Lists by IT guys cum journalists can be pretty interesting things. Either they’re obvious junk or sometimes just plain wrong. I eagerly checked out this link Marcin sent me about 7 things sysadmins forget to do thinking it would be pretty stupid. I was pleasantly surprised with a few of the items. Here’s some of my comments.
1. Forgetting to Delete a Former User’s Account – This is one of those obvious ones, but I will defend poor sysadmins like myself and say that we don’t just willy-nilly disable user accounts, even if we hear gossip that someone left. Too often, account disabling is not a breakdown of sysadmins, but a breakdown in the process of notifying sysadmins that someone has left. I really hate hearing someone “left 3 weeks ago” through the grapevine. (Or conversely, that “I have someone started tomorrow morning…”) Maybe in huge environments things like identity management should be looked at to solve this issue, but in smaller or medium environments, I really think HR and IT just need to make sure there is a process for account notification that is followed. In the end, all the sysadmin lists and processes are naught if no one says so-and-so is gone.
2. Forgetting to Regularly Search for Rootkits – Ok, this is just kind of a weird one. I don’t think I’ve ever “forgotten” to search for a rootkit so much as I just don’t look for them, or if a system is so obviously overrun it gets reformatted rather than spend more time on it.
I think the author has good points about how to mitigate rootkits and detect them, but seriously, how many admins put forth that much effort? Rootkits are the Harry Potters of the corporate IT household. They want to be kept under the stairs or up in their room and ignored and not dealt with…and for good reason. It is almost like having mice in your building. You can put out some traps, but really, no one is going to bother much with tearing up the walls trying to find their homes.
I sound kinda defeatist here, but the effort to find and protect against rootkits is a big investment, really. I just think this isn’t so much forgotten as it is just chosen not to be done.
3. Forgetting to Use a Trouble Ticket Tracking System – Here’s a personal bit about me: I’m a stickler about documentation and the sharing of information. There is too often a HUGE amount of organizational knowledge that leaves when an IT worker leaves a position. That shouldn’t be the case, they should keep things documented for someone else to reference.
A trouble ticket system is part of that. If I know I’ve worked on something before, I want to be able to search the tickets and see what remediation occurred previously. I think some of this comes from my science background where experiments have to be documented such that someone else can recreate your findings. That”s a big part of what a ticket system is to me.
Not only that, but it can be used to audit changes and requests. If Sally requested file server permission changes and was authorized to do so, but made a stupid request that caused data loss, that can be traced back to her ticket and the information in it. I also feel that, as a heavily-worked IT guy (and later on in my career, likely a manager of some sort), the ticket system is a natural means to track work loads and inefficiencies and reduce forgetfulness. Unless a ticket system has no means for internal notes (things not sent back to the requester) I really hate, hate, HATE to see tickets answered with, “Done,” and absolutely no details on what was done…
There is one caveat to this, however, and would be Needy Users who have Stupid Questions but they insist on asking in person or calling in about them when their deadline is 1 hour away. Often, it might not be sysadmins who forget to use the ticket system, but users who bypass the ticket system to saddle IT with work requests. Sysadmins are then left to hopefully remember to put in the ticket themselves.
4. Forgetting to Set Up Technical Documentation and Creating a Knowledge Base – Based on my notes above, it’s pretty obvious this is a sticking point with me as well. I deeply believe in the need for clear, effective documentation and maybe even a knowledge base. This should occur in IT shops of 1 person or 1,000 people. Even if I don’t plan on leaving a job, there are always systems and processes that occur every 6 months or longer, and I hate to get to those points and not remember what to do. Referencing documentation helps speed up memory, get the tasks done efficiently, and improves consistency by not forgetting steps or retracing old mistakes. This can even be part of a DR/BCP or backup strategy, where network diagrams, IP distributions, config files, and other settings are documented somewhere for use in continuing the business in the case of large of small issues.
5. Forgetting the Risks of Flash Memory Drives – This also falls into “I didn’t forget it, we just don’t do this” category. By now, I really think everyone knows the issues with USB drives. They can introduce things not wanted and are a vehicle for data egress. You’ll notice the author gives not even a single sentence on how to address this or what approach could be taken. There’s likely a reason for that. Many people either don’t know how to manage USB devices (do you know how to stop USB drives but allow USB mice/keyboards?) or can’t get senior management to back the blocking of ports. Ever try to block USB/Firewire ports and have all the ipod users mutiny? Ever try to justify buying a certain USB brand for “official” use and tell people their personal ones won’t work? This isn’t so much forgotten as it is just not a battle to be fought or teams lack the knowledge to truly tackle it. There are far easier fires for most sysadmins to fight right now. The coming years should hopefully make tools to do these things easier for us admins, but they won’t be getting cheaper or easier on the workforce at large, unfortunately.
Of note, for anyone who wants to limit USB drives, did you also limit floppy drives back in the day? Do you limit CD drives now? What is your basis for managing those differently? Honestly, USB drives can be argued to simply be part of our culture now, just like cell phones and the compact disc. Just be aware of that when trying to limit them and how that might affect employee happiness aka productivity, especially if your business is not subject to stringent regulations about tracking data egress.
6. Forgetting to Manage Partial Root Access – I don’t really have anything to say here.
7. Forgetting Courtesy – This is a mixed bag with me. I agree, courtesy needs to be extended in a company, not just from IT, but from everyone. Each company is really just one big team trying to work together to do Great Things, but too often that courtesy breaks down somewhere, and that little ghost of rudeness gets passed around like a flatulence cloud hovers and moves unexpectedly.
Yes, some IT guys are just rude and give evil looks when asked to assist with something. But I’ve often seen and felt that some of that rudeness is not something IT guys inherently do, but have been trained to do by poor management or abusive users. How many IT guys have tried to do the right thing by helping people, only to get sucked into tasks that aren’t their responsibility just because they happened to make eye contact at the wrong time or try to help someone else?
At my last job, we had an HR director who needed regular help with her computer. I gladly stepped up and enthusiastically helped her early on. But she was one of those people who cannot be satisfactorily helped unless you do her job for her. Sadly, I couldn’t do that, and some of the things she wanted were simply not even possible. She became the “oh god, don’t help her, don’t get involved because you can’t win! Even if you win, she’ll eventually get you to do things that you just can’t do and then you’re in the shitter!” IT support nightmares. In fact, I think every IT guy at that company who has tried has either left that company or is still in the shitter with her (and being in HR, you know what that means…). (Hell, I even got in trouble once because she asked me to rewire an electrical outlet and I said that needed to be done by a qualified outside contractor that the CFO would set up…)
Too often I really think IT guys are conditioned to be evil eye guys and this is as much a reflection on the corporate culture and their managers as it may be their inherent personality. Some people are assholes, but a lot of us are not.
(By the way, a lot of us IT guys have a ton of things to think about as we walk the halls to get from one place to another; we’re often thinking about some problem or improvement, so if you stop us in the middle of the hall with some Stupid User Question and get a queer look, that just might be us trying to switch into help mode or tie off our internal thoughts to properly come back to them later. Or we know that Needy User has just circumvented the aforementioned ticket system by asking us in person, and will give us his own Evil Look when we plead that he make a ticket request since we’re currently in the middle of something for More Important Needy User…it’s a no win situation for us sometimes.)
Great list!
I would also add one more that I’ve seen way too often over the years…
Forgetting that their sys admin job ultimately exists to support the business.
It is easy when folks are passionate about their work, such as sys admins usually are, to forget that their job does not exist for technology’s sake. It is very important to understand how their job supports business, which means they must also have a general understanding of their business to be most effective in their sys admin responsibilities.
Is it a bad thing that when I read number one, I thought, “Oh <expletive>!” and went to disable a user account of an employee that recently left? It is? Oh.