now irrate manager or replacement demanding that IT support your systems.
I've seen this so many times within my own organisation, departments or teams have their IT guy who have historically done all the IT for them, doing a fine job of it. Then they leave, then the IT department have to
Re: (Score:2, Funny)
Re:So, I get two salaries, right? (Score:5, Insightful)
It wasn't a total break, they're still subject to the site's security policies and their home directories still mount from an nfs server we maintain, but no one in our group has had to install a machine or fix a dead hard drive in 5 years. They understand their needs far better than I ever could, so it really was a win-win situation.
It's worked surprisingly well, the admins are all volunteers from within the group, and they even maintain a batch system that all the workstations use for running jobs.
If any company has a group of people willing to take on that kind of responsibility, I'd say it deserves serious consideration.
Re: (Score:2)
I can tell you just how much we love having rouge morons installing crap without any planning and then having that crap land in our laps.
Any company that thinks they don't need an organized IT department that has control over the systems the company uses should try having no upper management for a while and see how that works out.
Re:So, I get two salaries, right? (Score:4, Insightful)
How can I be expected to do my work, if I can't even install an IDE, because it doesn't fit the standard image they have?
Anyway, it's more a problem in the structure I have here than anything else. I just wanted to state the point of view from a rogue moron.
Re: (Score:3, Insightful)
You ask why I should be treated differently? I am under the assumption that they hired me for my specialty, and that I have a base knowledge of what I'm doing. If the IT department fails to give me to tools I need, how am I suppose to be effective?
I'm advocating tiered access. You can't just b
Re:So, I get two salaries, right? (Score:5, Insightful)
Because for every one of you, we have a hundred people who can barely manage to get around in MS Office, and most dangerous of all, three or four people who think they know computers (yet strangely manage to cause more restore-from-backup sessions that all other users combined).
That said, if I didn't work in IT, I sure as hell wouldn't do the same work unrelated to my job description. Dealing with helpless coworkers without having it go into my pay or performance reviews? Not bloody likely!
Re: (Score:3, Insightful)
Workstation management for all the companies I have worked for has been a PITA for us 'business users' who need to get things done.
I think in general they take a much to hands on approach which ties our hands and takes their time. I am glad that they are finally recognizing that people can take care of themselves a little bit.
Now if only we could have our own coffee pots.
Re: (Score:3, Insightful)
Actually in short...the reason is because IT are often understaffed, are required to follow ridiculous internal legislation, and many times are under-funded, and required to maintain a certain level of security...the latter of which is often BREACHED by these so-called power-users...which are nothing more than people wanting control
Re: (Score:3, Insightful)
At several companies people outside IT have floated the idea that there should be a departmental super user who people within the department can go to with issues. The idea being that a highly technical member of their department would understand their specific departmental tasks/duties/needs and be able to support them on "little or common" it requests.
The reality is that this effectively makes that person a member of IT - and the sad
Re: (Score:2)
There seems to be
a) A refusal to admit that you everyone needs to learn stuff up to the level of their position
b) A refusal to admit that intellecutally curious people tend to learn beyond their stated position, and could generate efficiencies that start to obviate some of the other positions in the organization.
Superusers? (Score:5, Insightful)
In which case they should toe the god damn line, because they're fucking shit up for other people.
Yes, enterprise IT can be frustrating. But your cheeky little wifi hack maybe just took down three buildings of network, resulting in thousands of dollars of lost productivity. Actually happened, in my org - 100% true story.
I don't like meaningless limitations any more than the next guy, but these know alls who think they're 'superusers' because they can set up a wifi network need to lay off - they don't have the big picture, they just think they're being clever. Guerilla? Arse-scratching chimp, more like.
Re: (Score:2)
"Wow, look what you can do. We get it, you're smart. You want a pat on the head too?"
Re: (Score:2, Insightful)
I'm not doing it to show the class how SMART I am; I'm doing it to show the instructor where I'm LACKING. If we're covering a section that I already understand and I can tell we're near the end but I have a question about the topic that isn't high level, ones that's more specific to my real world problems that forced me to go to a class, how does that
Re: (Score:2)
Re: (Score:2)
The parent post was talking about people who already know the answer and are asking questions just to show how insightful they are. I've seen it, and it's annoying.
Some dicks pop up because they're just curious. (Score:2)
Re:Superusers? (Score:5, Insightful)
My mother's laptop takes over 5 minutes to boot because of all of the scripts and login items the company forces her to run. This is not an uncommon occurrence because the various shit also prevents it from waking from sleep about 50% of the time. It's so locked down she can't install anything - not even a driver so she can plug in her company-supplied Sprint EVDO card for remote access. Nope, she has to drive into the office (about an hour away) just so they can pop in the card. Need to change an IP setting for the home wifi network? No-can-do (truly, the firewall and VPN cannot be trusted against the awesome power of the home LAN...). Maybe use something secure like Firefox instead of IE 5.5 (yes, 5.5!). Nope, can't install it. Use a USB memory stick to copy a file? Nope.
"Enterprise IT" policies are almost always to make IT's life easier at the expense of the end user. Now who was supposed to be supporting whom?
Re:Superusers? (Score:5, Insightful)
The job is supporting users, and that's what we do.
And that just precisely means making decisions about what can and what cannot safely be allowed in certain circumstances, and the sheer size of the operation means not being able to turn on a dime if somebody wants a completely different config. That's the way it is. We're not being unhelpful, we're making sure you don't butcher things for every other person in the zone by being a smartass.
Re: (Score:3, Insightful)
Actually, both are to be supporting the company. IT does not answer to the end user, they answer to the shareholders, the CEO, board, and the regulators. Supporting the end users only applies if it will support the company to do so.
BTW, if end users can be trusted with admin rights, then why do botnets mainly exist on home user's computers? Those same home use
Re:Superusers? (Score:5, Insightful)
Yes, there are companies where the IT personnel are on a power trip, but IME, that's the exception rather than the rule. Most of the time, IT's policies are put in place for a reason. We don't want to make your life any more difficult than it needs to be. But when some "superuser" with a super-ego decides to circumvent IT policies by taking data home on a thumb drive, and then loses the drive or posts the data on-line for some reason, we get a mandate to keep it from happening again. When a user connects the company laptop directly up to their DSL or cable modem at home, contracts a new virus that evades the A/V software's detection rules and infects the network, then we take steps to prevent users from connecting to any network we don't control. And when we find our users installing games and P2P software, then we take away the ability to install anything on company laptops unless you can show that you have a bona fide need to do so.
You gripe that "Enterprise IT policies are almost always to make IT's life easier at the expense of the end user." Yeah, maybe. Sometimes it's true. But how long would it take you to change your tune if *you* were they guy getting called out on the carpet because a virus took your network down for two days? How many times would you let a user install rogue DHCP servers on your network before you decided to configure your switches to only allow certain MAC addresses to use given ports? How many times would you give out administrative access to anyone who asked for it, if your users kept breaking their computers because they didn't understand what they were doing?
Quote: If they're truly breaking things, this means your network is so poorly designed that they are even capable of it.
Are you serious? Your entire post is criticizing IT for doing exactly that! Yeah, we can lock down a network so that no one can break it, but to do so, it would be locked down so much as to be entirely inflexible. Your example of your mother's laptop is what happens when an IT department doesn't trust it's users, and therefore tries to build a network so that it can't be broken.
Quote: Get off your BOFH horse and do a decent job before yelling at people who are just trying to do their job reasonably.
If that's all that our users were trying to do, you'd find the network wasn't nearly so restrictive. However, I've seen field techs delete all of the company-provided software so that they could install Quake 3 (no, I'm not kidding...). I've seen users copy warez on the file server. And consequently, I've seen network administrators take away admin rights and block ports on the corporate firewall. The problem is that *most* users play be the rules, but the ones that don't get the IT staff in trouble with management. Therefore, we lock things down so it can't happen again.
There *has* to be order in any society or it becomes unstable and falls apart. In the corporate enterprise network, IT is responsible for creating and maintaining that order, and therefore, IT implements the policies that are necessary to keep the IT infrastructure operating smoothly. Not everyone likes those policies, but believe me, you'd like it a lot less if they weren't there.
I gotta agree. (Score:3, Informative)
Yeah, that might work at HOME. But in the OFFICE someone (me) has to be responsible for security of our data. That includes YOUR social security number in HR's database.
If you do not like the "restrictions" you are working under, then explain to YOUR boss how much more money you'll make for the company if you get X. And your boss will talk to my boss and I will explain how much it will take to implement X (money, tim
Re:Superusers? (Score:5, Insightful)
In which case they should toe the god damn line, because they're fucking shit up for other people.
Yes, enterprise IT can be frustrating. But your cheeky little wifi hack maybe just took down three buildings of network,
resulting in thousands of dollars of lost productivity. Actually happened, in my org - 100% true story.
My IT department is fine - I don't see them but once or twice a year and my computer works well enough. But a similar problem to the one you described occurred at the college I'm working on my PhD at. (I heard this story second hand, might be an error or two, but I trust the source) The engineering department wanted WiFi in the building in order to hook up the conference rooms and let students use wireless in the classroom. Seems simple enough, especially in this day and age. A formal request was made. And rejected by IT. Random bitching and moaning. So after a few months of inaction, the engineering department installed a few routers themselves, under the radar.
See, the problem is when IT gets in the way of business. IT is a service, not an administration. So when it starts acting like one, with bureaucracy, with stupid shit to get stuff done (a friend of mine, engineer in another company, had to wait three weeks (!!!) to get an approved, paid for compiler he needed installed on his laptop???) then yes, we go under the radar to get work done, which might I remind you is why we get paid. Apologies in advance if we ever cross paths.
Re: (Score:2)
That's a good reason to do an audit of your network structure. It should not be that easy to crash.
And if they are that flaky - just imagine someone hostile trying to bring down your network.
Re: (Score:2)
Or worse yet, try to imagine the damage that could have been done if the network had stayed _up_.
If the idea of some yo-yo thoughtlessly bridging your internal network out to everyone in a three hundred metre radius just because he thinks that the blue patch cable clashes with his new Ferarri-red notebook doesn't make you reach for a baseball bat then maybe corporate IT isn't for you.
Re: (Score:2)
Problem solved
Re: (Score:2)
If you properly segment and firewall the network, then this problem is limited in scope.
You can't prevent this sort of thing anyway, because of internet connection sharing/NAT.
Re: (Score:3, Interesting)
As to what's being used, specifically, I couldn't tell you. I just know I've seen the trouble tickets when they pop up. I'm in
Re: (Score:3, Insightful)
I've seen rogue DHCP servers assign duplicate IP addresses on our network, I've seen rogue DHCP servers assign IP addresses from a different network on our LAN, and I've seen (multiple times, from the same "power user") two ports on a DSLAM plugged into
Funny... (Score:3, Interesting)
Re:Superusers? (Score:4, Interesting)
In our situation it was also a reporting issue. Basically we (I) were tasked with doubling the number of countries we reported for. The process in place already required 2 full weeks of work (often with lots of unpaid overtime). The work couldn't start until the end of the month and had to be done by the 15th. Adding new people would have been stupid and it wasn't an option anyway. We were put in a position that if we "followed the rules" we'd either end up working 20 hour days for 2 weeks, or we'd simply fail to get our work done.
Our corporate IT group was willing to consider a more automated database solution... but after 4 months of meetings they wanted millions of dollars and said it would take more than two years to complete. This was a non-solution.
We then, with the help and advice of another "rogue" developer in the company, went to an external local company who built a very nice solution for $25k. Not only were we able to handle the doubled reporting workload, the actual workload itself went from 2 whole weeks each month to just a few hours a month. We did another round of development, spent another $25k, and folded in two other very time-consuming and error-prone processes into the tool (they only happen 3 times a year).
A few months ago I ran into the IT director that helped propose the multi-million solution and he asked how we were doing. I told him we got a great solution and he asked me to schedule a meeting to show him what we came up with. When the meeting was over, he basically picked his jaw up off the floor and expressed how amazed he was at by the tool and how disappointed he was that the IT organization in our company (a Fortune 500 BTW) couldn't accomplish anything even close to it.
To be fair, our IT organization is very good at huge capital improvement projects that take years to complete. Unfortunately they have no capability to support more tactical solutions that help keep the business going until the big project is going. They are unable to grasp the idea that sometimes you need to make temporary bandaid solutions that will be discarded when "big project xyz" is done. "It's just a waste of money and resources" is their usual response - but they seem to have no concept that the business is hampered and profits are not earned because the lack of any tool, even a temporary one, inhibits the business. You don't need to buy a car to get from the airport to work - sometimes it's okay to spend money on a taxi. IT wants to tell us we can't take the taxi because they're building a car for us - we just have to wait at the airport for 2 years or walk.
But as you suggested, we had buy in from our own director (who was able to shake loose the money for the rogue development) and ultimately, the VP in our "chain of command" is pleased - the quality of our reports has improved dramatically (because we eliminated so much manual work) and we're able to support the additional countries, along with even more detailed/graphical reports.
There are some in the IT group that don't like what we're doing. But my response to them is always, "Let me know when you can provide us a reporting system that does this, this, this, and this and we'll be glad to switch to it". "Oh, well, we can't do that, that, and that..." and they then leave us alone.
Don't agree (Score:5, Insightful)
I don't think that's true. Lots of people just want to screw around with things and get an ego boost out of flouting authority or trying to show-up the IT staff. You know, there's always going to be that guy who wants to install games on his PC, and figure out how to tunnel past the porn filter. Maybe it's because he wants those things, but also it's because he gets a kick out subverting the rules. Either way, it doesn't mean the IT staff isn't doing their jobs.
Re: (Score:3, Interesting)
Perhaps, and sometimes like many things in li
Re: (Score:2)
That's exactly what it means. Neither preventing people from installing games or preventing people from browsing porn is IT's job.
Re: (Score:2)
IT's job vs employee's desires. (Score:2)
Yeah, you CAN find a way around X
It isn't just about keeping your computer safe from viruses. Most employees understand the single-user model of computing.
What they do NOT understand is having multiple users hitting a shared resource such as a server.
Or backups for recovering deleted files from yesterday _v
Re: (Score:2)
Either way, it doesn't mean the IT staff isn't doing their jobs.
It's possible for the IT staff to be doing their jobs and still be unable to meet the needs of their customers. Many IT organizations have limited budgets and personnel, so they have to focus on the things they can get done with the manpower they have. But there may still be many needs that can't be met within those limits. That's especially true for small tasks that may be very important to an individual but not so important relative to other bigger projects.
I don't think that's true. Lots of people just want to screw around with things and get an ego boost out of flouting authority or trying to show-up the IT staff.
I can't speak for everyone else, but in my
Re: (Score:2)
Over two years ago, I was tasked with developing an internal website (employees only) for my agency, with a few simple apps (like a master calendar). I knew when management said it had to go through IT that it would never get done. It took me a few weeks to design the website and all the scripts (wouldn't have taken me that long if I could have done it in php instead of a
Please tell me (Score:4, Insightful)
Re: (Score:2, Funny)
yeah right. (Score:5, Insightful)
does the author have **any** experience of the commercial environment?
Re:yeah right. (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
I have - in the past - booted off a Linux rescue CD, mounted NTFS read only and got files I needed from protected folders because some jumped up little officious twit has not known what he is talking about. And was about the image the drive
The admin & support issues are a nightmare (Score:3, Interesting)
Our reponse has been to staff up to meet customer demand and spent a lot of time bringing other IT folks up to speed on web development. It's worked out fairly well, and the number of times I've been called in to fix a Microsoft Access report or the like has dropped dramatically.
Re: (Score:2)
With Healthcare I can definitely see getting rid of those guys; HIPPA concerns alone would be a good reason to have only professional applications. The costs of a security leak would be disastrous.
Still, for other businesses, it's harder to squeeze the money for extra FTEs in IT, and some of the slack in reporting especially, will have to be taken up by access junkies who can be slipped ont
Re: (Score:2)
The maintenance thing is definitely one of the biggest headaches...Those fricking Access apps can be a cast iron bitch.
Every time I see an Access app I think of how much more sense it would have made to implement it as some kind of web application, even in php. One server, all users. No locking/synchronization issues to speak of (certainly nothing like trying to use a shared mdb file.)
I could implement 99% of the access databases I've seen using a PHP CMS (say, drupal) and in less time, too. They could all coexist and even cooperate and the system could run anywhere you can get php and mysql. (Drupal 7 may be able to jus
IT parallels the free software movement (Score:5, Interesting)
The problems of restriction in DRM, restriction in EULA, restriction by not providing source code, restriction in IT are all the same. Instead of educating users and providing them the ability to solve problems, IT mirrors large software companies and media companies, and removes any control, forcing them to be "stupid." When users can't even diagnose on their own, and are forced to run to IT for the most minor software install, the bureaucracy justifies itself. IT is necessary because it's been made necessary. Dumb down the users and they need someone to hold their hand. But create a community of educated and empowered individuals and people will share information.
In a community of empowered users people don't just share solutions, they create solutions.
Re:IT parallels the free software movement (Score:5, Insightful)
As much as we love to believe that everyone would be an ideal user with just a little education, most people simply do not care about computers outside of the fact that they have to use them for checking their emails and inputting data into "Application X". I admit that I work in the NHS, so there's an abnormally high percentage of IT illiterate users, but I see very few users with an actual interest in learning.
Re: (Score:2, Insightful)
In fact, you'v
Re:IT parallels the free software movement (Score:4, Insightful)
Re: (Score:2)
Instead of educating users and providing them the ability to solve problems, IT mirrors large software companies and media companies, and removes any control, forcing them to be "stupid."
I'm all for software freedom, but come on-- users are dumb. The difference between today's users and the "original computer users" is that the latter knew what they were doing. Trust me, training only goes so far. When the nth receptionist this month (where n approaches infinity) installs OMGLinsdayLohanSearchBarAkaComputerDefilerToolbar on the front desk machine, you might change your mind about locking things down.
Let's also not forget-- these are company machines. If my resident computer revoluti
Re: (Score:2)
One wonders if perhaps the increasing use of open-source will bring about a
Re: (Score:2)
Users today do not care how their computers work, as long as they do. I can't count the number of times I got a call from someone about an update notification window because "I don't want to mess anything up". Their own home computers are so loaded with crap th
Re: (Score:2)
Instead of educating users and providing them the ability to solve problems...
Do you know how much education it takes before people will properly admin even their own machines? Too much, and most people don't care to be properly educated. Most people either (a) don't want to be bothered to admin their own machines; or (b) want to admin their own machines, don't want to spend the time to learn how to do it properly, and then will hassle the IT department to fix their mistakes. Either way, you don't want
Re: (Score:2)
If you look back in history, people originally used computers together, sharing access, tips, and source code. Now it's all top down - someone dictates what you'll do and how you do it.
If you look back in history, when you wrote software on an IBM mainframe, it became the property of IBM.
In a community of empowered users people don't just share solutions, they create solutions.
Most of the time they create problems because of a lack of personal empowerment. If you have an idiot and a genius working for you, you don't give the idiot all the passwords, now do you? No. You give him the fucking mop, and let him do the floors, and you keep him as far away from computers as possible.
I'm _in_ IT (Score:2)
As a result, the other groups have set up their own monitoring solution and shoot alerts to OpenView. And now we're getting ready to implement our own m
To a degree... (Score:4, Interesting)
Oh, and wireless? I don't think so. Messing with network infrastucture is a cardinal sin, and any organization that doesn't have its internal network secured well enough to prevent someone setting up their own wireless inside the building needs to do some serious self-examination. Some things you just do not screw around with.
In my experience, the biggest problem is that the non-it power users don't have the same appreciation for security as the people whose job it is to make sure things are secure. Security is a pain in the ass; no question about it, and a lot of users view it solely as a pain in the ass, with their inconvenience rating much higher in their estimation than IT's "Unreasonable Paranoia". If you restrict those users too much, they're going to spend all their time trying to get around your rules...Same as a child will. But like a child, if you give them a certain amount of freedom inside the rules, then they're much more likely to be obedient. They will understand that the rules are there because they have to be, not just because you hate them and don't want them to be able to do what they want to.
Re: (Score:2)
Great idea... (Score:3, Funny)
Yes, I've seen that done.
Been on both sides (Score:4, Insightful)
Re:Been on both sides (Score:4, Interesting)
I've tried things like getting IT people invited to departmental meetings, cross-training the new guys in other departments...Whole lotta nothin has come out of that.
I think in the long run it's jsut going to require that the average user becomes tech savvy enough to know what to ask for, or we start hiring guys whose official role is like "embedded IT"; they work in other departments, but they report to IT.
A little knowledge (Score:2)
Even more dangerous are those who "know better" than the IT department and decide to set up their own services because yours haven't been configured correctly according to some guy they know on I
Bypassing network lockdowns (Score:5, Insightful)
One day I got called into the boss's office. He says, "I hear you've installed IM on everyone's desktop." So immediately I think I'm in trouble. Then he says, "Would you mind setting it up for me? How did you get it on the network?" He realized it increased productivity and any personal use wasn't seriously inhibiting work.
The point is don't hinder technology for a whole company only because you're afraid one ignorant user will bring in a virus. If power users want something, it's typically because it'll make them better at their job. Figure out a way to let them have it.
Re: (Score:2)
Give them access to everything? (Score:2)
I'm sure I could leverage getting a college co-op before getting the CIO to sign off on letting "Power users" run loose on the network to fix problems.
Re: (Score:2, Informative)
Treated unhumanly (Score:2)
Keep that in mind.
perfect example of stupidity: autorun (Score:2)
Really, do you think autorun is the issue here? I think it's safe to say that running Mcafee might not be the best idea to keep a computer safe (I seem to recall Clam doing a thousandfold better job), and also plain old stupidity from one of the users no doubt.
Sarbane Oxley ... two words like jail time (Score:2)
try all they want but its my job to set in place what the auditors tell the big guys what we have to have to comply.
no one wants to not be in compliance and subject to some idiot in government who one day got bad service/etc from someone in your company.
so, if these power users can't confine their play to home then I don't need them here.
Maybe, maybe not (Score:5, Insightful)
On the other hand, some IT departments fully live up to the Dilbert character, Mordac, Preventer of Information Services. My IT department happens to be one of those, and the main consequence of my supervisor's blanket refusal to do anything that bothers him is that everyone, including his boss, comes to me to get things done. And that's okay with my boss, because his real objection is to doing anything unfamiliar, not the fact that it's being done somewhere.
But that's obviously a dysfunctional situation. The problem is that our IT department -- and presumably many others, including some of the snitty, arrogant posters in this thread -- isn't doing its job. By definition, if the IT department is either preventing necessary work from being done, failing to help get it done, or imposing arbitrary obstacles to get out of doing work in the first place, the solution is not necessarily giving end users IT responsibilities; the solution is for upper management to kick ass and, if necessary, hire IT people willing to do their jobs.
Contrary to some of the polarized views I've seen here, IT isn't always the problem, nor are end-users always the problem. Most often, it's a failure of both to work constructively and flexibly together and a failure of upper management to insist that they do.
Of course, if the dysfunctionality in your company isn't going anywhere anytime soon, you may have to look for workarounds, and the solution proposed by the original poster might work in some situations.
I'm that guy who used to screw around... (Score:4, Insightful)
I'm not usually one to chime in on the side of IT, as they often throw out the baby with the bath water, but letting people who's primary function is something other than keeping the network up mess with the network is just a massively bad idea. Screw up a workstation and one guy is dead for a day. Screw up the network and the whole company can go toes up.
Re:I'm that guy who used to screw around... (Score:4, Interesting)
I suspect that most of the developers here have found it necessary to work around our IT department in one way or another. All of us have admin rights on our desktops which is an absolute must for us-- I'm doing things like shutting down and starting up services all the time, installing and uninstalling software, creating users, tweaking settings. I'd be down waiting for IT actions constantly if I had to do all that through them, and I'd bet much of the time they wouldn't understand what I was asking for and couldn't figure out how to get it done anyway.
As a confessed Super-User (Score:3, Insightful)
Depending on the context: absolutely spot on (Score:3, Insightful)
First of all, it depends on the context whether this is a good idea or not. In some environments, the IT group is the one and only IT wizard. In others (esp. in companies where IT development and IT research are the core business), the official IT group often is not at all capable of even understanding what the engineers are doing and supposed to do.
I've always worked (nearly 18 years now) in the latter situation. Once upon a time, I was one of those superusers in that I was had an IT degree, but worked in engineering (research, actually) where most of my collegues were non-IT engineers. They were very IT savy at a personal level, but generally missed the wider scope. So far so good. The not so good thing, was that the IT department had no clue whatsoever of what the real business needs in terms of IT were (and neither had the company's management). The consequence was an ever worsening war between IT and IT users, amongst other things resulting in ever more shadow systems. We solved this by establishing a working group that took care ensuring there regular was bidirectional communication between parties (I was one of the founding fathers and later on was the chairman for many years). This worked wonders. (Note: It worked so well, that when I finally left the company, the IT group tried to convince me to stay by proposing that I might join them in quite senior positions.)
Part of the whole concept was to do exactly what TFA says: the real superusers were identified; they earned the trust/respect they deserved; and then gained the appropriate - for our context - access to specific systems. (I personally managed the whole repository of OSS as well as some commercial soft we had installed centrally on UNIX. No, I did not have root, as I designed the complete setup such that I did not need it, but it will also be clear that with that level of access I potentially could access a lot of data and that capturing root would not have been difficult had I wanted. Some superusers can be trusted afterall.) Many succesful applications were developed in the same way: some superuser developed - with the knowledge of IT - a prototype that was taken into production for a larger audience after review by the working group and possibly some clean up by IT.
Actually, all this is nothing new. Strategic alignment between business and IT is a core part of IT governance. So is making sure that IT governance is not a buzzword hidden in a bi-monthly meeting between the CTO and CIO, both of whom generally do not understand the issues, but that it is something that is built into the whole system at all levels. And yes, this includes the superusers (at least the capable ones).
Concluding remark: I've since obtained an MBA. As part of the IT course, I wrote a paper describing the complete history of IT management & governance at my previous employer detailing the above story at length. That paper made a very happy professor, as he considered that I was absolutely spot on. Afterwards he started using me as an in-class assistant for the remainder of his course.
Doesn't everybody? (Score:2)
Anybody who is any good is going to have ideas, and an enlightened organization will find a way to accomodate them.
The ground rules where I work are pretty clear: we are expected to spend a bit of time playing with things on the side. Some of these have become products. We are expected to refrain from hacking important servers, flooding the network with garbage and similar misdeeds. If we break something, we are expected to fix it. I have all sort of things hanging off the network, have all sort of SDKs a
One acronym...NASD (Score:3, Interesting)
The deal that made me lock down everything was this little policy the NASD has of fining IT staff directly. Not the company, not the department...me. Personally. Starting at $100,000 and going up for security or privacy breaches.
That'll make you think twice. Oh yeah, any publicly traded companies officer (C level) can be sent to JAIL for violating certain IT regulatory policies.
So yeah, there is a reason for the control.
Powerusers and their storage needs... (Score:3, Insightful)
Sounds pretty easy. It's backed up, regular hourly snapshots are taken. It's backed up to tape, firmware upgraded and when the lease on the filer is up, *WE* migrate all the data to another filer off hours and you continue on with your life. Anyhow...
Some PowerUser user decided he wanted to 'play IT'. And decided he wanted his own storage that he could limit who accessed. While we would have been more than happy to allocate him 100GB of storage. He proceeded to go out and build some linux box under his desk with some home-office grade disk enclosure. He then demanded that *WE* back it up to tape, and *WE* integrate it in with NIS/active directory. It should also be known that the few outlets in the cubes are not spec'd to have servers/arrays plugged into them but laptop/dock and monitor type equipment.
Long story short. Someone came along and walked off with the homeoffice disk array and all the data on it. I got to go to all the meetings and watch this asshat explain why he lost customer data.
How much privs do 'powerusers' need? (Score:4, Insightful)
Why stop there? Why not just ask for the admin password on the core routers. I'm sure your expansive knowledge of networking (and installing dd-wrt on your linksys does not make a BGP expert out of you) could provide invaluable when the DWDM gear is malfunctioning. We're upgrading to AIX6 shortly, maybe your vast experience in managing/installing mysql at home will help us optimize a 10TB DB/2 database. Please help us out, since you installed parallels on your mac, you can lend us some of your expertise in VMs when we consolidate two z990s into a z10.
You say you manage a 5TB nfs server at home? Please show us the wisdom of your ways as we try to consolidate 50 EMC DMX arrays so we can save on power and cooling.
When we fuck-up, an entire company and its' customers feel the pain. When you fuck up, you prevent us from doing our job as we clean up your mess.
Users should be given just enough privileges to do their job. This is why you do not have root on your server, you download pre-packaged software from the intranet, you do not have admin on the core routers, physical access to the datacenter and why we don't "tinker." You want to tinker, go work in your garage where you can tell your wife that you built a jumpstart server for the two linux boxes in your home media center and thump your chest. We support hundreds, thousands of users whom would rather spend their days focusing on doing their job.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So a simple question: "What's the alternative?"
Seriously. Are you suggesting throwing the entire corporate infrastructure open to maintenance from anyone who thinks they can do it?
Frankly, I'm fucking tired of everyone sitting around with nothing better to do than complain about this or that thing. I've got crap to work with; too few employees, ancient systems, no money f