IT is all opinion. I should know, I report directly to my CIO and I'm responsible for for keeping the company I work for secure, cutting edge, and running. If you fired me and hired a new systems architect I can tell you that he would do everything different.
FACT: The previous administrator was an idiot.
That statement is 100% true everywhere at all times. I've never met a IT professional who didn't think the guy before him ran things like an idiot.
You had rights to add a machine to the domain?
If so seems like a crappy Sys admin/IT group there.
Oh yes, we needn't question the IT gods! All hail the IT gods for their judgments are wise and their policies just!
Get back to me when you can explain why IT needs to further lock down a server that isn't exposed to the outside world, hasn't had issues in the past, and already has lots of authentication. Yet, they want everyone to put the information that is protected by that server onto their laptops and take those laptops home with them.
Next, you can explain to me why IT (different company) lets a web application run exposed to the outside world with a VERY big security flaw (SQL injection) and then says "well, its not that big of a deal" when it is brought to their attention.
IT does stupid stuff. Employees aren't all completely blind to it.
It's not all opinion. There is absolutely some level of opinion involved, but it's the opinion of an informed IT professional, not some clown who builds his own PCs at home and thinks he knows how to run an enterprise network.
I also don't agree that a new Systems Admin, Engineer, Architect, etc would do everything different. Yes, all IT professionals have certain products/vendors they prefer to use. But we're all going to agree that we need to run some kind of antivirus software, systems need to be patched in a timely manner, etc.
I wouldn't hire my neighbor to rebuild the transmission in my car because I know he can change the oil in his car. And I wouldn't hire my other neighbor's grandson to define policies and procedures for an enterprise network because he fixes grandma's computer when she can't get it to print a cheesecake recipe.
I would, however, evaluate the recommendations of any IT professional that has the experience, knowledge, credentials, etc to make an informed decision and back that decision up with facts when he/she needs to.
antivirus can be disabled if you are local admin on your pc, even if IT thinks they have it "locked down from their side"
Well he wouldn't have been fired if he were not an idiot, true?FACT: The previous administrator was an idiot.
That statement is 100% true everywhere at all times. I've never met a IT professional who didn't think the guy before him ran things like an idiot.
Well he wouldn't have been fired if he were not an idiot, true?
It does seem like a lot of the IT people are terrible. My computer is fast and it's secure. Why isn't everyone else's computer like mine? It still takes 5 minutes to log in because it does a bunch of server stuff, but I get around that by locking the computer and putting it to sleep at night.
Good for you. Although, depending on the regulations that the IT department needs to comply with and the tools they are approved to use to enforce compliance, you wouldn't get away with that "stunt" with the VM so easily. Some day when you stop wagging your eDick around, maybe you'll realize that the bullshit you claim to have gotten away with would get you fired from almost every employer in the country.
Get back to me when you can explain why IT needs to further lock down a server that isn't exposed to the outside world, hasn't had issues in the past, and already has lots of authentication. Yet, they want everyone to put the information that is protected by that server onto their laptops and take those laptops home with them.
Maybe it's the same guy who activates Windows for me.And another thing.. how is it more secure that I should call a random guy in India to grant access to a local data system on a plant floor?
Bah... reset the admin password on that thing with a password recovery disk and use it to reschedule the antivirus scan.
Bullshit like that is why I don't let IT screw with my work computers.
IT spends more time limiting what their own users can do than they do actually securing the assets of their company. Having worked as an IT analyst and now being on the user end, I can tell you that more money is pissed away by paying people to sit around and wait for a small handful of IT people to install something, run something or set up something on their computers. My company is no exception to this rule. I'm currently working on a project that is weeks behind schedule. The reason? Sitting around waiting for IT to finally get to my ticket.
There needs to be a happy medium between protecting your IT infrastructure and allowing your users the privileges they need to get work done. Where I work at best they will give you power user privileges and then lock everything else down with security policies. Can't install software. Can't uninstall software. Can't upgrade printer drivers. Can't manage file share privileges. It's to the point where unless you're doing daily rinse lather and repeat work, it is a complete obstacle. Trying anything new, testing software, connect a new device to the network? Can't do it. I'm happy to sit there and twiddle my thumbs and when the question is asked why isn't this done? Well, waiting on IT is getting to be a common phrase.
Time to stop treating your employees like they are hackers trying to bring everything crashing down and start holding people accountable for what they do if given admin privileges. Crash your computer? Too bad. You reload it. Fuck up a database and cost the company thousands? Get fired. That's how it should be.
You had rights to add a machine to the domain?
If so seems like a crappy Sys admin/IT group there.
Us IT people don't like doing pointles things. We aren't sitting on our asses thinking about adding more security to a system that doesn't need it, we would rather be neffing.
There's something called compliance, and if we do something that seems pointless in regards to security its probably because we are desparately trying to pull an auditor out of our ass.
:awe:You have to realize that you (and others like you) are exceptions, and not the rule. Most computer users are clueless and if you DIDN'T restrict their access to install software for "testing," you'd have all sorts of crap in your environment. Who here remembers the trouble Yahoo and Google toolbars caused with IE, for example? You'd have users potentially uninstalling AV because it makes their computers "slow," and look at the mess you'd have if that happened!
:awe:
Windows Search came installed on my computer and it was a dog piece of shit that doesn't work properly. It's actually less effective than the search that came with Windows XP at launch. I uninstalled that one and installed Google Desktop which seems to work a lot better.
Some people on both sides exaggerate a lot here.
1. Normal people can't and don't uninstall virus scan software, create VMs, or try to trick people. People like to talk tough like they find all these magical ways around IT's policies. Believe me, we know what's going on.
2. Even if someone breaks the "computer rules" policy and does stupid stuff, they aren't automatically getting fired. "I'm sorry sir, I know you were our #1 salesperson this year, but you changed the time of your virus scan without IT's approval so I have to fire you"......please.
Bah... reset the admin password on that thing with a password recovery disk and use it to reschedule the antivirus scan.
Bullshit like that is why I don't let IT screw with my work computers.