Wannabe admin presents network security problem

Prevent overzealous, untrained end users from becoming threats to network security with the advice and tools outlined in this article.

If security is a major concern for your organization, as it is for most, check out TechRepublic's IT Security Survival Guide. This book and CD-ROM set provides the information you need to keep your organization's IT systems safe from contemporary network threats and to protect systems and data.

Overzealous, untrained end users can be a real pain in the "router" for help desk technicians and network administrators alike. As if you aren't busy enough already troubleshooting hardware problems, installing software updates, and defending your network from viruses and attacks, now you have end users who think they know how to optimize their PC and resolve networking conflicts.

"The Expert": Userus expertia

So widespread are these problematic end users that TechRepublic columnist and IT pro Jeff Dray has even categorized them into a species. As Jeff puts it, "The Expert user is the curse of most IT support establishments. Experts try out something they heard about from 'the bloke in the pub,' an unqualified expert on everything who offers advice to anyone who will listen. Experts usually make a complete mess of their systems when they follow the bloke's advice. Then they compound the problem by trying to fix it themselves, often destroying their machines. As a last resort, they call the help desk and demand that their machines be replaced or mended immediately, as they have urgent work that can't wait. There has been an Expert at every place I have worked. I leave it to you to decide who your resident Expert is."

TechRepublic member The_admin is dealing with such an "Expert" and has turned to our Discussion Forums and his fellow TechRepublic members for assistance. The_admin wrote, "Our company has 2 offices. I am responsible for the networks/desktops/phones/anything else with electrons company-wide.

"At the remote office, I have a wannabe admin. The problem is he does not know much about computers/networks/etc. He just thinks he does. He is not interested in learning how to do things the right way, so there is no point in trying to use him in any sysadmin capacity. So, he is not authorized to do any administrative tasks, his responsibility is solely data entry. He refuses to accept this and management refuses to fire him for the things he has done/attempted to do.

"We just migrated to pure Windows 2000 on desktops and servers. I have locked things down so that only admins have privileges to install programs, etc., and use a screensaver lock on all servers. This guy still has not quit trying to mess with things!"

In frustration The_admin asked, "Has anyone else ever dealt with this? What did you do to combat it? How can I best create a paper trail to prove to the boss that he is violating our policies so he can be terminated?"

Confront, control, or can him say TechRepublic members

TechRepublic members responded to The_admin's request for help with a variety of suggestions, but most can be grouped into three categories: Confront the user, control the user's access, or work with management to have him fired.

Confront the guy

Many TechRepublic members suggested The_admin take the direct approach by confronting the problem user and advising him that he has no business in network administration. Dseeger wrote, "Your best bet dealing with the net admin wannabe is by reading the company policy that has been placed for the employees, using the company's computers." Alan.deschner continued this train of thought and wrote, "First try talking to him, seriously, one-on-one, about his job. Find out why he is trying to go around the policies. Does he not know what they are or understand why they are there? Is his boss asking him to do something where he needs more [privileges]? Have you talked to his boss? Does he not know what his job really is? What is the business problem he is trying to solve? Is the policy itself appropriate?"

Unfortunately, it seems that this option may not work for The_admin. "[Our] roles are very clear," The_admin wrote, "He [the wannabe admin] is a data entry staff member. He has no IT administration duties. Actually, my boss and I have both made it clear to him IN WRITING that he is not to attempt to administer or modify any company computers etc. However, he does not report directly to me or my boss. Yes, we outrank him on the org chart, but that doesn't mean much. We don't have the authority to discipline him.

"The person whom he reports to does not believe that there is a problem. So, the next step is to take it to his manager's boss, who is also my manager's boss. Let's call him Bill. Bill is not strong on dealing with personnel issues. To make it worse, he does not understand the situation at all. We've tried to explain and didn't get anywhere. What he requires is tangible proof that someone is doing something "wrong" before he will take any action. On one hand, I don't want to waste time coming up with the paper trail. But, on the other hand, I am beginning to want this guy gone."

Solution: Network Security Policy Quick Guide

Establishing policies that protect your network from internal and external abuse is a critical component of your overall security plan. This Network Security Policy Quick Guide includes 9 articles that demonstrate why implementing security policies will help cover your organization's legal bases. Plus we included two customizable policy templates; Information Security Policy and a Password Policy. Cover your assets with well defined policies.

Control his access with permissions

Regardless of any communication The_admin chooses to have with his wannabe admin, most TechRepublic members suggested that he take all possible steps to prevent this guy from messing with the network. In fact, it was a breach of security that moved the wannabe admin from the annoyance category into the potential risk category.

"What escalated the situation was doing a remote connect to the wannabe's workstation after hours, recently, and finding it had been logged in as one of the admin accounts," The_admin wrote. "I have no idea where he got the password. Passwords are held very closely around here and only 2 current employees knew that one. If you're wondering, it was not easily guessable. It had more than 10 characters. Included upper and lower case, numeric and special (#@$^) characters, was not a word or a name, etc."

Solution: Windows Group Policy Quick Guide

One way for help desk technicians and network administrators to reduce help desk calls and protect their networks is to limit the damage curious users can cause by meddling with desktop and server settings. A great tool for preventing potentially harmful tinkering is through Windows Group Policy. This Windows Group Policy Quick Guide provides you instructional information on implementing and managing Windows group policies.

Fire the guy

Although this option isn't really up to the IT department, many members suggested that The_admin document everything the wannabe admin does. In case the wannabe admin ever does something that really screws up the network and gets the attention of those who do have control over his employment, The_admin will be ready with evidence of the wannabe's involvement.

"If you can prove this person is taking unauthorized actions; document it, ask your boss for advice on how to approach the culprit, advise the culprit of the situation and what you have been instructed to do, and keep a running document with a log of dates and times of all events. If this person is such a threat that systems are being blasted, then remember you must do your job, and only your job," Dcox wrote. "This includes keeping your boss informed of all related matters and how you tried to resolve them professionally without escalation."

Solution: Network Auditing Quick Guide

Auditing the activities on your network can be an eye-opening experience if corporate policies and procedures are not strictly enforced and monitored. This Network Auditing Quick Guide will give you sound advice on auditing your network for internal and external threats as well as documenting any suspicious activity that is discovered. This quick guide contains thirteen articles and two customizable templates for employee termination and separation.

About Bill Detwiler

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

Editor's Picks

Free Newsletters, In your Inbox