Feeds

Save us from our users

Doomsday Weekend 3: sometimes a god complex isn't a bad idea

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Sysadmin blog Many sysadmins among us certainly have a god complex. The truth is, no matter how well-prepared for a large project we try to be, we can't control our users.

I took great pride before Doomsday Weekend in typing detailed emails about the changes that users should expect to see. The documents were necessary. They helped users through the transition and were an excellent point of reference for the post-project support calls. 
But nothing can compel users to read the emails they are sent.

Those users who did had a much easier time of it. Those who didn’t were quite upset on Monday morning to discover that everything had changed. In retrospect, I should have anticipated it.

One of those angry users had the solution to this problem: in addition to the emails, I should have printed a copy so that the information they required was on hand when they walked in. Not possible in all scenarios, but it would have saved a lot of grief in this one.

Another accidental experiment involved passwords. So our users could log into their VMs Monday morning, and so IT could set up user specific elements for the new users on our network, all non-administrative users were set to the same default password. We didn’t create a complicated list of users with different pre-set passwords; we simply set everyone’s password to the same thing.

Our intentions were good; we were going to have done all the configuration and user migration before Monday, and set users to change password at first logon. We didn’t make it. We still had tweaks to do to user environments two days after the deadline had passed. After we had finally reached the end of our customisations, we told users they were free to change their passwords. We decided that we would not force this on users at next logon, because after a rough week of big changes it would be bad PR for IT. So we sent another email detailing exactly how users could change passwords, why doing so was a good idea, and asking them nicely to comply for the sake of our sanity.

As I should have anticipated, the email was left largely unread by the users.

Many of those who did read it didn’t comply. So we discovered that a truly shocking number of users, even when made aware of the risks, won’t change their passwords from the default unless we force them to do it.

Users prefer convenience over security. Perhaps the greatest clashes between IT departments and their users are over this topic. Both sides can become entrenched: users demand absolute convenience, or else they will consciously work to subvert security measures. Hardline admins demand that users pay heed to security, or they will punish them with even more exacting security measures.

The solution is probably somewhere in the middle. Users pay attention to basic security measures, such as not sharing their passwords or leaving them taped underneath the keyboard, and admins put more thought into making security simple. After this misadventure, however, my opinions are beginning to shift towards a hardline sysadmin view.

We called each user to make them change their passwords. We stayed on the phone as they changed their passwords, and listened to the same diatribe about how changing passwords every six months was too much to bear. I find their apathy towards security breathtaking. Next time I won't care about bad PR for IT. I’ll just tick the “reset password" box and be done with it. ®

Beginner's guide to SSL certificates

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.