Feeds

Save us from our users

Doomsday Weekend 3: sometimes a god complex isn't a bad idea

  • alert
  • submit to reddit

Build a business case: developing custom apps

Sysadmin blog Many sysadmins among us certainly have a god complex. The truth is, no matter how well-prepared for a large project we try to be, we can't control our users.

I took great pride before Doomsday Weekend in typing detailed emails about the changes that users should expect to see. The documents were necessary. They helped users through the transition and were an excellent point of reference for the post-project support calls. 
But nothing can compel users to read the emails they are sent.

Those users who did had a much easier time of it. Those who didn’t were quite upset on Monday morning to discover that everything had changed. In retrospect, I should have anticipated it.

One of those angry users had the solution to this problem: in addition to the emails, I should have printed a copy so that the information they required was on hand when they walked in. Not possible in all scenarios, but it would have saved a lot of grief in this one.

Another accidental experiment involved passwords. So our users could log into their VMs Monday morning, and so IT could set up user specific elements for the new users on our network, all non-administrative users were set to the same default password. We didn’t create a complicated list of users with different pre-set passwords; we simply set everyone’s password to the same thing.

Our intentions were good; we were going to have done all the configuration and user migration before Monday, and set users to change password at first logon. We didn’t make it. We still had tweaks to do to user environments two days after the deadline had passed. After we had finally reached the end of our customisations, we told users they were free to change their passwords. We decided that we would not force this on users at next logon, because after a rough week of big changes it would be bad PR for IT. So we sent another email detailing exactly how users could change passwords, why doing so was a good idea, and asking them nicely to comply for the sake of our sanity.

As I should have anticipated, the email was left largely unread by the users.

Many of those who did read it didn’t comply. So we discovered that a truly shocking number of users, even when made aware of the risks, won’t change their passwords from the default unless we force them to do it.

Users prefer convenience over security. Perhaps the greatest clashes between IT departments and their users are over this topic. Both sides can become entrenched: users demand absolute convenience, or else they will consciously work to subvert security measures. Hardline admins demand that users pay heed to security, or they will punish them with even more exacting security measures.

The solution is probably somewhere in the middle. Users pay attention to basic security measures, such as not sharing their passwords or leaving them taped underneath the keyboard, and admins put more thought into making security simple. After this misadventure, however, my opinions are beginning to shift towards a hardline sysadmin view.

We called each user to make them change their passwords. We stayed on the phone as they changed their passwords, and listened to the same diatribe about how changing passwords every six months was too much to bear. I find their apathy towards security breathtaking. Next time I won't care about bad PR for IT. I’ll just tick the “reset password" box and be done with it. ®

Boost IT visibility and business value

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Microsoft: Azure isn't ready for biz-critical apps … yet
Microsoft will move its own IT to the cloud to avoid $200m server bill
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
Cutting cancer rates: Data, models and a happy ending?
How surgery might be making cancer prognoses worse
Silicon Valley jolted by magnitude 6.1 quake – its biggest in 25 years
Did the earth move for you at VMworld – oh, OK. It just did. A lot
VMware's high-wire balancing act: EVO might drag us ALL down
Get it right, EMC, or there'll be STORAGE CIVIL WAR. Mark my words
Forrester says it's time to give up on physical storage arrays
The physical/virtual storage tipping point may just have arrived
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?