Feeds

back to article BOFH: He... made... you... HE made YOU a DOMAIN ADMIN?

"Yeah, so we just need you to upgrade these machines," the Beancounter says. "Upgrade them to what, Windows 8?" I ask, suppressing the gag reflex. "No I mean upgrade them with the updates." "Oh, so you mean upDATE them, not upGRADE?" "It's the same thing!" he simpers. "Not at all. An upDATE is when the system stays …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge
Happy

another wonderful day

Thank you, Simon.

20
0
Pint

Re: another wonderful day

perfect - nicely pre-beer o'clock Simon

0
0

Re: another wonderful day

..but possibly only just pre beer o clock

0
0

Ah, we've been missing you

Good to see that Simon is back in form!

(Although lack of boobytraps in the domain permissions scripts seem to be a grossly negligent oversight - as evident by the costs incurred by the company now that medical insurance and scrap disposal will have to get involved)

3
0
Silver badge

Gross negligence

And how comes the boss knew of the existence of such things as domain admins, let alone how to set the right for himself? Grossly overcompetent if you ask me. A paraglider-from-the-rooftop accident waiting to happen, I tell you. Possibly sans paraglider...

1
0
Pint

Brad Pitt

"Think of it this way. An upDATE is when your Missus gets you to buy a new suit and and upGRADE would be when she gets Brad Pitt in whatever clothes he's wearing. She may upDATE his clothes at some stage in the future or she might just be too pleased with the upGRADE to bother."

My missus would probably unDRESS Brad rather than upDATE but pretty sound analysis

oh is that the time...

8
0

Administrating a domain is a black art...

But these days, the only ones who should be burned are the ones who doesn't know the art.

As a long-time admin I must ask; Do you need a slightly leaky bottle of cleaning fluid that fits nicely in a pocket in that bathrobe?

7
0
Silver badge
Flame

Re: Administrating a domain is a black art...

Couldn't agree more. But what do you do if the ones whose task is to administer the domain do not master the art at all? Can't burn all of them. I wish, but I really can't.

0
0
Vic
Silver badge

Re: Administrating a domain is a black art...

> Can't burn all of them

I believe the pertinent phrase is "Every Little Helps"...

Vic.

0
0
Bronze badge
Flame

Re: Administrating a domain is a black art...

just get the bathrobe made of guncotton

0
0

Re: Administrating a domain is a black art...

Have them explain to the company president why there's a hidden share on a server pointing to a folder named 'goaty fun' that no one but the 'Domain admins' have access to...

1
0
Anonymous Coward

Re: Administrating a domain is a black art...

Nah. I'd guess guncotton burns to fast and with too little heat to do much beyond singing the hair off the Boss. Also the I believe the resultant kinetic energy would be to dispersed to do much, unless you could somehow have him internalize the robe in question before ignition. (Any cavity should do.)

A thermite lined robe, with a powdery substance in the seams, and a leaky bottle of some sweet, oily substance just might light the way.

0
0
Silver badge
Flame

Fervent wish...

If only life could reflect this episode 100% - mind you, I doubt if I could afford all the wardrobes I'd need...

4
0

Re: Fervent wish...

Wardrobe affordability not an excuse because the wannabe admins bring their own.

0
0

Far too close to the bone,

Life imitating art? I don't know, but seems Simon has been dropping eaves in my office this week.

0
0
Jad

Re: Far too close to the bone,

We've managed to weed out most of the Applications that require Administrator rights to run (some of them walk over parts of the registry, some of them walk over parts of the disk, some of them should be taken out and shot ... but there are still a couple of programs that will not run unless as administrator.

Those machines have local groups modified to allow specific users to have access, as power users if possible, or administrators if not.

The biggest issue was for some of the laptops that go on site, with no internet access and "I need the ability to install a new printer when you're not available" ... we solved that issue by buying a large stack of USB inkjet printers (20+) of the same type and sticking them in all the offices so that people could pick up a disposable one at any time. without the need for new drivers.

2
0

Re: Far too close to the bone,

Doesn't Windows start nagging you for admin rights to install 'new' drivers if it detects a printer with a different serial, even if it's the same make and model?

(I networked my private printer years ago, and USB-printers 'just don't happen' at the office, so I'm not up to date on that crap)

0
0

Re: Far too close to the bone,

Plugging printers into computers, that's quaint!

1
1
Silver badge

"He used my access to make you a domain admin?!"

Excuse me. What the hell is going on here. How did The Boss get BOFH's account?

Looks like the BOFH's crown is slipping. Will be see another power-grab attempt by the PFY?

15
0
Bronze badge

Re: "He used my access to make you a domain admin?!"

Indeed, any sysadmin who walks away from his workstation without locking it deserves to have all of his access to computer system revoked. Revoked with the application of a meat cleaver to the fingers.

10
0
Bronze badge

Re: "He used my access to make you a domain admin?!"

He should always lock it, if only to prevent the PFY changing his wallpaper to something Pornographic.

Rookie mistake from the BOFH.

9
0
Bronze badge
Trollface

Re: "He used my access to make you a domain admin?!"

That can get you fired, make the wallpaper a screenshot of the existing desktop and hide the taskbar along with desktop icons (Or just kill explorer.exe (Other Shells are available)).

6
0

Re: "He used my access to make you a domain admin?!"

Ooooohhh ... nasty.

0
0
Bronze badge

Re: "He used my access to make you a domain admin?!"

On a similar note, make the wallpaper a screenshot of the locked workstation password screen just to really make the point that it should of been locked.

2
0
Bronze badge

Re: "He used my access to make you a domain admin?!"

Also, for the terminally forgetful sysadmin:

Rig up a USB stick on a lanyard round your neck with software setup to automatically lock/unlock the workstation when that particular memory stick is removed/inserted. Very much in the style of a jet ski emergency cut off.

0
0
Anonymous Coward

Re: "He used my access to make you a domain admin?!"

"He should always lock it, if only to prevent the PFY changing his wallpaper to something MORE Pornographic."

T,FTFY

1
0

Re: "He used my access to make you a domain admin?!"

In the Linux world, there's "Blue Proximity" that requires a particular Bluetooth device to be close enough to the computer to keep it unlocked. Walk away with your phone in your pocket, and your machine automatically locks itself. It's a great way of automatically keeping prying eyes and unwanted digits away from your computer!

1
0
JLH

Re: "He used my access to make you a domain admin?!"

Youc an configure Linux to recognise the Bluetooth ID of your mobile.

If the mobile moves out of range the screen is locked.

http://sourceforge.net/projects/blueproximity/

http://lifehacker.com/359060/use-a-bluetooth-phone-to-lockunlock-ubuntu

0
0

Re: "He used my access to make you a domain admin?!"

When I worked for a Financial Services company, my boss was very fussy about locking the screen even if we just went to the loo or for a glass of water. If he saw any of us hadn't locked theirs, he would send a spoof email to the rest of the team from that account - usually a resignation notice with a really silly reason given.

That was, up until the day he left his own PC unlocked and his PA sent us all an email from him. I would repeat the reasons given for his "resignation", but there are laws regarding obscene publications!

2
0
Pint

Re: "He used my access to make you a domain admin?!"

"In the Linux world, there's "Blue Proximity" that requires a particular Bluetooth device to be close enough to the computer to keep it unlocked."

We've had something similar setup with our developer pool for a few years, however we've recently added a "name and shame" component to it where it sends an email promising to pay for friday's beer to the rest of the team.

1
0

Re: "He used my access to make you a domain admin?!"

I thought better of Simon. Obviously he was unwilling to confess that either "the boss" got him so pissed one night he was able pry the information out of Simon, or, like one of mine, he just said, "your access or your job. I own those machines, not you. So cough up the access." The handiest way of curing that attitude is to monitor the system and, when he starts traipsing around where he shouldn't, booby trap the system so he panics and screams for help. You then respond, "you're the admin. What did you do?"

0
0

Re: "He used my access to make you a domain admin?!"

where i am sending those emails would be accessin computer system you are not entitled to and a gross misconduct.

funny that leaving it unlocked is just a mis-dimeaner.

<shakes head>

0
0
Silver badge

Am I missing something? Surely our hero must have left a machine still logged in to his account in order for the boss to have access to such power?

3
0
Bronze badge
Paris Hilton

That's a capital sin in our office...

Leave your session open, even unprivileged, is a sign that you want your collegues to send out insults and love mails on your behalf to select memebers of the company.

Paris, because she would love getting an invite for you and her in the copy room at 6 this evening...

3
0
Bronze badge

@bpfy

I had no idea we worked in the same office. I believe the technical term is 'pc hijack'.

1
0
Bronze badge
Paris Hilton

More likely there would be a sealed envelope with password written inside, hidden in a safe. To be accessed only in case of emergency. That's why mention of "seal being broken", I guess.

1
0
Bronze badge

Seal being broken

The seal being broken and the 7 trumpets is a reference to the bible, specifically from the Book of Revelation Chapter 8.

8
0
Bronze badge

> More likely there would be a sealed envelope with password written inside, hidden in a safe. To be accessed only in case of emergency. That's why mention of "seal being broken", I guess.

Wouldn't work, the envelope would be all covered in horse shit, to say nothing of trumpeter footprints. The whole unlocked workstation thing spoiled it for me a bit.

2
0
Anonymous Coward

Re: @bpfy

@Hellcat

Count yourself lucky for presumably being in an office with bpfh. First time you forget to unlock the screen in my office, you send yourself a nice mail. Or maybe to your wife. Second time, you'll be telling the CEO what you think of his business conduct.

Anon, in case someone from my office is reading...

2
0
Alien

Re: @bpfy

My last company the IT guys would send emails to each other. Amazing how often the only female member of staff got emails of undying love from the other members of her team. Less said about the youtube videos sent from the IT Director the better (I thought you wanted videos on "goat sex").

In a previous incarnation as an engineer I once changed the desktop wallpaper on a colleagues desktop machine each morning to a different photo of the 5 koala bear paper clips that were kidnapped at the start of the week with an accompanying ransom demand. Day 1 showed them lined up with blindfolds and paws tied together. Day 2 photoshopped one of their heads onto the floor (with obligatory red smear under head). Day 3 saw 2 of them sold into sexual slavery...

Made better by the fact that the Aussie tech in the department was also taking the photos and emailing them back home to his family in Australia :)

1
0

Re: That's a capital sin in our office...

@bpfh I thought this was universal sysadmin behavior? At first its a test, than its just considered on-going training.

0
0

Self evident

The allusion is self-evident. The BoFH is not. So while being beguiled by the obvious, you are plainly mislead.

0
0

I'd find this funny....

.... if it wern't so true.

0
0
Anonymous Coward

Reminds me of a former boss

Went to the Middle East to setup a new office that wasn't connected to the rest of the world (they were operating off 3G for mail until a future date when services like electricity and telecoms were installed....

During the setup of a local AD, he ran into a problem. A couple of problems actually, but the technical issue was a permissions problem. Giving the whole office Enterprise Admins quickly fixed that and he could spend some more time on the jet ski....

0
0
Bronze badge
Flame

Kill them...

Kill them with Fire...

0
0

Anybody had the other situation?

Early on in a new position in education I was on the server, looking at the student files they had turned in for a class. I did something fairly ordinary without thinking (possibly created a subfolder--whatever it was, it wasn't destructive or disruptive) and then it hit me I shouldn't have been able to do that. I went to the network boss and asked if I had mistakenly made an administrator. He said that because the dozen or so of us MIGHT need to do certain things, for convenience we had all been made administrators way in the past. That way, we wouldn't have to go to the real administrator and ask to have it done.

From that point on, I was VERY careful what I did on that server. Over the years, I don't recall hearing that anything ever got messed up, so I guess all of us were careful.

2
0
Silver badge

Re: Anybody had the other situation?

R/W/D/M access within a folder isn't all that big a deal (although some don't allow delete), so no, you don't need admin access to do that.

0
0
Anonymous Coward

Re: Anybody had the other situation?

Same thing happened to me, in essence. Found I could move files I shouldn't have been able to modify; and, when I went poking about I found I could see content of the company President's network folder, which was not supposed to be publicly visible. I asked and was told I was a network admin. My response was something akin to "Okaaaay, and you thought I needed this, Why?" Had to be mindful of what I did on the network after that.

Posting as Anon to protect identities of the innocent.

0
0
Silver badge

Re: Anybody had the other situation?

I did that once, accidentally dragged a folder into another one and realised afterwards that I shouldn't have been able to do it at that level in the directory tree. Ironically, that was at the company with the most locked-down network I've ever experienced.

One gets careless if the network protects you against your mistakes, I've picked up most of my better habits from painful experience of losing data because I did something stupid (I go back to CP/M, so plenty of opportunities) and then modifying how I did things.

0
0
Silver badge

Fantastic read

On top form!

So much truth in this.

1
0

Page:

This topic is closed for new posts.