Coffeehouse Thread

15 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

What a mess Im in

Back to Forum: Coffeehouse
  • User profile image
    rjdohnert

    As most of you know I started a new job.  This is going to sound like a rant and a witch and moan but its an example of what not to do.  My job as of today was expanded to cover client PC's at the office, the guy Im replacing quit without notice, he found a job where he works with his girlfriend, from what I understand, and walked out dropping the keys on his bosses desk while the boss was out to lunch.  Poor way to quit. anyway.  I was going over his maintenance logs and there wasnt an entry since  August 12, 2004.  I started looking at the PC's and from the first three I worked on today, they are a mess.  The XP machines are not locked down, they didnt have SP2 installed and the balloon was coming up that updates were available for the machine SP2 being among them.  The user accounts had admin privileges and there was a wide variety of software installed, games, P2P apps, unauthorized browsers and even pirated versions of some software.  The only thing up to date was the anti-virus software.  One of the machines was massively infected with spyware.  The restore images were so out of date it wasnt even slightly funny.   While they told me its only temporary that they are going to bring in someone else I asked them to at least give me time to audit all the machines to ensure software license compliance and to help in getting the machines updated properly.

    I just cant believe some of the stuff I found on his workstation. 

  • User profile image
    j0217995

    Sorry to hear that you are in such a mess.  I guess the first thing I would do is throw up a WSUS server and start deploying those patches.  I deployed SP2 via SUS with out any problems on all Dell boxes, nothing special about them.  After that good luck I guess.  WSuS is pretty easy to setup and get going patch wise, then start cleaning out spyware and work on getting you disk images up to date.  Good luck Smiley

  • User profile image
    SlackmasterK

    Sounds like you've got your work cut out for you.  Have you blogged about it yet?  You neglected to mention... Smiley

  • User profile image
    jamie

    hi roberto - while i can sympatize - remember that people do like to load stuff on computers and that people are all not the same...

    hopefully you allow for some customization ( freedom!) to your users...

    *sounds like a normal company to me....

  • User profile image
    Maurits

    ComputerWorld's Shark Tank has some anecdotes to help put your experience in perspective. Smiley

  • User profile image
    cheong

    If I were you, I'll tell your boss about the situation, then tell him you need a few network hub to isolate the network.

    Once you get the network isolated, reinstall the workstations(including windows update, firwall setting, antivirus, group policy deplay, etc.) one by one until you get everything locked down.

    If suitable(i.e. the PCs are of the same config, and need the same softwares), make a HDD clone image and edit the key after you clone back the PC. It'll speed up the process a little.

    Although it'll be quite time consuming, from my knowledge this is the only way to make sure the "unmanaged environment" become "managed" again.

    Recent Achievement unlocked: Code Avenger Tier 4/6: You see dead program. A lot!
    Last modified
  • User profile image
    Cairo

    Ghost (or imagecast, or whatever you like to use) is both a systems management tool and an end-user training tool. Create a good standard image and deploy it to the wayward workstations in your company. Re-deploy on occasion, even if it's not needed, just to reinforce the idea that those are company computers, buddy, not personal toys. "You changed my computer!" ... "I'm sorry, was that your personal property?" It sounds harsh, but it works. The users eventually stop junking their machines up with stuff, and learn to save their important data to network servers that get backed up. This tactic has worked at everything from student computer labs at universities (especially there, actually -- ghosted every morning!) to corporations. Keep the workstations up to date with SMS or similar in between ghostings.Work to get a replacement PC tech hired immediately, but go ahead and fix the issues. Establish the proper environment and expectations and have the new tech carry them out. Be sure your management knows about the problems. I walked into a situation much like the one you're in now. My predecessor had simply lied about a number of things ("we have a firewall" being the biggest) to management, was afraid of patches, believed the best way to fix exchange 5.5 was to reinstall it, and didn't bother deploying anti-virus software on all the Windows boxes.  The PDC was overrun with viruses. NT4 web servers were sitting naked on the internet, as well as half the desktops. The other half had no internet access at all. An important web application was left running on a virus infested 386 server. It was slow! The users complained! He didn't give a (I need to watch my language).I catalogued all the problems, and took the solution to "The IT Committee" -- the group put in place to micromange Previous Guy in the hopes of fixing The Problems. I walked them through the issues and told them I needed $40,000 right then just to fix the egregious security problems, and there there would be more in the near future. They handed the money over immediately.

  • User profile image
    jamie

    rjdohnert wrote:
    As most of you know I started a new job.  This is going to sound like a rant and a witch and moan but its an example of what not to do.  My job as of today was expanded to cover client PC's at the office, the guy Im replacing quit without notice, he found a job where he works with his girlfriend, from what I understand, and walked out dropping the keys on his bosses desk while the boss was out to lunch.  Poor way to quit. anyway.  I was going over his maintenance logs and there wasnt an entry since  August 12, 2004.  I started looking at the PC's and from the first three I worked on today, they are a mess.  The XP machines are not locked down, they didnt have SP2 installed and the balloon was coming up that updates were available for the machine SP2 being among them.  The user accounts had admin privileges and there was a wide variety of software installed, games, P2P apps, unauthorized browsers and even pirated versions of some software.  The only thing up to date was the anti-virus software.  One of the machines was massively infected with spyware.  The restore images were so out of date it wasnt even slightly funny.   While they told me its only temporary that they are going to bring in someone else I asked them to at least give me time to audit all the machines to ensure software license compliance and to help in getting the machines updated properly.

    I just cant believe some of the stuff I found on his workstation. 

    Cairo wrote:
    Ghost (or imagecast, or whatever you like to use) is both a systems management tool and an end-user training tool. Create a good standard image and deploy it to the wayward workstations in your company. Re-deploy on occasion, even if it's not needed, just to reinforce the idea that those are company computers, buddy, not personal toys. "You changed my computer!" ... "I'm sorry, was that your personal property?" It sounds harsh, but it works. The users eventually stop junking their machines up with stuff, and learn to save their important data to network servers that get backed up. This tactic has worked at everything from student computer labs at universities (especially there, actually -- ghosted every morning!) to corporations. Keep the workstations up to date with SMS or similar in between ghostings.Work to get a replacement PC tech hired immediately, but go ahead and fix the issues. Establish the proper environment and expectations and have the new tech carry them out. Be sure your management knows about the problems. I walked into a situation much like the one you're in now. My predecessor had simply lied about a number of things ("we have a firewall" being the biggest) to management, was afraid of patches, believed the best way to fix exchange 5.5 was to reinstall it, and didn't bother deploying anti-virus software on all the Windows boxes.  The PDC was overrun with viruses. NT4 web servers were sitting naked on the internet, as well as half the desktops. The other half had no internet access at all. An important web application was left running on a virus infested 386 server. It was slow! The users complained! He didn't give a (I need to watch my language).I catalogued all the problems, and took the solution to "The IT Committee" -- the group put in place to micromange Previous Guy in the hopes of fixing The Problems. I walked them through the issues and told them I needed $40,000 right then just to fix the egregious security problems, and there there would be more in the near future. They handed the money over immediately.


    Cras a lectus sed leo consectetuer pharetra. Ut quam. Duis eu erat. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Fusce sagittis porttitor erat. Ut dapibus, purus et dignissim placerat, turpis est condimentum augue, at porttitor arcu eros eget turpis. Quisque nisl. Sed ut augue at tortor vestibulum accumsan. Quisque bibendum tortor nec turpis. Fusce vel nibh. Ut eleifend fermentum nibh. In sagittis semper tortor. Donec sagittis erat et dolor. Suspendisse eget mi. Duis eu ligula. Nam est dui, luctus id, tempor eget, lobortis non, velit. Vivamus quis nulla. Maecenas ultricies. Integer arcu ante, imperdiet ac, egestas at, egestas id, sapien. Sed ut velit. Cras eget arcu. Nam at lacus in eros volutpat malesuada. Sed purus lorem, gravida rhoncus, faucibus et, tincidunt pretium, urna. In convallis. Integer arcu libero, adipiscing id, sagittis et, tincidunt sit amet, mi. Aliquam velit. In hac habitasse platea dictumst. In fringilla vulputate nibh. Donec ut libero eget velit sagittis rhoncus. Curabitur nec massa. Curabitur quis diam nec turpis pretium dignissim. Aliquam erat volutpat. Pellentesque faucibus, tellus a venenatis laoreet, lacus justo lacinia diam, quis malesuada nibh nulla vel velit. Vestibulum imperdiet ante et justo. In rhoncus lacus ac libero. Nunc euismod fermentum mauris. Sed pede. Ut nisi leo, molestie a, consequat ut, ullamcorper in, enim. Etiam faucibus tortor vitae magna. Duis vitae purus at nulla sodales tincidunt. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Sed eget leo id dolor ultrices sodales. Pellentesque vehicula tempus arcu. Duis aliquet. Nullam ac quam. Mauris nonummy nisi sed orci.

    Tongue Out

  • User profile image
    rjdohnert

    I'm going to allow some customizations but its not going to be a free for all like it used to be for them.

    jamie wrote:
    hi roberto - while i can sympatize - remember that people do like to load stuff on computers and that people are all not the same...

    hopefully you allow for some customization ( freedom!) to your users...

    *sounds like a normal company to me....

  • User profile image
    Cairo

    You speak lorem ipsum? Neat. Smiley


  • User profile image
    Cannot​Resolve​Symbol

    Lorem ipsum is semi-Latin:  it was originally derived from one of Cicero's works.  However, the block typically used includes a lot of random words and thus can't be translated (not that you need to or would want to).

  • User profile image
    Cannot​Resolve​Symbol

    rjdohnert wrote:
    I'm going to allow some customizations but its not going to be a free for all like it used to be for them.


    Stuff like wallpaper, desktop icons, window styles/colors etc. are a must, but installing software is bad unless approved.

    I find that institutions that prevent you from changing simple stuff like the background or your colors to be deeply annoying:  especially for developers, having your own comfortable workspace is important.

  • User profile image
    rjdohnert

    Yeah, those types of custimizations are okay and wont be taken away.  But the software registered to "l33t Haczors Inch." will be deleted Big Smile

    CannotResolveSymbol wrote:
    rjdohnert wrote: I'm going to allow some customizations but its not going to be a free for all like it used to be for them.


    Stuff like wallpaper, desktop icons, window styles/colors etc. are a must, but installing software is bad unless approved.

    I find that institutions that prevent you from changing simple stuff like the background or your colors to be deeply annoying:  especially for developers, having your own comfortable workspace is important.

  • User profile image
    Cybermagell​an

    Yeah if you're going to go in and say you need to audit the machines you may just want to layout a business plan for getting EVERYTHING up to speed. If your in a negotionable area you can tell them, hiring someone else will cost you $X in addition to my salary, OR I can get everything setup right for you for $Y amount (Proposed X(Not neccesarilly accurate) -$5k). That way you keep your position, you get it done right, you MAY get a pay increase, and you'll be doing the same job.

    Otherwise if you tell them you're going to audit for complience they may say your services are no longer needed, hire the next door neighbor kid for pennies, and nothing changes. Just my opinion...people hate the word audit.

  • User profile image
    irascian

    jamie wrote:

    *sounds like a normal company to me....


    Ain't that the truth!

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.