Have you ever encountered something at work so mindbogglingly stupid

[Exterous]

that you keep obsessing about it? I keep alternating between incredulity and fascination that something so terrible was not only implemented but defended. Its like a never ending train wreck for me to watch. I'll probably lose some sleep over it tonight in all honesty. (I wish that wasn't the case but I know it'll happen)

Basically a customer has no idea how to use Cloud services, and configured it in such a way that email accounts from yahoo, gmail or really any private company can be added as owners\administrators of their cloud based resources. Not only that but they are refusing to sync dedicated privileged accounts from their own AD environment to be used as admin accounts. They want administrators to use their regular accounts for privileged access (which is against oh so very many best practices) So joe@aol.com can admin a machine but adminaccount@actual.domain is a no go. And they are fighting me on changing this. "We don't want to end up with junk accounts in our cloud environment."

Well WTF do you call those 1,000+ non-domain accounts already in there??? Those are fine but your AD accounts that you can control things like password complexity, duration, etc on aren't?

In order to be closer in line with basic IT best practices I think I'll recommend that all the admins sign up for a yahoo account, add that to their resources and use that as for administration tasks.

 

[Zeze]

Yikes.

Are you in consulting (literally 'customer')?

Take a breather - I know they're preposterous. May I suggest the following:

- Prepare a nice 10-15 min deck that must be neutral in tone and cite out the pros and cons of both scenarios.
-Ask them to join you for this presentation calmly.
-Begin your presentation
- Objectively lay it out that (in nicely bite-sized bullet points for these dummies to digest) how stupidly dangerous and risky that is. In Layman's terms. Lay out the bullets of risks, consequences, possible breach of any kind of governance (internal and external). Then compare those to the cons of your approach. This should paint a nice clear picture to these baboons.
- Then on the third & last portion of the presentation should cover industry best practices covering it - cite the sources- books, podcasts, etc. Many multiple ones too.
- Say a blurb about how it got pretty heated before, but say that you mulled this over, carefully presented it because that's what I believe and is objectively what's best for the company.

Consulting entails same high standard in service as well

 

[Exterous]

Yikes.

Are you in consulting (literally 'customer')?

Depends on the situation. This was more of a technical contract than a consultation job. Part of the issue is that this is outside our scope of work. I was setting up some stuff for them in their environment and tried to autoresolve a person's AD admin account. John-admin didn't popup but john@hotmail.com did. "Hey John - whats your admin account so I can add it to this? What do you mean they won't let you use it? Why is there this hotmail account in here? Yeah hotmail. See? Lets take a look at your users - oh my god. What are all these accounts doing in here?!" and we kinda went down the rabbit hole from there

Nothing was heated in the discussion. It was all "Can you put me in touch with the decision maker?" and "we should reconcile differences between your environment and best practices" with their cloud group. Well I might have gotten enthusiastic about it with John but hes not in the cloud department. John is cool

 

[Zeze]

Oh. Why would you lose sleep over it.

 

[ImpulsE69]

I prefer to do these things over the phone so I can mute myself as I tell them how dumb they are.

 

[Exterous]

Oh. Why would you lose sleep over it.

Cause my brain is dumb. It wants to compose emails to Key People and figure out the perfectly eloquent prose that will cause everyone to magically realize that I am right and everything will be rainbows and puppies if they just do what I tell them to. For better or worse it does come up with some good ideas late at night so I have to take notes on my phone occasionally so I can remember them in the morning

 

[Exterous]

I prefer to do these things over the phone so I can mute myself as I tell them how dumb they are.

At a previous job a coworker of mine was using a desk phone and pressed the mute button and said some impolite things. Turns out the button didn't work correctly but the light sure lit up like it was. I've been distrustful of those ever since.

 

[shortylickens]

In the Navy?

Yes, almost every day for 9 years.

At Hynix, many times, probably weekly.

At Tektronix: Never. Good place to work.

 

[ImpulsE69]

At a previous job a coworker of mine was using a desk phone and pressed the mute button and said some impolite things. Turns out the button didn't work correctly but the light sure lit up like it was. I've been distrustful of those ever since.

Haha, that sucks.

 

[pete6032]

I submit my expense reports electronically, but then I have to print out the report and sign and date it and then have my boss sign and date it as well, and then scan it and email that to our admin person.

I'm 99.9% certain there is an approval mechanism in the expense reporting system that we could use that would avoid this problem but it's not my job to figure that out.

 

[Untcay]

I once saw a receptionist try to change a toner cartridge for a lazer printer.. she left black footprints on the blue carpet all throughout the office & whatever she cleaned them with made them worse. They are still there to this day.

 

[zinfamous]

Every time a university where I am working approves and implements yet another central purchasing scheme. It's a colossal fuck-up every. single. time.

 

[zinfamous]

I once saw a receptionist try to change a toner cartridge for a lazer printer.. she left black footprints on the blue carpet all throughout the office & whatever she cleaned them with made them worse. They are still there to this day.

That's more endearing than anything, imo.

 

[chitwood]

Had an admin assistant once complain that a HP laserjet 8150 (giant $2000 printer) was squeaky. We didn't go up there right away (because the thing still printed fine) so an hour later she got a can of WD40 and sprayed it into the vents on the side. She took out the paper trays and sprayed WD40 into the printer there too.

 

[[DHT]Osiris]

One environment where patch restarts weren't permitted for clients, even for logged-off systems, because 'I don't want it to be restarting if I have to use it', regardless of maintenance windows. We had a lot of mystery power outages, and some jackass that kept walking around unplugging laptops after hours.

Magnetic door locks that failed closed on a structure where the breaker box was inside the building. That one was fun.

 

[mikeymikec]

Basically a customer has no idea how to use Cloud services, and configured it in such a way that email accounts from yahoo, gmail or really any private company can be added as owners\administrators of their cloud based resources.

Correct me if I'm wrong, but doesn't that mean that someone signing into their own Microsoft account from wherever would have access to company documents?

While I have experience in administering Windows domains, I haven't done anything relating to domains and MS accounts yet.

 

[clamum]

At a previous job a coworker of mine was using a desk phone and pressed the mute button and said some impolite things. Turns out the button didn't work correctly but the light sure lit up like it was. I've been distrustful of those ever since.

Oh dang man. That is harsh. I would sometimes talk a little poop while muted, on conference calls with my manager at my second-to-last job, but thankfully the buttons actually worked. I'm not sure I'd do that again though. Just unprofessional and not really worth it.

I can't recall anything completely asinine at previous or current job. The biggest annoyance is laziness in the kitchen (refusing to make coffee and leaving a half cup in the pot, leaving fooded-up dishes unrinsed in sink, etc). The tech side of things actually ain't that bad, IMO.

 

[pete6032]

I once saw a receptionist try to change a toner cartridge for a lazer printer.. she left black footprints on the blue carpet all throughout the office & whatever she cleaned them with made them worse. They are still there to this day.

Was she a hot receptionist or an ugly receptionist?

 

[purbeast0]

Yes, pretty much daily.

 

[Humpy]

I'm continually reevaluating what qualifies as stupid versus acceptable. If it can't be fixed it's not broken.

 

[Exterous]

Correct me if I'm wrong, but doesn't that mean that someone signing into their own Microsoft account from wherever would have access to company documents?

While I have experience in administering Windows domains, I haven't done anything relating to domains and MS accounts yet.

By "own Microsoft account" do you mean their personal one or a work one? While you could use a Microsoft account as a work account IMO there is a better way for at least decently sized organizations. Instead it should be setup so they go to the appropriate portal, sign in with their work account (so John@company.com not John@outlook\hotmail.com) which is validated against the company's directory service and they are then given access to appropriate documents, servers, configs etc. This allows easier account management since you have one authoritative account control (in this case AD) that you can use across cloud providers and don't have multiple places to manage account access (O365 users\groups + Azure users\groups + On prem users\groups + AWS users\groups). This also makes it easier for users in that they can use the same credentials when logging in regardless of whether its office.com, portal.azure.com, signing onto their laptop, or aws.amazon.com/console (although there are some potential caveats to aws)

 

[Ken g6]

A company I work for once tried to develop their own CMS (like WordPress or Drupal) internally.

Well, at least they never tried to use it in production. And, fortunately, I wasn't on the team making it.

 

[Sonikku]

Was volunteering at the local food pantry and we had huge stacks of 1893 Pepsi, which was released as a throwback to what Pepsi tasted like originally.

One time a person asked if we had any soda to give and I told them what we had, but he was all like, "Well, I mean I dunno... Soda that's been sitting for over a hundred years probably tastes bad."

And a great mental face palm was had that day.

 

[IronWing]

Every time a university where I am working approves and implements yet another central purchasing scheme. It's a colossal fuck-up every. single. time.

The important thing is that they never retire an old system and simply layer the requirement to use the new system on top of the old.

 

[Untcay]

That's more endearing than anything, imo.

Yeah i guess it is, still though there were plenty of face palms all that week...