Mow said:
VanguardLH said:
NOTE: Do not mix up the posting order. Whether you prefer top- or
bottom-posting, /maintain the SAME order/. There is no top- or
bottom-posting order for the first post in a thread. That is
established by the first-level respondent. Bruce bottom-posted so
follow suit. Stop generating a jumbled mess by mixing top- and
bottom-posted messages together in your replies.
If YOU, as an admin-level user, can enable ACLs then what is going to
prevent OTHERs, also as admin-level users, from removing those changes?
You're a system admin. So are THEY! You gave them permission to be so.
Ownership, I am the only one with it, hence am the only one that can reclaim
it ;]
You're a bunch of same-rating admirals in a lifeboat issuing different
orders that none of you have to obey. One of the admirals (you) has the
combination to a locker but all the admirals have the combination, too.
Your special title of "system admin" merely means you get stuck and
stressed with having to manage more than one host. The other admins get
the luxury of just managing their one host.
So does your company actually have a software policy (as to what is
allowed on the users' hosts)? If not, you don't have permission to
alter any software configuration that the users contrive. If there is a
policy then simply generate images of what their hosts are supposed to
have and merely re-image their host when a problem arises. After all,
if this truly is a company environment, those users should not be
leaving company data on their hosts (it should get saved on a file
server) or there should be a client-server backup system in place to
save the data off their workstations (but not necessarily the apps since
the company software policy would let you define an image of what they
should have). If policies are not in place and the employees notified
of them, you have no leverage to exercise any control over what is on
their hosts.
Yes, things that distract from work, like chatting and file-sharing
Unless there are established company policies, YOU can't dictate what
goes on the employees' hosts. Don't assume power that you don't have.
For example, a QA tester may have ties with WinRunner forums (because
that software is used at work), or use chat rooms of WinRunner users (to
get away from the spam in the Yahoo Groups for WinRunner), or may use
instant messaging between groups of WinRunner users rather than use a
Usenet group or an e-mail scheme to communicate with other in a
forum-like manner. The access to those other users is seen as a
critical resource in the QA tester performing their duties at work. You
banning the use of those communications channels is interfering with the
employee getting their job done. By that way, I've been in that
scenario and the sysadmin that interfered with my job got reported to my
manager, to his manager, and even to the Sales, Marketing, and the CIO
due to his impact on my scheduling of QA testing due to lack in finding
some needed solutions from other WinRunner users that were more expert
than I. Without a company policy established to dictate what could be
on my host, he had no permission to change anything on it. In fact, as
part of this fiasco, we had to sit down with the IT folks and tell them
that everything in our Alpha Lab was off limits to them. Nothing in
there they could touch or alter. We didn't even want the pre-built
Dells they were pushing onto the workstations since we had and needed
our own-built hosts that met our requirements. We had our own subnet to
isolate our traffic, especially test-loading traffic, from the corporate
network. This boob admin removed other software from my hosts without
warning, without asking, and without permission and the company policies
enforced by the IT department do not cover our hosts in the Alpha Lab
(whether physically or on our desks but connected to the lab network,
not through the corporate network).
Another example is e-mail. Unless policies are in place that dictate
that only company-related business will employ e-mail services at work
then you have no means to enforce the employees do not conduct personal
communications via e-mail using company resources. You also have
nothing to enforce or punish someone that move company e-mail content to
an off-company location, like redirecting their e-mails from work to
some non-company server, like Hotmail or to their home computer or even
to another company's mail server should that be a part-time worker that
has another job elsewhere. You can't enforce what was never defined.
We are jealous over control of our test hosts and protect them from the
boobs in the IT dept who are not allowed to enforce the general company
policies on them. However, there are activities or traffic that do
involve the corporate network and where we need special privileges we
first ask for them and get documented the response allowing us those
privileges. *BUT* there are company policies in the first place.
Without them, YOU have no power to dictate what software is on a host.
Do you even have company policies regarding abuse of company resources?
For a user to commit abuse means it had to be defined in the first
place. I can guarantee you that if you permit any connections to the
Internet that your users will figure out how to thwart your attempts to
limit what types of network traffic that they can generate. All I would
need is some allowed traffic, encrypt it, and have another server handle
to where that traffic is directed to get any content that I want into
the corporate network. Unless your company cuts its internal network
off from all external networks, you won't be able to deter unwanted
traffic until you establish policies that threaten the employment of the
worker.
No policies, no enforcement. Should you ever attempt to terminate an
employee for arbitrary cause, like claiming they generated unwanted
network traffic that impacted its performance or its reasonable use by
other employees, expect a wrongful termination lawsuit to ensue.
Without policies in place, your company would have no standing in the
court case because abuse was never defined. You trying to stem abuse
without any policies to back up those actions means the employees are
still free to do anything they want to thwart your actions. Unless you
are enforcing the rules, you are an arbitrary adversary to be overcome.
You could very well be the one impacting the overall performance of the
employees and the one that gets replaced.
