×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Guerrilla IT, Embracing the Superuser?

CmdrTaco posted about 6 years ago | from the which-one-am-i-again dept.

Security 423

snydeq writes "First it's letting users manage their own PCs and now it's sanctioning the shadow IT projects they do on the down low: 'You probably know them. They're the ones who installed their own Wi-Fi network in the break room and distribute homemade number-crunching apps to their coworkers on e-mail. They're hacking their iPhones right now to work with your company's mail servers. In short, they're walking, talking IT governance nightmares. But they could be your biggest assets, if you use them wisely. The reason superusers go rogue is usually frustration, says Marquis. "It's a symptom of the IT organization being unable to meet or even understand the needs of its customers," he says. "Otherwise, it wouldn't be happening." The solution? Put them to work.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

423 comments

End users (3, Funny)

dredwerker (757816) | about 6 years ago | (#23064186)

You can't let the end user have any power. Just ask the BOFH ;)

Re:End users (4, Funny)

K. S. Kyosuke (729550) | about 6 years ago | (#23064322)

Including electric power, of course.

So, I get two salaries, right? (5, Funny)

TheWoozle (984500) | about 6 years ago | (#23064252)

Great...now I get to do IT's job for them. In addition to my own work. So, I'll get paid for all the extra time I put in working on an IT project, right? Remind me why we even have an IT dept. again?

Re:So, I get two salaries, right? (5, Insightful)

garcia (6573) | about 6 years ago | (#23064312)

Remind me why we even have an IT dept. again?

Depends on the company but generally because they were told to have one, not because the department itself operates well. Honestly, while I could fully be a "rogue superuser" I prefer to let them do most of their work because I just don't get paid to do what they get paid to do.

Will I install applications, use applications and write applications as necessary to get *my own* job done? Yes. Will I go out of my way to do it so that others can do their job better? No. I am the first to tell someone who sends me an IM that asks, "Bill, can you come down and help with foo?" to go and submit an IT work order and wait it out. But I'm certainly not going to wait for them to come and fix my machine when I know full well I can do it myself without watching work backup for minutes, hours or days.

Re:So, I get two salaries, right? (4, Insightful)

gEvil (beta) (945888) | about 6 years ago | (#23064558)

Exactly. I'll generally deal with my own machine (up to a point) and will take full responsibility for any issues that might arise due to my actions. That said, if I encounter a problem, I'll do what I can to take care of it within the rights limits of what IT has given me. When I go beyond that I know that I'm on my own and can't particularly expect IT to fix it if I screw something up.

Re:So, I get two salaries, right? (5, Insightful)

SatanicPuppy (611928) | about 6 years ago | (#23064592)

I think most good IT departments are okay with allowing a certain amount of freedom. Where I work we don't give out admin logons, but we do allow some users to admin their local machine, and we do allow some users the privileges to do basic crap on other people's machines. If you have a guy who is willing and capable of doing annoying little changes for people and taking some of the headache off of the IT staff, more power to 'em.

But that stuff should always come with a "screw it up, and you're going to have to fix it yourself" caveat. If you pick your people well, then they should be okay with that in the first place.

Re:So, I get two salaries, right? (4, Insightful)

plague3106 (71849) | about 6 years ago | (#23064868)

Well your caveat only works to a point. How long would your department let him spin his wheels while work is not getting done? Who then gets blamed for the downtime? The power user or IT?

Re:So, I get two salaries, right? (3, Interesting)

SatanicPuppy (611928) | about 6 years ago | (#23065024)

Well, they broke the machine didn't they? With privilege comes responsibility. The same would apply to me, if I hosed my development equipment...I've done it before, and it's just a cost of doing business.

I'm in favor of allowing the leeway, but its a two way street. When someone like that screws their machine, it's usually not pretty, and it's not the sort of thing that can be easily fixed. I'm happy to restore an old image if you asked me to make one. I'm happy to recover files if it's possible.

But I'm not responsible for rebuilding a machine that has been rendered non-functional by a user who insisted that he knew what he was doing. I always make this stuff clear when a manager requests these sorts of permissions for one of their people. We support the standard configuration, once you deviate from that, all bets are off.

Re:So, I get two salaries, right? (1)

Angostura (703910) | about 6 years ago | (#23065146)

Actually, the caveat should be 'screw it up we'll sort ot out for you = but and you lose the privilege in future'.

Re:So, I get two salaries, right? (3, Interesting)

phpmysqldev (1224624) | about 6 years ago | (#23064748)

Will I install applications, use applications and write applications as necessary to get *my own* job done? Yes. Will I go out of my way to do it so that others can do their job better? No. I am the first to tell someone who sends me an IM that asks, "Bill, can you come down and help with foo?" to go and submit an IT work order and wait it out. But I'm certainly not going to wait for them to come and fix my machine when I know full well I can do it myself without watching work backup for minutes, hours or days.


Agreed, it has been my personal experience that tier-1 help desk people are usually of the college intern type. While they may be knowledgeable overall it takes too much time to get things done. Why put in a support ticket, or proposal for a new software package when I can do my own fixes, write my own apps, or use a FOSS to get things done quicker and more efficiently.

This is far different from giving me admin status over the network. I think it also boils down to tow different kinds of people, some of us were brought up on computers using best practices, doing things by the book, making sure things never go wrong, etc, but a lot of us were brought up challenging how things work, and trying to go against the technology staus quo. There will always be conflict between these two types.

Re:So, I get two salaries, right? (0)

Anonymous Coward | about 6 years ago | (#23064314)

Welcome aboard!
I'd love to see some kind of spread for how much time I spent doing other people's jobs when there was nothing wrong with the thing, they just didn't know how to use it.

Re:So, I get two salaries, right? (1)

smitty_one_each (243267) | about 6 years ago | (#23065180)

This is called the learning curve.
There seems to be
a) A refusal to admit that you everyone needs to learn stuff up to the level of their position
b) A refusal to admit that intellecutally curious people tend to learn beyond their stated position, and could generate efficiencies that start to obviate some of the other positions in the organization.

Re:So, I get two salaries, right? (2, Funny)

docwardo (304911) | about 6 years ago | (#23064438)

I just sent this article to my IT director and asked if she contributed to this article. This is basically what happened to me and they did put me to work, with an extra salary (albeit a small one since i'm only 10% IT)

Re:So, I get two salaries, right? (5, Insightful)

Xzzy (111297) | about 6 years ago | (#23064872)

We did this at my employer, one of the departments decided they wanted to maintain their own desktops as a group. As no self-respecting admin actually enjoys taking care of desktops, we let them do it.

It wasn't a total break, they're still subject to the site's security policies and their home directories still mount from an nfs server we maintain, but no one in our group has had to install a machine or fix a dead hard drive in 5 years. They understand their needs far better than I ever could, so it really was a win-win situation.

It's worked surprisingly well, the admins are all volunteers from within the group, and they even maintain a batch system that all the workstations use for running jobs.

If any company has a group of people willing to take on that kind of responsibility, I'd say it deserves serious consideration.

Re:So, I get two salaries, right? (1)

ivanmarsh (634711) | about 6 years ago | (#23064880)

You might as well... it's not like we're getting paid extra for doing everyone elses work.

I can tell you just how much we love having rouge morons installing crap without any planning and then having that crap land in our laps.

Any company that thinks they don't need an organized IT department that has control over the systems the company uses should try having no upper management for a while and see how that works out.

Re:So, I get two salaries, right? (1, Redundant)

gruvmeister (1259380) | about 6 years ago | (#23065182)

I'm an "IT" guy by trade. But unlike most, I'm an independent - I do contract work for a lot of smaller companies that don't need full-time IT staff. Being such, this 'superuser' is usually my favorite type of employee - one of the few people who will really understand what the problem is and be able to explain it beyond "my computer doesn't come up" (which can mean anything from the "computer doesn't actually power" on to "the Internet is down" to "I can't get into my 15-year old shitty accounting software package that even the publisher tells me is shit and should be upgraded but I'm too cheap to do so"). As long as the superuser understands their limitations, this is a dream come true for IT - they no longer get bothered with small bullshit like "My mouse is dead" or "Should I cancel this AVG/Symantec/Mcafee/Kaspersky/Whatever updater? Why does it come up every day?". However, it's a fine line between a superuser who makes things easier on IT and a 'superuser' who turns a simple problem into a nightmare something even Milton never could have imagined by overstepping their capabilities. One of the examples: setting up a Wi-Fi router in an office - a seemingly simple task that any monkey can do, and one that made the skin of every IT person reading this crawl. Sure, that new Wi-Fi device probably gave Joe Dipshit the freedom to roam about his 10x10 cubicle with his laptop now, but it's completely beyond his understanding that the IP addresses being dished out by that new router are already statically assigned elsewhere on the network, and that the presence of a new DHCP device on the network is going to cause havok all over the place. And the great thing is, this usually doesn't happen until the next day, when DHCP leases expire and machines start looking to renew. By that time, Joe Dipshit has forgotten all about his little 'IT project', and doesn't think it's relevant to the current network-wide outages that are happening, which naturally are guess who's fault. So that router stays tucked away in some random cubicle in Sales, not found for a day and a half while the entire organization is screaming at poor Bob in IT because he can't find the culprit. Wow... I am so glad I don't work for a big corporation. Superuser vs. 'superuser' - knowledgeable insider who can take care of day-to-day problems vs. overreaching tinkerer who is too arrogant to realize his limitations. Good luck with that :) All I know is that the more my clients fuck up, the more I get paid to fix their problems, so for me it's a win-win situation!

Superusers? (5, Insightful)

wild_quinine (998562) | about 6 years ago | (#23064290)

Yes, they're end users. But they don't sound like customers. They sound like employees.

In which case they should toe the god damn line, because they're fucking shit up for other people.

Yes, enterprise IT can be frustrating. But your cheeky little wifi hack maybe just took down three buildings of network, resulting in thousands of dollars of lost productivity. Actually happened, in my org - 100% true story.

I don't like meaningless limitations any more than the next guy, but these know alls who think they're 'superusers' because they can set up a wifi network need to lay off - they don't have the big picture, they just think they're being clever. Guerilla? Arse-scratching chimp, more like.

Re:Superusers? (1)

Ethanol-fueled (1125189) | about 6 years ago | (#23064532)

Why should people do that at work anyway? Those types are like the annoying dicks in class who distract the instructors with unrelated questions just to show the rest of the class how smart they are.
 
"Wow, look what you can do. We get it, you're smart. You want a pat on the head too?"

Re:Superusers? (1)

wild_quinine (998562) | about 6 years ago | (#23064554)

"Wow, look what you can do. We get it, you're smart. You want a pat on the head too?"
Basically, guerillas belong in a zoo, where the above comment is satisfyingly appropriate.

Not sure... (0)

Anonymous Coward | about 6 years ago | (#23064874)

guerillas belong in a zoo

You're either being very clever, or you don't know the difference between a Guerilla [wikipedia.org] and a Gorilla [wikipedia.org] .

If it's the first, well done. If it's the second, not so much.

Re:Superusers? (2, Insightful)

techpawn (969834) | about 6 years ago | (#23064744)

Those types are like the annoying dicks in class who distract the instructors with unrelated questions just to show the rest of the class how smart they are.
I'm not doing it to show the class how SMART I am; I'm doing it to show the instructor where I'm LACKING. If we're covering a section that I already understand and I can tell we're near the end but I have a question about the topic that isn't high level, ones that's more specific to my real world problems that forced me to go to a class, how does that make me a dick for asking. If I'm in a class I'm there to get the most of the instructor as I can. The books can be found online for cheap, their experience in real world problems can not.

Re:Superusers? (1)

Ethanol-fueled (1125189) | about 6 years ago | (#23064994)

Note that I said "unrelated questions". Say, hypothetically, we're in a Java class: if you're prattling on about destructors and pointer arithmetic then you are wasting our time -- it's like, "Wow, you know about a feature in another programming language, you must be an elite haxxor". The problem with some know-it-all chumps is that they take time away from those who have questions and want to actually learn something from the answer. One can be a know-it-all without having to prove it all the damn time.

Re:Superusers? (1)

element-o.p. (939033) | about 6 years ago | (#23065032)

Then you probably aren't the person the parent post was talking about. There's nothing wrong with asking a question about applying the material you are learning to the real world, *if* it's a legitimate question, and you are asking so you can learn something.

The parent post was talking about people who already know the answer and are asking questions just to show how insightful they are. I've seen it, and it's annoying.

Some dicks pop up because they're just curious. (1)

Etherwalk (681268) | about 6 years ago | (#23064846)

It's not to get a pat on the head--there tend to be three reasons people poke their head up in class. (1) They're stuck in the overachieving freshman mentality, where they're effectively talking heads who aren't necessarily that productive. (2) Class participation counts towards their grade, and they need to spew up something once or twice a class to make sure they get that percentage of their grade. In terms things that are only tangentially related, maybe it's a choice between vaguely interesting BS and BS they've already covered in class. Which would you choose? (3) They're actually curious about something. Like a CS student who's learning about handles for the first time, who thinks `hey, could that be used for garbage collection?'

Granted, those are for issues remotely related to the topic. Someone who raises their hand during a CS class and asks about the fall of Rome might just need to be whacked on the head.

Re:Superusers? (5, Insightful)

diamondsw (685967) | about 6 years ago | (#23064586)

If they're truly breaking things, this means your network is so poorly designed that they are even capable of it. Get off your BOFH horse and do a decent job before yelling at people who are just trying to do their job reasonably.

My mother's laptop takes over 5 minutes to boot because of all of the scripts and login items the company forces her to run. This is not an uncommon occurrence because the various shit also prevents it from waking from sleep about 50% of the time. It's so locked down she can't install anything - not even a driver so she can plug in her company-supplied Sprint EVDO card for remote access. Nope, she has to drive into the office (about an hour away) just so they can pop in the card. Need to change an IP setting for the home wifi network? No-can-do (truly, the firewall and VPN cannot be trusted against the awesome power of the home LAN...). Maybe use something secure like Firefox instead of IE 5.5 (yes, 5.5!). Nope, can't install it. Use a USB memory stick to copy a file? Nope.

"Enterprise IT" policies are almost always to make IT's life easier at the expense of the end user. Now who was supposed to be supporting whom?

Re:Superusers? (5, Insightful)

wild_quinine (998562) | about 6 years ago | (#23064766)

If they're truly breaking things, this means your network is so poorly designed that they are even capable of it.
I knew someone would come back with a smart comment like this, but I'm not yet jaded enough to include disclaimers in my posts. For your benefit: the wifi router in use was very poorly designed, using some horrific bridging tricks. Shutting down three buildings was actually an automatic fallback, to protect our larger network.

"Enterprise IT" policies are almost always to make IT's life easier at the expense of the end user. Now who was supposed to be supporting whom?
Now this is exactly what those chimps with their cheeky tricks believe. But in any decent organisation, of which I'm fortunately part, the people at the top really do care about supporting users, to our own convenience. It's our job, so we get it done. And nothing gives us greater satisfaction that a system that runs for the benefit of its users.

The job is supporting users, and that's what we do.

And that just precisely means making decisions about what can and what cannot safely be allowed in certain circumstances, and the sheer size of the operation means not being able to turn on a dime if somebody wants a completely different config. That's the way it is. We're not being unhelpful, we're making sure you don't butcher things for every other person in the zone by being a smartass.

Re:Superusers? (1)

wild_quinine (998562) | about 6 years ago | (#23064844)

the people at the top really do care about supporting users, to our own convenience
it should be noted that i meant 'to our own inconvenience'. Damn typo.

As in, we make life worse for ourselves by making it better for the users, but in as much as it is a good idea, we still do it. It's our job, and it satisfies us to do it well, even if that's not a beach holiday.

Re:Superusers? (0)

Bobb Sledd (307434) | about 6 years ago | (#23065144)

Hm...

The job is stepping on users' faces while they're drowning under an ocean of work, and that's what we do.
There. Fixed that for ya. Oh... not finished

And that just precisely means making arbitrary decisions about what can and what cannot safely be allowed in our one-size-fits-all circumstance, and the sheer size of our ego means not wanting to turn on a manhole-cover if somebody wants a completely different config, even if merited. That's the way it is. We're not being helpful, we're making sure you don't butcher things for us in the IT department by your attempt at being practical.
There. That reflects real-world experience.

I gotta agree. (2, Informative)

khasim (1285) | about 6 years ago | (#23064642)

Just because someone can plug a device into a data jack does NOT mean they're a "SuperUser".

Yeah, that might work at HOME. But in the OFFICE someone (me) has to be responsible for security of our data. That includes YOUR social security number in HR's database.

If you do not like the "restrictions" you are working under, then explain to YOUR boss how much more money you'll make for the company if you get X. And your boss will talk to my boss and I will explain how much it will take to implement X (money, time, security changes, etc).

If the net is an increase in profits, we'll probably do it.

If it will open us up to a new risk WITHOUT an increase in profits, I don't care how much you love your idea. It's not going to happen.

Re:Superusers? (4, Insightful)

everphilski (877346) | about 6 years ago | (#23064902)

Yes, they're end users. But they don't sound like customers. They sound like employees.
In which case they should toe the god damn line, because they're fucking shit up for other people.

Yes, enterprise IT can be frustrating. But your cheeky little wifi hack maybe just took down three buildings of network,
resulting in thousands of dollars of lost productivity. Actually happened, in my org - 100% true story.



My IT department is fine - I don't see them but once or twice a year and my computer works well enough. But a similar problem to the one you described occurred at the college I'm working on my PhD at. (I heard this story second hand, might be an error or two, but I trust the source) The engineering department wanted WiFi in the building in order to hook up the conference rooms and let students use wireless in the classroom. Seems simple enough, especially in this day and age. A formal request was made. And rejected by IT. Random bitching and moaning. So after a few months of inaction, the engineering department installed a few routers themselves, under the radar.

See, the problem is when IT gets in the way of business. IT is a service, not an administration. So when it starts acting like one, with bureaucracy, with stupid shit to get stuff done (a friend of mine, engineer in another company, had to wait three weeks (!!!) to get an approved, paid for compiler he needed installed on his laptop???) then yes, we go under the radar to get work done, which might I remind you is why we get paid. Apologies in advance if we ever cross paths.

Re:Superusers? (1)

Cyberax (705495) | about 6 years ago | (#23064938)

So... A little innocent wi-fi hack crashed network in several buildings?

That's a good reason to do an audit of your network structure. It should not be that easy to crash.

And if they are that flaky - just imagine someone hostile trying to bring down your network.

Re:Superusers? (1)

Minwee (522556) | about 6 years ago | (#23065062)

Or worse yet, try to imagine the damage that could have been done if the network had stayed _up_.

If the idea of some yo-yo thoughtlessly bridging your internal network out to everyone in a three hundred metre radius just because he thinks that the blue patch cable clashes with his new Ferarri-red notebook doesn't make you reach for a baseball bat then maybe corporate IT isn't for you.

Re:Superusers? (1)

drinkypoo (153816) | about 6 years ago | (#23065218)

If the idea of some yo-yo thoughtlessly bridging your internal network out to everyone in a three hundred metre radius just because he thinks that the blue patch cable clashes with his new Ferarri-red notebook doesn't make you reach for a baseball bat then maybe corporate IT isn't for you.

If you properly segment and firewall the network, then this problem is limited in scope.

You can't prevent this sort of thing anyway, because of internet connection sharing/NAT.

Re:Superusers? (2, Insightful)

element-o.p. (939033) | about 6 years ago | (#23064982)

If I had a dollar for every person that called me because some "superuser" installed a test piece of equipment on my network (against company policy, incidentally) and screwed something up, I'd quit right now and retire in the Caymans.

I've seen rogue DHCP servers assign duplicate IP addresses on our network, I've seen rogue DHCP servers assign IP addresses from a different network on our LAN, and I've seen (multiple times, from the same "power user") two ports on a DSLAM plugged into my production network cause a broadcast storm. After the first time, we turned on Spanning Tree; the second time, it only took down the equipment connected to his SOHO switch.

The parent post is right -- just because you can connect your two Windows computers at home up to a WiFi network doesn't mean you are qualified to be a network administrator in an Enterprise network. If you'd rather be an IT system administrator, then take the steps to become one; don't try to subvert your corporate IT department just because you think you can do it better.

Funny... (2, Interesting)

Belial6 (794905) | about 6 years ago | (#23065088)

Bad attitudes like yours always crack me up. Why? Because, with the exception of the mainframe administrators, it is exactly the kind of user you are complaining about that CRATED YOUR JOB. No, I don't mean users. I mean those Arse-scratching chimps that think they are superusers. The PC in the work place is a direct result of people trying to get computing power under the radar of the mainframe administrators. So, if people had followed your advice 30 years ago, you wouldn't have a job.

Re:Superusers? (1)

Tesen (858022) | about 6 years ago | (#23065108)

Going rogue is never a good option, you're often left with a less than satisfactory implementation of what you're trying to accomplish and if the powers that be discover your existence, either you're fired or your project is canned with no chance of appeal (that becomes spite on Corp IT's part). If you're also careless you will take down other systems like you describe.

I used to work in an environment where each business unit had their own IT support groups, rolling back up to Corp. IT. We were a manufacturing firm and for the most part, those that were making the decisions up top had no concept of what we did or needed in the business units (how could they?). The issue is, whether those up top are willing to learn about the business.

I was a rogue operative, even inside my own team in my own IT group in a sub business unit; I was the guy pushing pulling legacy data via MQ-Series, instead of via FTP each morning so we could get real time production data as it was entered in our legacy systems. I was the guy pushing using SSRS with SQL Server to deliver snapshot reports each morning, while still allowing the users to view the reports in real time. I was the guy that was given a mission to eliminate as much manual process in reporting as possible (i.e.: We have 15 people doing reports, we don't need 15 people doing reports... please write code to fix this). The strategy I was using was having the leaders of your department or business unit push what they need for you. If you're a lowly programmer or end user, no one is going to listen if you go it solo (I found this the hard way). But if a director of your department, starts talking with IT with you or for you, telling them we are trying to accomplish a goal you need their assistance on Corp. Systems side, then things will happen. If your unit lead has no desire to do this and you are the only one trying to affect change, then perhaps it is time to leave and find another job - some places simply will not innovate or have no desire to look at new things until they are forced to.

Tes

Don't agree (4, Insightful)

nine-times (778537) | about 6 years ago | (#23064296)

"It's a symptom of the IT organization being unable to meet or even understand the needs of its customers," he says. "Otherwise, it wouldn't be happening."

I don't think that's true. Lots of people just want to screw around with things and get an ego boost out of flouting authority or trying to show-up the IT staff. You know, there's always going to be that guy who wants to install games on his PC, and figure out how to tunnel past the porn filter. Maybe it's because he wants those things, but also it's because he gets a kick out subverting the rules. Either way, it doesn't mean the IT staff isn't doing their jobs.

Re:Don't agree (2, Interesting)

Beyond_GoodandEvil (769135) | about 6 years ago | (#23064924)

I don't think that's true. Lots of people just want to screw around with things and get an ego boost out of flouting authority or trying to show-up the IT staff. You know, there's always going to be that guy who wants to install games on his PC, and figure out how to tunnel past the porn filter. Maybe it's because he wants those things, but also it's because he gets a kick out subverting the rules. Either way, it doesn't mean the IT staff isn't doing their jobs.
Perhaps, and sometimes like many things in life, the one size fits all, thou shalt do it only one way philosophy means that people are less productive, I've worked in shops were the monitor res. was set to 800x600 and god help you if you bumped it to 1024x768 or used smaller fonts to get more than 18 lines of text on a screen. So corp. IT is like everything else there are the anti-social dicks, and there are the people who bend the rules to get shit done.

Re:Don't agree (1)

djcapelis (587616) | about 6 years ago | (#23064928)

>it doesn't mean the IT staff isn't doing their jobs.

That's exactly what it means. Neither preventing people from installing games or preventing people from browsing porn is IT's job.

Re:Don't agree (0)

Anonymous Coward | about 6 years ago | (#23064966)

And for every person who knows what they are doing there are 50 who THINK they know what they are doing and end up leaving a mess for IT to clean up.

IT's job vs employee's desires. (1)

khasim (1285) | about 6 years ago | (#23064980)

The biggest problem I see is that the employees who are trying this do NOT understand the full spectrum of the job assigned to IT.

Yeah, you CAN find a way around X ... but what happens when the lawyers come in and want full records of X?

It isn't just about keeping your computer safe from viruses. Most employees understand the single-user model of computing.

What they do NOT understand is having multiple users hitting a shared resource such as a server.

Or backups for recovering deleted files from yesterday _vs_ backups for recovering information from 3 years ago _vs_ keeping current files at a "disaster recovery" site for when the office building burns down.

I've had to go back and recover email from years ago because of a lawsuit when our people did NOT print out important documents ... and deleted them when they quit along with the rest of their email. Yeah, it sounds good when you're only thinking of yourself. But that kind of logic does not work when it involves a company.

Please tell me (3, Insightful)

croddy (659025) | about 6 years ago | (#23064300)

Please tell me people don't really talk like that. "Grew the solution"? "Drive business value"? These people need to get a hold on themselves and listen to the feces streaming out of their mouths.

Re:Please tell me (2, Funny)

gruvmeister (1259380) | about 6 years ago | (#23064742)

The only people who talk like this are those who write for business-related magazines, or useless middle management types who are at least aware of their uselessness and are attempting to avoid drawing attention to it by making your brain shut down.

Re:Please tell me (0)

Anonymous Coward | about 6 years ago | (#23064816)

Oh yeah, they talk like that. In fact, I'll do you one better: They talk like that...in the government. Seriously. I work for DHS, and hear the same businessbabble about "meeting customer needs" and "growing a solution" and "business value" where the customer is a border patrol agent, and business value is the tradeoff between buying him new body armor and the additional amount of illegals he can capture before he gets shot.

yeah right. (4, Insightful)

apodyopsis (1048476) | about 6 years ago | (#23064302)

hahaha, let the users have admin rights?

does the author have **any** experience of the commercial environment?

Re:yeah right. (3, Informative)

boris111 (837756) | about 6 years ago | (#23064394)

It's certainly not perfect, but my gigantic fortune 500 company does this and everything seems to be just fine. This combined with the fact that the PC support people are braindead.

Re:yeah right. (1)

apodyopsis (1048476) | about 6 years ago | (#23064752)

Then I envy you. I needed a password to set up a tool I use and it took me two days of begging, persuading and wheedling to get it at one place I worked. The IT "consultant" who was trusted with it - well, lets say that I would not of trusted him with a mop and bucket.

I have - in the past - booted off a Linux rescue CD, mounted NTFS read only and got files I needed from protected folders because some jumped up little officious twit has not known what he is talking about. And was about the image the drive because apparently there was "no way" to get at the data.

In managerial mode this kind of set up looks sensible and secure - and nobody will persuade them otherwise.

Re:yeah right. (1)

Velcroman98 (542642) | about 6 years ago | (#23064950)

I've worked in two large corporate IT environments (many others if you count all the short consulting gigs I worked). They were night and day as to how they ran and how you would want to treat the users. When I worked at The University of Phoenix Online the employees, sales drones, would have destroyed their computers within days if they had access. They were the most IT illiterate people they could find. When I worked at ATMI, they had a bunch of engineers who needed access for one reason or another. They would almost never do something stupid, and they would ask before they attempted things they did not understand.

I imagine the users are different at every shop, as is IT management. Problem is management evolves towards those that can do the corporate politics, and the skilled IT managers leave to go back to coding or running the network.

Don't be silly (1)

get quad (917331) | about 6 years ago | (#23064308)

Turning rogue users loose to allow who-knows-what into your network??? Who keeps wtiting this irresponsible crap? Botnet articles cannot coincide with these articles, make up your minds.

The admin & support issues are a nightmare (2, Interesting)

PIPBoy3000 (619296) | about 6 years ago | (#23064332)

We've actually moved away from this, fairly strongly. We work in a healthcare organization and having people develop applications on our servers can potentially cause huge issues. While it's possible to create little sandbox areas for them, it's an administrative hassle, and it's always hard to be positive their applications can't cross security lines or impact another application's performance. Then there's the support issues - who fixes their business critical application when they've left or are on vacation? It's like the days when people would make Microsoft Access applications for everything, and then it would be dumped in our lap.

Our reponse has been to staff up to meet customer demand and spent a lot of time bringing other IT folks up to speed on web development. It's worked out fairly well, and the number of times I've been called in to fix a Microsoft Access report or the like has dropped dramatically.

Re:The admin & support issues are a nightmare (1)

SatanicPuppy (611928) | about 6 years ago | (#23064466)

The maintenance thing is definitely one of the biggest headaches...Those fricking Access apps can be a cast iron bitch.

With Healthcare I can definitely see getting rid of those guys; HIPPA concerns alone would be a good reason to have only professional applications. The costs of a security leak would be disastrous.

Still, for other businesses, it's harder to squeeze the money for extra FTEs in IT, and some of the slack in reporting especially, will have to be taken up by access junkies who can be slipped onto another departments payroll.

IT parallels the free software movement (5, Interesting)

Qwerpafw (315600) | about 6 years ago | (#23064340)

If you look back in history, people originally used computers together, sharing access, tips, and source code. Now it's all top down - someone dictates what you'll do and how you do it. You, as the unempowered user, receive prebuilt restrictions, prebuilt computers, prebuilt binaries. You can't tinker, you can't fix, and you aren't even supposed to poke around.

The problems of restriction in DRM, restriction in EULA, restriction by not providing source code, restriction in IT are all the same. Instead of educating users and providing them the ability to solve problems, IT mirrors large software companies and media companies, and removes any control, forcing them to be "stupid." When users can't even diagnose on their own, and are forced to run to IT for the most minor software install, the bureaucracy justifies itself. IT is necessary because it's been made necessary. Dumb down the users and they need someone to hold their hand. But create a community of educated and empowered individuals and people will share information.

In a community of empowered users people don't just share solutions, they create solutions.

Re:IT parallels the free software movement (4, Insightful)

Spad (470073) | about 6 years ago | (#23064774)

And while you're creating this community, your network is busily being infested with malware, unlicensed software and pirated music.

As much as we love to believe that everyone would be an ideal user with just a little education, most people simply do not care about computers outside of the fact that they have to use them for checking their emails and inputting data into "Application X". I admit that I work in the NHS, so there's an abnormally high percentage of IT illiterate users, but I see very few users with an actual interest in learning.

Re:IT parallels the free software movement (2, Insightful)

Qwerpafw (315600) | about 6 years ago | (#23065086)

It's not hard to teach people the basics of networking. When you hold people's hands, you make it so they won't have to learn, so they don't. Require them to learn how to fish and they'll be providing for themselves. I know you'll say it's crazy, it's impossible, no normal person could ever learn responsible computer use... but get off your high horse. People routinely learn much more difficult things than using computers - and if they have a motivation to learn how to do things, they will.

In fact, you've proven this. You say people will figure out how to "infest" your network with unlicensed software, but that's assuming individuals will figure out how to do this. You're probablly certain they will - and why? Because it's probably already happened. You spend your time fighting against your tricky users, who find all the holes in your policies and install skype, or limewire, or whatever the unauthorized flavor of the month is.

IT creates an oppositional environment where users are pitted against systems administrators. Is it a surprise that people find ways around the IT department's rules? Imagine if these energies were placed towards helping the system, helping the network, helping resolve instead of circumvent. Sure, not everyone may be willing to expend effort, but there'll be enough people who will take responsibility for themsleves and share with others.

Re:IT parallels the free software movement (3, Insightful)

Chanc_Gorkon (94133) | about 6 years ago | (#23065068)

It's like antivirus programs. I have no problems with having it installed on my computer, but I DO have a problem with it kicking off in the middle of the danged day when I am trying to work. The problem with some of the power tripping IT staff (hey I am in IT) is that they don't think....what time of day should these run?? They accept all defasults.....and that sucks.

Re:IT parallels the free software movement (1)

raddan (519638) | about 6 years ago | (#23065074)

Instead of educating users and providing them the ability to solve problems, IT mirrors large software companies and media companies, and removes any control, forcing them to be "stupid."
I'm all for software freedom, but come on-- users are dumb. The difference between today's users and the "original computer users" is that the latter knew what they were doing. Trust me, training only goes so far. When the nth receptionist this month (where n approaches infinity) installs OMGLinsdayLohanSearchBarAkaComputerDefilerToolbar on the front desk machine, you might change your mind about locking things down.

Let's also not forget-- these are company machines. If my resident computer revolutionaries feel like paying for the equipment and IT overtime when they hose something important, I'm all for it. If they want something, they need to talk to me. It's sad that this doesn't happen in some places, but hey, that's life.

Re:IT parallels the free software movement (1)

djcapelis (587616) | about 6 years ago | (#23065106)

Hmmm. This really seems like an interesting point. It is interesting to notice we're just on the verge of what might turn out to be a revolution in the way IT is done. This isn't the first article that seems to be pointing in a "it's time to change IT" direction. This is all coinciding almost right at the time that Open-Source software is becoming acceptable to end-users. As far as I'm concerned the year of the desktop was 2007.

One wonders if perhaps the increasing use of open-source will bring about a revolution in IT. Or vice-versa. They do seem to be somewhat interlinked.

This speculation about new decentralized community-based IT overlords is delightful and I welcome it!

Re:IT parallels the free software movement (1)

L0rdJedi (65690) | about 6 years ago | (#23065192)

Give me a break. The people that "originally" used computers were mostly CS students that knew the computers inside and out. They could not only build the computers, they could program them as well. That is not the vast majority of users anymore.

Users today do not care how their computers work, as long as they do. I can't count the number of times I got a call from someone about an update notification window because "I don't want to mess anything up". Their own home computers are so loaded with crap that they're slow. They prefer having "the IT guy" around to make sure their system is running properly and has all the updates it needs. Even if they were shown how to troubleshoot their system, they wouldn't care enough to remember it. Accounting, purchasing, sales, etc, etc. They're all the same. They do not care how it works, as long as it does work.

The auto mechanic thinks the same thing about you when you bring your car in to get it fixed. He can explain what's wrong and what it needs, but you're not going to fix it the next time (maybe breaks and oil is all you'll do), simply because you either 1) don't have the time or 2) don't care. You bring it to him to fix it or make sure it's in tip top shape. You don't care about all the little details and you don't need to, because he's always there to fix it.

I'm _in_ IT (1)

Bigbutt (65939) | about 6 years ago | (#23064362)

And I can't get stuff working right. Our monitoring solution (OpenSpew) is managed by a central group so we don't have the ability to know if our changes are being made. So we don't get pages when we need them and we get pages from 2 weeks ago at all hours. When we ask for additional features, we're told it'll cost $20,000 and there's no money in the budget.

As a result, the other groups have set up their own monitoring solution and shoot alerts to OpenView. And now we're getting ready to implement our own monitoring and stats solution (Nagios and RRDTool).

[John]

To a degree... (3, Interesting)

SatanicPuppy (611928) | about 6 years ago | (#23064390)

"Put them to work?" I'm not about putting the beatdown on non-it tech guys, but I'm also not about giving them free reign. Isolate them from the bulk of the network, where their antics won't cause problems for the regular users, and impress upon them that they have a level of responsibility for their data and any problems that crop up with their projects. Make sure you bring their managers into the loop and impress upon them the problems that could crop up when their Access and Excel scripting guru runs amok, and then let 'em do their thing.

Oh, and wireless? I don't think so. Messing with network infrastucture is a cardinal sin, and any organization that doesn't have its internal network secured well enough to prevent someone setting up their own wireless inside the building needs to do some serious self-examination. Some things you just do not screw around with.

In my experience, the biggest problem is that the non-it power users don't have the same appreciation for security as the people whose job it is to make sure things are secure. Security is a pain in the ass; no question about it, and a lot of users view it solely as a pain in the ass, with their inconvenience rating much higher in their estimation than IT's "Unreasonable Paranoia". If you restrict those users too much, they're going to spend all their time trying to get around your rules...Same as a child will. But like a child, if you give them a certain amount of freedom inside the rules, then they're much more likely to be obedient. They will understand that the rules are there because they have to be, not just because you hate them and don't want them to be able to do what they want to.

The Other Take (0)

Anonymous Coward | about 6 years ago | (#23064396)

The idea of putting them to work is indeed an interesting one but, I still have some questions. The first question is: What is their current job? While they and their cohorts might think that installing rogue access points in the break room is tre cool, I'm wondering what their real job is supposed to be and if it's being done? And how well is it being done?

To drag out the obligatory broken automotive analogy ... How would a package delivery company react to its drivers or call center operators tinkering under the hood of the delivery vehicles? Putting dubs and 22 inch wheels on the truck might seem totally cool to a good number of people within the company but, that still doesn't make it a good thing. And arguing that it saves gas might still not be enough to make it acceptable.

My thought is that these people should work in IT if that is what they want to do. But, if they choose to be an accountant, they should stick to that and realize that they might not have all the information necessary to make the best IT decisions.

on the down low? (0, Flamebait)

jollyreaper (513215) | about 6 years ago | (#23064410)

I thought that was code in the black community for openly heterosexual males engaging in secret homosexual trysts. Is that really how end-users see dealing with IT? When we make the next supply run, should we throw in some astro-glide, too?

IT Departments Fail (1)

Velcroman98 (542642) | about 6 years ago | (#23064432)

I worked in a couple IT departments for years, and I agree with the article in that many of the IT departments fail to provide what is needed to run the business. I've seen IT departments slow down large projects, make many projecs come in way past due dates rendering them worthless, and having projects killed because IT just cannot get it done.

Then I watched my IT overlords blow their bbudget because they wanted to upgrade the entire phone system to a Cisco IP based one - "because they are cool."

Re:IT Departments Fail (1)

glamslam (535995) | about 6 years ago | (#23064640)

I wonder what would have happened if HR or Marketing was in charge of it instead.

Re:IT Departments Fail (1)

Velcroman98 (542642) | about 6 years ago | (#23064782)

I wonder what would have happened if HR or Marketing was in charge of it instead.

I wouldn't expect much change - promising stuff you cannot deliver is the mantra of many IT departments already.

Re:IT Departments Fail (1)

raddan (519638) | about 6 years ago | (#23064702)

OTOH, you'd be hard pressed to find a user that can get single-sign-on working across a heterogeneous network (hint: we have it working on Windows, Macs, Linux, *and* OpenBSD machines), or backing up 7TB of storage *nightly* (or heck, even providing 7TB of storage), containing virus outbreaks, and so on. There are plenty of IT departments that suck, and there are plenty that don't. Sometimes IT needs to give users some slack, but other times, IT needs to smack it down, hard. We've learned the hard way that users tend to make uninformed purchases of software-- this often leads to the company relying on a proprietary (and expensive) file format, when a few moments of consideration ahead of time would have saved the company a lot of pain. Yes, Adobe, I'm talking about YOU.

Re:IT Departments Fail (1)

SatanicPuppy (611928) | about 6 years ago | (#23064812)

Blah blah blah. Every third response is something along the lines of, "Well my last experience with IT sucked, so they must be worthless."

So a simple question: "What's the alternative?"

Seriously. Are you suggesting throwing the entire corporate infrastructure open to maintenance from anyone who thinks they can do it?

Frankly, I'm fucking tired of everyone sitting around with nothing better to do than complain about this or that thing. I've got crap to work with; too few employees, ancient systems, no money for software, hardware, or training.

When I do get an upgrade, everyone who doesn't benefit immediately starts calling it a stupid purchase and a waste...Godforbid someone wants to switch to IP telephony, because we all know that that tech is never going to catch on, and it's a much much better idea to keep paying for old fashioned phone trunks every month than just one nice internet connection.

Re:IT Departments Fail (1)

Velcroman98 (542642) | about 6 years ago | (#23065104)

Blah blah blah. Every third response is something along the lines of, "Well my last experience with IT sucked, so they must be worthless."

We only have our experiences to draw upon what we know.

Godforbid someone wants to switch to IP telephony, because we all know that that tech is never going to catch on, and it's a much much better idea to keep paying for old fashioned phone trunks every month than just one nice internet connection.

IP telephony can be great. My experience at ATMI was the CIO wanted it because it was cool. The phone guy would have to prepare the project documents every six months for him to weigh out the cost against the perceived benefit. A giant costs to upgrade a functional digital system, because the Cisco system sounds cool.

There were no usable benefits needed for the corporation. That doesnâ(TM)t mean when they move in a couple years to a new building they shouldnâ(TM)t consider it. But a forklift upgrade from the well running digital system today only gets you some flashy new screens for a couple hundred grand.

Great idea... (2, Funny)

spywhere (824072) | about 6 years ago | (#23064442)

Then, the proles can install Kazaa and LimeWire... and put the shares on the corporate servers.


Yes, I've seen that done.

Yes! Put them to work! (1)

Anonymous Coward | about 6 years ago | (#23064452)

breaking big rocks in to little ones or maybe digging holes and filling them again ... at GITMO

signed,
BCLEFH*

* CLE == C-Level Executive

muahahahahaaa

Been on both sides (3, Insightful)

gEvil (beta) (945888) | about 6 years ago | (#23064454)

I've been on both ends of the IT/user divide. I've administered networks of several hundred machines and am well aware of what some people will try to do with them. In my current position, however, I'm just a regular user. So when people in the department start talking about doing something that IT wouldn't approve of, I can usually explain to them in their terms why it wouldn't be such a good idea. OTOH, there have also been times where I've been called in by my boss to take care of a situation that IT hasn't been able to resolve, but that I've figured out because I face the problem daily. In those instances, I don't mind making a quick lap around the department and tweaking the machines a bit, because I know that it's exactly what IT would be doing anyways if they could be bothered to figure it out. And before someone says anything, I've contacted IT before to explain the problem and the fix. It's just that it's usually such an esoteric issue that they can't even begin to get their heads around it (e.g., font caching issues involving using certain programs in a certain sequence).

Re:Been on both sides (3, Interesting)

SatanicPuppy (611928) | about 6 years ago | (#23064892)

That's one thing I see a lot; a lack of communication between the users and IT. They need something, something that we could provide if we knew they needed it, but we don't spend any time up there, and they don't know enough to ask for it.

I've tried things like getting IT people invited to departmental meetings, cross-training the new guys in other departments...Whole lotta nothin has come out of that.

I think in the long run it's jsut going to require that the average user becomes tech savvy enough to know what to ask for, or we start hiring guys whose official role is like "embedded IT"; they work in other departments, but they report to IT.

A little knowledge (1)

Spad (470073) | about 6 years ago | (#23064468)

The old adage that a little knowledge is a dangerous thing applies here. Yes, there are people who know what they're doing and will behave responsibly with a free run of your infrastructure, but the majority are people who just want to install Bonzai Buddy or that cool Bittorrent thing that lets you download movies.

Even more dangerous are those who "know better" than the IT department and decide to set up their own services because yours haven't been configured correctly according to some guy they know on IRC. Next thing you know you've got rogue DHCP servers and all your desktop machines are PXE booting Gentoo.

No; it's one thing to give a little administrative leeway to knowledgeable users who need it, but letting people run their own pet projects on company hardware is a disaster waiting to happen.

Bypassing network lockdowns (5, Insightful)

truthsearch (249536) | about 6 years ago | (#23064478)

My last employer had firewalls that only allowed traffic through ports 80, 443, and an unusual port for VPN. I heard they also sniffed unencrypted packets, mostly to watch for viruses and breakins. Some of my coworkers wanted to use IM, although it was banned on the network. So I set up an encrypted squid proxy through my work desktop and home server. My whole team had IM and was able to communicate more efficiently.

One day I got called into the boss's office. He says, "I hear you've installed IM on everyone's desktop." So immediately I think I'm in trouble. Then he says, "Would you mind setting it up for me? How did you get it on the network?" He realized it increased productivity and any personal use wasn't seriously inhibiting work.

The point is don't hinder technology for a whole company only because you're afraid one ignorant user will bring in a virus. If power users want something, it's typically because it'll make them better at their job. Figure out a way to let them have it.

Re:Bypassing network lockdowns (0)

ivanmarsh (634711) | about 6 years ago | (#23065036)

The point is don't hinder technology for a whole company only because you're afraid one ignorant user will bring in a virus. If power users want something, it's typically because it'll make them better at their job. Figure out a way to let them have it.

Except that in most cases YOU just hindered the technoplogy of the whole company because you took it upon yourself to work outside of what the IT department had planned and now they are wasting their time cleaning up what you did instead of working on what they are supposed to be working on.

How 'bout putting in a request and maybe getting the real story from one of your IT guys about why IM isn't their highest priority?

Where I work we are requied to STRICTLY adhere to a large set of FCC, FTC, SEC and PCI rules... but you go ahead and take it upon yourself to get the company sued and in trouble with the federal government.

Re:Bypassing network lockdowns (0)

Anonymous Coward | about 6 years ago | (#23065054)

I have yet to see IM increase productivity.

Phone works well for instant - email works well if you need a lengthened communication cycle with audit trail.

IM just distracts if you are working - course if the work level only averages at 50% of peak most of the time then you may see a gain - how could you not...

Nonsense! Fire their Ass! (1, Flamebait)

littlewink (996298) | about 6 years ago | (#23064504)

I work for a large governmental entity that has policing powers and I assure you, such people are worthy of dismissal only. Once you give them an inch, they'll take a mile. As the article states
He or she will do whatever it takes to get the job done without waiting for IT to sign off.


They stop only when they're escorted out the door (or to jail) and then sometimes that's not enough.

People who persist in breaking IT rules after multiple warnings are usually "control freaks". If you give them responsibility, they will end up assuming more than they were granted, arguing with administration, causing chaos and personnel problems.

Best to nip this problem in the bud.

- Been there, done that.

Re:Nonsense! Fire their Ass! (0)

Anonymous Coward | about 6 years ago | (#23064622)


"People who persist in breaking IT rules after multiple warnings are usually "control freaks".

Wow - pot meet kettle!

Re:Nonsense! Fire their Ass! (0)

Anonymous Coward | about 6 years ago | (#23065094)

So, are you G2 or G6?

Not a problem (0)

Anonymous Coward | about 6 years ago | (#23064516)

I don't have a problem with this. I have 140 users split into various different departments. In each of these departments is a (fairly) technically able person. This means that the user will normally go to them first leaving me free to, uhhmm, reply to threads on /.

Give them access to everything? (1)

techpawn (969834) | about 6 years ago | (#23064540)

Yeah, I'll get RIGHT on that. And when the share holders or customers ask for documentation as to why the system is down 25% of the time and we tell them "Oh, it's because we gave RandomUserX on the Docks Admin rights to speed up response time on help desk. It's cool, he has his MCSE!"
I'm sure I could leverage getting a college co-op before getting the CIO to sign off on letting "Power users" run loose on the network to fix problems.

SO . . . who's job is on the line . . . (2, Informative)

mmell (832646) | about 6 years ago | (#23064682)

when yon users get the company sued for copyright infringement? How 'bout (knowingly or unknowingly) probing outside networks?

Writing code which floods the network with packets? Crashes workstations? Worse, crashes servers?

Deletes logfiles? Rewrites config files?

Sorry - if it's my name on the line for a given piece of equipment, I want control of that piece of equipment. I left a place last February where that wasn't strictly true - and I'm relatively certain my fellow outsourced contractors were breaking stuff. I never did decide if it was accidental or intentional, but the missing log files made me go "hmmm . . .".

perfect example of stupidity: autorun (1)

poetmatt (793785) | about 6 years ago | (#23064760)

My work actually is forcing all computers with XP to turn off autorun today. The funny thing is, the reason is that someone had "spyware and/or viruses" installed from the disks.

Really, do you think autorun is the issue here? I think it's safe to say that running Mcafee might not be the best idea to keep a computer safe (I seem to recall Clam doing a thousandfold better job), and also plain old stupidity from one of the users no doubt.

Sarbane Oxley ... two words like jail time (1)

Shivetya (243324) | about 6 years ago | (#23064784)

sorry, but I don't think letting anyone have their way is going to fly.

try all they want but its my job to set in place what the auditors tell the big guys what we have to have to comply.

no one wants to not be in compliance and subject to some idiot in government who one day got bad service/etc from someone in your company.

so, if these power users can't confine their play to home then I don't need them here.

take one of these pills (0, Flamebait)

suck_burners_rice (1258684) | about 6 years ago | (#23064848)

As an organization, the IT department should give the corporate users a choice. They can take the blue pill, which means their computer is managed by the IT department. People who aren't knowledgeable about the inner workings of their system and just want to get their work done without getting too sophisticated technically will probably choose this option. Or they can take the red pill and manage their own system, under one condition: The IT department has within it several 1337 h4x0rz who will be allowed to try and hack into these self-managed systems at any time that they wish. So long as they cannot find an exploit, the user is left alone. But if they find an exploit, that user has to buy everyone dinner. Or something along those lines. That way, people who want to control their own systems will have the opportunity to do so, but not in a manner that puts corporate data at risk.

Maybe, maybe not (5, Insightful)

Angst Badger (8636) | about 6 years ago | (#23064850)

It really depends on the organization. There may be some overriding legal or safety reasons why you don't want to let anyone out of the sandbox: end user apps may not place nice with air traffic control or nuclear plants. ;)

On the other hand, some IT departments fully live up to the Dilbert character, Mordac, Preventer of Information Services. My IT department happens to be one of those, and the main consequence of my supervisor's blanket refusal to do anything that bothers him is that everyone, including his boss, comes to me to get things done. And that's okay with my boss, because his real objection is to doing anything unfamiliar, not the fact that it's being done somewhere.

But that's obviously a dysfunctional situation. The problem is that our IT department -- and presumably many others, including some of the snitty, arrogant posters in this thread -- isn't doing its job. By definition, if the IT department is either preventing necessary work from being done, failing to help get it done, or imposing arbitrary obstacles to get out of doing work in the first place, the solution is not necessarily giving end users IT responsibilities; the solution is for upper management to kick ass and, if necessary, hire IT people willing to do their jobs.

Contrary to some of the polarized views I've seen here, IT isn't always the problem, nor are end-users always the problem. Most often, it's a failure of both to work constructively and flexibly together and a failure of upper management to insist that they do.

Of course, if the dysfunctionality in your company isn't going anywhere anytime soon, you may have to look for workarounds, and the solution proposed by the original poster might work in some situations.

I'm that guy who used to screw around... (3, Insightful)

Overzeetop (214511) | about 6 years ago | (#23065038)

...and even I think this is a BAD idea. You want to mess with your own PC, okay - there's some merit there for some people. Mess with the network - hell no. There are too many things that need to get done, and the ability for one person - even an otherwise knowledgeable person - outside of IT to screw things up is just too much of an unknown.

I'm not usually one to chime in on the side of IT, as they often throw out the baby with the bath water, but letting people who's primary function is something other than keeping the network up mess with the network is just a massively bad idea. Screw up a workstation and one guy is dead for a day. Screw up the network and the whole company can go toes up.

As a confessed Super-User (3, Insightful)

fionnghal (306289) | about 6 years ago | (#23065050)

I can relate to this issue. My co-workers often come to me to fix their email and various other apps that have been screwed up by an incompetent IT staff. I try, I really do try to get my coworkers to call IT if their is a problem, but sadly, they often don't trust them. I have been accused of all sorts of things by various IT employees and none of it true or even provable if it was. The truth is mine is the only computer they are _not_ regularly fixing (or screwing up) here in my office.

The problem with most IT departments. (1, Insightful)

Anonymous Coward | about 6 years ago | (#23065114)

Most IT departments think that they know everything there is to know about computers and the network. The problem is that they don't know half of the shit they think they do. In particular they usually know nothing about what their users need in order to be productive. Instead most IT departments focus exclusively on control, control, control. While control is great you must have an idea of what you need to control and why and that is where IT departments are out to lunch. Security is not the only responcibility of IT, usability is just as important. If I can't use my computer I might as well not even have it. Its just a waste of space and money if it is locked down so tight that I can't get my job done. Time and time again it has been shown that with physical access to a system you can gain control over it.

Stop being a disabler and start being an enabler. Show people how to user their computers effectively while keeping them safe through education.

Reminds me of highschool (1)

shellster_dude (1261444) | about 6 years ago | (#23065130)

When I went to highschool the network was ridiculously insecure. I spent a lot of time sniffing around and breaking into things. I had more access than the junior admin's did. The chief admin could have banned me, and in retrospect, he had every reason to. I didn't break anything, and I told him about all the security flaws I found. However, I didn't stay within the terms of the computer user agreement. The admin and I had a really good working relation. He allowed me to keep my derived super user powers, and in return, I attempt to figure out how to break things, and then help him fix the holes that would allow me to break things if I so desired. We both benefited from the arrangement.

Depending on the context: absolutely spot on (2, Insightful)

mce (509) | about 6 years ago | (#23065210)

First of all, it depends on the context whether this is a good idea or not. In some environments, the IT group is the one and only IT wizard. In others (esp. in companies where IT development and IT research are the core business), the official IT group often is not at all capable of even understanding what the engineers are doing and supposed to do.

I've always worked (nearly 18 years now) in the latter situation. Once upon a time, I was one of those superusers in that I was had an IT degree, but worked in engineering (research, actually) where most of my collegues were non-IT engineers. They were very IT savy at a personal level, but generally missed the wider scope. So far so good. The not so good thing, was that the IT department had no clue whatsoever of what the real business needs in terms of IT were (and neither had the company's management). The consequence was an ever worsening war between IT and IT users, amongst other things resulting in ever more shadow systems. We solved this by establishing a working group that took care ensuring there regular was bidirectional communication between parties (I was one of the founding fathers and later on was the chairman for many years). This worked wonders. (Note: It worked so well, that when I finally left the company, the IT group tried to convince me to stay by proposing that I might join them in quite senior positions.)

Part of the whole concept was to do exactly what TFA says: the real superusers were identified; they earned the trust/respect they deserved; and then gained the appropriate - for our context - access to specific systems. (I personally managed the whole repository of OSS as well as some commercial soft we had installed centrally on UNIX. No, I did not have root, as I designed the complete setup such that I did not need it, but it will also be clear that with that level of access I potentially could access a lot of data and that capturing root would not have been difficult had I wanted. Some superusers can be trusted afterall.) Many succesful applications were developed in the same way: some superuser developed - with the knowledge of IT - a prototype that was taken into production for a larger audience after review by the working group and possibly some clean up by IT.

Actually, all this is nothing new. Strategic alignment between business and IT is a core part of IT governance. So is making sure that IT governance is not a buzzword hidden in a bi-monthly meeting between the CTO and CIO, both of whom generally do not understand the issues, but that it is something that is built into the whole system at all levels. And yes, this includes the superusers (at least the capable ones).

Concluding remark: I've since obtained an MBA. As part of the IT course, I wrote a paper describing the complete history of IT management & governance at my previous employer detailing the above story at length. That paper made a very happy professor, as he considered that I was absolutely spot on. Afterwards he started using me as an in-class assistant for the remainder of his course.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...