It's been a bad day, so -::begin true it-happened-to-me BOFH-style rant::::Sorry for the length, but I feel better now::
Yanno, I've been telling my users for years now that the easiest way to stay safe is to keep updating. I even (choke cough sputter) turned on "Automatic Update" in Windows, just so it would keep them up-to-date. They disabled it, claiming "Every once in a while things would get slow for a bit, but now it's fine" or my favorite "I got funny messages". (PS: Also had to reimage 7 machines because somebody decided he was a geek and he could just copy his registry between machines).
So I capitulated, and started sending everyone reminders by email when they had to update. I included the URL to windowsupdate and copious instructions. "It's too hard, I don't know what to do", they whined. I tried sending them the enterprise update exe's. They downloaded them, alright... put them right on their desktop, and forgot about them. I rewrote the reminder emails to include a script to do everything for them. It worked, for a bit... then I started noticing machines not being updated, and virii floating around that shouldn't. Turns out they'd started sending my emails right to the trash. "It didn't seem to do anything", they said, "it just popped up some box and then went away, so I figured I didn't need it." The box, of course, said "PERFORMING AN IMPORTANT UPDATE ON WINDOWS, PLEASE WAIT."
Exasperated, I set up the NT login script to push the updates to the user (which I'd been avoiding, it involved actually getting the NT server working). It seemed to work fine, until one day I browsed the network by accident (hit the wrong button), and noticed that I had 65 computers in the group in an office of almost 200. Turns out some genius had found his way into Network properties and changed the setup to skip login to the NT server. "It was really annoying", they said, "I'd start up my computer in the morning, and then I'd have to wait for, like, a whole minute or two! Sometimes it wasn't even done when I got back from getting coffee! This is so much easier, we just hit 'escape' when the login screen comes up. Why didn't you do this in the first place?". It was at this point that I found out no-one was using the network drives either ("We have a network? Like an internetwork?"), thereby rendering pointless my copius virus scans and backups and RAID setup that I'd blown my monthly budget on. Fine, I say to myself, I'll show these buggers.
So I set up a dummy machine, with which to do nothing but keep running perfectly and with all updates and latest drivers installed. I burned a bootable CD image from it, and whenever someone called in with a virus complaint, I'd go to their machine, pop in the CD, reboot, and go for an extended coffee break. The image had a boot virus scan to clean everything else up. Happy, was I, as I noticed the drop in virus calls. Soon, they dried up. I was actually starting to feel good, untill one day the VP called me in to find out why we were sending no less than 9 different virii to our clients every day. Their excuse? "When you did that thingy with the thingy, it made all our games disappear, and I've almost gotten to the second level!" Yes, indeed, they were just ignoring the virii now, even though they were getting messages from the antivirus program. Seems they believed clicking "Quarantine" would mean that I'd take their computers away and lock them in the server (clean) room for a while.
So I tried locking down with PolEdit and SysEdit. They brought in their own windows CD's and reinstalled, because "something was broken and it wasn't letting me do what it used to". I pulled the CD drives (no use for them here anyways, except for games), and came out of the IT room late one night to find one of the file clerks studiously pulling hard drives from the cases to reimage at home and return the next morning. I drilled holes in the side panels and put a padlock on them. The users started bringing in laptops to do their work on from home, which even made the problem worse. I screamed bloody murder, demanded to know what the source of these problems were. Everyone played dumb. I felt my brains rotting and leaking out of my ears.
Then, salvation. The VP mentions that he's seen alot of people emailing lately, and he wants to make sure that it's all company business. Would I monitor employee email usage, he asks? I try to suppress my snoopy-dance of joy as he gives me the escape clause from the moral dilema I'd been facing about finding out what the problems were. I monitor, I read, I find out who's sleeping with who (including a schedule for a tryst in the closet behind my server room. I consider installing a hidden camera), but most importantly, I find out the source of my headaches. An industrious middle manager has discovered the joys of wholesale computer warehouses, and has been joyously selling the employees games to play at work, and later, the laptops they brought in. I wonder how exactly he managed to charge people $25 to "upgrade their L4 cache so their games go faster". I admire his inginuity, but I know he must go. I feel good about this decision, mostly because I know he's screwing around with my computers, but also because I can justify it as "doing the best thing for the company". That, and productivity has gone in the tank, and everyone is blaming their computers, and at his direction, me. I'll make BOFH yet, I tell myself.
That was a long time ago, at least in computer years. Once he left, things bounded back up to normal. People started doing what they should, not avoiding security so they could play games all day long. Why do I tell you this long story? Because that is my experience with users, and that is the pain that is caused when they don't do what they're told to. So, as someone who's told users for years to do their updates, I feel no sympathy for users hit by this particular (and moderately ingenious) virus. If they were good users, they would do their updates like their SysAdmin tells them to. They are bad users, users like the ones from above, and so I say "No PC for you!". I wouldn't feel like this, except the story specifically states that this virus takes advantage of known vulnerabilities. I don't see it as a bad thing, I see it as a chance to see who listens to me, and who'll get "upgraded" to a new 486 next month. I'm in a BOFH mood today, can you tell?
In closing, I reflect on my outing of the middle manager. I printed out his more venemous emails regarding me, along with copies of invoices for illegally imported computer components and computer games charged to his expense account. I wrote a touching resignation letter for him to sign, explaining how he was leaving for "personal reasons". I left these on his desk as he was out to lunch, pointed his desklamp at them, turned it on, and turned off the room light. On top, I left a short note:
It is dark. You are likely to be eatten by a grue.
Xterms running from a compute server eliminate all those hassles. That cuts direct admin costs, and cuts WAY down on the indirect admin costs which occur when your highly paid workers spend hours each day putzing about trying to get their PC's working.
When everyone is running the same program from the same machine, the admin can make it work right, once, and then never worry about it again. When everyone is running their own copy, on their own machine loaded with other crap, the admin (the many admins and helpdesk people, in this setting) has to troubleshoot each of them, separately, over and over and over...
People can bring in their laptops from home if they want games.
I tried dumb terminals for the telephone POS team. It didn't work out, for a number of reasons, the most notable being that when their request for a monitor colour other than "amber" was denied, they started using coloured markers to make it interesting shades of baby-diaper brown ("The amber hurts my eyes."). When I put "goop" on it (an anonymous, 20 year old bottle of something, picked up from a high school, used to keep the kids from drawing on the screens. No ink sticks to this crap), they tried holding unshielded speakers to the monitor to get it to change colour ("It works at home!"). Even when I spent the time to explain the intricate details of CRT tubes and colour guns, they still tried again when I left.
These are the same people who ***COMPLAINED**** when the latest drive image came with Clippy turned off. How frightening is that?
I should be nice to them and mention that the previous sysadmins stance was "If you don't like it, fix it yourself", and the only way for users to get service was for them to hammer their machines to the point where the didn't work anymore, and then complain to their supervisor. It was bad, really bad, but even their warnings to me when I took the job didn't scratch the surface of the evilness this place has.
My current favorite user recently regaled me with the story of how her new TV's remote had died, and therefore she poured water down the back of it until it sparked. She was very sure to point out *HOW SMART!* she was to let the water dry before she returned it to the store to get an exchange, and she's very happy with her new, functional remote.
The deep, stabbing pain in my head rose to new levels as I commented that it was odd for the batteries in a new remote to die that quickly, and she said "What batteries?"
Hey man! I complained when I lost my clippy! Well.. kinda.... I had the damn thing scripted up via a python Comm script to turn on @ 5pm And threaten to launch porn windows all over my screen if I didn't stop what I was doing, turn the machine off, go home and have a beer. On the other hand, Clippy did actually suck. I just kinda tweaked it to suck less.
That it "had died" seems to imply that it did work at some point and then cease to function. Thus obviously there were batteries, maybe drained enough for it not to work any more but batteries nevertheless, with probably enough power to cause sparking.
My organization runs almost entirely on laptops, and while most people work in the office some of the time, we also work from home on dialup, from the road, etc. Often the IT Central Planners are good about making sure their upgrades that require more than 1-2MB only get run on fast connections, but not always. It's really annoying to be on a dialup connection and have your computer want to download 10MB of antivirus definitions, even when you're not out visiting a customer. You *have* to give the user a choice. Unfortunately, yes, this means you need to get creative with a lot of these things.
Hypodermics are annoying, but necessary, If your IT department is doing something poorly, this is no excuse to sabotage a real and necessary function.
If the marketing department keeps over-selling your product you don't cut off their supply or ask customers not to buy so much, you fix the supply chain.
I've spent far too many years fixing people's screw-ups because they were merely "annoyed". If I, your IT professional, screw up then complain to my boss. Make us be "creative", but I say the bottom line is that you have no choice. I'm paid to make that decision, you're paid to do something else. If my decisions are poor, I should be made to atone.
Simple.
Don't undermine your company by undermining your IT department. Help fix it.
I've been sysadmin and I've been a user. While it's important for sysadmins to occasionally bully users into doing things they're too lazy to do otherwise, it's also important to realize who works for whom, which is that the sysadmin works for the user. In some companies the relationship is close enough to be obvious, while in other companies it's indirect - the sysadmin works for the company, and the user works for the company, but the company hires the sysadmin to LET THE USERS GET THE USERS' WORK DONE. (I'm shouting because I've been in too many environments where this isn't obvious.)
Virus updates are critical - the other posting by A.C. indicates that he sets up the machines on his net to update them frequently, and in a LAN-based environment, that's usually not a bad policy, though updating at boot time sometimes can interfere with what a developer is doing, or with somebody installing new hardware or software that requires reboots, or whatever. But I'm in a company that has people working out in the field, and while it may be important to get a virus update today, a 10 megabyte data file update on a 56kbps dialup line takes a long time - and if I'm out at a customer site trying to show their CIO how our really cool web site can help them make money, or I'm in the airport trying to send an important email before getting on a plane, I can't wait an hour for the latest virus update to download - that can wait till I'm back at the office.
Microsoft Outlook's integration of calendar, incoming mail, and storage of old mail, all in one big system, makes this particularly critical. The other day I needed to get on a conference call, and had the phone number in my Outlook Calendar, and dialed up 15 minutes before the call to get any relevant emails (and my Palm Pilot battery had run out the other day so I hadn't copied the schedule to there.) Somebody in Marketing had decided to mail 10 MB of glossy viewgraphs to everybody, and while it was downloading, I couldn't access the old messages to find the website for the slides for the call. The older antivirus software used to have similar behaviour - it insisted on doing its updates at boot time, before anything else could run, whether the user needed it right then or not. The newer stuff is often sufficiently well-behaved that it just dogs down the network connection rather than totally preventing you from working, but it's still a problem.
We won't see eye-to-eye on this because we have two disparate philosophies regarding corporate IT; I do not believe the IT works for the user in a corporate setting (in a consumer setting, yes).
My belief is that the IT must work for the corporation and that its service should reflect the will of the corporation, not the end user. Unless, of course, your IT department is a lot of bumbling morons. If that's the case then firings are in order, not mob rule.
The end result is still that your IT department is not properly doing its job -- enabling you to work within the desires of the corporation at a near optimum level while maintaining the best interests and goals of the corporation (and sometimes those things "annoy" the end user.). If they work for you, you get to tell them how to work based on 'your' interpretation of what that means. This is why I believe such a model is faulty from the start. (Aside: I know a lot of places don't have the caliber of personnel I'm used to working with, but I don't see that this makes any difference in the end... they should start firing and hunting up someone with more brains than resume. Again, a business practice issue, not a reason to change the model. Those people exist. I know many of them and some of them aren't working [while a lot of chuckleheads are].)
You seem to be aware of the problems in your company and understand why they're bad for the company. My suggestion, based on my beliefs as stated above and were it my place to suggest, would be to make noise and make it heard. Fix the problem at its source.
"...the company hires the sysadmin to LET THE USERS GET THE USERS' WORK DONE..."
In my view, the company hires the users AND the sysadmins to get the _company's_ business done. It's up to the company's management to make the one support the other. Virus protection being a prime example; It's not about protecting you, the user, it's about protecting the company's assets. If it's done poorly and affects the performance of you, the end user, then that's a symptom of bad planning and management.
The one thing we DO agree on is that users can't have things crammed down their throats which affect their performance, but I do not believe that the solution is for the user to make the syadmin a lame duck. I believe the solution is to make the sysadmin perform better (or fire his or her sorry ass).
---------------- Personal note: Yes, I'm bitter, but I do believe all this. I recently left a very high-demand (24/7 99.9% uptime) computing environment supporting anywhere from 2,000 to 4,000 users (the majority being chip designers out of a company total of over 70,000) and tens of thousands of machines [no exaggeration, I assure you] and I've pledged never to work in a system like that (yes, your "work for the end user" model) again. Our "customers" dictating policy forced us to oftentimes provide poorer than necessary service and many times jeopardized the holdings of the corporation's intellectual assets. In my opinion that's just plain stupid. When the organization was shuffled and the "customer" model became more lip service than operating model, we were able to do things more 'rightly'. Why? Because we knew what we were doing. It was our job. It was our vocation. We weren't playing store clerk to people who had an entirley other job. I have no patience for poor IT anymore (and my patience was gone which is why I left). That's why I have no patience for the "IT drone" model. I'm smart and really really freaking good at what I do. I want to be able to do it with no more constraints than any other technical field. Basically... I don't want some recent college grad circuit designer telling me how things should be done or some guy who says 'I'm a unix user from way back' who really means 'I used VMS once' to tell me how to do my job. I certainly don't tell him how to do his. That's what our managers are for.
Your storied made me laugh incrontrollably. I don't know if you embellished them but they have this pleasant yet slightly uncomfortable ring of truth (uncomfy 'cause it could happen to the reader!).
I really suggest you submit these stories to one of the sysadmin humor sites. You will make readers happy.
Were are moderation points when you need them? Sheesh...
Actually it's often a sign of bad management if something like this happens.
Employees who repeatedly screw up company property should get verbal warnings, show cause letters, and if they still persist unfortunately they have to be sacked.
It's a disciplinary and management issue. You should have backing from your management to enforce reasonable policies.
If employees keep breaking the rules and getting away with it, it's bad management.
If you don't get backing from management, then it's also bad management. It's bad to have responsibility without power. You get the blame, it's not your fault and you can't do anything about it.
But if you did have management support, then it's probably your fault things things went that way.
Damn users.... (Score:5, Funny)
Yanno, I've been telling my users for years now that the easiest way to stay safe is to keep updating. I even (choke cough sputter) turned on "Automatic Update" in Windows, just so it would keep them up-to-date. They disabled it, claiming "Every once in a while things would get slow for a bit, but now it's fine" or my favorite "I got funny messages". (PS: Also had to reimage 7 machines because somebody decided he was a geek and he could just copy his registry between machines).
So I capitulated, and started sending everyone reminders by email when they had to update. I included the URL to windowsupdate and copious instructions. "It's too hard, I don't know what to do", they whined. I tried sending them the enterprise update exe's. They downloaded them, alright... put them right on their desktop, and forgot about them. I rewrote the reminder emails to include a script to do everything for them. It worked, for a bit... then I started noticing machines not being updated, and virii floating around that shouldn't. Turns out they'd started sending my emails right to the trash. "It didn't seem to do anything", they said, "it just popped up some box and then went away, so I figured I didn't need it." The box, of course, said "PERFORMING AN IMPORTANT UPDATE ON WINDOWS, PLEASE WAIT."
Exasperated, I set up the NT login script to push the updates to the user (which I'd been avoiding, it involved actually getting the NT server working). It seemed to work fine, until one day I browsed the network by accident (hit the wrong button), and noticed that I had 65 computers in the group in an office of almost 200. Turns out some genius had found his way into Network properties and changed the setup to skip login to the NT server. "It was really annoying", they said, "I'd start up my computer in the morning, and then I'd have to wait for, like, a whole minute or two! Sometimes it wasn't even done when I got back from getting coffee! This is so much easier, we just hit 'escape' when the login screen comes up. Why didn't you do this in the first place?". It was at this point that I found out no-one was using the network drives either ("We have a network? Like an internetwork?"), thereby rendering pointless my copius virus scans and backups and RAID setup that I'd blown my monthly budget on. Fine, I say to myself, I'll show these buggers.
So I set up a dummy machine, with which to do nothing but keep running perfectly and with all updates and latest drivers installed. I burned a bootable CD image from it, and whenever someone called in with a virus complaint, I'd go to their machine, pop in the CD, reboot, and go for an extended coffee break. The image had a boot virus scan to clean everything else up. Happy, was I, as I noticed the drop in virus calls. Soon, they dried up. I was actually starting to feel good, untill one day the VP called me in to find out why we were sending no less than 9 different virii to our clients every day. Their excuse? "When you did that thingy with the thingy, it made all our games disappear, and I've almost gotten to the second level!" Yes, indeed, they were just ignoring the virii now, even though they were getting messages from the antivirus program. Seems they believed clicking "Quarantine" would mean that I'd take their computers away and lock them in the server (clean) room for a while.
So I tried locking down with PolEdit and SysEdit. They brought in their own windows CD's and reinstalled, because "something was broken and it wasn't letting me do what it used to". I pulled the CD drives (no use for them here anyways, except for games), and came out of the IT room late one night to find one of the file clerks studiously pulling hard drives from the cases to reimage at home and return the next morning. I drilled holes in the side panels and put a padlock on them. The users started bringing in laptops to do their work on from home, which even made the problem worse. I screamed bloody murder, demanded to know what the source of these problems were. Everyone played dumb. I felt my brains rotting and leaking out of my ears.
Then, salvation. The VP mentions that he's seen alot of people emailing lately, and he wants to make sure that it's all company business. Would I monitor employee email usage, he asks? I try to suppress my snoopy-dance of joy as he gives me the escape clause from the moral dilema I'd been facing about finding out what the problems were. I monitor, I read, I find out who's sleeping with who (including a schedule for a tryst in the closet behind my server room. I consider installing a hidden camera), but most importantly, I find out the source of my headaches. An industrious middle manager has discovered the joys of wholesale computer warehouses, and has been joyously selling the employees games to play at work, and later, the laptops they brought in. I wonder how exactly he managed to charge people $25 to "upgrade their L4 cache so their games go faster". I admire his inginuity, but I know he must go. I feel good about this decision, mostly because I know he's screwing around with my computers, but also because I can justify it as "doing the best thing for the company". That, and productivity has gone in the tank, and everyone is blaming their computers, and at his direction, me. I'll make BOFH yet, I tell myself.
That was a long time ago, at least in computer years. Once he left, things bounded back up to normal. People started doing what they should, not avoiding security so they could play games all day long. Why do I tell you this long story? Because that is my experience with users, and that is the pain that is caused when they don't do what they're told to. So, as someone who's told users for years to do their updates, I feel no sympathy for users hit by this particular (and moderately ingenious) virus. If they were good users, they would do their updates like their SysAdmin tells them to. They are bad users, users like the ones from above, and so I say "No PC for you!". I wouldn't feel like this, except the story specifically states that this virus takes advantage of known vulnerabilities. I don't see it as a bad thing, I see it as a chance to see who listens to me, and who'll get "upgraded" to a new 486 next month. I'm in a BOFH mood today, can you tell?
In closing, I reflect on my outing of the middle manager. I printed out his more venemous emails regarding me, along with copies of invoices for illegally imported computer components and computer games charged to his expense account. I wrote a touching resignation letter for him to sign, explaining how he was leaving for "personal reasons". I left these on his desk as he was out to lunch, pointed his desklamp at them, turned it on, and turned off the room light. On top, I left a short note:
It is dark.
You are likely to be eatten by a grue.
Re:Damn users.... (Score:2)
If there is such a thing, I think you should be nominated for BOFH of the Month.
And if you don't mind, I'm going to use a few of those tips...
Re:Damn users.... (Score:1)
Re:Damn users.... (Score:1)
Damn, but that hit the spot. I think that's my sig for the week =)
Re:Damn users.... (Score:1)
When everyone is running the same program from the same machine, the admin can make it work right, once, and then never worry about it again. When everyone is running their own copy, on their own machine loaded with other crap, the admin (the many admins and helpdesk people, in this setting) has to troubleshoot each of them, separately, over and over and over ...
People can bring in their laptops from home if they want games.
Re:Damn users.... (Score:5, Funny)
These are the same people who ***COMPLAINED**** when the latest drive image came with Clippy turned off. How frightening is that?
I should be nice to them and mention that the previous sysadmins stance was "If you don't like it, fix it yourself", and the only way for users to get service was for them to hammer their machines to the point where the didn't work anymore, and then complain to their supervisor. It was bad, really bad, but even their warnings to me when I took the job didn't scratch the surface of the evilness this place has.
My current favorite user recently regaled me with the story of how her new TV's remote had died, and therefore she poured water down the back of it until it sparked. She was very sure to point out *HOW SMART!* she was to let the water dry before she returned it to the store to get an exchange, and she's very happy with her new, functional remote.
The deep, stabbing pain in my head rose to new levels as I commented that it was odd for the batteries in a new remote to die that quickly, and she said "What batteries?"
Re:Damn users.... (Score:2)
Two BOFH rants in one day. You should make a website. You are officially on my Friends list. Keep writing!
-molo
Re:Damn users.... (Score:1)
DON'T KNOCK CLIPPY! (Score:2)
Well.. kinda....
I had the damn thing scripted up via a python Comm script to turn on @ 5pm And threaten to launch porn windows all over my screen if I didn't stop what I was doing, turn the machine off, go home and have a beer.
On the other hand, Clippy did actually suck. I just kinda tweaked it to suck less.
Re:Damn users.... (Score:1)
Re:Damn users.... (Score:1)
She just didn't know about them.
IT BOFHs forcing software upgrades badly (Score:2)
Re:IT BOFHs forcing software upgrades badly (Score:1)
If your IT department is doing something poorly, this is no excuse to sabotage a real and necessary function.
If the marketing department keeps over-selling your product you don't cut off their supply or ask customers not to buy so much, you fix the supply chain.
I've spent far too many years fixing people's screw-ups because they were merely "annoyed". If I, your IT professional, screw up then complain to my boss. Make us be "creative", but I say the bottom line is that you have no choice. I'm paid to make that decision, you're paid to do something else. If my decisions are poor, I should be made to atone.
Simple.
Don't undermine your company by undermining your IT department. Help fix it.
Why the user needs control (Score:3, Insightful)
Virus updates are critical - the other posting by A.C. indicates that he sets up the machines on his net to update them frequently, and in a LAN-based environment, that's usually not a bad policy, though updating at boot time sometimes can interfere with what a developer is doing, or with somebody installing new hardware or software that requires reboots, or whatever. But I'm in a company that has people working out in the field, and while it may be important to get a virus update today, a 10 megabyte data file update on a 56kbps dialup line takes a long time - and if I'm out at a customer site trying to show their CIO how our really cool web site can help them make money, or I'm in the airport trying to send an important email before getting on a plane, I can't wait an hour for the latest virus update to download - that can wait till I'm back at the office.
Microsoft Outlook's integration of calendar, incoming mail, and storage of old mail, all in one big system, makes this particularly critical. The other day I needed to get on a conference call, and had the phone number in my Outlook Calendar, and dialed up 15 minutes before the call to get any relevant emails (and my Palm Pilot battery had run out the other day so I hadn't copied the schedule to there.) Somebody in Marketing had decided to mail 10 MB of glossy viewgraphs to everybody, and while it was downloading, I couldn't access the old messages to find the website for the slides for the call. The older antivirus software used to have similar behaviour - it insisted on doing its updates at boot time, before anything else could run, whether the user needed it right then or not. The newer stuff is often sufficiently well-behaved that it just dogs down the network connection rather than totally preventing you from working, but it's still a problem.
Why the sysadmin shouldn't be a drone (Score:1)
My belief is that the IT must work for the corporation and that its service should reflect the will of the corporation, not the end user. Unless, of course, your IT department is a lot of bumbling morons. If that's the case then firings are in order, not mob rule.
The end result is still that your IT department is not properly doing its job -- enabling you to work within the desires of the corporation at a near optimum level while maintaining the best interests and goals of the corporation (and sometimes those things "annoy" the end user.). If they work for you, you get to tell them how to work based on 'your' interpretation of what that means. This is why I believe such a model is faulty from the start. (Aside: I know a lot of places don't have the caliber of personnel I'm used to working with, but I don't see that this makes any difference in the end... they should start firing and hunting up someone with more brains than resume. Again, a business practice issue, not a reason to change the model. Those people exist. I know many of them and some of them aren't working [while a lot of chuckleheads are].)
You seem to be aware of the problems in your company and understand why they're bad for the company. My suggestion, based on my beliefs as stated above and were it my place to suggest, would be to make noise and make it heard. Fix the problem at its source.
"...the company hires the sysadmin to LET THE USERS GET THE USERS' WORK DONE..."
In my view, the company hires the users AND the sysadmins to get the _company's_ business done. It's up to the company's management to make the one support the other. Virus protection being a prime example; It's not about protecting you, the user, it's about protecting the company's assets. If it's done poorly and affects the performance of you, the end user, then that's a symptom of bad planning and management.
The one thing we DO agree on is that users can't have things crammed down their throats which affect their performance, but I do not believe that the solution is for the user to make the syadmin a lame duck. I believe the solution is to make the sysadmin perform better (or fire his or her sorry ass).
----------------
Personal note:
Yes, I'm bitter, but I do believe all this. I recently left a very high-demand (24/7 99.9% uptime) computing environment supporting anywhere from 2,000 to 4,000 users (the majority being chip designers out of a company total of over 70,000) and tens of thousands of machines [no exaggeration, I assure you] and I've pledged never to work in a system like that (yes, your "work for the end user" model) again. Our "customers" dictating policy forced us to oftentimes provide poorer than necessary service and many times jeopardized the holdings of the corporation's intellectual assets. In my opinion that's just plain stupid. When the organization was shuffled and the "customer" model became more lip service than operating model, we were able to do things more 'rightly'. Why? Because we knew what we were doing. It was our job. It was our vocation. We weren't playing store clerk to people who had an entirley other job. I have no patience for poor IT anymore (and my patience was gone which is why I left). That's why I have no patience for the "IT drone" model. I'm smart and really really freaking good at what I do. I want to be able to do it with no more constraints than any other technical field. Basically... I don't want some recent college grad circuit designer telling me how things should be done or some guy who says 'I'm a unix user from way back' who really means 'I used VMS once' to tell me how to do my job. I certainly don't tell him how to do his. That's what our managers are for.
EOL
Re:Damn users.... (Score:2)
Not a single thing you mentioned is outside the realm of possibility.
Re:Damn users.... (Score:1)
Your storied made me laugh incrontrollably. I don't know if you embellished them but they have this pleasant yet slightly uncomfortable ring of truth (uncomfy 'cause it could happen to the reader!).
I really suggest you submit these stories to one of the sysadmin humor sites. You will make readers happy.
Were are moderation points when you need them? Sheesh...
Probably bad management. (Score:3, Insightful)
Employees who repeatedly screw up company property should get verbal warnings, show cause letters, and if they still persist unfortunately they have to be sacked.
It's a disciplinary and management issue. You should have backing from your management to enforce reasonable policies.
If employees keep breaking the rules and getting away with it, it's bad management.
If you don't get backing from management, then it's also bad management. It's bad to have responsibility without power. You get the blame, it's not your fault and you can't do anything about it.
But if you did have management support, then it's probably your fault things things went that way.
Link.
Re:Damn users.... (Score:1)
I called a user "Frobozz" once. He of course had no idea what I meant.
There must be NT near; my sword is glowing a faint blue glow.