Enterprise IT rant

[classy]

Nah, I pulled stunts like this in the big shops too... I even got to the point where I would make a VM with the IT assigned machine name so it wouldn't report my laptop as missing from the network

This I think is a bit of bs. Unless you are in very very lax domain could this even work. Adding a vm with the same name wouldn't change all the other controls. It would have to show sooner or later as two machines some where.

 

[Genx87]

Nah, I pulled stunts like this in the big shops too... I even got to the point where I would make a VM with the IT assigned machine name so it wouldn't report my laptop as missing from the network

How did you have two machines with the same name on the domain? And how did you join the VM to the domain?

 

[classy]

How did you have two machines with the same name on the domain? And how did you join the VM to the domain?

Exactly. That is one way, but stop and think of all the places this would show up, AV console for one. I would see that double name in Endpoint and endpoint logs machine specs as well. WSUS or pushing updates through SCCM. That missing machine won't go away because another has the same name. How many of us will look at DNS for some reason or another, depedning on how large the enviroment is, you would see it there as well. Unless he has some how gotten admin rights or the IT support is really bad there, I just don't see how a regular user could pull this off. To many areas would have to change. And thats just off the top of my head.

 

[Cogman]

Could be worse...

My team uses an SVN, IT decided "Hey, we need to backup the code tree incase anything bad happens." So guess where they decide to backup the code tree? You guessed it, on the SAME server as the SVN...

Couple that with the paranoia. We have a server that is only accessible within the companies network (which has some pretty beefy security settings all to its own). This server has NO connection to the outside world what-so-ever. On top of that, the server requires you to have a username and password to do anything with it.

Well, because this server has a simple webhost which displays test data to everyone (which is only available to those in the companies VPN.. And you STILL have to log in to see anything), IT has determined that this is just unacceptable. You can't have test data available to everyone in the company! What would happen if some hacker steals our test data!

So, they are working hard to put on 8 more locks and layers of security on a system that is only available to those inside of the company to try and limit access to testers (even though when a failure occurs, it is pretty nifty to be able to hand off the information to a developer on what went wrong.)

Not only that, but they want to severely limit how the server is being used. Right now, it acts as a VNC server for the testers. They don't want that. They would rather we move all the data and setup onto our laptops which they mandate that we must take home with us..... I kid you not. Their security policy is "Data access in a closed network is too risky, after all, we can't trust our own employees, they might steal something! The best solution is to have every employee load the data onto their own laptops! Much more secure!!".

Ultimately, it doesn't really affect my work that much. It is just silly the sorts of policies they incorporate in the name of security while simultaneously making huge gaping security holes.

 

[Exterous]

I have ours configured but for 2 am in the morning. You still run word 1998, lol, seriously?

We would like to do that but we have way to many laptop users that just shut their computers off and take them home. We also have lab users who complain when overnight AV runs slow down their overnight lab test runs

Damnit people we can only have so many OUs in AD before management and coordination gets to be a nightmare!!!

 

[AMCRambler]

IT spends more time limiting what their own users can do than they do actually securing the assets of their company. Having worked as an IT analyst and now being on the user end, I can tell you that more money is pissed away by paying people to sit around and wait for a small handful of IT people to install something, run something or set up something on their computers. My company is no exception to this rule. I'm currently working on a project that is weeks behind schedule. The reason? Sitting around waiting for IT to finally get to my ticket.

There needs to be a happy medium between protecting your IT infrastructure and allowing your users the privileges they need to get work done. Where I work at best they will give you power user privileges and then lock everything else down with security policies. Can't install software. Can't uninstall software. Can't upgrade printer drivers. Can't manage file share privileges. It's to the point where unless you're doing daily rinse lather and repeat work, it is a complete obstacle. Trying anything new, testing software, connect a new device to the network? Can't do it. I'm happy to sit there and twiddle my thumbs and when the question is asked why isn't this done? Well, waiting on IT is getting to be a common phrase.

Time to stop treating your employees like they are hackers trying to bring everything crashing down and start holding people accountable for what they do if given admin privileges. Crash your computer? Too bad. You reload it. Fuck up a database and cost the company thousands? Get fired. That's how it should be.

 

[FoBoT]

@AMCRambler , a lot of companies are required to do that stuff by federal regulations, sarbanes oxley , Dodd-Frank, or PCI compliance (payment card industry, ie credit cards)

 

[sactoking]

I guess I'm just going to have to chalk this up to more professional designation study time and Words with Friends time.

I was already sitting around on my ass several hours per week during data loads. I get MASSIVE files from companies (one large holding company sent data on a Blu-ray, compressed several times over, so that it took up about a TB uncompressed) and IT refuses to give me direct access to the server specific to my project, so I have to decompress the files on my terminal then send them over the slow-ass network to the server for long-term storage, then pull them back across the network to define and manipulate. I tied up my terminal for 5 days from 8-5 just doing that large holding company's data a couple months back.

 

[Bateluer]

Nah, I pulled stunts like this in the big shops too... I even got to the point where I would make a VM with the IT assigned machine name so it wouldn't report my laptop as missing from the network

Err, that's grounds for immediate termination.

 

[ShawnD1]

IT spends more time limiting what their own users can do than they do actually securing the assets of their company. Having worked as an IT analyst and now being on the user end, I can tell you that more money is pissed away by paying people to sit around and wait for a small handful of IT people to install something, run something or set up something on their computers. My company is no exception to this rule. I'm currently working on a project that is weeks behind schedule. The reason? Sitting around waiting for IT to finally get to my ticket.

Man that sucks. My employer is pretty awesome about computers. Everyone's access is pretty damn close to administrator level. I can install and uninstall things, I can schedule tasks, I can change default handlers (open with program A instead of program B), change the way it looks, change how long it waits before it turning off. There are some things I don't have access to, and it's still managed by some remote server in another city. It's a really great setup.

I can even install not-free programs on a whim. A couple months ago I needed Bentley Microstation to fix a drawing. There's a tool called something like "altiris agent" and it put Microstation on my computer. Every once in a while we get emails saying things like "if you have acrobat standard installed and don't need it, please uninstall it so we can free up some licenses"

 

[postmortemIA]

antivirus can be disabled if you are local admin on your pc, even if IT thinks they have it "locked down from their side"

 

[Lifted]

Time to stop treating your employees like they are hackers trying to bring everything crashing down and start holding people accountable for what they do if given admin privileges. Crash your computer? Too bad. You reload it. Fuck up a database and cost the company thousands? Get fired. That's how it should be.

Making you accountable doesn't matter if you installed a trojan or virus on your computer that has since rooted itself into other system on the network. The limitations you are referring to aren't always in place in order to prevent you from causing problems, they are there to prevent your account from being used by malware for theft of, or damage to, company resources.

 

[Lifted]

antivirus can be disabled if you are local admin on your pc, even if IT thinks they have it "locked down from their side"

Yes, but that would show up in the centralized administration console and its' reports, and you would likely be fired for circumventing and/or disabling the security software in place to prevent theft and damage.

 

[busydude]

Are you on pentium II or pentium III class computer?

 

[Lithium381]

gpo ftw

 

[SandEagle]

have you tried rebooting your computer 3 times?

 

[OutHouse]

Bah... reset the admin password on that thing with a password recovery disk and use it to reschedule the antivirus scan.

Bullshit like that is why I don't let IT screw with my work computers.

I would have you canned gor doing that.

 

[magomago]

i feel your pain.

pc used to be fast. open things like matlab in a second.

then IT started all these new updates/deployments....

now everything scrolls to a crawl. if i turn on the system, let it completely boot, it will take about 15 minutes no joke. and this is on a system with an SSD

from that point if i close anything else (not even have outlook open) and then choose to open matlab its another 5-8 minutes. W.T.F. And yes, I've recorded the time.

Outlook 2007 has also gotten god awful slow.

My pc will slowly come to grinding halts, typically around lunch time. Even in word 2007 typing will have this weird 5-6 second delay. when that stuff happens, i just get up and walk away.

before I could easily have a tech program open, word, outlook, and powerpoint open. Now that would simply be a death wish.

the worst, most annoying things is when it tries to download IT updates when i'm working offsite and using VPN. Everything is suppppper slow. Hell it doesn't even HAVE to be updating - VPN is just dog slow anyways! It used to be speedy, but now accessing a 500k file takes forever. i feel like it has to virus scan everything 100x before it will let me actually access it.

Its actually so bad that if I right click on a file I usually wait about a minute before the options appear. i suppose that is a bigger annoyance than IT updates when i'm offsite.

I don't have viruses, i'm not a pc noob, I know exactly what I have put on the pc myself, so i believe it is unlikely that the source is stemming from me. The big wildcard in ths is that I don't know what IT is constantly deploying to this computer. FWIW, i'm not the only one that has this problem. people around me have it too. Even others have it that think its normal - people with core i7 laptops sitting there waiting a good minute for outlook to open....

...and asking for help never fixes it...

of course, IT's job is to report to their boss and execute, so I suppose this goes up to the CTO because he/she implements the policies, right? I wonder if he/she has the same junk loaded on his pc that is a struggle to work with.

 

[AeroEngy]

I feel your pain. IT recently upgraded to new AV software and it is scheduled to only run weekly on Monday night @ 2AM. However, it doesn't finish until about 11AM or so the next day. So I know every Tuesday morning I can't do anything until lunch.

I have complained multiple times with no success to try to change the scheduled time to say 7PM with no luck. I actually set up a Matlab script to poll the processor usage ever few minutes, logged it, and sent them a plot of near 100% usage with gigantic page file usage that lasted from 2AM until 11:30AM. They closed the ticket and said that "it was normal and the process doesn't interfere with other programs" ... except I lose 4 hours every Tuesday when my PC is not usable. I thought about starting to bill those 4 hours to company overhead and attaching a note stating "unable to use PC due to IT process". At my labor rate I bet that will get them properly motivated to look into it.

 

[seepy83]

There are so many misinformed and/or ignorant people posting in this thread.

How many of you can put yourself in the position of a CEO or other non-IT c-level executive or member of a board of directors that is responsible for keeping the business running? When the CIO, CTO, CSO (security), or other individuals responsible for creating technology policies recommends that it is done a certain way, you follow their lead because it is their job to know the policies and procedures that will keep the information systems available and secure. If I'm the CEO, them I'm listening to what the c-level IT folks have to say...I'm not listening to some clown who is not an IT professional but claims he knows how to run an enterprise network better than one because he grew up playing computer games and building his own PCs at home.

Don't get me wrong...like any profession, there are definitely IT executives that are not good at what they do. But the complaints being brought up in this thread are not necessarily related to an IT executive making a bad decision. For example, if an Antivirus Scan is slowing your system down that much, then your computer might be old or under-spec'd, and your gripe should probably be with the CFO/Finance for not approving a budget to give you a decent piece of equipment to work with.

Why don't all of you whiners get together and develop the IT and Info. Sec. policies and procedures that you think every business in America should adopt? You can put it up on a website and solicit feedback from real-life IT executives, and then see how quickly your design is torn to pieces. Better yet...form your own company, "protect" your most important data (whatever it may be...trade secrets, medical records, credit card numbers, etc) using the methods that you deem appropriate, and then invite the world to try to compromise your systems. I can't wait to see how that works out for you.

 

[sourceninja]

There are so many misinformed and/or ignorant people posting in this thread.

How many of you can put yourself in the position of a CEO or other non-IT c-level executive or member of a board of directors that is responsible for keeping the business running? When the CIO, CTO, CSO (security), or other individuals responsible for creating technology policies recommends that it is done a certain way, you follow their lead because it is their job to know the policies and procedures that will keep the information systems available and secure. If I'm the CEO, them I'm listening to what the c-level IT folks have to say...I'm not listening to some clown who is not an IT professional but claims he knows how to run an enterprise network better than one because he grew up playing computer games and building his own PCs at home.

Don't get me wrong...like any profession, there are definitely IT executives that are not good at what they do. But the complaints being brought up in this thread are not necessarily related to an IT executive making a bad decision. For example, if an Antivirus Scan is slowing your system down that much, then your computer might be old or under-spec'd, and your gripe should probably be with the CFO/Finance for not approving a budget to give you a decent piece of equipment to work with.

Why don't all of you whiners get together and develop the IT and Info. Sec. policies and procedures that you think every business in America should adopt? You can put it up on a website and solicit feedback from real-life IT executives, and then see how quickly your design is torn to pieces. Better yet...form your own company, "protect" your most important data (whatever it may be...trade secrets, medical records, credit card numbers, etc) using the methods that you deem appropriate, and then invite the world to try to compromise your systems. I can't wait to see how that works out for you.

IT is all opinion. I should know, I report directly to my CIO and I'm responsible for for keeping the company I work for secure, cutting edge, and running. If you fired me and hired a new systems architect I can tell you that he would do everything different.

FACT: The previous administrator was an idiot.

That statement is 100% true everywhere at all times. I've never met a IT professional who didn't think the guy before him ran things like an idiot.

 

[lokiju]

Nah, I pulled stunts like this in the big shops too... I even got to the point where I would make a VM with the IT assigned machine name so it wouldn't report my laptop as missing from the network

You had rights to add a machine to the domain?

If so seems like a crappy Sys admin/IT group there.

 

[Sephire]

Nah, I pulled stunts like this in the big shops too... I even got to the point where I would make a VM with the IT assigned machine name so it wouldn't report my laptop as missing from the network

Haha.



You are fired.

 

[BarkingGhostar]

What is it with enterprise-level IT personnel that makes them so disconnected from reality? I sent in an IT ticket last week because I was having slow system performance. Every day at 4:15.20 my system would come to a standstill. I opened task manager and saw that the system was running a virus scan that was using >50% CPU, >40% physical memory, and had a 1.2GB page file with no other programs running.

I took a screenshot and included it in the ticket and said "Hey, I'm getting really terrible system performance and I'm pretty sure it's this. Can you take a look for me?"

The response was: "Due to a high number of viruses discovered on workstations recently we have to do a weekly scan to ensure system stability. The scans should occur in the background and will use fewer resources if they are needed by other processes."

I replied: "Hey I get it. But here's another screenshot of my system at >90% CPU, >70% physical memory, and 2.8 GB page file with just Word 1998 running. Also, this happens every day, not every week. Could you look into this b/c as it is I just sit around for the last hour each day."

I got no response to that, just a closed ticket. Today, the virus scan started at 3:00 and will be going until at least 5:00.

Cliffs:
Having problems with antivirus hogging resources
IT gives excuses
I call IT on their excuses
IT reschedules virus scan to be even more inconvenient

They're idiots. Mine has a habit of running updates during the maintenance window--and for my line of work that is VERY dangerous. Spontaneous reboots while conducting work on telecommunications. Brilliant!

 

[Cogman]

There are so many misinformed and/or ignorant people posting in this thread.

How many of you can put yourself in the position of a CEO or other non-IT c-level executive or member of a board of directors that is responsible for keeping the business running? When the CIO, CTO, CSO (security), or other individuals responsible for creating technology policies recommends that it is done a certain way, you follow their lead because it is their job to know the policies and procedures that will keep the information systems available and secure. If I'm the CEO, them I'm listening to what the c-level IT folks have to say...I'm not listening to some clown who is not an IT professional but claims he knows how to run an enterprise network better than one because he grew up playing computer games and building his own PCs at home.

Don't get me wrong...like any profession, there are definitely IT executives that are not good at what they do. But the complaints being brought up in this thread are not necessarily related to an IT executive making a bad decision. For example, if an Antivirus Scan is slowing your system down that much, then your computer might be old or under-spec'd, and your gripe should probably be with the CFO/Finance for not approving a budget to give you a decent piece of equipment to work with.

Why don't all of you whiners get together and develop the IT and Info. Sec. policies and procedures that you think every business in America should adopt? You can put it up on a website and solicit feedback from real-life IT executives, and then see how quickly your design is torn to pieces. Better yet...form your own company, "protect" your most important data (whatever it may be...trade secrets, medical records, credit card numbers, etc) using the methods that you deem appropriate, and then invite the world to try to compromise your systems. I can't wait to see how that works out for you.

Oh yes, we needn't question the IT gods! All hail the IT gods for their judgments are wise and their policies just!

Get back to me when you can explain why IT needs to further lock down a server that isn't exposed to the outside world, hasn't had issues in the past, and already has lots of authentication. Yet, they want everyone to put the information that is protected by that server onto their laptops and take those laptops home with them.

Next, you can explain to me why IT (different company) lets a web application run exposed to the outside world with a VERY big security flaw (SQL injection) and then says "well, its not that big of a deal" when it is brought to their attention.

IT does stupid stuff. Employees aren't all completely blind to it.