Announcement

Collapse
No announcement yet.

The fact that you are a branch manager means two things.

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The fact that you are a branch manager means two things.

    Jack, and sh*t.

    And Jack left town.

    My company is spread out over the western United States. Our corporate HQ is in Salt Lake City, and I am based out of an office in a Denver suburb. Combined between corporate and my branch, we have approximately 90% of the employees in two locations.

    But we do have some far flung branches - California, Arizona, Texas, etc.

    We have a loan officer out in San Diego, who has a laptop that will not let him log in. Says there is something corrupted in the registry, and any registry repair or system restore tools apparently are ineffective. After doing what I can do, I tell him that his next step will be to contact the IT manager in Utah, so they can basically "roll a truck" out there in San Diego with an IT services company to have boots on the ground there. I, from 1100 miles away, cannot do anything more if the damn thing won't even BOOT properly except to local accounts. Apparently this is so fudged up that safe mode won't even work. (And I'm not sure if any local account would work either...)

    Apparently this was not acceptable to his branch manager, who just called in to the ITSD and said I needed to give up the password to the local admin account that is on each of our machines.

    Let me think about that...NO. Under no circumstances am I going to compromise the security of the ONE account that is on EVERY computer in the company, just because your "kind of a techie guy" LO did something to his machine and apparently gummed it up even worse.

    I told this branch manager that he would have to contact my boss directly, and if HE feels comfortable violating a pound and a half of rules because "an LO is dead in the water", HE can do it.

    Mr. BM (yes, pun intended) then tried to bear down on me like "I'm a BM, you are an IT Tech, you will do what I say", and I came THISCLOSE to telling him that there's a list of five people in this company that I will accept the order to give up that password from, and his name isn't on that list. That'd be my boss, the HR boss, the president, the CEO and our head legal counsel.

    And even then, every one of those five people would have to do it in writing. CMA.
    Last edited by Ted_The_IT_Guy; 12-19-2014, 06:56 PM. Reason: Adding details, correcting punctuation brainfarts

  • #2
    Uhm... You have the same admin account password on all your machines? That's a potential problem waiting to happen already. It's onerous to have a separate generated password for each machine, but it makes it less likely for a single security breach to affect your entire organization.

    Also, it'd probably be more cost-effective to next-day another laptop to the guy...

    Comment


    • #3
      Quoth Ted_The_IT_Guy View Post
      Mr. BM (yes, pun intended) then tried to bear down on me like "I'm a BM, you are an IT Tech, you will do what I say", and I came THISCLOSE to telling him that there's a list of five people in this company that I will accept the order to give up that password from, and his name isn't on that list. That'd be my boss, the HR boss, the president, the CEO and our head legal counsel.
      A couple suggested answers to demands like that:

      "You are not in my chain of command. If you feel that you need that password, send the request up your chain of command with the request to have it passed back down through mine. If MY chain of command feels that it is appropriate to give you that password, THEY will tell me to do so."

      "Part of my job as an IT Tech is maintaining the security of the corporate network. Giving out the password you requested would be a breach of security, so it is my duty to NOT give it out."
      Any fool can piss on the floor. It takes a talented SC to shit on the ceiling.

      Comment


      • #4
        Quoth TheSHAD0W View Post
        Uhm... You have the same admin account password on all your machines? That's a potential problem waiting to happen already. It's onerous to have a separate generated password for each machine, but it makes it less likely for a single security breach to affect your entire organization.

        Also, it'd probably be more cost-effective to next-day another laptop to the guy...
        It's not uncommon and is often used for wide scale software implementation onto new or existing hardware. The security lies in the fact that these networks are usually isolated so someone has to physically access the network directly and input the credentials to gain access to it (which gets logged and stored securely). Considering every physical access point has a camera looking at it and the system id is logged the person is nailed pretty quick. To add, it's a VERY short list of people who have access to the full admin id info (most contractors and sub contractors have a local one for that location only) and it's about as tight of security as one can accomplish without nightly mind wipes.
        I AM the evil bastard!
        A+ Certified IT Technician

        Comment


        • #5
          Quoth lordlundar View Post
          and it's about as tight of security as one can accomplish without nightly mind wipes.
          So THAT'S why the BOFH and PFY routinely go for the pub for large quantities of lager - in order to maintain information security.
          Any fool can piss on the floor. It takes a talented SC to shit on the ceiling.

          Comment


          • #6
            Quoth wolfie View Post
            So THAT'S why the BOFH and PFY routinely go for the pub for large quantities of lager - in order to maintain information security.
            No, no, no, you've got it wrong. The mind wipes are for OTHER PEOPLE. They have the cattle prod for a reason.
            Fool me once, shame on you. Fool me twice, you speak with the Fraud department. -- CrazedClerkthe2nd
            OW! Rolled my eyes too hard, saw my brain. -- Seanette
            she seems to top me in crazy, and I'm enough crazy for my family. -- Cooper
            Yes, I am evil. What's your point? -- Jester

            Comment


            • #7
              Quoth TheSHAD0W View Post
              Uhm... You have the same admin account password on all your machines? That's a potential problem waiting to happen already. It's onerous to have a separate generated password for each machine, but it makes it less likely for a single security breach to affect your entire organization.

              Also, it'd probably be more cost-effective to next-day another laptop to the guy...
              Sadly, yes that is the way it is set up. It is not my decision, and one that I often rue and lament...right alongside the fact that there are no failsafes to prohibit a normal user (non IT) from installing whatever the fudge they want on their computer.

              It's only in the past couple of weeks that they've started to put a blocking system in place to prohibit certain non work websites on the corporate system...

              And I think you have the right idea, in overnighting a laptop being the best solution. If I had one myself in the Colorado office, it's what I would have proposed. But Laptops recently have gained "worth more than their weight in gold" status and are rarely 'in backstock'. One gets back in due to upgrade or termination, it's usually out in someone else's mitts within 24 hours. Another flaw in our design.

              Comment


              • #8
                Quoth Ted_The_IT_Guy View Post
                But Laptops recently have gained "worth more than their weight in gold" status and are rarely 'in backstock'. One gets back in due to upgrade or termination, it's usually out in someone else's mitts within 24 hours. Another flaw in our design.
                When (not if) a single point of failure "takes out" multiple laptops simultaneously (e.g. sprinklers go off in the hotel where multiple laptop users are staying, soaking the units), how long will it take to change the policy so that spares are kept on hand to allow for rapid replacement? Also, which peon in the back office will get the blame for there being no spares?
                Any fool can piss on the floor. It takes a talented SC to shit on the ceiling.

                Comment


                • #9
                  Quoth wolfie View Post
                  When (not if) a single point of failure "takes out" multiple laptops simultaneously (e.g. sprinklers go off in the hotel where multiple laptop users are staying, soaking the units), how long will it take to change the policy so that spares are kept on hand to allow for rapid replacement? Also, which peon in the back office will get the blame for there being no spares?
                  The policy change will be done and in effect in 24 hours then revoked in a week due to being too expensive.
                  I AM the evil bastard!
                  A+ Certified IT Technician

                  Comment


                  • #10
                    Of course, since the policy at the time of the incident is "no spares", there will be no spares on hand - and some peon will be blamed for the fact that there are no spares.
                    Any fool can piss on the floor. It takes a talented SC to shit on the ceiling.

                    Comment


                    • #11
                      Quoth TheSHAD0W View Post
                      Uhm... You have the same admin account password on all your machines? That's a potential problem waiting to happen already.
                      I sure hope the password isn't 1-2-3-4-5

                      But seriously, in my office, we once had separate passwords for all of the machines. Then my boss came in one weekend, decided he needed something on my computer (why, since I don't save anything on there), and flipped out when he couldn't log in. He actually made me reset all the user IDs and passwords to his name. 3 digits for each, are you kidding me? And yes, I did get to hear about it when our server got knocked out later that year

                      Then there are my FAQ sheets. Because I don't sit at my desk every minute, I typed up a series of sheets that describe my job functions. On a couple of them, I left off the log-in info for one of the reporting systems I access.

                      I got to hear about that, but at least I had a good reason. That is, when we started using the system (which connects us to the main office downtown), we signed paperwork reading something like "the undersigned will not release their log-in information to anyone" with the threat of termination. So I posted that little tidbit in the FAQ.

                      Sorry folks, I'm not going to get fired because you cannot remember your password...and I won't get fired for refusing to give you mine.
                      Aerodynamics are for people who can't build engines. --Enzo Ferrari

                      Comment


                      • #12
                        Thankfully, the "one password to rule them all" isn't 1-2-3-4-5, as awesome in one way it would be. It is something that has nothing to do with IT, and at least does have capital letters, lower case letters, numbers and a couple of special symbols in place of a letter. No effing way someone could just guess it even knowing all the gents in IT and their personal likes/foibles.

                        The "no laptops in backstock" pattern has already bitten us a couple of times, but in a way that at least has been financially beneficial to my bank account...overtime, baby.

                        A full backup laptop kit, including the docking station we use, would run north of $1500 each. But yeah, we only do millions of dollars a month in revenue, we can't possibly afford say 5 of those kits in corporate, and 5 in my office (which is kind of like a mini-corporate, more people work in my branch than in every other non-corporate HQ branch combined)...no siree...

                        This is also a company that insists on buying individual Office 2013 licenses, instead of even investigating how much a bulk corporate license would cost on a monthly subscription basis from Microsoft...which makes reinstalling Office 2013 fun if people have been lax on tracking which computer has which license activated under which email address...damn you Microsoft!!!

                        Comment


                        • #13
                          Could you tell this loan officer you were now going to make a complaint to HIS boss about his behavior and his desire to violate company policy that could get anybody canned who did it. Can you offer him that kind of payback or do you just suck it up?

                          Comment


                          • #14
                            Not all machines

                            Quoth TheSHAD0W View Post
                            Uhm... You have the same admin account password on all your machines? That's a potential problem waiting to happen already. It's onerous to have a separate generated password for each machine, but it makes it less likely for a single security breach to affect your entire organization.

                            Also, it'd probably be more cost-effective to next-day another laptop to the guy...
                            The school system the company I worked for started with only one master password on all their machines.

                            Over time we installed new password in a regional/town basis. IE , all schools in one area/town (1-10) would end up with the same password but the next area/town would a different password. Since the school region covers about thirty(30) areas if a student found access to one machine it did not spread far unlike before.

                            It may not be the best solution, but it meant of the few occasions where the password needed to be changed the techs would just make one trip to change all the computers in just one area.

                            Note: the larger towns already had problems in the past when there was one password for all and we have not seen any problems there lately. It is the small towns/areas that are out in the country when there very small schools with limited staff where the problems do occur. We think it is because they need to use the students more to do the extra work because of a lack of staff, or not having someone with the needed computer skills so they have to ask students for help more, then info leaks out.

                            Comment


                            • #15
                              Quoth earl colby pottinger View Post
                              The school system the company I worked for started with only one master password on all their machines.
                              This, of course, reminds me of the tale of "serVer" (capitalization deliberate).

                              When I was in high school, the school got some brand new Macs. They were set up with a fairly basic AppleTalk network. The server was, of course, another Mac.

                              The server had a password. By the time I was in 12th grade, someone had worked out what the password was: "serVer". No, I'm not joking - I actually used it a time or two myself when nobody was looking.

                              My brother is almost 9 years younger than I am. I told him about this, and since he was still in high school at the time (late 1990s, I graduated in 1991), he checked it. He reported that not only was the password still "serVer", it was case-insensitive.
                              "I often look at every second idiot and think, 'He needs more power.'" --Varric Tethras, Dragon Age II

                              Comment

                              Working...
                              X