IT Drones full of it.

[PardonTheWait]

I like the IT hero complex...

Personally I actually have a job to be getting on with, so rather than spending loads of time attempting to fix a problem that if I'm honest I don't really know the answer to, I just phone tech and they fix it remotely (in ten minutes) while I get on with my actual job.

If you had a work van you wouldn't try and fix that.

 

[Sin_Chase]

While the IT guy may not of been all that good, you were/are worse.

You are never getting admin rights, decades of 'experience' or not.

 

[Guest2]

Not really no. I work in an IT department of ~150 people, so some people think they know more than others when they dont, but no 'IT drones'

 

[Deleted member 66701]

I am covering the IT dept while he goes on a 2 month Sabbatical starting next month, not looking forward to it though...

It's a **** job - it's like working in the public sector - nothing they do is good enough and everybody hates them and think they could do it better.

 

[kibblerok]

I don't see the harm in giving power users local admin rights personally, as if people know what they are doing it can save more time/money (i.e. meaning that IT support don't need to spend time doing menial tasks like application installs and can focus on fixing real issues instead). Yes you will get the odd 'disaster' where a user has done something they shouldn't and need to call in IT support, but this may be more than outweighed by the savings in other areas.

(To clarify by 'power users' I am referring to people who work in say software development or otherwise have a combination of good technical knowledge and a requirement to frequently try different things on their workstation).

Yes you have to draw the line somewhere and I'm sure that those who work in support find it very frustrating to have 'know-it-all' geeks meddling with things. But to me it is inherently inefficient to restrict users from being able to do things they need to be able to achieve in order to do their jobs. If people are trusted to say, create software used by hundreds of users, processing millions of pounds worth of transactions, yet aren't trusted to have admin rights on a laptop costing under a grand, you have to question whether the IS policy is delivering real business value in all cases.

^ This 100%

I'm in a non IT support specific role with local admin rights and have never had to have IT out to look at my PC since it was built 3 years ago whereas others have them out every other week with everything locked down.

The right IT bods in my company know their stuff, listen to the users and act like IT people should by applying logic and reason to what they do.

Others use SLAs as a rough target, are sticklers for the rules and hide behind red tape... it doesn't matter of the cost to the company of something not working, if it's not overdue it's not a problem.

Some in IT are real barriers to the success of business - those that know their stuff are generally more pragmatic and helpful and we get stuff done quicker as a result.

 

[contracteur]

I don't see why any user would need local admin rights on their workstation?

If they are installing their own software it should really be licensed through the IT department so they know what's on their network. Saying that, they can't be expected to support it if they don't even know what's on their systems!

In our company the Devs work in IT so they usually have local admin of their workstations and their dev environments. But the general user pop? They will/should get as restricted rights to as possible.

http://en.wikipedia.org/wiki/Principle_of_least_privilege

 

[badcompany]

While the IT guy may not of been all that good, you were/are worse.

You are never getting admin rights, decades of 'experience' or not.

Funny that I have been given them on some machines I update the calibration files on my machine and look after the other 20 guys problems in my dept it's just easier for me to fo rather than ringing it every other day, the normal it guy is fine it was just this new guy had issues.

 

[mattyfez]

Others use SLAs as a rough target, are sticklers for the rules and hide behind red tape... it doesn't matter of the cost to the company of something not working, if it's not overdue it's not a problem.

Looking at it from the other side though, with large companies its important, as they only have finite budget/resource, if lesser incidents were treated with higher priority it can take focus away from more important incidents... that's why you have to have sla's - not saying I particlulary like it but Its nessesary.

That said, any good it department should have a mechanism for a user to challenge the priority if something, so it can be reviewed and treated more urgently if agreed.

It's even more true if the it is outsourced, as the company will only be paying for a certain level of support, based purely on cost.

 

[mattyfez]

That also kinda fits in to why most users are locked down, if they don't need extra privileges in the performance of their job they don't get them, it has potential to cause more work (read cost) when something goes wrong.
If you have admin rights, you can obviously be trusted not to download freeware and smileys for your msn on your lunch break, great but if most users had admin rights, it would be Armageddon!

It's all about money and budget in larger companies.

 

[mattyfez]

Also auditing, as well, if every dept. had an IT admin, there would be know way to track potential issues, and calculate the costs of supporting and running IT.

 

[Saytan]

sounds to me like a low level tech with limited knowledge.

on the other track, one of our field engineers was physically threatened by someone because he wouldnt give them admin rights....


As far as i'm concerned, unless it's completely unavoidable, users shouldnt even have PCs

thin client baby!

 

[wannabedamned]

I'm an IT guy, Worked for a school. So obviously the school has an IT department with IT teachers, who generally know a thing or 2, but lack any admin rights to implement anything. I never had any problems with giving them my time, and taking advice on anything that I may have been unaware of....But to be fair, I'm awesome and I know everything.

 

[semi-pro waster]

I sometimes find IT annoying because a number of times I've raised an issue and been told "that's a 'feature' of the system" when what they actually mean is that someone has cackhandedly programmed in a bug and they either don't have the resources or the inclination to try and sort it. It wouldn't be so bad except the systems being used cost a lot of money to implement and run - I don't think I'm usually asking for the Moon on a stick (although if offered then sure, I'll take it) but just a level of basic functionality that allows me to do my job without having to resort to workarounds.

Or alternatively I'll get told "we can't do that so you'll have to do this which takes twice as long and is much more hassle for all concerned" and that's if I'm lucky enough not to get a "dunno" e.g. a small issue is recently I've had to send a number of files to get audited - turns out that you can't send files bigger than 5mb externally, none of those files can have passwords on them and a variety of other little niggles along similar lines. I can vaguely see an argument that you shouldn't send any files externally that would require password protection due to sensitivity yet we wouldn't be in the position of needing to do so if they were a little bit quicker in allowing people access to the system remotely when the correct paperwork was filled out.

However IT is less often a source of my ire than HR who not infrequently seem incapable of remembering or applying policies that they've been consulted on so each and every time you've got to get into a long drawn out correspondence with them over what they should do because it's the standard policy - usually ends up with having to present them with the guidance that has been written (often by/in association with them) and point out that it's in there, at which point if you're lucky and the planet have aligned what you've asked for will happen but never with an acknowledgement that they should have just done it in the first place.

 

[anything I don't mind]

I have this same problem but I work in IT. Sometimes i see the people above doing things and i know that is going to generate more work for me unnecessarily, but i can't make them look bad or they will hate me and go out of their way to destroy my job.

 

[mattjd]

The IT technicians are funny at my school. All they do is sit in a office watching TV.

My friends and I think they just use the school server for Minecraft and SCII

 

[HangTime]

I don't see why any user would need local admin rights on their workstation?

To speed up basic administration tasks and reduce the dependency on support staff.

If they are installing their own software it should really be licensed through the IT department so they know what's on their network.

"Their own software" can be many things ranging from internally developed software to freeware applications for which corporate licensing is either unnecessary or a lot of red tape. Most IT departments will likely / should remotely audit installed applications anyway.

Saying that, they can't be expected to support it if they don't even know what's on their systems!

True, which is why I wouldn't expect them to support such software. I've never asked an IT support department to help me with software they aren't responsible for.

In our company the Devs work in IT so they usually have local admin of their workstations and their dev environments

So although you don't think "any user" needs local admin rights, you've got a bunch of users who do.

Now, obviously when we talk about "need" that is maybe a bit excessive - you could probably make a case to say that as you suggest, no user "needs" local admin rights. But it may make things more efficient if they do. The question is about where you draw the line, what groups of users have a legitimate 'need' for elevated rights and would have improved productivity with it. This isn't overly straightforward as roles vary so much from company to company that it is actually pretty hard for the people in charge of devising the policy to know exactly who does and doesn't need it. Which is probably why in many organisations, the default stance is 'by exception', i.e. you aren't a local administrator until it is formally requested and approved.

 

[Saytan]

to freeware applications for which corporate licensing is either unnecessary or a lot of red tape.

11 kinds of no to this. We dont have a full time standard client team working to approve and test apps for any IT Dave to come along and install whatever they so fancy whenever they like.