Software

General discussion

Locked

admin rights for executives?

By Hiro_Protagonist ·
I've got a wanabe who just hired on as a Senior Vice President. This guy used to work for the company like 2 years ago but got laid off. Now he's back and we've upgraded to 2000 from 98 and he insists on having admin rights to his W2K laptop because he needs to "control his own destiny on the computer" pfft...
My boss and I are sticking to the guns that got our support to user ratio up to 1/150. Has anyone run into this problem? Do you give admin rights to your executives if they ask for it?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

From Dogsbody to Dogsbody

by expert-in-spe In reply to He's the boss, then he is ...

Hi, I'm also young, bottom of the heirarchy and what's worse female! We have a load of guys and gals here who get large paychecks and think that makes them a special customer.
Make it clear that you are a dogsbody doing the job you are hired to do, according to the rules given to you and the best knowledge available. Don't question them about their IT knowledge but rather about the business need and if you loose make sure you don't have to spend hours cleaning up by having a standard image to give them. Be sure they know that they have to get the rest of their downloads etc. themselves. And don't pamper them, it makes them worse than they would naturally be.

Collapse -

Meet him half way

by gknight In reply to admin rights for executiv ...

Why not try him on Power User rights on local machine first and see if he can do all he needs with that.

Collapse -

Who's the boss?

by johnrains In reply to admin rights for executiv ...

You specifically said "executive" which implies his right to set company policy - IT techs do not really have this level authority so be careful; this could quickly become a ride you will wish to get off.

The problem you are facing has two facets - technical and political.

Politically, I would find the executive who currently "owns" the policy and ask for their ruling on the poicy amendment. If the result is an amended policy that allows the executive administrative rights, go ahead and give them. If not, the problem is resolved without you being the bad guy.

Technically, if you want to be a top notch tech, you'll also set up some method to rapidly restore the system in the event of a screw-up. Alternatively, if you are one who wants to believe that "IT rules", you'll impatiently await the day that you can take about a week to rebuild the laptop as punishment for the exec's insubordination towards IT's overarching authority.

Collapse -

CYA

by humphred In reply to admin rights for executiv ...

First, make sure it's not just IT policy, but that the CEO (aka president) has signed off on it. Get it signed off if it isn't already. Then he'd have to justify changing the policy company-wide.
Second, if it's not 'company-policy' he'll probably get it. Be prepared to document every minute you spend supporting his laptop, and the associated costs. $ talks when you build the case to remove the priv.
Third, look into conducting 'configuration reviews'. It's a good excuse to see what's been installed, keep it updated and within spec, and remove what's not allowed.
Remember, document everything regarding this 'exec priv' and eventually you'll have a case to remove the priv, assuming he abuses it.

Collapse -

Policy Is the Rule

by Executive In reply to admin rights for executiv ...

Regardless of this person's history, he is now a Sr. VP in the
company. As with all employees, he must follow the
policies. So, if the policy is clear that admin is solely the
domain of IT, then he cannot be given admin privileges by
you, since that would make you in violation of the policy. If
there is room for exceptions to the IT only condition, then
give him privileges. This is because exceptions become the
rule across time.

If the situation is the former, tell him that since his
previous tenure with the company, policy and policy
enforcement has changed. Should he feel it is better for the
company that individuals have admin privileges then he
should submit same to the policy people (varies by
company) for their next review.

If the latter, then you bring the non-exception position to
the policy people for their approval by using the exceptions
as examples of wasted IT resources (fixing individual's
mistakes, re-securing systems and reducing company risks
of liabilities from misuse) and inefficiency of user time.

Note that the decision to make the policy exclusive or non-
exclusive is conditional on the approval of people outside
IT. Keep this group aware of the risks of variations to
policy, while you at all times follow policy as written and
intended.

Collapse -

Remember Enron?

by kevin.brunk In reply to Policy Is the Rule

I agree with Executive. But, it may be helpful to remember that in the era of Sarbanes-Oxley and the failure of Enron, the Worldcom and Tyco debacles, companies should be VERY wary of executives who seek exception to established policy. Who knows what their motives are, and what they might be able to do "underneath the covers" once they have more authority than they are supposed to have - especially unsupervised authority.

I am tempted to say that, now, perhaps all policies should include a disclaimer that should any (senior?) executive seek exception to company policies, the CEO/COO, CFO, and/or the senior executive committee, as well as the Board of Directors should be advised. After all, they are the most likely candidates to be cell-mates of Martha if the requesting executive commits an illegal act having obtained the policy exception.

Collapse -

My thoughts exactly

by dlavoie In reply to Remember Enron?

If your company is publicly traded, then you are bound by SOA and must follow established policies and procedures. The era of executive privilege has past, and your new VP needs to understand this.

Then, there is always the possibility of illegal software being loaded onto his laptop. If it's a company laptop, who will be fined? Or downloads that contain malware that could be spread throughout your network. Not good scenarios.

My advice - stick to the policy.

Collapse -

Good advice

by a.d.e.p.t In reply to Remember Enron?

That is an excellent piece of advice for larger corporations.

It justifies the policies in place and makes IT's job eaasier in the end at the same time.

Brilliant.

Collapse -

Exactly...

by Securitytech In reply to Policy Is the Rule

This would depend on how your policies are structured and approved. All of our IT policies are approved by the CIO. Last time I checked the CIO sits higher than a Sr. VP.

If you standards allow for exemptions (your policy should never allow any exemption) then require the VP to submit a formal request in writing in accordance with your organizational structure and directives.

This is more than a policy issue though. If the VP is aware of people who just asked for rights and got them then your position is significantly weakened. However, if you have been abiding by policy and standards then you have grounds to require a formal request (if your standards allow it).

Collapse -

Exec Support/No Admin Rights

by jamacdonald In reply to admin rights for executiv ...

Most businesses now have Sorbanes Oxaley to deal with. If giving the exec admin permits him to bypass controls, then it is not allowed. SOX also requires you to minimize the number of people in the organization that have elevated permissions. Another aspect of it is from the information assurance perspective, POLP - Principle Of Least Privilege, give them only what they need to do their job.

Related Discussions

Related Forums