General discussion

  • Creator
  • #2291351

    Am I A Tyrant?


    by gulsath ·

    We use several categories listed in SonicWall’s Content Filter to alleviate malcious and other non-work related web surfing. I get a lot of complaints because people can’t buy there widgets and cogs. We recently changed our ISP from a local cable non-business access to a Verizon 768K line. Now my users are complaining about speed. This is simply not true, there is no issue with bandwidth, in fact it’s more reliable. It was an eye-opener though on the amount of internet radio, sports ticker and other bandwidth useage being done.

    I went ahead and locked out some more categories, like the ones mentioned above. I was literally laid into for doing so. I was told it is not ITs responsibility to decide what can and what can’t be seen on the internet. I used our security policy to quote from. I was also told that if employees what to check the PGA results that so be it. So, am I wrong in this? I offered to only restrict certain access during normal working hours or make use of the consent form before continuing on to a non-work related site.

All Comments

  • Author
    • #3323966

      No, not a tyrant.

      by tbragsda ·

      In reply to Am I A Tyrant?

      I have worked for big and small, and this sort of issue comes up nomatter what the policy. You are doing the right thing, but get your CIO or equivlant to set the policy. Then its your job to tell the users “sorry, its not MY policy, its the COs.”

      The company I currentley work for has grown alot. When I came in, it was still suffering the sort of mom&pop mentality. We had to shift gears, and some older employees resented it, and the control IT had over “their” PCs. It will take time, and the managements backing to make policy stick.

      Don’t back down. Get some help. Put it on paper, and publish for the users.

      • #3323960

        You’re being responsible

        by tink56 ·

        In reply to No, not a tyrant.

        One of my responsibilities is to make sure the organization is being efficient in spending it’s money wisely.

        When I was writing our usage policies I went in with information to justify them. I had the monthly costs for bandwidth. If we allow employees to use network resources for non-business purposes (such as internet radio, video streaming, downloads, etc.) then at some point bandwidth will be affected. Were they willing to accept this and either live with these problems in the future or spend more money to increase our pipeline.

        The answer was: Write our policies so that non-work related internet radio, downloads, video streaming, etc. are not allowed.

        • #3322891

          Similar Issues

          by gulsath ·

          In reply to You’re being responsible

          Hello Theresa,

          I work at a credit union in Maine actually. So you can relate. If our members saw employees surfing around on their way in and out, what message does that send?

        • #3325162

          Credit Union?

          by wndwman ·

          In reply to Similar Issues

          First thing I see is that you work at a credit union. This is a financial place. I would let senior management know that malware is out there on the internet and to allow people to surf were they want may expose the credit union to litigation. If financial data was relayed via this hidden software, then anyone of your customer’s financial data could be at risk.

          Working at a financial institution requires the strictest of policies, because your not just at risk with the credit union’s money, your at risk with every single member’s accounts. If your company chair cannot see this the costs that could be involved, then I am agasp.

          Opening up your company and other’s accounts to possible infiltration, theft of information is something I would try to strike a cord with them. They understand money, and not just waste of time money. They understand lawyers, and litigation.

        • #3343539

          2 words

          by jrslyrics ·

          In reply to Credit Union?

          Sarbanes Oxley

        • #3343747

          1 Word

          by bigaldepr ·

          In reply to 2 words


        • #3341836

          some are more responable

          by jaqui ·

          In reply to Credit Union?

          I used to work in a credit union, we never has workstations that could access the internet.

          only one system in the entire branch was able to access, and then only on dial-up. ( assistant manager’s workstation )

        • #3342723

          So Why Do They Make YOU the Heavy?

          by mikeh ·

          In reply to Similar Issues

          I think you definitely need to conserve your bandwidth for business and protect the network from potential malware.

          That makes it your business.

          In addition, there is the Gramm-Leach-Bliley Act and the Patriot Act that have a LOT to say about securing your infrastructure.

          On the other side – almost every business has permitted small amounts of reasonable bandwidth usage when it is not work affecting ( the operative words are small and reasonable). If they make you the heavy it will affect your working relationships and it’s not fair to anyone.

          Your management needs to issue a memo that carefully explains the credit union policy and the business expectations. Then you can follow it.

          If there is no explicit word (or memo better yet) from the top — I would not put myself foolishly in the line of fire. IMHO

          Mike Hawkins

        • #3336851

          Re: Heavy

          by vltiii ·

          In reply to So Why Do They Make YOU the Heavy?


      • #3322897

        That’s Just It

        by gulsath ·

        In reply to No, not a tyrant.

        The resentment is coming straight from Sr. Mngt. and we already have a policy in place that specifically states the equipment is owned by the company and you are not to do non-work related things on them.

        I was invalidated because, being the IT Manager I can obviously circumvent the restrictions. I was made to feel like a Senator talking about health insurance premiums. What does s/he care, it’s free for life for them. It’s a frustrating situation.

        • #3322880


          by afram ·

          In reply to That’s Just It

          I can see this must be frustrating.

          The problem I see, is that if you allow the users to do whatever they want, they can break their computer or potentially bring down the network, or get into legal trouble.

          WHEN (not if) it happens (even if you have documentation), YOU are going to be blamed for the downtime because you didn’t sufficiently protect the network. A failure is going to affect a lot of people who can’t get their work done and they are going to be knocking down your door. Users don’t care why things fail – they only know that you have to fix it fast and that it shouldn’t have failed in the first place.

          I suggest allying yourself with the highest ranking manager you possibly can and push a policy through her/him. Document how threats can bring everything down and the cost to repair, and the time wasted, and how easily it can be prevented.

        • #3341811

          What if you are the user?

          by free_lo2002 ·

          In reply to frustrating

          Well i agree on what you say about the users as being a thread to the systems secyrity but IT deciding what is and what is not secure is a little bit too much.
          First of all IT are users somewhere so they “suffer” the same constraints.I will have a direct question “Is Yahoo

        • #3341810

          Is Yahoo mail (and or any other e-mail) a thread to the systems security?

          by free_lo2002 ·

          In reply to frustrating

          Well I agree on what you say about the users as being a thread to the systems security but IT deciding what is and what is not secure is a little bit too much.
          First of all IT are users somewhere so they “suffer” the same constraints. It sounds like they are the owners of all just because they can make the connection.
          Try to see IT under the “all the same” light in a company and the problem will be minimized.
          Hiding behind the company’s policies is not fair and doesn?t solve the problem.

        • #3336844

          Re: Frustrating

          by vltiii ·

          In reply to frustrating

          Threats to the network are truly a problem, however; there is no reason that users shouldn’t be able to have reasonable access to the internet (outside of work related requirements)and the IT staff still have more than adequate safeguards in place to protect the network. Employers must consider quality of life of their employees. If they’re treated like drones then they get the quality of work they get. I would venture to say that employees happy with their jobs are considerably more productive. Since most businesses exist to make money, I think the cost of a little bandwidth is probably insignificant compare to profits expected to be reaped.

        • #3323531

          Deo credimus sed alius omnis demonstrada sunt data!

          by bigproject ·

          In reply to That’s Just It

          Hello Gulsath

          This may be “crazy talk” but…, you are going to have to do some work 🙂 Although, I think the results would be worthwhile.As with all business, if you can show how the policy relates to money you will not have any arguments.
          The capabilities of your system must be sufficient for the business, and if “personal use” is interfering, it must be stopped. Or … management will have to increase the budget to allow you to increase the system capacity to allow for the added “employee benefit”.
          You will need to make a presentation to management on how the bandwidth is being used and how much bandwidth is needed to get the real work done. Showing real data is needed. This information needs to be tied to dollar amounts, (you must use the language of your target audience).
          Without doing your homework and communicating your findings to management and users, there is no way to get out of the role of a “tyrant”, meddling with other peoples “privledges”. If you can show how the “personal use” is impacting business, management should take care of the issue by enforcing policy or increasing budget for capacity. If not, you may want to look for another place to make your hardwork count.

          Best regards

        • #3325175

          You are doing what you should do. However…….

          by fgarvin ·

          In reply to That’s Just It

          Since it is senior Mangement, I recomend you document the fact that they forced you to back off the web filtering. CYA. Then when things hit the fan because business can’t get done due to lack of bandwith, Virus, or other malicious activity, you can throw it back on them. But even still, keep your resume or cv up to date. I get the feeling that they would still try to pin it on you. I know full well what it is like to be told to do something, then they take away your tools to do it with.

        • #3325141

          Senior management

          by kero54 ·

          In reply to You are doing what you should do. However…….

          It is the same in all companies, I think. Senior management asks the IT what has to be done to protect the network, and then sign off on the policy that is needed. But then, when the complaints start, they want to back off. But as long as you have the policy signed by them, DON’T back off. Your job is to protect the network, not be well liked.

        • #3344261

          CYA – name of the game

          by ottersmoo ·

          In reply to Senior management

          I think many of the suggestions made here have been right on target! Security is NOTHING to skimp on and the “better safe than sorry” adage is applicable.

          I would add one thing – use the adage for yourself. IF senior management INSISTS on letting people surf, I would seriously consider going to an attorney and getting a contract written up that you’re not responsible for what happens to the network due to employee abuse of the internet. If senior management doesn’t sign it, WALK!! They’re setting you up for something that could be very nasty.

          Spyware, malware, keyloggers….any stolen information will land squarely on your shoulders.

          Good luck!!

        • #3337259

          Re: CYA

          by vltiii ·

          In reply to CYA – name of the game

          It’s interesting to see the range of views and how rigid some of the views are on the web surfing issue. I’ve been in the Defense industry where security requirements are consierably more stringent than corporate requirements for the last 26 years of my life. There have always been usage agreements which end users sign that specify what can and cannot be done on the network, but never has there been a restriction on surfing the net (other than porn and other inappropriate things).

          It’s amazing to me that someone who suggest having a lawyer draft an agreement between an employee and their boss. 1) Depending on the size of the organization they most likely have a legal team or at least a legal advisor. 2) What would be the motivation for the employer signing the agreement. 3) As a representative of the company I doubt this person would even have the authority to sign such an agreement. 4) What would be the motivation for keeping such a renegade employee on the payroll. Clearly they’re not functioning as part of the team.

        • #3342840

          Not to be popular but…

          by steve_it ·

          In reply to Senior management

          Your network users are your personal customers. While you need to protect them from others (and potentially themselves), you need to keep them informed and on side. A bulk mail-out explaining the policy and why it is necessary is useful. We are planning to block all sites, then allow any business sites and common sites, eg banking and home shopping, then others on a case by case basis.

        • #3343154

          Popular… phooey!

          by thinker999 ·

          In reply to Not to be popular but…

          >Your network users are your personal customers

          NO, they’re NOT! A “customer” is someone who has the willingness and ability to PAY. Users are USERS plain and simple.. And THEY don’t run the house, the people paying the bills do.. It’s NOT their network, they are USERS on it…

          >A bulk mail-out explaining the policy
          >and why it is necessary is useful. We
          >are planning to block all sites, then
          >allow any business sites and common
          >sites, eg banking and home shopping, then >others on a case by case basis.

          More ‘touchy-feely’ crap, trying not to offend those whose ‘feelings’ don’t relate to BUSINESS anyway.. How many mailouts, briefings, ‘awareness training’ sessions do we have to put on, or go through, before everyone admits that they *already* know it! ‘Playing’ dumb won’t cut it. The same people who are trying to surf this stuff AT WORK are the same people who won’t surf it from home, or let their kids surf it because they KNOW the risks..

          They were made aware of the policy when they came to work there (weren’t they?).. “Common sense” says that if it isn’t work-related their position is indefensible.

          The resources are there to do WORK which generates revenue from PAYING customers! If the customers can’t trust that the business is sound, that their data is secure, and that your business is trustworthy, they vote with their dollars and take their business elsewhere. Then, there’s no work location to surf from.

          IT’s job is to enable the enterprise to do what it needs to in order to generate revenue. It’s not about whether you’re liked or not! You can be the friendliest unemployed person they’ve ever seen and that won’t help anyone… BUT, if management has lost their backbone, and won’t sponsor, or back a policy enabling the network to be protected, YOU are between a rock and a hard place, and the rocks will fall on YOU when the roof caves in.. Buff your resume, do what you can, and run to save yourself!!

        • #3337257

          Re: Phooey

          by vltiii ·

          In reply to Popular… phooey!

          You clearly don’t understand what a customer is. Paying bills has nothing to do with the classification. The company hired them to perform task that it cannot perform itself. Granted the employees don’t make policy or pay bills, but they need to be able to do their jobs for the company to remain profitable. The internal IT staff is there to ensure that they can do their jobs. Period. They are the customer!

        • #3337261

          Re: CYA

          by vltiii ·

          In reply to You are doing what you should do. However…….

          If all or any of the things that you mention happen, they should pin it on him. Because users have access to the internet does not mean the network should be left unprotected. I do agree that anything in the form of policy should be in writing. All users should be aware of policy and the only way to make policy enforceable is to put it in writing.

        • #3325103

          Hold your ground

          by pantegra ·

          In reply to That’s Just It

          You have to make a stand somewhere. You are going to be yelled at for restricting the websites or for the network crashing because of a virus. From my point of view I would rather play it safe for the network that sorry. People can get over there emotions and acting like children. But trying to recover lost data from an infected server can ruin the company.

          Users need to grow up and realize that the internet is not for their personal use. it is a work tool and needs to be treated as such. it they complain about not being able to check the PGA scores cut off all access for everyone except email.

          It is your job to uphold the policies that have been set up. Making exceptions to the rule is just opening up the network of problems.

        • #3343513

          get it in writing

          by lexva ·

          In reply to That’s Just It

          If you have an established policy, and you have senior managers complaining about the policy, one thing you can do is to request clarifications or exceptions in writing from the policy from your management chain. Make them responsible for their decisions.

          You could also, like, grant a temporary exception and log all the security violations and present them in the appropriate meeting. (A pivot chart would work well for this.) Be sure to have a slide showing the cost of all the non-work network activity (you could even mention lost productivity).

          If you’re not going to win the battle, put the senior managers onto a separate VLAN, set up QoS to allow them a certain amount of bandwidth for the non-work-related network activity, and leave it at that.

        • #3341859

          Making an example

          by danag429 ·

          In reply to That’s Just It

          If senior management is goofing around on company time, can they expect the other employees to work? If you’re at work, then work.

          Tell them that they will set the tone for the rest of the work force. If they goof off, so will all the rest of the employees.

        • #3341590

          Take it to the board or members

          by nicknielsen ·

          In reply to That’s Just It

          Unless credit unions have changed radically, major decisions are being made by a board of directors and/or at annual membership meetings.

          This is a policy problem; I would try to get the board to address the problem or pass it on to the members. Since this is something that the board won’t want members to know about, they will probably address it as a side item in a regular meeting.

          And please tell me you don’t work for “DownEast” FCU!

        • #3338747

          Yes, this is want you want to do :/

          by scottyb37743 ·

          In reply to Take it to the board or members

          By all means, go over their heads!! Then you can use ITeachers services to further your education after they can you.

      • #3325083

        It is for the good of the whole.

        by bbounds ·

        In reply to No, not a tyrant.

        We use Lightspeed Total Traffic Control to block content ( it is more granular than Sonic wall ). We block sites that are a total waste of business bandwidth like ads and music. We also block sites that are dangerous to the health of the network and the computers themselves. Since we implemented this we have seen a dramatic decrease in spyware. This policy has allowed us to make more efficent use of bandwidth.

        • #3342907

          You are Being Smart — Be SMARTER

          by bill.affeldt ·

          In reply to It is for the good of the whole.

          Write a document to the upper management telling them why you recommend that the access be kept tight. Keep records of when and to whom it was sent. Then if the want it opened up write back to them and say you will do it but are advising aginst it. KEEP THESE RECORDS

      • #3341861

        Well, DUH!!

        by danag429 ·

        In reply to No, not a tyrant.

        We are discussing work-related equipement, and use of it on company time.

        Well, DUH!! If you’re at work and using company equipement, what are you doing listening to the radio or buying fishing gear? If you don’t have enough to keep you occupied, perhaps your job can be cut!

        This would be the approach I would use. If I am at work, I am working. That’s what I’m paid for. If I’m not working, then I shouldn’t be paid.

        Company owned equipement is not there for entertainment. It is for use on company business. What more do you need to tell people?

        • #3341676


          by georgec ·

          In reply to Well, DUH!!

          Amen to that….if they can take time to surf the web then maybe they can be cut to part-time or cut all together. Face it we all have done it at one time or another, BUT we (well some of us do) do understand that it’s company equipment and time and that stealing from the company (and it is “stealing”) can get you out there looking for another job.

        • #3338398

          Re: Amen

          by vltiii ·

          In reply to Amen!!!!!

          I agree that when you’re supposed to be working you should be working, but most companies also have a policy on breaks. Breaks and lunch are authorized and are authorized for a reason… so that employees function at optimum efficiency. Some people are work-a-hololics and that’s fine, but not justification to expect it from others. There have been so many studies done that show when employees are allowed little breaks or a few minutes to step away from work they are more productive.

    • #3323958

      Buy-in from above

      by gralfus ·

      In reply to Am I A Tyrant?

      As long as your management supports you, and you have the numbers drawn up to show them the whys and wherefores, then you should be on solid ground. It doesn’t feel good to have angry users, but the users need the whip cracked over them to remind them of the difference between work and home internet. A written policy that states it up front is the best approach. Then adhere strictly to that policy, and adjust it to be more strict as needed.

    • #3323956

      not a tyrant

      by afram ·

      In reply to Am I A Tyrant?

      It is absolutely IT’s responsibility to decide what users can access. It’s important to keep out the spyware and freebie software crap that people download that usually breaks something. I think the others just don’t understand the security risk and bandwidth usage.

      I recommend documenting your concerns and pass them to your supervisor. Let them know the threat and how much time and effort is wasted trying to fix problems that could have been easily avoided when you could have been working on something important.

      If the brass doesn’t seem to care, get a trial version of surfpatrol or equivalent. Get documentation on where people are going and at what times (you should let the users know in advance before using it). Also see if you get trial software to show network utilization (or your ISP may provide this information on request).

      Perhaps the managers will reconsider when they see what their employees are doing when they should be working.

      • #3325088

        This is BS

        by mdm ·

        In reply to not a tyrant

        It is NOT the absolute responsibility to decide waht users and access. You are not the CEO, owner, principal or whomever has bottom line responsibility for the organization.

        • #3325073

          Not BS, just not part of their job description

          by afoshee ·

          In reply to This is BS

          It is the responsibility of everyone NOT in management to carry out the policy OF management.

          For example in our IS/IT department it is our responsibility to give good solid information to management so they can make sound decisions. They then give us policies that make sense, and it’s our responsibility to carry out those policies – whether we agree with them or not. If we don’t then there’s the opportunity to discuss them if the management is reasonable, and go elsewhere if not.

          In this case our policy is to be conservative and if there’s any question on the website being visited then it’s blocked. Not only is there a band-width issue, but also the amount of time some folks spend surfing is outrageous!

          Our surfing spy software provides us with a report, and we have regular meetings with management to tell them who’s surfing where. It’s all legal because every employee is methodically reminded that the equipment they are using belongs to the company, as does their time. If they want to check on boat part orders during lunch that’s okay – but not porn, gambling, etc.

          We’ve even had legal research our liability in allowing that type of surfing to go on, and we’re ONLY protected because of our strict policies.

        • #3325038

          He’s a Tyrant

          by beahwolf ·

          In reply to Not BS, just not part of their job description

          Clear and simple. I err on the side of giving people relatively free reign over where they want to surf. As long as everyone is aware of the organizations Internet surfing policy, he should not assume responsibility for what they do. Those who violate the policy should be held accountable, but each employee should have the freedom to surf. Of course, restricting access to gambling and porn sites is something entirely different. I don’t think anyone would disagree with restricting access to those types of websites.

        • #3325003

          How stupid!

          by dennis.rhine ·

          In reply to He’s a Tyrant

          Clear and simple – you are an idiot!! It is, in fact, the responsibility of IT to enforce the policies of the company. Anyone who would err as you describe above would be opening the company up to all manner of problems including lawsuits. Also, managing the company’s Internet bandwidth makes perfect sense from the perspective of managing costs. Bandwidth does cost and people accessing streaming media sites including radio stations, etc. use enormous bandwidth.

        • #3336692

          Re: Stupid

          by vltiii ·

          In reply to How stupid!

          I had to go back and re-read his post when I read your reply. He never said anything about allowing employees to violate company policy. In fact he specifically states that violate company policy should be held accountable.

        • #3336604

          Agree with beahwolf

          by excitingmike ·

          In reply to How stupid!

          Some maturity in the responses will only add to the quality of the conversation. I agree with beahwolf, I admin a SurfConrol server, no rules, everyone can go where ever they want, we’re all grown ups(or are suppose to be). I spit out reports at the end of every month and give it to Mgrs, Suprvsr, and even the President. If they see a problem they tell me to fix it. I told them from the start that did not want to be a Traffic Cop, I just report and let them decide. It’s amazing how peoples’ behaviour changes when they know they are being watched! It’s an awesome study! I love it! (be nice now).

        • #3336585

          Re: Agree

          by vltiii ·

          In reply to Agree with beahwolf

          …and this is probably the best way to handle this. The few that abuse can be dealt with and those that don’t can continue doing their business.

        • #3342894

          This is NOT an issue of ethics!

          by comxero ·

          In reply to He’s a Tyrant

          It’s clear that many of those opposed to the action taken by Gulsath are not considering his PROFESSIONAL OBLIGATION as a IT manager to the company he is employed by.

          Let me reiterate. This is not an issue of ethics, morality, invasion of privacy, employee rights, political correctness, or corporate sensitivity. The bottom line is that even the most sensitive company in the world should recognize that this is clearly an issue of misappropriation of company resources resulting from a lack of end-user training (and understanding) of IT’s role in their business. This is simply not acceptable in ANY successful organization.

          It’s a precarious situation that we Network Administrators and IT Managers are placed in these days. The end-users feel like we are acting as the moral conscience of the company and executive management feels like we are overstepping our boundaries by devising and enforcing acceptable use computer and network policies. Neither of these positions are justified. The bottom line is that we have been commissioned to promote efficiency and mitigate the security risks unintentionally imposed on the company by hundreds (or thousands) of well-meaning yet uninformed end-users (executive level included), as well as a vast ocean of nefarious threats outside the company that are just waiting for ONE of these inefficiencies to create a compromise in our corporate network environment that they see as “opportunity”. It is our job to recognize and react to those inefficiencies and security threats and deal with them before they negatively impact the company. While most of these inefficiencies can be easily avoided with simple little policies like the one in question, if left unattended (or unaddressed by firm IT policies and practices) in rare situations it could result in (or contribute to) an “incident” that proves fatal to the company.

          On a home computer one cannot deny that viruses, trojans, worms, OS and application security holes, spam, spyware, pop-ups, browser hijacking, phishing scams, etc… are all quite troublesome nuisances that sometimes interfere with your ability to use your computer for what you bought it for. Now multiply all of these “nuisances” times the number of users on your corporate network. This is one of a thousand issues that your IT department deals with daily. One would think that we spend our days sorting through access logs in effort to identify and protect the company from “hackers/crackers/unauthorized users”. This is a paltry part of our day. By far the most troublesome part of my day spawns from the inability of individual users to see that the way they use (misuse) their computers at home is the single largest threat to the integrity of our network and cannot be allowed in the corporate environment else these “nuisances” I spoke of earlier will quickly choke our corporate network to death!

          While neither of the following situations by themselves would be the undoing of a company, you can clearly see where they simply are not good for business. Imagine for a moment the following two scenarios:

          [1] What if a member of executive management sent a corporate letter to a department network printer only to find another employee had it tied up with 500 invitations to his upcoming wedding. How do you think this would be received? Do you think it would be appropriate for the executive to immediately order a second printer, double the company’s order of paper stock and appropriate the IT department to install a second printer to account for the increased printing in the department? If so, guess where that raise you were expecting to get this year is going… that’s right… to the bloated IT budget!

          [2] Can you imagine what might happen if you arrived at your company workstation one morning only to find that you were unable to logon to the network? Depending on the IT infrastructure in your company, you might then call the helpdesk for assistance, but you are sent immediately to voicemail (because all the lines are busy). You leave a message and receive a callback two hours later informing you that your account has been unlocked. Two hours gone in your day… and you find out later that one tech was talking to his wife about their dinner plans, another was checking her savings account balance with a local bank, another was on hold with the cable company while trying to upgrade his service to include HDTV, another was arranging with a local liquor store to deliver the kegs to his annual birthday bash next week, one tech was catching up with her sister who’s currently vacationing in the Bahamas, and the remaining were on the phone attempting to resolve tech support issues with other users. Do you think for one second that upon hearing this, management would spring into action to hire additional techs and upgrade the phone system with more phone lines/extensions and then renegotiate a corporate long distance plan with the service provider that includes more long distance minutes to account for the increased call volume? Of course not! This is exactly what is at issue here.

          A finite amount of IT resources are available to ANY company whether you have a position at IBM or you work for a small, 20-user accounting firm. In this case the resource in question is ?network integrity? and its cousin ?network bandwidth?. These two go hand in hand. If you allow the integrity of your network to wane then your bandwidth will soon follow. It’s very clear that the end users see the results of their over-consumption (evident by their complaints of sluggishness), but they have been conditioned to expect excess and therefore take advantage of what they see as an undepletable resource. They clearly don?t understand the consequences of their actions (nor should we expect them to). Because network bandwidth is intangible it’s difficult for the normal end-user to understand that it is a measurable and valuable company asset. How do you quantify network integrity to a user? It?s a very difficult undertaking, but there is no doubt that if they continue to misuse it will result in nothing but trouble for the company, and ultimately trouble for the “soon to be laid-off”, complaining end-users.

          Numerous criteria define the success or failure of a business. It is the culmination of millions of little daily decisions that impact the business’s longevity. These decisions are not all made by the board of directors. They are made by everyone from the executive level through middle management and right down to each and every internal “end-user”. It’s time that everyone takes a little personal responsibility in the process despite how important or unimportant they feel their position in the company is.

          In finding a solution to the problem Gulsath is experiencing, the end-users’ “feelings” are really a non-issue. If you want to be my friend then buy me a drink at the company Xmas party, but the other 364 days a year I have a professional responsibility to the position that I hold within the company. That responsibility has an intimate connection with my ability to pay my mortgage, feed my family, pay my children?s tuition, etc. It’s awfully imposing of an end-user to ask that I compromise the integrity of my position because they don’t understand the network impact of streaming internet mood music in the privacy of their corner cubicle. It’s unfortunate that end-users don’t understand, but educating them on WHY policies exist (or should exist) is the responsibility of middle management and NOT the IT dept. The role of the IT dept should end when it helps the middle management element to understand the “WHY?” question so that THEY can relate it to their employees. Perhaps organized, inter-departmental training would be helpful but it?s simply too inefficient for this to take place on an individual level on a daily basis.

          You don’t have to like it, you don’t even have to understand it, I only ask that you allow us to do our job of making sure your have the IT tools necessary for you to fulfill your primary job function. It doesn’t matter what is interfering with your (or others) ability to use those computer and network tools, I resolve to eliminate that interference even if it doesn’t make me popular. It’s ultimately in the best interest of all of us. Despite how indispensable you believe your talent is to the company, we are ALL a minor oversight away from the unemployment line my friends. Please consider for a second that we (the IT department) have the same vested interest in the success of the organization. Help us to help you… despite our decided lack of social skills, we are not the enemy!

          PS – No. I didn’t write this on a company workstation or on “company time”.

        • #3336586

          Re: Ethics

          by vltiii ·

          In reply to This is NOT an issue of ethics!

          This can only be be considered misappropriation if it violates company policy. I don’t think we’re clear on what this company’s policy is at this point. In any case most of the good companies have some degree of concern about quality of life of their employees. In the end if the company wants to let employees surf the web, it is their prerogative.

          If executive management feels that you are overstepping your bounds by devising policy they are probably right. Network Admins nor IT managers have any business making policy. Their jobs are to enforce the policies that are handed down or recommend changes to policies they feel are ineffective.

          In your first scenario, I agree that is blatant misuse of company resources, however it doesn’t apply here. The individual concerned would most likely continue misusing company resources as long as he/she thought they could get away with it. Additionally, I wouldn’t expect executive management to be printing to a general use printer. If by some odd chance they had to because the IT staff was more concerned about their payraises, I would expect management would be given a higher priority and therefore still should not have to wait.

          If your second scenario were to occur I would think the help desk supervisor would be called ont the carpet. The supervisor has the ability to see how much time is spent on each call and the ability to compare that with the help desk logs to see how productive the help desk staff is being.

          There is only a finite amount of resources in any organization, but that doesn’t mean that finite amount is not sufficient enough to accomplish the mission and allow employees a little leeway.

          I understand that there should be limits and fully support that. I also think that employees managers should be the final say in how productive their teams are. If employees get a free moment to check the latest news, so what. Perhaps I’m biased because I’ve never worked anywhere that has had such strict requirements as have been mentioned in this thread. Employees have always been free to surf the web as long as they are accomplishing the jobs they were hired to do, and as long as they weren’t going somewhere considered to be inappropriate. In the places that I’ve been we’ve also not had the problems that most present as reasons for being so strict. To me that’s proof positive that in a properly managed network users can surf a little and not do any harm. I think that based on some of the posts that I’ve read, some expect employees to be drones and have a blanket distrust of all end users. That’s not fair to those who haven’t and probably wont earn the distrust it.

        • #3343537


          by jrslyrics ·

          In reply to He’s a Tyrant

          Don’t you think that free reign to surf is vreating an enviornment for people to just do the wrong thing? I mean the cookie jar isn’t what kept me from eating cookies whenever I wanted to as a child…it had a lot to do with the fact that I was 2 ft tall and the fridge was 6ft tall…I’m sure if the jar was easily accessible…I would have had a lot more stomach aches and punishments.

        • #3343298

          accountable rests ultimately with the company

          by halonsx ·

          In reply to He’s a Tyrant

          employers can be held accountable where your employees surf to.

        • #3336706

          Re: Not Bs

          by vltiii ·

          In reply to Not BS, just not part of their job description

          Sounds like your organization has a reasonable policy in place and have done due diligence in ensuring employees are aware.

        • #3342737

          ahh the politics of Internet usage

          by jaredh ·

          In reply to This is BS

          I work for a school district so I have seen this scenerio many times. I also happen to be the IT person who has to deal with the filtering of content. When a request to block or allow something comes up, I usually refer them to their Director. If their Director approves it, I will make the change. There are some things that I think should not be allowed, but it is not my call, nor my problem. If they waste their time surfing the web and don’t get their job done, it isn’t my problem.
          The thing to do is figure out who, in your organization, does have the authority and responsibility to make those calls and let him/her make the decision and you just carry out orders. That way if some one comes after you, you tell them that your boss requested it, take it up with him.

    • #3323951

      How many users?

      by cactus pete ·

      In reply to Am I A Tyrant?

      You have a 768 for how many? If they, and all the business apps, are using the same 768 line you MUST keep them from killing themselves with nonsense. That just isn’t a large pipe for a whole company to be surfing at all times.

      My company, a partnership of a few hundred lawyers, has two T-1 connections to the internet. They simply won’t allow us to block much, so now we’re going to a T-3.

      The cost is worth it to them, but in the meantime, they are preventing themselves from getting real work done [internet research sites that charge per minute] whenever they stream the latest tsunami footage, etc.

      If they want a loose policy, they have to get more bandwidth. Don’t wanna pay for the conenction? Fine, live within your means.

      • #3322889

        60 Users

        by gulsath ·

        In reply to How many users?

        For work related items alone, our bandwidth is ok, mostly mortgage, nada related items and emails.

        • #3322881


          by cactus pete ·

          In reply to 60 Users

          Well, here, in downtown Chicago, I’d tell you to just get a T-1. They cost about $250/month in the loop. [Last I saw] I don’t know if they’re popular in as small a town as yours, but the price increase might be less than you think. Then let them surf all they want – behind a firewall and proxy with built in AV…

        • #3322878

          Considerably Higher

          by gulsath ·

          In reply to Budget

          Than 250. My 768 is on a T1 but local regs prevent me from using more channels on this particular type of T1 for data. But it is a dedicated line so will be more bandwidth reliable than our cable.

      • #3325087

        Number of Users is not a criteria

        by mdm ·

        In reply to How many users?

        What has number of users got to do with anything. Just do your job and let those in charge make the decisions about how the system is used

        • #3325039

          That Depends…

          by jim.nugent262 ·

          In reply to Number of Users is not a criteria

          Consideration of the number users depends on WHY a certain restriction is being implemented. If bandwidth considerations are involved than certainly the number of users vs. bandwith will drive the decision.

          On the other hand if “this is simply not something you should do on work time,” then ovbiously # of employees is irrelevant. Beware, because the filtering of “non business related sites” can get out of hand.

          Human Resources may have an initiative to help with work-life balance, and be doing things like contracting with a company to do oil changes in the parking lot, pick up and deliver dry cleaning etc. to ease the “errand burden” on busy employees. At the same time IT may block access to or gift shopping sites. IT, driven by by different measurements, doesn’t have the head-set as HR, leading to this ironic state of affairs.

    • #3323949

      I know I’m outnumbered, but…

      by jdmercha ·

      In reply to Am I A Tyrant?

      I’ve always had a problem with restricting Internet access. Mostly because it is rarely done correctly. Yes, if you restrict access site by site that is fine. But when you only allow certain types of traffic or certain web sites, you will invariably restrict many usefull sites as well.

      One common target of Internet restrictions is to prevent access to discussion boards, like this one. I worked one place that would not allow any NNTP traffic. Eliminating newsgroups as a place to find information. Many offices restrict instant messaging. My wife is also an IT manager and we bounce ideas off each other through AIM all the time.

      The better solution is to write effective, enforcable policies. Then educate your employees and trust them to follow the policies. If you can’t trust an employee then that employee needs to be fired.

      (And you thought you were a tyrant.)

      • #3322950

        I’m with you

        by amcol ·

        In reply to I know I’m outnumbered, but…

        It is IT’s responsibility to restrict Internet access, but only to a point.

        Non-essential non-business oriented high bandwidth traffic should be restricted because it can interfere with normal business operations. However, it is definitely NOT the job of IT to be the Internet police, nor to set business policy for the organization. If people are going to waste their time checking sports scores or their personal e-mail or how their auction’s going on Ebay, that’s their business…and their supervisor’s.

        You can’t prevent people from interfering with themselves. You should only prevent them from interfering with the organization. Someone who’s wasting company time by web surfing has an issue that should be dealt with by management, not IT.

        • #3322928

          partial agreement

          by afram ·

          In reply to I’m with you

          If they are using company computers then it can interfere with the organization. It’s very easy to trick users into downloading spyware, viruses, etc and IT is going to waste time cleaning it up. Users could cause legal problems for the company if they start browsing for warez and using filesharing programs.

          You don’t have to become Internet police if you have the content filter turned on on your sonicwall appliance. That gauges webcontent based on pornography, gambling, hate, violence, cults, drugs, etc. (similar to spam filter). Pages containing this type of content is blocked and everything else is viewable.

        • #3322922


          by jdmercha ·

          In reply to partial agreement

          In theory I agree, but I haven’t seen it work in practice.

        • #3322903

          I have seen it in practise

          by jamesrl ·

          In reply to Maybe

          My previous employer had a tool which blocked sites based on a subscribed list(monthly updates), and allowed you to block specific sites and some specific ports.

          It had a database to track all access. What our person did was to put out the top tens lists – top ten users and top ten sites. We would review those sites to see if they were appropriate.

          For the users side, if inappropriate usage was spotted then the persons’ manager was notified. If it continued, the persons’ manager and HR were notified. All users of the internet had to sign a form acknowledging the rules(no excessive personal use, no porn etc.) and acknowledging the penalties(potential firing for repeated offense or any criminal activity).

          Free and open access to the internet from work is not a right. If IT pays for the bandwidth, it has the responsibility to manage the bandwidth. It is not IT’s responsibility to set the policy – thats up to someone else. But IT can enforce the policy through technology(blocking), its someone else’s job to one on one with offenders(HR/Management).


        • #3322896

          IT policy

          by afram ·

          In reply to I have seen it in practise

          I think it should be IT who creates the usage policy as far as what is allowed. IT is best qualified to recognize the threats and to know what affect usage will have on the computers and network. After IT creates the policy, the president/CEO/HR should approve it and to decide what to do with the users who violate it.

        • #3349556

          Re:IT Policy

          by vltiii ·

          In reply to IT policy

          I disagree with IT setting policy. They may be best qualified to recognize threats and to understand usage impact, but they are not qualified to understand the impact of their decisions on the business such as quality of life of employees. Ultimately all policies are intended to establish standards which will aid in enhancing the business operations. No policy is intended to be so rigid that there can’t be exceptions in certain circumstances. Someone mentioned flowers in an earlier post. To carry that a little further, I’m willing to wager personnel at the highest levels of some of the largest organizations were online checking out flower prices, delivery, etc on or before Valentines day, as well as making dinner arrangements or whatever. Most rational people would not consider this an abuse. What if the IT staff prevented them from doing this? The phone is always a fallback, but how do you filter the phone? Is the policy different for phone usage? I’d be willing to bet that most of the posters that support extreme restrictions on internet access use company phones to make personal calls, even if it’s only to call their spouse to say they’ll be working late.

        • #3322886

          That’s basically what I’m restricting

          by gulsath ·

          In reply to partial agreement

          For the most part I’ve blocked the major categories. The ones that could cause legal problems for the company and the ones with high bandwidth usage. And let’s not forget. I can always put website on the allowed list if it was categorized wrong.

      • #3322887

        My policies are not unreasonable though

        by gulsath ·

        In reply to I know I’m outnumbered, but…

        What I’m blocking is streaming audio / video, and the ESPN Bottom Line sports ticker software. I didn’t even block chat or NNTP. I tried to keep it reasonable because employees were complaining about speed, with the top 40 radio station playing in the background.

        • #3323400

          It’s tough to explain

          by jdmercha ·

          In reply to My policies are not unreasonable though

          And it may depend on your field of business. If you are blocking all streaming video, then you are also blocking your sales force from watching a webinar about the latest product they are selling. (Or maybe you do not have sales people.)

          If you work in a factory that produces automobile tansmissions, then you can probalby get away with blocking all sites that deal with sex (or other inappropriate words) in the URL. But if you are a healthcare company you can’t block all of them.

          So in a nutshell if you can list specific URLs to block, that is fine. But to block all urls except what you have identified, or to block a certain type of traffic is too restrictive.

        • #3325147

          Are you THE AUTHORITY?

          by jadal ·

          In reply to My policies are not unreasonable though

          If you are responsible (the powers that be gave you the authority) for keeping the Internet and the corpororate LAN running properly, then you must do what you must do to keep things running. If it is just your idea of what must be done, then you need to seek the President or the GM’s OK to have A POLICY to keep things above board. Employees will always complain about the IT guys though becvasue you are the one that has control over these things…These days it is a very tough job keeping corprate LANs fast and free from viruses. My sympathies go out to you…

        • #3325069

          It’s a gray area

          by gulsath ·

          In reply to Are you THE AUTHORITY?

          Yes, I have been tasked with keeping the internet / network safe from whatever I can. This however seemed to go to far. My biggest upset was that there wasn’t a, “in the future” conversation. It went from doing what I was doing to, “How dare you do it?”

          Live and Learn I Guess.

        • #3344264

          Time to ask some questions.

          by arkyankee ·

          In reply to It’s a gray area

          I would suggest that you put some data together from the SonicWalls logs and present them to your Manager and ask for direction. Show some facts about how much time\bandwidth is being used up on non-business related sites. Remove any reference to actual users, just show total hours etc. Let them see some facts and see if that will support your position.

        • #3342919


          by gulsath ·

          In reply to Time to ask some questions.

          I need to configure our View Point software for the sonicwall and do this. As it is now, I have the basic IP Bandwidth usages, Top 25 sites, etc. But I can’t see the amount of time spent on a given website.

        • #3342827

          Education and user buy in…

          by steve_it ·

          In reply to It’s a gray area

          Letting people know is critical. A major component of anger is suddenly finding out the world is not the way we thought it was, and being unable to change it.

        • #3325080

          Whose policies?

          by mdm ·

          In reply to My policies are not unreasonable though

          Do you have the responsibility and authority to make policy? They are not your policies.

        • #3325049

          Reality Check

          by mia1bxa ·

          In reply to My policies are not unreasonable though

          Time for the folks in the company to accept responsibility, especially those in management. Sounds like your doing all the right things, the company I work for, UPS, is much more restrictive than you are. Your managers have no idea what restriction is! Anyway, as an IT tech I fully appreciate your desire to please your users while keeping the net environment safe. But it is all so difficult when dealing with ignorant baboons who dont want to become educated on your issues, they just want what they want. (Good luck)

      • #3325084

        Missing the point

        by mdm ·

        In reply to I know I’m outnumbered, but…

        The point is still being missed. IT doesnt’ determine IT equipment use, management determines such policies. Just do the job which includes providing meaningful data and information to management as it relates to your functionality

    • #3322956

      Reply To: Am I A Tyrant?

      by dwiebles ·

      In reply to Am I A Tyrant?

      Well, it really depends on who is doing the screaming. If it is the end users, ask them to submit official complaints through their manager, and that they can have their manager request the access they want, if it is OK with the manager of the department, why not? If the Managers (your higher ups) are complaining, usually because the link to their latest lewd joke doesn’t work, give them the access, but recommmend coming up with a policy and enforcememnt. Meet all department heads and get their views, let them know what you want to implement, timeframes, etc. Spontaneously locking things out tends to cause more headaches than it’s worth, get the management on your side and implement it over a short time frame, with all staff being aware ahead of time. It would be best to have this in place before bandwidth becomes an issue, so you don’t get yelled at for “not seeing this coming”.



      • #3322879

        Learned That The Hard Way

        by gulsath ·

        In reply to Reply To: Am I A Tyrant?

        DW, I think it was the fact of the spontaneous restrictions that caused the problems. As I mentioned above, the policies already exist, they are not being enforced though. My issue is what you mention at the end of your post. Who do you think will get the reaming when someone sues the company (It’s happened in another fasion before here) or the boss has a slow download?

        • #3322838

          Always IT

          by dwiebles ·

          In reply to Learned That The Hard Way

          You will be responsible my friend, regardless of WHO downloads what because of slack enforcement, or inaccesible material because of strict enforcement. Seems no win until you factor in the benefits from the later. Stick to your guns, make sure that the network is secure, and hope that the management is on your side…


      • #3349526

        Re: Depends

        by vltiii ·

        In reply to Reply To: Am I A Tyrant?

        If the managers can have it then the end-users should also. The absence of a policy doesn’t mean playing favorites to those higher in the food chain.

      • #3349524

        Re: Depends

        by vltiii ·

        In reply to Reply To: Am I A Tyrant?

        If the managers can have it then the end-users should also. The absence of a policy doesn’t mean playing favorites to those higher in the food chain.

    • #3322895

      People spend more time at their office than anywhere else

      by dc_guy ·

      In reply to Am I A Tyrant?

      You have to be realistic and accommodate that. People basically live at work and you have to let them do the things that involves if you want them to do good work and be loyal to the company. If that means spending money on more bandwidth, in the Information Age it is probably the single dirt-cheapest thing you can do to improve morale, productivity, and quality.

      Absolutely you have to make sure they’re not doing anything illegal, counter to the company’s interests, or flagrantly inconsistent with the local community standards. In other words, if you’re in Hollywood you’d better not filter out pornography!

      Other than that, the same rule applies that I tell every wannabe manager: There’s only one way to manage people, and that’s by using your people skills. A good manager simply knows whether Joey is playing poker or whether Susie is a e-Bay addict. He doesn’t need an elaborate log to figure it out. If you can’t do your job and manage people the old-fashioned way, then you’ve got no business being a manager in the first place.

      For all practical purposes, we live here in your ****ing office building, primarily because you dinosaurs who are under the spell of the energy industry won’t let us telecommute from home! We have to be able to live all the dimensions of our lives here, to a reasonable extent. Learn to live with it!

      • #3322883

        I Don’t Agree With That

        by gulsath ·

        In reply to People spend more time at their office than anywhere else

        I have a home which I go to every night. What I do at home and what I do at work are separate issues. It doesn’t matter that bandwidth is cheap. Buy a radio for 20 bucks. It’s a person’s choice to work and is very demoralizing for employers who choose to work, not eShop. Let’s face, if you have an auction ending today, you’re spending at least the last 10 minutes of that auction doing nothing else but watching your bid.

        • #3322877

          Me Either

          by bsod_420 ·

          In reply to I Don’t Agree With That

          I think DC_GUY forget that when you are at work you are being compensated to perform a service for your employer. Unless your job is to surf the web all day, you probably shouldn’t be doing it.

          Gulsath, you seem to have some good policies in place. Judging by your comments, you are trying hard to keep the best interests of your company intact. I would find it hard to believe you are implementing a security policy as a means of attacking fellow employees.

          I had so many users complain about my new security policy when I began directing the IT department at my company, that I had the users agree to take a simple 10 question test about IT security. Whoever passed could have free reign on the web. No one passed and the complaints were (almost) gone after that.

        • #3322870

          Still Have That Test

          by gulsath ·

          In reply to Me Either

          That’s fantastic. Still have a copy of that test, it may come in handy.

          You’re right, I’m not trying to attack any employees, but I have already had a three day episode fixing Netsky on my network. And that was before our fouth branch opened and about 20 employees ago. So, it already did happen. It was a download from a freeware / game site.

        • #3343531

          Don’t impede business function

          by john_shadow ·

          In reply to Still Have That Test

          The internet is no longer a luxury that only transports email and specific websites for businesses, it’s constantly changing and there’s no way for YOU to know what is and isn’t business related.

          The corporate policy is basically a safeguard, like the speed limit sign on the highway. You don’t cause a problem unless you grossly violate the posted speed. If someone is eating up all the bandwidth, you’ll know, and management will know too, because “the internet is slow”. Then management can decide what to do. For your part, you can offer ways to either shutdown the usage, or make it possible for this usage to not impede access to the internet(work WITH the employees).

          Do your job, and that’s securing the workstations against viruses and spyware they may get. And guess what, that virus may(and often does) come from “valid” corporate business.

          If management defines what is and isn’t work related, then you follow that definition. However, in your case the management has indicated that the definition is very hazy. So do as management says. But make sure your firewall is up to date, virus scanners on all computers are up to date. Make the corporate machines do their jobs, providing access to corporate data and the interenet is part of that.

          Another analogy: restricting access to the internet in this day (unlike the 1990’s) is like restricting what newspapers people bring in to work to read in their spare time, or keeping people from making ANY personal phone calls, or restricting what radio stations people can listen to, or keeping people from bringing their PDA’s to work… Where does it end? It wouldn’t. You aren’t the police, just the road worker keeping the highway functioning.

        • #3322829

          Sorry, I’m with DC_GUY

          by amcol ·

          In reply to Me Either

          No company expects (or should expect) every employee to be working hard every minute of the entire business day only on business. That’s how people burn out.

          Lots and lots of companies provide onsite health clubs or memberships in local health clubs, noon time meditation groups or chair massages, and any number of other ways to break up the day. There have been innumerable studies showing definitively that people are more productive when they take a ten minute break every couple of hours.

          The “best companies to work for” lists routinely include organizations whose employees report that one of the main reasons they like working there is that they feel treated like adults and professionals. Of course there are plenty of folks who can’t be trusted to get their jobs done, but that’s a management problem and not something that can be regulated or solved by technology.

          I have no problem with IT enabling a little non-business oriented activity, so long as it doesn’t interfere with regular business and has little to no incremental cost.

          It isn’t IT’s job to tell people what to do…or NOT do…with their time.

        • #3322820

          Technology is there to help though

          by gulsath ·

          In reply to Sorry, I’m with DC_GUY

          That’s all. I don’t mind the ten minute breaks either. What I mind is my bandwidth being soaked by the user complaining about speed. Yes, some of my restrictions to obvious, you just can’t look at porn at work. But the others are for speed / virus concerns. I’m looking at an 8 hour history of usage. The highest ranked count is with 725! ESPN has a sports ticker that runs 24/7. Really, some of the complaints were becuase webpages don’t look right with a blocked message where an ad should be. please, that’s just petty.

        • #3343499

          Bandwidth usage

          by john_shadow ·

          In reply to Technology is there to help though

          I’m sorry, but if your network is getting slowed by a ticker which only sends information every 40 seconds… there’s a problem with your network! Those tickers barely send anything more than text, and shouldn’t be a problem. The only “streaming” media I’ve seen hog bandwidth is video, streaming audio shouldn’t be a problem. If you watch the actual bandwidth usage, you’ll see that most internet radio runs at about 50kbps PEAK, but that on average (again, because only small chunks are downloaded at a time) it’s actually averaged to about 20kbps. You should be able to handle about 40 “streams” before you see any real internet problems!

          When I first got here they thought that people were streaming music and video and so they locked everything down… guess what, network was still slow, the real problem was a combination of bad server configuration and a switch wasn’t performing correctly.

          If you configure things correctly and educate people on how to use bandwidth efficiently, all will be good.

        • #3322789

          Thank god they can’t do it here

          by oz_media ·

          In reply to Sorry, I’m with DC_GUY

          Employers cannot have you work over 8 hours (even in a salaried position) without paying overtime. After the first 4 overtime, then it’s double time.

          After a few paycheques are cut for 20 employees working long hours, the boss either sends people home after 8 hours SHARP or takes them to the pub in the aternoon to get them away from work.

          I admit I have worked MANY long days when employed F/T, I seem to work very odd hours now, a day could begin at 11PM and end at 4 AM or begin at 11AM and end by 2. Then again it could be a three day bender.

          When working for someone else, it is not uncommon for employers to literally kick people out after 8 so that they have a life away from work, and so he doesn’t have to pay thm the extra money.

          So given that theory, with a general office work day being 7 hours (not including breaks), that would mean less than 1/3 of you life is at work. For you to be expected to live without your home creature comforts for 7 hours while being paid is not asking much.

          Damn, how soft are people getting these days?

        • #3323371

          An example of something Canada does right

          by montgomery gator ·

          In reply to Thank god they can’t do it here

          Oz wrote: “Employers cannot have you work over 8 hours (even in a salaried position) without paying overtime. After the first 4 overtime, then it’s double time.”
          Wish it was like that here in the USA.

        • #3324849

          gets better

          by jaqui ·

          In reply to An example of something Canada does right

          after 8 hours regular time, it’s time and a half, to a total of 8 regular hours pay, then double to a total of 8, then doubled again to a total of 8 hours paid.

          so, if 20/hr for 8 = 160
          then at time and half, it’s 30 / hour, for 5.3 hours
          then it’s 40 an hour for 4 hours
          then 80 for 2
          then 160 an hour

          it can be really nasty for employers that didn’t keep important projects on track for completion huh?

        • #3342825

          Hate to burst your bubble about Canada but it’s not true…

          by unclerob ·

          In reply to An example of something Canada does right

          I live & work in Canada, Winnipeg, MB. to be exact and although regulations may be printed and state that “employers can’t have you work over 8 hours (even in salaried position)”, it’s not true. Employers seem to find a way to do whatever they can. If you punch a card then your OT is document and you must be paid for it but I am a salaried employee working in I.T. and have worked quite a bit of over time in my life, all unpaid. Reason being you have to, you’re told that being a salaried employee comes with the understanding that you work O.T. and that your O.T. pay is included in your existing salary (which it isn’t!)

          Employment insurance is a government provided service to those employees who go on maternity leave or are laid off from work. If you quit your job or are fired, you aren’t eligible for those benefits. If you complain to your employer that you work too many hours you may end up with more of the same. They don’t come out & say that you must work it, they do “encourage” it and if you don’t work the required OT, they will find someone else to do it. Employees are left in a position where if they speak up, they risk losing their job and if they don’t speak up, they work countless hours of unpaid O.T. (evenings, weekends) Don’t get me wrong, Canada is still one of the greatest countries in the world (our freedom, universal health care, impressive mat leaves for pregnant working women, better gun control laws, etc.etc) but it’s not all roses either. I don’t want to trash your post but I just want to let you know that it is inaccurate. Strictly speaking from experience.

        • #3324850

          hey Oz,

          by jaqui ·

          In reply to Thank god they can’t do it here

          BCLRB says 7.5 hours a day, for a 37.5 hours paid out of 40
          only a half hour lunch break, not paid, is required. anything else is a bonus.
          by bc labour code

          long days…22 hours out of 24, for 3 months. straight. yes, 7 days a week.

          and every employer that has had a complaint with labour relations has to have staff meeting frequently, with labour board person there to detail what is and isn’t legal.
          ( I personally got the Keg Restaurants put on that list.. something about stealing 2000 in overtime not paid. )

        • #3324834

          I know it too well

          by oz_media ·

          In reply to hey Oz,

          WIth lawyers in the family I have been able to sue several of my past employers for various reasons, usually HR related.

          I was recently approached by a US company wanting me to start branches here but have people work from home on straight commission. After explaining to them that BCESB (the old Labour Code replacement)mandates they would be out nearly $6,000 month before getting started they decided to try and operate from the south instead.

          There are MANY ways for an employer to avoid the minimums you have stated, the most popular being an averaging agreement, in which they pay you NO overtime no matter how long you work. But only a fool would sign one. I have made an employer sign one though, in order for me to recover 2 years of unpaid overtime, long story, but much the same as the Keg issue. My brother is the enemy really, he represents corporations, but he’s good to have on your side when needed I suppose. Others are industry specific, such as freelance artists, unsigned bands, real eastate agents, life insurance sales and a few other specific trades that all have different exceptions to the minimum wage rule while still being tacable employees.

          The BC Employment Standards act is actually the same as every province in Canada with the exception of minimum wage and some taxation issues in Alberta. The BC Labour Relations Code was written mainly to support the employer whereas since it was standardized it was ammended to support the employee instead.

          Just another perk I suppose, plus it keeps competitive business fair and the marketplace equal.

        • #3322745

          I’m Sorry

          by bsod_420 ·

          In reply to Sorry, I’m with DC_GUY

          Health clubs and meditation may be a welcome break from work, as may a walk around the block.

          I do not think for a second that an individual shouldn’t have breaks or down time.

          That does not mean that there should be free reign to utilize the IT systems designed to operate a business for personal pleasure.

          It is one thing to check for an email from your wife or kids or best friend for that matter. But when the priviledge extends to streaming video, downloading illegal content and infecting the company’s network with garbage, it may be a good time to implememnt a security policy.

        • #3323372

          I’m with DC_GUY, also

          by montgomery gator ·

          In reply to Sorry, I’m with DC_GUY

          Although well within the legal rights to block access as described, it is also a morale sapper. A happy employee is a productive employee, and allowing employees to surf every now and then is a benefit that costs the company nothing. At my company, blocking is limited to keep us off the usual suspects (gambling, pornography, and such). However, performance is the key, and if an employee can take time to surf every now and then, and still get the job done on or ahead of schedule, with good quality, then there is no problem. Blocking of employee access to the internet is the reason why terms like “Network Nazi” are coined.

        • #3343358

          Maybe it wasn’t your intent, but…

          by is girl ·

          In reply to I’m with DC_GUY, also

          I think you may have suddenly sprung total restriction on a workplace that had been pretty happy go lucky up until that point…which does make you a bit of a tyrant in your co-workers eyes.

          I find that it’s better to prepare users gently for a slow lock down any time you try to make the network more secure and stable. First, you should let employees/co-workers know that they are being monitored and that the results of this monitoring is being analyzed. Remind them nicely that freeware and spyware – like free toolbars and email enhancements – are slowing down their computers and their internet surfing experience.

          The first thing you will notice after this is a reduction in use/abuse. As you notice the offenders stop streaming music, lock it down. When they uninstall AIM, block it. Lock them down a little further each week, always explaining to them how much bandwith they are saving by using old fashioned radios and by removing HotBar from their system.

          Little, by little….lock ’em down – nicely. It’s taken me years of slow steady changes just to get my users on totally secure passwords…and they’ve hardly noticed !

        • #3325176

          But it’s not the employee’s time…

          by rm antala ·

          In reply to Sorry, I’m with DC_GUY

          Amcol said: “It isn’t IT’s job to tell people what to do…or NOT do…with their time”.

          I agree that it is not the IT departments job to tell people what to do with their time, but you’re forgetting a few important things:

          First, it’s not the person’s OWN time, it’s the COMPANY’S time. The people are there to do a job and are getting paid to do it.

          Secondly, it is the IT department’s job to enforce the company’s policies concerning internet access.

          Thirdly, the internet access provided by the company is no different than any other resource that they make available for BUSINESS use by the employees.

          Using the company’s internet access for your own personal use is no different than an employee using any other company resource for their personal use. Most companies do not allow their employees to use the telephones to make all of their personal and long distance calls while working; employee’s have phones at home for that. Most also do not allow employees to use company printers or copiers for printing all of their own personal paperwork; employee’s have access to these things either at home or a local copy shop. Why should internet access be any different?? It’s a resource paid for by the company for legitimate business use. Your own personal web browsing what HOME computers & HOME internet access are for.

          In my opinion, if you’re at work and on company time, that is not the time to be doing personal chores & tasks. That’s what the other 16 hours in the day (and weekends) are for. Your employer is paying you to do a job for them, not slack off and do whatever you feel like doing on their dime.

          If a company does allow an employee to use business resources (internet connection, telephone, printer, copier, etc.) for some of their own personal use, it’s an added benefit that they’re providing and not a requirement on their part. They pay for it, so they get to make the rules on how it’s used by their employees.

        • #3325051

          Times have Changed

          by pipe guy ·

          In reply to But it’s not the employee’s time…

          IT has to keep up. Employees aren’t expendable and loyalty must be rewarded. If any policy makes employees frustrated, angry or annoyed and you get management support to further your rule of network nazi, you won’t be helping your company or your fellow employee. I think the point if IT in the modern world is to help people do their jobs by providing the tools and maintenance to keep them happy. The extra toner and long distance bills and a wee bit of congestion on the network isn’t worth alienating even one profitable employee. The last numbers I’ve looked at indicate that each employee produces just over 4x the profits of all their expenses. So basically if an employee gets paid 50gs and they bring in 250gs worth of profits, the additional phone use really shouldn’t be an issue at all. Especially when people are now expected to arrive early, work through lunch and stay late into the evenings to get projects completed. If I was your manager, I’d ask you one question, “What are you doing to annoy my five top producers in this company?
          The second thing you need to realize is that your job is a “professional service” to the company. And similar to a doctor, you can provide advice like “quit smoking”. But don’t feel alienated or angry when people don’t quit. And don’t try to “get them fired” You are supposed to be “above” all of the chaois in the office, an objective service professional. If bandwidth suffers make a case to get more of it. Take the employees side so that management can get more value out of them. If they want to make long distance calls on the companies free IP long distance system, surf the internet at blazing speeds or print on your coolest printer, that should all be encouraged so that they will feel like they owe the company something in return. Especially in this day and age when people take two years to train and cost an average of 250,000 to do it. If even one employee stays in their job for an additional year because your made it easy for them to stay… your salary has been worth it to the company. Get faster computers, faster printers and an IP long distance system to minimize the costs to the company and give the most valued asset any company has free reign to get their jobs done.

        • #3344253

          That is what Supervisors are for.

          by arkyankee ·

          In reply to But it’s not the employee’s time…

          At my company, we block the basic stuff: porn, hate sites, and weapons. There are a large number of exceptions currently as no group listing in a SonicWall is perfect.

          We do monitor the SonicWall logs for usage trends and may report excessive usage to departmental Supervisors if requested. We as an IT department will not act as the enforcement arm of the internet cops for my company. If an employee is surfing excessive, that is between him/her and their superviser.

        • #3325135

          Get Some Support from management

          by jadal ·

          In reply to Sorry, I’m with DC_GUY

          Gulsath, get your managements support on this issue. After your network has gone down a number of times becasue of this surfing activity from CERTAIN employees and it is usually the same ones, then your decisions should to lock this activity down should come from the management team, not just yourself…

        • #3325105

          Agree with DC_GUY

          by pkcourtney ·

          In reply to Sorry, I’m with DC_GUY

          I agree that the type of access to the internet is NOT under the purview of IT; it is more the responsibility of HR to set guidelines on the balance between business and non-business related activity on the Internet. It is the job of IT to then implement the guidelines.

          Paul in NH

        • #3344262


          by georgec ·

          In reply to Sorry, I’m with DC_GUY

          Well it is IT’s job to ensure the safety and security of the network. Now, using your theory, if Joe or Jane Blow surfed to the “All The Free Porn You Could Ever Want” website and downloaded any number of trojans, worms, etc., then I guess that it wouldn’t be IT’s concern with the network when it goes down, huh?

        • #3342792

          That test sounds good

          by garret` ·

          In reply to Me Either

          Can you post it here? be good to have a look.

        • #3349502

          Re: Me Either

          by vltiii ·

          In reply to Me Either

          I think you missed the point DC_GUY was making. It’s not the IT departments responsibility to determine is users are earning their pay. That is an issue between the employee, their manager, and HR. Management is responsible for establishing policy and the IT staff is responsible for implementing/enforcing those policies, and when necessary educating users.

        • #3325081

          Missing the Point

          by mdm ·

          In reply to I Don’t Agree With That

          You still miss the point, you aren’t the determiner of what is ‘right and what is wrong’

        • #3325066

          I’m not missing the point

          by gulsath ·

          In reply to Missing the Point

          I see the point of overstepping my bounds, but my bounds were never set. This action is what set them. I do at this point have a plan of action to gather data and report back with suggestions.

        • #3325076

          I still like the economics answer.

          by bitbucketboy ·

          In reply to I Don’t Agree With That

          If they want to surf, log it to show overall percent of bandwidth and associated cost. If they complain about speed, request money for more bandwith and present the usage data again. They can;t have it both ways – the squeeze is no on you personally – people want something for nothing, and they can’t have it. If the company wants to buy a T3 for surfing stock trade sites, that’s their decision.

        • #3349508

          Re: Agree

          by vltiii ·

          In reply to I Don’t Agree With That

          I think we all go home “every night.” I think you’re too focused on the single issue of restricting access (some responders are almost obsessive about restricting access) and as a result missing the bigger picture. I think we all agree that there are and should be boundaries, but complete isolation is not the answer. It was understood decades ago that happier employees are more productive employees. Businesses are in business to make money. Happy employees contribute to the efficent running of a business which goes to the bottom line–profits. Those that run the business understand (for the most part) the need to make employees comfortable. As stated if spending a few extra dollars for bandwidth will ultimately make employees more productive then… make it so. The profits will most likely far outweigh the cost of the bandwidth. I’ve stated before that I’ve never worked for an organization that restricted access to the internet. There have always been policies that spell out what acceptable usage is and employees signed letters which become part of their personnel files indicating that they understand the acceptable use policy. My point to this is that, with the proper safeguards in place the risks can be mitigated without playing traffic cop at every users workstation.

      • #3344268


        by georgec ·

        In reply to People spend more time at their office than anywhere else

        Wow….People spend more time at work, live at work, kind of ridiculous statement huh? Spend 8 hours at work and 16 at home (give or take a few).

        Simply put and as harsh as it sounds, people don’t live at work. They are hired to do a job, and are paid compensation for that job. If they want to check sports scores, etc., then buy a newspaper or a radio for their desk (like me and millions of other people). If they want to shop EBay, then let them buy their own computer and do it from home. People aren’t paid to surf the web, or shop EBay, to download whatever they choose.

        When the people here start in with “it’s my computer, etc.” I remind them that unless they’ve paid for the computer, the software, and the bandwidth, then it belongs to the company and that the company dictiates what the computer is used for or not used for. It people aren’t happy with the policy, then go work elsewhere.

        Here at my job, i’m an AutoCAD Draftsmans and the IT guy, we have a 768 cable modem line and 15 workstations. There hasn’t been any problems with our lax IT policiies, but if the company ever wanted to clamp down, then it’s they’re right to do so.

        Working from home isn’t a viable option for the most part. If you’re paid to work 8 hours a day, and you do it from home, just how many hours of that 8 hours are “you” on EBay, surfing the web, watching the soaps and game shows, visiting the p… sites, etc? If you want to work from home, then quit your job and create your own company so you can work from home. But of course that means you’d have to buy all of the equipment, software, and bandwidth…. Hmmm wonder how much surfing and downloading you’d be doing on “your” company’s time?

        So DC_GUY, if you think that you have to live in “our” office building you can always quit your job that is so demanding on your life. If you worked for me, with that attitude, you wouldn’t have to worry about it, because you wouldn’t be “living” in my “****ing office building.”

        • #3343467

          Who expects the bowing?

          by jdclyde ·

          In reply to What??????

          Look in the mirror dude.

          You are right about only one thing, and that is the COMPANY has the right to clamp down. YOU are not the company.

          You sound like the “IT by default” guy, like they used to do to accounting. Do you have networking or security CERTS? You didn’t list any either.

          I do not know many people in the work force that clock watch and keep their jobs. If the work isn’t quite done, it is easier to just finish it up and that is what many many many people do. The “it’s five o’clock, I’m otta here” people never seem to make it very long.

        • #3341670

          Well DUDE

          by georgec ·

          In reply to Who expects the bowing?

          In a manner of speaking, I am the company, we all are. If we don’t do our jobs right, then there’s no company.

          Internet access at work is not a right, it’s a privledge, shy of it actually being needed to do your job. So if you’ve got streaming radio going then you’re stealing bandwidth from the company. Spend $10 and go buy a radio for your desk. If you want to surf the net and Ebay, do it at lunch whe you’re not stealing time from the company.

          Unless people are on salary, if they work after five, then they’re going to be looking for OT. And if the “work isn’t quite done” then maybe they shouldn’t have spent so much time surfing the net and EBay during the time they were supposed to be working.

          Let’s see to answer you “IT by default” statement. I’m the IT guy and AutoCAD draftsman becuase to have an IT department in our company wouldn’t be cost effective. Between myself and one of our engineers, we handle 20 PCs and 2 servers, plus our “pay the bills-billing hours” positions. How about I’ve been working with/on computers since 1983. Been through the entire gambit of OSs. And oh yes, I’m CNE and A+ certified. Have been for 7 years. One course shy of my MCNE. Have two MCSE courses under my belt as well, so how about you “dude”?

        • #3343911

          Next step

          by jdclyde ·

          In reply to Well DUDE

          Ok, now that you have seen my bio that I am not the young pup with no experience or training, I ask the question.

          If it is you taking the strong arm tactics with company resources, how am I the one expecting people to bow down to me?

          I am the Network admin. This does not give me authority over people in other departments. It means I am there to provide a service to them, as outlined by my boss. IF there is a clear rule forbiding something, and it is supported all the way up to the top of the company organization chart, then yes you block that from happening.

          If the company does not care if the user listens to web radio or checks their stocks, then I have no standing to try to throw my weight around and decide that I know better than my boss and will stop it anyways?

          If the company gives something away as a “perk” of the job, it can not be concidered stealing by any stretch of the imagination.

    • #3322854

      no, you are doing your JOB!

      by mrafrohead ·

      In reply to Am I A Tyrant?

      I wouldn’t sweat it man, you’re just doing what you should be. The company should see what you are doing as a favor to them. By allowing the flow of work to happen instead of the flow of downtime…

      Though I will admit that I LOVE my internet radio when I forget to bring in my Mp3 player… ;p

      • #3322833


        by gulsath ·

        In reply to no, you are doing your JOB!

        Mostly this post was to vent outside of recourse, but yes, it has been very helpful with the with / against ratio to my reasoning. It helps to know how others handle a siutation.

      • #3325180

        Doing Someone Else?s Job

        by bigaldepr ·

        In reply to no, you are doing your JOB!

        Many execs, managers and supervisors see a content filter as a simple means for IT to do their work for them and let someone else take the heat for the resulting problems. People that consume most of their day with non-work related Internet activites are poorly supervised. Simply putting a content filter up will not make them productive.

        Certainly some content should be filtered such as; porno, gambling and the like. But using a filter to replace good supervision is counter-productive.

    • #3322847

      YES, you’re a tyrant

      by scottyb37743 ·

      In reply to Am I A Tyrant?

      First off, speed and reliability are 2 seperate issues. The average cable connection will be 4-5 times faster than your DSL connection. So, even though you now have “stable” transfer rates your users will see speed differences.

      As for where I work, I don’t make any decisions on what to block or not block on my own, outside of P2P. I make a lists of bandwidth offending protocols and wait for my boss to tell me what to block. If you were “laid into” by your end users then so be it. If it were management you should take note and don’t assume that it’s your call to make. From the tone of your post this seems to be the case.

      Good luck with educating management!

      • #3322835

        Initial Reasoning

        by gulsath ·

        In reply to YES, you’re a tyrant

        When we put the Content Filtering in, it was to prevent non-work related content. This includes all non-useful content. It’s not like the content blocked was a surprise, just the timing.

        • #3322777


          by thechas ·

          In reply to Initial Reasoning

          It is VERY common to block Internet radio and other non-work related Internet traffic.

          If I understand what I read correctly, you have upper management support for controlling traffic.

          The core issue as I see it is an error in notification.

          Even if the policy has existed for years, it is still very wise to inform users of any changes in enforcing the policy.

          Users tend to think that if they are allowed to access a site or service that is in a “gray” category that that site or service is approved.

          Next time you make a change, be polite and give the users a few days notice.


      • #3322743

        What if “YOU” are the boss???

        by bsod_420 ·

        In reply to YES, you’re a tyrant

        What decisions would you make if you were in a department managers role, such as Gulsath? It seems as though you are merely a follower, whereas Gulsath is trying to improve his company’s procedures.

        • #3323454

          Ya! What He Said

          by gulsath ·

          In reply to What if “YOU” are the boss???

          Until somewhat recently, I did manage 7 people in IT and Operations. Now I just focus on IT. But while the Ops Guy I did have conversations with employees about their use of the Internet.

          It’s simple, you can’t use our internet for overuse personal use just like you can’t take a stack of notebooks or a ream of paper home.

        • #3323843

          HE’S the department manager?

          by scottyb37743 ·

          In reply to What if “YOU” are the boss???

          First off, Department Manager makes it sound like quite a large outfit but in reality we’re talking about someone that utilized cable access to meet their company’s IT needs….see what I’m saying. Now he switched to SDSL and when employees complained about speed he said, that it can’t be so because actually it’s now more reliable??

          I made the assumption he was a Network Admin like myself. At the company I work at, the System Admin lays out the structure and I implement it. It’s his job to communicate with North American IT director and get his approval for the suggestions we provide. Guess what? NA IT director has to get it approved by someone even higher up than him! This is common in the enterprise environment.

          We’re running multiple T1’s, DSL and PRI connections with 5 M$ servers, 2 UNIX and a VOIP system that 2 of us maintain and yet we make decisions as dictated by management.

          Gulsath, who “laid into you”? Was it end-users or management?

          BSOD_420,Look up the definition of Network Admin. It’s exactly what you described…a follower. So, I’m doing my job, implementing the procedures as dictated by the system admin.

          I applaud Gulsath for trying to improve company procedures but it seems he’s overstepped his boundaries as stated by, “it’s not IT’s place to determine what employess should or shouldn’t do. Who said that?

        • #3325247

          Sorry to disapoint you

          by gulsath ·

          In reply to HE’S the department manager?

          I didn’t say the new connection did not have a speed problem because it was more reliable. Until this point, decision making about our content was my responsiblilty. I have already conceeded to the difference between management and IT. But nothing is set in stone. At a company where everyone wears many hats, the lines are grayed.

          By the way, even in my little hick company we do 8 T1s to deal with and Citrix coming soon, but thanks for raising yourself up so high.

        • #3338721

          Gulsath, Gulsath, Gulsath

          by scottyb37743 ·

          In reply to Sorry to disapoint you

          You didn’t disappoint me. I’m used to your double-speak you use to try and justify your desire to rule the world.

          “I didn’t say the new connection did not have a speed problem because it was more reliable.” Oh, then disregard the following quote.

          “We recently changed our ISP from a local cable non-business access to a Verizon 768K line. Now my users are complaining about speed. This is simply not true, there is no issue with bandwidth, in fact it’s more reliable.”

          “Until this point, decision making about our content was my responsiblilty.” Ok, so now it isn’t. Wipe the tears away, suck it up and get back to work.

          In my position I’m, at least on a weekly basis, participating in streaming webcasts to help me perform my job better. Why is it any different for people in other positions?

          “By the way, even in my little hick company we do 8 T1s to deal with and Citrix coming soon, but thanks for raising yourself up so high.”

          8 T-1s for the credit union? Great choice, especially for pricing scalability.
          I bet you’re as well-liked by the accounting department as you are by management and the end-users 😉

          As for all the people making the, “Gulsath, it’s your job to protect our money” comments. You should be alot more afraid of the M$ ATMs at his bank.

          I don’t consider a CU with 100 end users a hick company. My hick CU has 3 locations, in 2 towns, with a third of that many people.

    • #3322821

      Regardless of policy

      by oz_media ·

      In reply to Am I A Tyrant?

      If the boss has his staff complaining that they cannot get to buy widgets or see PGA results it is completely within his right to pass that on to you.

      Seeing as he/she probably had really steamed encounters with these PO’s employees, his encounter with you showed the same face. This is how most corporate ladders work too.

      In this case,just allow what the perosn owning the company wants you to allow. I am sure they didn’t understand the scope of the policy when it was written, this is common. For an employer, a written policy is merely a way to reduce lawsuits if they fire someone for abuse of the systems. For the most part it is there for protection not enforcement.

      Just open it up and let them have what they want, if that’s what the boss wants.

      He will be getting enormous billd from the ISP as most business services charge wen you go over a prepaid limit. They will start charging for all the overage each month, when he sees these bills he will either;

      A) come screaming at you again, completely understandble and expected. That’s the way it is.

      B) Start asking users to reduce use of personal services (streaming audio/video)

      C) Ask you to block access, in which case when they come and complain to him agin he will say it was his decision and it’s just too bad for them!

      One question you must ask yourself. Do you get paid to do this? If so, you are also being paid to put up with it.

      Just play puppet in those situations, “you’re right, I should allow them some perks in their hard day!” and then “You’re right, I should lock down some of these services to save bandwidth” then “You’re right, they should have these services at the desktop”

      One thing that is ALWAYS true when you work for someone. He/She is ‘RIGHT’, end of story.

      You are simply paid to do as you are asked by the person who employs you, and then redo it, and then undo it,and then… get the idea.

      • #3322818

        Well Put OZ

        by gulsath ·

        In reply to Regardless of policy

        Like I said in an earlier post. This one just erked me. I had to blow off some steam. Frankly, look at how much time I’ve spent reading and replying to these. 🙂

        • #3322815

          TR’s great fo rthat

          by oz_media ·

          In reply to Well Put OZ

          THis is a great place to voice frustration.

          Even in a case such as this where you know very well it is just your job to suck it up and do as asked, it is still nice to see that you aren’t the only one that is frustrated by it.

          TR has it’s ups and downs, but all in all it’s a great place to hang out when you need to get away for a bit.

          Hang in there!

        • #3343347

          Does anyone think that reading these kinds of lists are a waste ….

          by is girl ·

          In reply to TR’s great fo rthat

          of company resources? I wonder if your co-workers would agree.

          The fact is that everyone spends a little time at work doing things that might not be the absolute best use of their time – including reading postings like this one.

      • #3322650

        Don’t be a puppet

        by afram ·

        In reply to Regardless of policy

        I disagree.
        IT should inform the brass about possible overage charges and prevent them from being accumulated in the first place.

        You shouldn’t be paid to put up with it, you should be paid to do the work that is in the best interest of the company. I’ve never had a problem telling a president flat out that his ideas on IT were bad (as long as I could explain why and provide an alternate solution).

        • #3323606

          Final discision is not yours though

          by jdclyde ·

          In reply to Don’t be a puppet

          Yes, it is our responsability to inform them when we see a potential problem.

          But what is a problem to us isn’t always a concern for them.

          They pay the bills, they decide what to do and when.

          Knowing you are doing the “right thing” by playing IT Nazi doesn’t help when you find yourself looking for a new job.

        • #3323445

          No Internet For You…One Year!

          by gulsath ·

          In reply to Final discision is not yours though

          My only hope was to protect the network and against legal actions.

        • #3324720

          Best intentions only goes so far

          by jdclyde ·

          In reply to No Internet For You…One Year!

          Unless this comes from the top, and they are willing to stand by this all the time for everyone then it isn’t a fight you should get into.

          When we first got e-mail for the company five years ago (been here for six), I do all the in-house training. When I held the classes I had to hold a separeate class for the managers for two reasons.
          One, they didn’t want to look stupid in front of their workers (didn’t mind looking stupid for me?)
          Two, because they get out of hand and very quickly I found that some of the group e-mails they were sending while in class were not ones I wanted to open with everything on my screen also showing on the media projector.

          It isn’t my job to make them follow rules they don’t care about. I can explain why, but most just don’t care because it is all geek mumbo jumbo.

          So I do what my boss and his boss see as what is important. I point out where I think a problem may be and see if they agree. If not, then it isn’t a problem. If it turns into a problem later on, I am covered because I still have my e-mails where I notified them that this may turn into a problem.

          Same idea as the exec looking at porn descussion. Why lose your job over something that you can’t do anything about. Don’t take it personal and put your ego back in check.

          Good luck.

        • #3344300

          well JD…

          by georgec ·

          In reply to Final discision is not yours though

          I’d love to be a fly on the wall when the FBI comes streaming through the company doors and seizes every piece of IT equipment because they tracked down some Kiddy-porn employee to your company and they’re standing in front of the “IT nazi” asking an enormous amount of questions.

          If you’re doing your job and doing the “right thing” then you won’t be looking for a new job, the idiot who spent 7 of his 8 hours at work surfing the net, etc., would be.

          You don’t list much about yourself other than IT/LAN, but I would bet that your mid-20s, probably don’t have any certs to speak of, and expect the world to bow down to you, including the company you work for. If you’re more than this I would be utterly surprised.

        • #3343478

          Welcome to my web little fly

          by jdclyde ·

          In reply to well JD…

          You lose your own bet, and if I was the NAZI I would be more inclined to expect the bowing, wouldn’t you think? (or did you think?)

          Ok, I didn’t write down my life story in my bio. At least it says something for you that you looked.

          I’m 36, been in IT for 13 years.
          MACE certified (that’s unix which covers systems/networking/shell scripting), getting ready to write my cisco certs.
          8 credits away from my BA in Networking with Cisco.
          I am the “Computer Systems Administrator” because I am the System Admin for Unix/Linux/Windows2k servers.
          I am the Network admin, running the Cisco routers with 5 remote locations I support.
          I do 90% of the hardware support.
          I do 80% of the software support.
          I do all the in-house training.
          I do the security, Anti-virus, Adware.
          I do the testing of new products to improve our network.
          I have taught classes in computers at a few of the local colleges and tech companies.

          I do not expect the world to bow to me, which you would see if you go back through any of my previous posts. Just because you are now in your second discussion, your going to look down on me?

          I see myself as a provider to the users. My job is to make sure they can do their job. Period.

          Enforcement of company policy is not something I have the power to do. If I see something that is going on that shouldn’t I will notify my boss in an e-mail that I keep.

          It all depends on the company you work for I guess. Many that I have seen do NOT give admins to go around and take onto themselves to be the enforcer and try to do the job of HR. This will get ME fired.

          And he is talking about blocking web radio to conserver bandwidth, not stopping something illegal.

          Go back and re-read my posts and you will see I serve the company, they don’t serve me.

        • #3341662


          by georgec ·

          In reply to Welcome to my web little fly

          I resigned from a System Administrator II position prior to coming to this job. Couldn’t take all the backstabbing/politicing in such a big company anymore. In that position (hmmm, get this, 5 remote locations for you huh?) I was responsible for 72 servers located throughout the state. With an abundance of CISCO routers & switches, starting with the 1600 and moving on up in models. We were connected to them through fiber, dial-up, satelite, microwave, yada-yada-yada. I provided 100% hardware support, and shy of the normal “forgot my password” type helpdesk calls, I was responsible for 100% of the software support.

          And as an IT it is your responsibility to enforce company policy when it comes to IT.

        • #3323332

          Of course

          by oz_media ·

          In reply to Don’t be a puppet

          But when he later comes to you and says it is a dumb idea and wants it changed what can you do? Change it.

    • #3322747

      Do you have a corporate policy that is approved by Top Management?

      by davidpmartin ·

      In reply to Am I A Tyrant?

      I may be creating some controversy here, but I strongly believe it is not your place as an IT dept manager to be dictating corporate policy. Your job is to do your best to provide the best possible IT services to your ‘customers’, which in this case is the corporate employees. If the top management has given you explicit authority to control what employees can and cannot do on the Internet, that’s different. But I’m guessing that is not the case, or you would not be posting this for our discussion.

      Take the issues to the top management, along with pro’s and con’s of unlimited access vs. restricted access. They are the corporate policy makers, not you. By making these decisions unilaterally yourself, you are setting yourself up as a ‘fall guy’ who will be universally despised by users. If users cause loss of productivity by their abuse of ‘surfing the net’ on work-time, that is an issue for the executive suite to handle.

      You are letting your executive managers off the hook by taking this issue on yourself. I certainly would NEVER put myself in your position.

    • #3323535

      Depends on your motive

      by erich1010 ·

      In reply to Am I A Tyrant?

      Is the effort of locking down categories toward some specific goal? If not, you’re a tyrant. If so, you’re not a tyrant.

      You mentioned bandwidth use. If the amount of data being used to do non-work related surfing is using up enough bandwidth to adversely affect work related surfing, then you have a specific goal for cutting it out.

      If the non-work related surfing is illegal or violates company policy, then you have a specific goal for cutting it out.

      If adverse consequences of surfing cost the company money in, for example, access to malicious sites, then you have a specific goal for cutting it out.

      For any of the above, you’re not cutting out the surfing to be mean. Though, the reasons for doing any such actions should be well documented and vetting with management.

      • #3323451

        Not trying to be mean

        by gulsath ·

        In reply to Depends on your motive

        I certainly don’t want to be a jerk about this. I too like to catch some highlights from this weekend’s game. But it is getting to be too much. We’ve already been hit by Netsky, we constantly have MalWare and at any one time, 5 – 10 people are listening the internet radio. It’s just getting to be too much useage.

        • #3323441

          Exceeding your authority?

          by tradergeorge ·

          In reply to Not trying to be mean

          I do not think you a tyrant, merely a concerned person trying to do what is best for the company.

          That being said, if you had the authority to do what you are trying to do, there would be no problem, no backlash. The fact that there is means that you have exceeded your authority, no matter how good your intentions.

          You have to start with your immediate supervisor and work your way up, getting support for your policy. If you cannot do this, you must resign yourself to the alternative.

        • #3323422

          That’s what I’m taking away from this post

          by gulsath ·

          In reply to Exceeding your authority?

          For the most part I think we are in agreement that I had the right intentions, but I went too far, too fast. I can accept that. What I’m doing now is keeping logs to track on a daily basis usage and see where my problems lie. My supervisor and I have a monitoring plan, and if necesary, will take any necessary actions.

        • #3325052

          Again, you have to look to specific reasons for doing this

          by erich1010 ·

          In reply to Not trying to be mean

          You mention that 5-10 people are listening to Internet Radio. How much bandwidth does that take up, and how much bandwidth do you have? If it is causing your network to be too bogged down, then you need to do something about it. If not, you could be hampering productivity of the workers for no reason.

          You mentioned that you got viruses on your network. Were the e-mails that caused it from the person’s work associates? If so, then locking them down won’t do anything. You have to make sure your mail server is secure. Make sure it can’t be used to forward other people’s spam and make sure it has proper virus filters on it. And, regularly send out e-mails warning people of impending attacks and dangers. Teach them to avoid virus laden e-mails.

          You can put people’s home directories on shared drives and lock their workstations from loading unauthorized software. You can also put virus protection on the machines that also looks for spamware and other malware. And when people complain of something messing up their system, have a standard pristine user setup that you can slap over theirs. After a while, they will figure out that messing around on the Internet will cause all their “favorites” to disappear and extra software to be unloaded, if they aren’t careful.

          And, by all means, install personal firewalls on each machine to keep out known attacks, in addition to a network firewall. This might help prevent the spread of malware in your system when one becomes infected.

          There is actually a lot of freedom you can give the employees, if you design your network properly. And, people spend so much time at work, that it is beneficial to give them some leeway. It keeps them at their desks longer without burning out.

    • #3325192

      You Need a Clear and Comprehensive Policy

      by harrybarracuda ·

      In reply to Am I A Tyrant?

      Providing you have a clear and comprehensive acceptable use policy, approved by and signed by top management, you just post it to users and tell them that any site they can’t get to is because of that.

      If they want to argue and whine, let them do it to their managers.

      Surfcontrol is better. Limit everyone to an hour’s personal use a week, so they can check the PGA or shop online during their lunch hour. Block porn or other anti-social sites, or ones that could for whatever reason be detrimental to your business or your colleagues, but do it when your management team have asked you to and agree with the reasons for doing it.

      Only someone really dumb would use the internet 10 hours a week for personal use when you are collecting surfing information, then whine to top management about their access being controlled 😉

      Your policy should clearly state that computers and the internet are provided by AND OWNED by the company, and therefore privacy rights don’t count. You have to be able to monitor email and internet traffic for security reasons.

      Talk to your legal and personnel departments, or get your boss to do it.

      Takes time, but no, you do not want to be the one seen to be making up the rules, merely enforcing them. If people choose to break the rules, it’s the company that takes action, not you.

      • #3325030

        Let’s See the Policy

        by ethos21st ·

        In reply to You Need a Clear and Comprehensive Policy

        Lots of banter here about policy. Every company should have a
        written policy covering Electronic Transmission and
        Communication Resources. That policy, like all the policies
        governing the workplace, should (a) be in writing, (b) be
        discussed with each employee, (c) be given to each employee,
        (d) employees should be required to acknowledge in writing
        their receipt and understanding of the policy. Then, like all
        policies governing employees, supervisors and managers are
        responsible for seeing that employees for whom they are
        responsible, follow the policies.

        Trying to enforce this from IT is not smart. If a
        subordinate of mine was violating a policy, I wouldn’t welcome
        IT trying to discipline him or her. Management should write a
        strong policy and then tell ALL managers to enforce it or ask HR
        for help. HR should be working hand-in-hand with line and
        staff managers to resolve issues like this.

        If any of you IT gurus would like to see a written policy that has
        been in place for over 5 years, let me know.

        – HR guy

        • #3342905

          Fair Enough

          by gulsath ·

          In reply to Let’s See the Policy

          Took out the company name. I’m posting this as a ‘hypothetical’ policy for opinion…:-)

          Appendix G

          These procedures shall be posted at every Personal Computer that provides access to the Internet and that allows other users to access the Internet.

          Internet Usage

          Network Administration

          The purpose of these procedures is to ensure that network security is not deliberately or inadvertently circumvented, and that Internet services are used properly.

          As needed

          Company has access to the Internet through Verizon Online. This service allows Company ‘s employees to use the communication advantages and wealth of information that the Internet provides. The Credit union?s system architecture incorporates state of the art “firewalls” that prevent would-be “hackers” from gaining entry to the Credit union?s network. However, access to the Internet could, if precautions are not followed, inadvertently create a security ?hole? and jeopardize the Credit union’s network thereby allowing access by unauthorized computer users.

          I. Internet Use

          The following usage rules shall be adhered to:

          ? The Internet should be used solely for the purpose of conducting business.
          ? Classified Credit union documentation or information shall not be transmitted via Internet E-mail or through the transmission of files. Classified material is defined at a minimum as: any documentation or information that one would shred if it were printed on paper. Think about what you are sending. If you do not want the world to know — don’t send it.
          ? The transmission of any material in violation of any federal, state, local, or international laws and regulations is strictly prohibited.
          ? The transmission of any material, including software, that is copyright protected, is strictly prohibited.
          ? The downloading of files and software found on the Internet is strictly prohibited unless authorized by the Network Administrator. If downloading is authorized, it shall be done to the desktop NOT to a network server and must be licensed for use. When downloaded to the desktop the file will be automatically scanned for viruses.
          ? Issues, including detected viruses or any other perceived problem, shall be immediately reported to the Network Administrator.

          The Internet can be used as follows:
          ? Electronic Mail (E-mail). This resource is provided as a communication tool to and from other individuals or businesses with E-mail addresses. There is no guarantee of privacy for an E-mail message. E-mail should be avoided if the information is of a sensitive or proprietary nature.
          ? Research and information. Employees may access work related web sites, news groups, databases, universities, and libraries.
          ? Participation in Internet discussion groups. Employees may participate in work related discussion groups. Employees who participate in discussion groups during working hours are representatives of Company and must remember that responses and conduct during these discussion groups shall be professional and could be interpreted as opinions of the Credit union.
          ? Advertising on the Internet. Any information that is to be published on the Internet shall go through the Marketing Department for approval.

          II. Internet Access

          Access to the Internet via the ISP is paid for by the Credit union. Therefore, access for employees is contingent upon a demonstrated business need and requires the approval of the Department Head/Manager. Requests for Internet access by Department Heads/Managers shall be submitted in writing to the Network Administrator for review and approval by the IT Department. The following minimum information is required:

          * Name of individual to be granted access
          * Responsible department
          * Reason for requesting access
          * Department Head approval

          Following review and approval by the IT Department will arrange a short training session for the employee before they are allowed access to the Internet.

          III. Data Transmissions and Sharing

          As systems begin to interface more in the future, specific procedures for data transmissions and sharing become increasingly important. Therefore, as these interfaces develop, specific policy shall be addressed here with regard to those interfaces.

          IV. Monitoring Internet Usage

          To ensure that the Internet is used in the best interest of COMPANY, the Credit union may monitor employee access to the Internet.

    • #3325191

      Not your responsibility

      by jasper.van.rijn ·

      In reply to Am I A Tyrant?

      You are responsible for implementing a policy of web site use. Let someone else decide what can and can’t be viewed.

    • #3325189

      Standard Course of Action

      by sprl618 ·

      In reply to Am I A Tyrant?

      You are not being a tyrant if you are working to Save the company money and maintain/improve efficiency and productivity. Every employee should understand this basic principle.

      If you can’t get an ally in management to see the risks with the way some of the employees are using your IT resources, make an old-fashioned Paper Memo detailing a couple of specifics and then the general cases you need to address. Send Copies to more than Two line managers or relevant supervisors with the target address of the memo to the Division Mgr, VP. or company Head Honcho. Write the memo so they can see the risks in terms of Costs and potential losses/liabilities.

      The line managers or supervisors should get orders to help you work out the policies or restrictions that meet company goals and employee needs.

      If the memo is reasonable and completely ignored, put out your resume and find another company.

      • #3342660

        Implementing your policy…..

        by harrybarracuda ·

        In reply to Standard Course of Action

        I’d thoroughly recommend anyone involved in IT Security Policy, whether in IT or Management, read the following amusing tale:

        Outsourced IT staff fingered porn stash banker
        By Lucy Sherriff
        Published Tuesday 1st June 2004 15:28 GMT

        Porn-surfing bank supremo Michael Soden was caught with his browser down last week by the very same staff he outsourced to HP at the start of his reign at the Bank of Ireland.

        Soden hit the headlines last year in Ireland when staff took industrial action in protest of the department’s shift to Hewlett Packard. Staff were unhappy about the prospect of becoming HP employees, as they had enjoyed considerable perks at the Bank of Ireland: favourable mortgage and loan deals for instance. Now it seems that he has been forced to resign thanks to the very department which he sent merrily on its way.
        Click Here

        Staff informed the bank that they had discovered pornography on Soden’s machine on Wednesday last week, during routine maintenance. Soden resigned his post on Saturday, after the internal investigation into the discovery was leaked to the local press.

        It would be disingenuous to suggest that the “routine maintenance” was anything other than that, but it’s clear that Soden’s machine was thoroughly attended to.

        The outsourcing move was Soden’s second high-profile decision after his appointment as chief executive. His first was to update the acceptable use policy that prohibits staff from accessing porn using company equipment. ?

    • #3325187

      Management wins

      by brian.harwood ·

      In reply to Am I A Tyrant?

      I always take my instructions from authorised management on issues like this, as do I also for all security matters, and I refer employees with grievances to management. I believe IT is there to implement management decisions, not make them, though sometimes we need may to influence them a little.

      • #3325183

        Management Decides, IT Implements

        by john noises ·

        In reply to Management wins

        IT should not have to decide what is allowed and what isn’t in this situation.

        Obviously IT have to analyse the issues and options open to the company, and give advice on the repercussions (in cost/service terms) of the available technical choices. However, once they understand the implications, only management can decide what is acceptable to them.

        Once a clear policy has been decided upon – and IT need to check that it is sufficient to cover all areas of concern – then it is up to management to communicate the decision and IT to implement it.

        Even if the policy was created at the behest of IT, that does not make IT the owner of the policy.

    • #3325186

      As an Admin that is your job :-)

      by mark ·

      In reply to Am I A Tyrant?

      Do not feel bad about doing your job.

      I like your approach of using a consent form for accessing non-work realated sites and combined with the fact that this should only be out of working hours I feel that you are enforcing the right image and usage.

      You have your usage policy, that I assume all staff have signed and agreed to as part of their employment conditions, so quote from it and enforce it.

      I have gone as far as excluding hacking, gambling, banking and shopping sites along side the usual raft of sites. IMHO I think you could also block internet radio and IM since there is no need for them whilst you are at work.

      You may have other techies that need access to hacking sites but make sure that they have signed an exemption form stating the T’s & C’s under which they get the access.

      Hope that helps.


    • #3325185

      As ever – shades of gray

      by graeme ·

      In reply to Am I A Tyrant?

      We find in larger organizations the amount of web “goofing off” – and so presumably the risk of inappropriate surfing – rises with distance from management. A copy of the “Web Usage by user report” sent to the appropriate manager usually is all it takes to get the manager to re-inforce policies that reduce surfing be it:

      – clearer policy
      – employee training
      – site blocking

      In some smaller organizations we work with managers allow general surfing as long as:

      – the employees have received appropriate use training – which includes a security risk summary
      – employee performance targets are met

      In those organizations bandwidth costs (for the many differing Internet Radio Stations) are seen as a cost of doing business and appropriate allowance is made in the budget.

      Support costs caused by the employee downloading bad content that causes a service call are “deducted” at time of their performance review

      • #3325184


        by harrybarracuda ·

        In reply to As ever – shades of gray

        “Support costs caused by the employee downloading bad content that causes a service call are “deducted” at time of their performance review”

        I bet *that* keeps the bad downloads to a minimum! Mind you, that actually seems more tyrannical than anything on this thread

    • #3325181

      Oh my what a dragon!!!!!

      by gambi ·

      In reply to Am I A Tyrant?

      I am under the impression that most of the replies are from people who are not in a position to apply such policies – but whatever anyway.

      Gulsath, I am in the same situation and from what I have read you have got quite a time on your hands, my suggestion is that you put a speed limit (without telling your users) on non-work related sites during business hours. Yes one could argue that the users will then spend MORE time on the net because it is slower – this will infact happen but it will allow the users who have work and those who want to work to get something done.

      My argument to support blocking is quite simply this – do your work and bring in income for the business to continue – no business no work, then everyone is unhappy.

      Another point to consider is posting or e-mailing the line stats to relevant managers to inform them as to what their subordinates are doing during work time (I think that you will have to get approval for this) – I don’t say that when you are at work you must work 100% of the time but effectively that is what you are paid for and the terms you agreed to when you said “yes I will work here for that amount at those times”.

      Oh well back to work for what I am being paid for…

    • #3325178

      From your users’ perspectives

      by munezrhep ·

      In reply to Am I A Tyrant?

      Before I was able to use p2p to download any files, from adult to documents. And I was the one who usually fix the office computers if they’re busted with viruses and other destructive progs. I was aware and still did it.

      Now, I know that your users know what will happen if they don’t follow policies being implemented by IS depts. They just don’t care. And the most important thing is policies are so easy to ignore, especially when it comes to using the Internet. It’s like “Hey! It’s public anyway. I have rights.”

      No. You’re not a tyrant. You just felt it becuase maybe once you were also in our shoes and your Net admin did the same thing.

      Best regards.

    • #3325177

      Blurred Boundaries…

      by thinckerman ·

      In reply to Am I A Tyrant?

      I am a CEO of a technology consulting firm with many years of experience in large and small comp-anies.

      As long as modern organizations continue to blur the boundaries between work and non-work life by giving employees cell phones, home faxes and home PC’s to access their e-mail they will have to provide some portion of the “regular” workday for employess to get some of their personal “stuff” done.

      Although it is a security risk to surf non-vetted sites, it is also not the employees problem to be responsible for malicious websites.

      We need better web security and bigger punishmen ts for web abusers and a little more consideration for the emerging convergent lifestyle.

      Have a good one………. RSC

    • #3325170

      Its tough to say ‘No’

      by gmkovich ·

      In reply to Am I A Tyrant?

      With over 15 years as an IT hands-on guy and director, I know
      feel your pain. You have a manager and if you are feeling heat
      over implementing the word of the policies, then either the
      policy needs to be changed or the manager needs to send a
      communique that explains why – no exceptions.
      To help your manager send that message, undo the settings on
      SonicWall, and then run reports on bandwidth usage by user that
      the SonicWall can provide you. Unify the IP address with your
      DHCP server output, so that you have time stamps.
      Roll that up with a weekly bandwidth utilization from MRTG and
      you can build a good story for either purchasing more
      bandwidth, or opening someone’s eyes that this is a company
      resource, like a long distance call and it does indeed cost.
      You are always going to have users who think the rules are not
      for them – this is where a good manager steps up and either
      does the right thing or brings the security policies in line with
      the corporate attitude.
      If you are the top IT guy, then you need to craft your report for
      the layman manager, otherwise their eyes will glaze over.
      In my experience, it was the same ones who moaned about not
      having access to eBay who also didn’t want to change their

      Good luck!

    • #3325169

      Maybe, Maybe not.

      by paul ·

      In reply to Am I A Tyrant?

      Gulsath, in my experience of heading up IT departments, these type of restrictions never go down well. All you need to be sure of is that your policies act in the best interests of the company. Internet radio is one that I typically let through – we were on a flat rate connection and if people want to listen to the radio during work, so be it.

      My restrictions have typically been very light, eBay and shopping sites I have no problem with at all.

      The key to a succesful company is happy and motivated staff. It is important to maintain this feeling, and to be cautious not to bring in a parent / child feel to the way you restrict access.

      My 2c worth…


    • #3325165

      Go for it!

      by vwilliam ·

      In reply to Am I A Tyrant?

      You are 100% on the mark. It is a business system and should be used for the companies business only. Ordering online (and other recreational activities) should be done after hours ~ and preferably from their home computers. As IT Administrators, we have enough other (and frequently more important) issues to spend our time on.

    • #3325163

      Not ITs Fiefdom

      by andeanderson ·

      In reply to Am I A Tyrant?

      Actually, it is not up to IT to decide what the systems and internet usage are. We just enforce what management says to do. If management wants to throw out or ignore a policy, they probably didn’t understand anyway, it is their nickle. Just document the progression of events and what steps you attempted to avoid problems and the violations involved. Documentation is a key to your protection and the ability to get things working the way they need to.

      It is ITs responsibility to make management, no matter how large or small the company is, aware of the hazards and problems created by having an open access policy.

      It only takes one large problem, system infection or lost customer due to an open access policy and they will sit-up and start to either create or start enforcing a controlled access policy.

    • #3325152

      When you find the ultimate answer, let me know

      by dlandrum1 ·

      In reply to Am I A Tyrant?

      I have all the responsibility and none of the firepower to enforce a policy that is 1 paragraph long. It basically says, if too much personal activity is noticed, we will have to curtail it. I bought spectrasoft and installed on the 5 largest offenders, based on the reports from my Watchguard Firewall appliance. The reports I drew up after Spectrasoft was in place for 15 days, looked at 3 random days for each person and showed date, site, time site was open, time site was in the foreground and active(to eliminate the excuse that it MUST have been a pop-up). The lists on each person showed a MINIMUM of 2 hours daily – not BEFORE or AFTER working hours, and NOT during lunchtime, but in the prime of the work day. The sites were shopping, jokes, checking personal AOL, HOTMAIL and other email accounts, e-bay and of course – Fantasy Football.

      I was forced to open up the Sports and Leisure sites on the Firewall list because too many of the upper management members are involved in Fantasy Football leagues.

      I have documented everytime that I have been forced to back down the strength of the system security.

      I know I will be blamed when a shutdown occurs, however, I will have ammunition to refute that blame.

      Any IT Admin that works in an environment where the buy in from above on system security is strong, is indeed lucky!

    • #3325146

      Not IT’s responsibility

      by awfernald ·

      In reply to Am I A Tyrant?

      However, you should monitor the bandwidth, and then evaluate how much is being used for “non-work” related issues, then approach your management and let them know that due to the internet radio, chat, streaming video, golf scores, weather updates, mp3 downloads, etc…. that you need to up the internet connectivity bandwidth by x% at x$ per month/year. Then let the business owners/managers decide if they want to pay that amount to have people wasting company resources.

      If they have the budget, and this is what they want to spend it on, then it’s not IT’s responsibility to stop them. It is IT’s responsibility to let them know the financial impact of it though.

    • #3325143

      Let HR do it

      by racote ·

      In reply to Am I A Tyrant?

      IT should not be the corporate nanny. If you purchase certain products, like Checkpoint Firewall, you can give the rights and responsibilities of managing net blocking to HR. (No I don’t work for Checkpoint)

      They are the ones who have to deal with issues of rights and corporate correctness. Also it keeps them from pointing the finger at IT because someone happened to peek into the cubicle of someone else who was looking at “inappropriate material” and decides to file a complaint citing a hostile environment.

      • #3325095

        Meet with HR and define that border

        by stevenberkholz ·

        In reply to Let HR do it

        In reference to HR, IT is a facilitator.
        I have automated daily reports for HR that grep for “inapropriate” words in URL requests and such, but I do not look at them; HR should.
        I assist HR, I am not a company cop.
        Another example is when HR comes to me and says Manager A thinks Joe is in his email too much, make me a report; I will retort “Do you really need the report? If the manager has an issue, he should tell the employee. Done”. Luckily, my bluntness is respected here.
        This is not to say that I am not responsible. If an outbound email gets stuck because of a bad address or size issue and it is “innapropriate”, I do my part and send it to HR, I just don’t spend my day looking for problems.

      • #3343408

        Yes, It’s HR’s Call

        by gm003 ·

        In reply to Let HR do it

        I agree with racote. Decisions as to how far internet access should be restricted, if at all, are for HR to decide, not IT. It should not be IT’s responsibility to decide that users cannot access, for example, NFL sites, personal banking sites, or personal email sites. I submit that it should also be HR’s call whether to block out porn sites (even though the pornsters will always be one step ahead of the IT guy who is trying to block them).

    • #3325137

      go ahead and block

      by mm8ball609 ·

      In reply to Am I A Tyrant?

      I even go so far as to allow only access to certain sites neede in the business. Surf and IM at home, not on my time!

    • #3325127

      Your in the zone…

      by medinats ·

      In reply to Am I A Tyrant?

      It is a combination of what you are hearing here. There are many Fortune 500 companies that do not allow Internet surfing during business hours. Their reasoning is that a person that comes to work is there to work. Still in others such as Ford, they institue a proxy login to allow only certain people to get to the internet and surf about. Still others allow it all. I think you need to do as others have stated before develope a presentation and bring a machine that is infected with some really nasty sypware. These visual aids along with real time data showing cost of work realted to fixing PC issues and worker down time along with bandwith utilization cost will sway most of the people in management. To illustrate say you have 25 infected PC’s taking 2-3 hours each to fix, then your time at $30/hour times 3 times 25 equal 2300 roughly. The next step is to show that cost of surfing against the cost of your T1’s for the month. And on and on till some one in the room says “Wow! we are spending that much??!!” or “Who is working here???!!”.
      Make sure the presentation only presents data, when you cross the line to oppinion then you will run a foul of the “Great Place to Work” feeling. This in itself is a tight rope of grey area. How much do you lock down the machine without making your office feel like a cage. How many sites are blocked to protect/impede needless internet use.
      There are alot of vaild points and ultimately it will be Management that makes the final call. Just make sure it is the right one for your business for business reasons. Get your ducks in a row and make your data air tight. Less leaks the less of a chance there is that you will not get your policy implemented for the right reasons.

    • #3325124

      Are you a lawyer

      by esteck ·

      In reply to Am I A Tyrant?

      Are you a lawyer? If not, or if you do not provide legal counsel to your company don’t sweat it. The reason a policy, intended to monitor or control employee behavior, is implemented is to show that the legal entity of the company does not support or condone the illegal or offensive behavior. Thus if an company is sued because an employee of the company did something against the policy, the company would have a better legal position in court.

      If the higher ups want to disregard the policy for certain people or at certain times then the company is again subject to litigation becuase it can be argued that it was a policy on paper only and not implemented and inforced at the company.

      Think how much fun an opposing lawyer would have when they found out that the company ingored a serious policy. What other policies might also be ignored? Maybe age, sex, or medical discrimination, wrongful termination policies, etc. The companies legal defense would be that much harder and more expensive (legal fees) to defend.

      An interesting idea: Go out and surf all the porn you can. Show it to everyone who will look at it. Get fired. Then sue the company for discrimination becuase they only enfored the policy they had against you and not the others who had also violated policy. (this is not a recommended course of action but an interesting idea)

      The problem is that you have become the defacto enforcer of this policy. Probably, the HR or legal department should police the enforcement of policies, just like they would for a drug usage policy.

      Your company management needs to decide if they really want the policy. If they do then enforce it, if they don’t then modify it or get rid of it.

      • #3325048

        I may just do that

        by gulsath ·

        In reply to Are you a lawyer

        But it is not so much that looking at Porn would get me fired, as divorce and separated from my two best friends. 🙂

    • #3325118

      Let the management manage.

      by scwelles ·

      In reply to Am I A Tyrant?

      IT is to serve the company, and the company means the management. It is human nature to feel exhilaration from controlling people, that’s why tyranny exists in the first place. Just find out the management’s philosphy, and implement it.

    • #3325116

      Work is for Work

      by c0d3r ·

      In reply to Am I A Tyrant?

      I’ve had the same problem myself, though my management has been much more supportive. If they hadn’t been, I’d have stuck to my guns. Allowing Bob to stream internet Radio is definitely going to affect Sue’s capability to get her work done, since it is using resources in a non-productive way. In the end, we, as IT professionals can help craft policy, but really our job is to configure our devices to enforce the policy as it is. What does your company policy say about internet usage? If there isn’t a policy against what folks are doing, then getting one in place is step number one.

    • #3325112

      I also use the Sonic Wall and this is what I do.

      by rrosca ·

      In reply to Am I A Tyrant?

      I realize that you’re more interested in a policy paper than a technical paper but maybe this can help.

      The sonic wall firewall has a blacklist of sorts. If you employ it it blocks a lot of internet sites. If you choose to forego the automatic blacklist and put in the domains people shouldn’t be perusing you will gain a lot more control over what is being blocked but you’ll have to work harder.

      Is there really a great reason for blocking Are people so incredibly irresponsible that they will waste hours and hours of work time and waste precious bandwidth staying glued to espn? As far as I’m concerned, if you’re not doing real time internet work (like online investing) you can live with a little bandwidth clutter AND it will get some of the workers off your back.

      Of course this is a matter of policy and you should have the backing of the powers that be but by implementing a clever little hosts file (check out to download an excellent solution to fighting spyware) and by manually blocking places like you’re going a long way towards protecting your network without annoying your coworkers.

      You’re trying to do a good thing but you’re trying to police the network a little too much.
      I suggest finding a balance. I think you’ll find that if you give people their access and block the likes of kazaa, you’re doing precisely the right thing.

      • #3325054

        It’s a mix of bandwidth and malware concern

        by gulsath ·

        In reply to I also use the Sonic Wall and this is what I do.

        Hello RRosca,

        The espn thing isn’t so much because of over use, although there is one guy in sr. mngt that is constantly looking over the stuff. It is more so the use of ESPN’s Bottom Line sports ticker. It has several different pieces of software in it and it constantly receiving data.

        I am now trying to find the balance. I see both sides of the scale here.

        • #3325045


          by rush2112 ·

          In reply to It’s a mix of bandwidth and malware concern

          This too with enough rope will work itself out.
          Give them enough rope to hang themselves, then help them get unhung, calculate time/cost, include your time, company time, equipment cost and cite court cases where financial information has been comprimised.

          Let them have a “LEARNING EVENT” then be there to clean it up. If learning doesn’t occur, move to your next career choice. Let them find someone else to work there and take care of them. They may learn from this experience too!

          If you have already made your case, and been shut down, start planning for your next job, I would not want to be involved when the LEARNING CURVE happens.

          Wisdom without a student is wisdom that cannot be taught.

          If you do decide to exit, be nice, and leave for a “Better Opportunity for yourself and your family” rather than DING them on the way out.

          In the corporate world, names, faces, employers have a way of circling around and you may run into them again one day.

        • #3325019

          Ah, malware…

          by gryfon ·

          In reply to It’s a mix of bandwidth and malware concern

          That’s the part I was most concerned about. All it takes is one Trojan getting into sensitive areas, sending information OUT. Then your company’s security is extremely compromised.

          I suggest educating management about the malware threat, don’t even mention the ‘time/bandwidth’ wastage issues. Folks who are surfing don’t want to be told they’re ‘wasting time’.

          I run a malware informational site for my home computing clients. There are many articles explaining the problem from (hopefully) a non-technical viewpoint. The ‘what is spyware’ link in particular is a good starting point. Send your manager there for ‘homework’ if needed.

          Hope that helps.

    • #3325110

      Visual Responce

      by bagmaster50 ·

      In reply to Am I A Tyrant?

      Load up this thread at work and let the Management read it.

      I’ve just finished a XP rollout for a major mortgage company. They were still on Windows 95 and the users had all kinds of spyware and virus’s on thier systems. The emplyees were advised of the rollout far in advance and made aware that internet usage would be severly curtailed with the new OS. It was a highly customized install of XP to such an extend that people that had company units at home had to bring them in for imaging. Needless to say when they used them at home for work thier internet connection was routed through the company vpn and server which allowed the company to enforce the IT policy very effectively. If they wanted to surf the net unrestricted they had to use their personal computer for it.

      At the site I worked at the IT department doesn’t set policy, that is controlled by the company home office. Any changes to internet access was modified from the home office by remoting into the local servers.

    • #3325108

      We dont’ restrict, we allow….

      by stevenberkholz ·

      In reply to Am I A Tyrant?

      All of our users must go through a web proxy to leave our facility.
      This proxy only allows access to the sites that are entered in the list.
      Only the sites that are required to do thier jobs.
      With this paradigm, you can not really say that we are blocking anything.
      Internet access is not a right of employment, it is a tool.
      We are using it to save money and time by not requiring the employee to have to make a phone call to get info or order a parts catalogue and wait for it to be mailed.
      To be Employee friendly, we have also allowed access to banking and news at lunch time.
      And for new requirements or imediate needs, we also provide a “research” terminal that has full Internet access. This machine is out in the open so there is no funny business going on with it.

      I gues I am saying that your company is using the wrong paradigm regarding Internet access.
      Is it to check PGA results or is it a tool to do business faster and cheaper?
      If it is the first, you might as well just cancel the connection completely and save money.

    • #3325107

      Don’t block but monitor

      by manumit ·

      In reply to Am I A Tyrant?

      It is for exactly the reason that you point out that many organisations (at least is Australia) are moving away from URL filtering and blocking but are making use of monitoring software like the excellent WebSpy. By using a monitoring software, and letting all staff know that you ARE proactively monitoring (which can be done even by the local managers rather than IT staff) and incorporating that into your AUP you alleviate your burden. You still can provide a full report for management with all violations (e.g. weekly or monthly) and by whom. I know from experience that the results are astounding and once staff experience that they indeed are being monitored during offie hours you will also gain back some valuable bandwidth.
      And YES, IT is not the Internet police, regardless of policies. If management has no buy-in into their own policies then they will never be upheld anyway.
      Hope this helps…

    • #3325092

      Tyrant, No, Not CEO, either

      by mdm ·

      In reply to Am I A Tyrant?

      Tyranny isn’t the issue discussed. You were hired to do what IT people do. You were not hired to be the morale, moral, productivity monitor, social conscience or anything other than the ‘IT Guy’. The question you posed comes up over and over. IT people seem to think because they have the ‘keys to the kingdom’ they have to apply subjective judgements with respect to all things related to IT. The fact is simply, you do your job and let all other operatives of the company do theirs. If the ‘boss’ doesn’t care, then it is not up to you.

      As to policy, by definition, a policy is a broad guidline for operating a business. It is not a license to specify who does what to whom and when. All you need to do is your job which may include informing principals as to pros and cons of using assets which you have been hired to maintain and take instructions accordingly.

      No, you are not the moral conscience for the company. You are not the productivity monitor for the company. You are not a ‘tyrant’. You just have forgotten what your function really is.

    • #3325082

      Your’re Responsible

      by tech_guy1 ·

      In reply to Am I A Tyrant?

      I have also ran into problems relating to this issue. And this is my reasoning. It is correct that IT is not responsible for determining who is allowed to see what. That is the responsibility of the HR Dept. or who ever manages that aspect in your company. However, it is the responsibility of IT to keep the computer systems up and in working order. To do this, precautions need to be taken into consideration for viruses, spyware, and other problems that can arise through the internet. Because of this, IT must restrict sites that could case harm to the network. It is also the responsibility of IT for the network to run as smooth as possible. Listening to the radio, watching streaming video, etc. will slow down the speed of the network and cause loss of productivity (not to mention fustration) for the other users.

      You are no where near a tyrant, you are just trying to do your job. At my company, I have to hold a 98% uptime. There is no way it would be possible if the users had free access to the internet.

    • #3325079

      Justification for more bandwidth?

      by net-engr ·

      In reply to Am I A Tyrant?

      Implementing filters using your best judgement is rarely going to win you brownie points. Instead, more often than not you wind up taking a beating.

      One way to approach the situation, without installing any more filters, is to indicate to management that users are complaining about slow response. Explain that you will monitor network usage and illustrate (charts/graphs) how much (percentage-wise) is going for “other than strictly work-related activities”. Approach management with this information. Indicate that one solution is to block this non-work-related traffic during work hours (not popular — doesn’t win them any brownie points with employees as you found out). Another solution is to prioritize “work-related traffic” by purchasing a traffic shaper (Packeteer, etc.). Yet another option is to purchase more bandwidth. Be prepared to present costs and implementation timeframes with these options when you present your traffic study findings.

      If they say “that’s fine, leave it alone,” then move on to step two. For users complaining that the net is still too slow, refer them up the management chain. That will either stop the complaining or get management’s attention to revisit your options.

      Finally, you should re-visit your security policy with management and get some clarification. Suggest modifying it.

    • #3325077

      Make a business case, and…

      by gawiman ·

      In reply to Am I A Tyrant?

      Make a business case for the cost of non work-related web surfing, and ask for someone else of equal authority to make a business case for allowing the surfing (morale, productivity, recruitment of out-of-the-box thinkers, etc.) Give both cases to the CEO and sleep well carrying out the decision he/she makes.

    • #3325075

      Yes, you are, :-))

      by stubby ·

      In reply to Am I A Tyrant?

      Why – well as I’ve also been labelled just such for upholding company policy – also control freak was the other label.

      However, the serious answer is no you aren’t being unreasonable. So long as you have the written policy documentation to back you up, then I’d just keep referring whoever back to that. So long as it isn’t the company owner or head honcho, you should be ok.

    • #3325067

      IT is not the Police

      by lawsond ·

      In reply to Am I A Tyrant?

      I feel that if our main job is that of IT/IS, then we can’t spend our time policing employees, especially those in other departments. If policies are in place then that’s the best leg we have to stand on. We have to rely on other Dept heads and Mgrs to police their employees. this kind of ‘Lockdown’ will only get bigger and consume a lot of your time than you want it to. The Internet is always changing and sites will always change, die, and be newly created.
      Do you want to spend valuable resources monitoring this? If employees fail to do thier jobs because of this that’s on them and thier boss not us.

    • #3325059

      Executive Buy-in to the rules

      by forbesn ·

      In reply to Am I A Tyrant?

      We too use a content filter to block certain categories of web sites or file types. How we got around the complaints is we made our Top Level Managment decide what is allowed and what isn’t. If someone thinks they need access to a certain site for business reasons then they have to plea their case to them, not IS. IS is subject to the same rules everyone else is and complaining to IS won’t do any good. We don’t make the rules, we just enforce them. My advice is to get your managment to be the rule makers, not IS. And communication regarding the policies, should come from them, not IS. This will stop a lot of the complaints.

    • #3325053

      Not A Tyrant

      by ronjay1 ·

      In reply to Am I A Tyrant?

      This just goes to show the arrogance of people who believe work is just an extension of their household ISP. I believe if you are at work you are there to work not surf the net. If they continue to complain I believe a notice from the head of the company explaining their job does not consist of checking the PGA scores unless of course they work for the Golf department at a sports network and are reporting those totals as part of their job. As far as buying their nicknacks at work I believe that would be reason enough for a reprimand for lack of doing what they are actually paid to do, like their job perhaps.

    • #3325047

      by stuart_lesnett ·

      In reply to Am I A Tyrant?

      Someone in your company is responsible for total security, find them and get them involved. The problem with a security policy is the approval chain. I have found that in many small organization IT is responsible for IT security but IT has a boss too. All policies must have up managements approval. If you have received these sign off’s, then forward all resquested for more access to the appreiate management office and have them copy you on all official responses. Remember if someone brings a virus into the system and the company goes off-line you are the one who will loose your job and probably not the responsible person another words get out of the middle.

    • #3325044

      IT is not a democracy

      by jeremy.forguson ·

      In reply to Am I A Tyrant?

      Like all jobs that require security, IT is not a democracy. Set the policy and stick by it. I’m a network security manager in the Army. My CO doesn’t like not being able to check his sport pages, but oh well. It’s either let everyone do what they want and there goes security, or suck it up, do your job, and surf when you get home. Keep up the good work Gulsath.

    • #3325042

      Yes Gulsath, you are a tyrant

      by mollenhourb9 ·

      In reply to Am I A Tyrant?

      It is not ITs responsibility to determine what people are doing at their desks. Site blocking doesn’t even remotely fit into a legitimate security scheme, since it is not process driven.

      I know I’ll get a lot of flack for this in the IT community, but stop and think for a minute. For any of you old enough to remember pre-internet days, how were these things handled before we had the internet? There is nothing out there that wasn’t available BEFORE the internet came to the workplace. The internet is just a medium. The content has always been out there. It is management’s job to police people’s behavior. It is IT’s job to keep the equipment running.

      ALWAYS REMEMBER! IT is a SERVICE to the company, not the companys’ reason for being. Cease to become a service, and you could find yourself sitting on the curb with the accountants.

      • #3325024

        You’re wrong

        by crake ·

        In reply to Yes Gulsath, you are a tyrant

        Site blocking *does* fit into a procees driven aspect of operations because recreational Web surfing reduces corporate production efficiency.
        Do you know what a process map is?
        Look it up, map one out, and you’ll see that any activity that is not adding value to the company’s product or service is wasting time.

        You’re statement saying,
        “There is nothing out there that wasn’t available BEFORE the Internet came into the workplace,”
        is also very wrong.

        Web content has changed greatly, especially over the past five years. The risk of being infected with malware has increased a hundred fold. This means spyware, Downloader.Trojans, invisible GIFs, and so on.

        I’m a network engineer – guess how many hours I spent last month cleaning up our clients’ company workstations? More wasted time and expense for them, not to mention the time wasted while the employees were surfing to the sites that got them infected.

        So, your statement saying,
        “It is IT’s job to keep the equipment running” directly supports Web blocking because there are so many ways to infect a computer and/or get hacked.

        Your final statement is non sequitur. Nobody claimed IT is not a service. All departments are a part of the company that make it a whole.

        I consider Web blocking policies much like cyber seat belts. They provide safety. Most of the sites that dispense malware were not the original target of the person surfing – they were a redirect from somewhere else.

        Preventing people from inadvertantly picking malware from the Web just makes good business sense.

        • #3325012

          Thanks Crake

          by gulsath ·

          In reply to You’re wrong

          There are a lot of blocked site alerts that the navigator didn’t even conscously go to. I have the knowledge to help people not get into trouble. I’ve been entrusted to turn that knowledge into best practice for the company. Yes, I do write policy, but yes, there is one step above me. However, this isn’t the first changes I’ve made, only the first ones that directly effect certain individuals.

        • #3344252

          Sorry dude, but thats . . .

          by paul ·

          In reply to You’re wrong

          Sorry fella, but that just ain’t right. You can talk all you like about process maps and the like, but the nineties are gone. I am a business consultant in London, and have found that a lot of focus these days is put on the generation of a productive, loyal, and pleasant workforce. You can process map all you like, but when somebody walks out because you won’t let them spend 5 mins a day on eBay then the loser is the company, everytime.

          You are a network engineer, and claim to be process map savvy. Hows this, draw a process map for the “large clean ups on client machines” that you conduct each week, then work it out against developing an image based simplistic recovery system for your clients… map that back to ROI, show your client a payback extrapolation, and you will a:) make more money and b:) have a happier client.

          Simple really.

      • #3342663

        A Service to the company?

        by harrybarracuda ·

        In reply to Yes Gulsath, you are a tyrant

        A service that many companies can simply no longer do without! And if I my neck is on the line if I fail to provide that service, I’ll take whatever steps are within my power to protect it.

        I couldn’t give a stuff if people want to bunk off work using the internet or going for a crap reading the paper. But when they start affecting my job, either by degrading services for legitimate users, or endangering the network by exposing it to hostile content, they are on my turf, and as such I will do what I can to protect it.
        I totally agree that it’s hardly enforceable with spineless or ignorant management backing you up, but you do what you have to do to provide the service. It’s both an IT AND a management issue, which is why we generally make the recommendations for management to adopt. (Hey, when did a manager every understand IT anyway? ).

    • #3325033

      Tyrany :)

      by todd ·

      In reply to Am I A Tyrant?

      Let me ask you this, are you financially or legal responsible for administrating internet use (policy) within your company? If you answered yes to either of these, then no, your not a tyrant. If you answer to someone else, a supervisor and/or CIO, and you made these changes with out their consent or knowledge, then yes, because it wasn?t your call to make.

      Having said that, for right or wrong, about a half-dozen of my associates have initiated a ?white list? policy to protect their companies. Basically all sites are blocked unless you clear it with CIO, CEO, CFO, etc?. As a regular employee, you would go to your supervisor and request access to a certain site or service, they would submit it to the appropriate officer and if a business reason can be given for allowing access to that site, then it?s allowed, if not, Sorry. The decision to allow or disallow stays with the policy makers. IT only implements those decisions.

      BTW: AOL for example is blocked because too many people were using it as a proxy.

    • #3325026

      IT’s job is to implement policy, not set it

      by pedwards17 ·

      In reply to Am I A Tyrant?

      I feel your pain–I went through this years ago, but before it became an issue, I sat down with our HR people and talked about the filtering technology. When I told them that we could block based on potentially offensive content and that the vendor made those category decisions, HR was all for it.

      We block based on the categories of gambling, adult content, and web-based email. The last of these, web-based emails, was the only call that IT made. The decision to block web-based email was a technical one–we don’t have the mechanisms in place to scan web-based email, so we block the sites.

      To make a long story short (TOO LATE!!), I would put the decision of what to block in the hands of HR. This gives you a bit of a shield when users complain, and it really is an HR function.

    • #3325020

      The good old days

      by jtlatmcl ·

      In reply to Am I A Tyrant?

      It sounds like part of your job description is to keep the office’s network up and running for business use. That means security is your responsibility. I used to have the attitude that Internet access should be free & unrestricted. Between worms, viruses and music download lawsuits, I’ve come to the realization that that if you want a safe network, you need to restrict. Anyone who complains that it’s unfair is either naive or selfish. I don’t go into other managers departments and help myself to their resources for my personal use. If it’s not for business use, don’t waste my (and your) time asking for access. Of course I explain very nicely why that ‘free’ game site is blocked (security), but blocked it shall remain. The only thing I add is that if, after explaining the costs and risks of allowing employees to have unfettered access, your boss, or someone else farther up the chain of command says “I don’t care, just do it.” then try and get the directive in writing and do it. And keep your fingers crossed.

    • #3325015

      No Tyrant Here

      by jodower ·

      In reply to Am I A Tyrant?

      I believe that it is the right of the employer to determine and dictate internet access within their company because the access uses company assets, which includes employee time. Employees have a choice. I control mine and have many clients that do the same. There is a direct cost/benefit ratio associated with the need (and luxury) of doing “business over the net.”

    • #3325011

      slightly different approach

      by doogal123 ·

      In reply to Am I A Tyrant?

      I worked at a place where you had to get approved for internet access by your supervisor. Then it makes excessive use to be a matter handled by your immediate supervisor. Having limited users cuts down on potential bandwith useage and also potential system infections.

      Everyone had company email, but cruising the web was not automatically a right.

      My thought is that if internet access is not needed for the job, then the user’s complaint is kind of frivilous. You are not entitled to web internet access as part of your job becaue there is a PC on your desk. Streaming sports scores? Unless somehow part of the job, they are probably not needed.

      Providing bandwidth useage reports to management will let them decide if they want to limit access more. Let the management decide policy, and you implement what they decide.

      I agree with first getting management approval before beginning site blocking, getting approval on how the users will be notified etc. so that there are no surprises if people start groaning.

    • #3325008

      Who owns the company? Is it Public?

      by bgilmore ·

      In reply to Am I A Tyrant?

      If you are a public company then Sarbanes-Oxley says you have an obligation to insure integrity in your systems. You can not insure integrity in your systems if people just surf willy-nilly. The risk is too great. Yes the company owns the computers and you have a responsibility to protect them. It’s only the Senior Management that go to jail when compliance is ignored. You might pass that along. Good Luck

    • #3325002

      Your supposed to be the tyrant.

      by dmartin ·

      In reply to Am I A Tyrant?

      For starters, your watching the company expenses, the same as personal phone useage. Also, you need to lock out the normal hate/violence/pornagraphy sites. If you allow total free acess to the web, your company could find itself in the soup if an employee uses their aceess to send unwanted xrated e-mails to other employees . Same with hate/violence. Check with the HR dept for your backup

    • #3324998

      The decision has already been made for you

      by realgem ·

      In reply to Am I A Tyrant?


      The decision has already been made for you. You are simply enforcing it (which it is your right to do).

      It is entirely inappropriate for people to access some types of sites at work. In the same way that companies are liable for sexual harrassment that happens at the office party, they are liable if employees are exposed to porn or hate at work. Casual exposure to these things, whether they’re on the monitor or on the wall, must be prevented if you are to enforce people’s rights.

      So, you are just complying with law when you block porn or hate (or anything that violates human rights).

      As for the other stuff, it’s more touchy. Some incidental web use is ok, just like it’s ok to call your wife on the company phone. You have to watch for excessive use, which means monitoring surfing time and setting reasonable thresholds. Surfing at lunch or on break should be allowed.

      This is what my company does.

    • #3324995

      What is the right balance?

      by suoiruc ·

      In reply to Am I A Tyrant?

      I can certainly understand your frustration and those of the employees.

      It appears from this very brief synopsis that your company has not done a very good job of communicating I/T’s responsibilities. If indeed they have communicated that part of I/T’s responsibility is to enforce corporate policies in the use of corporate computer equipment, your actions are justified to restrict access in alignment with the corporate policies.

      Morally speaking though, I would find it very difficult to accept your individual enforcement as the best approach for the company. There are quite a few very good informational sites that will get blocked.

      If we just examine the News sites available, we can certainly understand the disconnect. Some News sites are “Fair and Balanced” while others lean one way or another. Each individual has there own interpretation of which News reporting style they feel is the right one (Excluding the Naked News site that we all know wouldn’t fit in any corporate policies). How can I accept your decision to provide the right access viewpoint to the information I feel is needed to allow my business organization to make the right business decisions?

      Ideally, reversing the access method provides:
      – The most control
      – Eliminates most controversy
      – Allows for strict adherence to corporate policies

      All that is needed is to block all sites and only allow exceptions which have been submitted via request form (Of course, you can start with a limited list of open sites). You can still use the Filter sources to identify information about the sites. Someone or some team ultimately needs to review the information and determine whether it complies with corporate policies.

      Don’t forget also to re-evaluate sites since the domains could end up be transferred to other less reputable uses.

      Now, we’ve created a relatively large organization just to regulate the Internet access. Most companies aren’t going to really care to invest that much time and effort (ultimately, money) into making sure employees comply with the corporate policy. At least not to the detail that I’ve just iterated.

      Companies are looking for that balance that keeps the employees working, completing their task, and generating value, while keeping the company from being involved in law suits. They don’t want to have to be involved in a law suit because someone saw something indecent on someone’s screen or someone pirated some software or copyrighted material. That costs them money as well as resources. The company has to develop corporate policies to protect themselves.

      If companies are going to include limiting statements in corporate policies, they should be required to enforce them; otherwise, change the policy to indicate the level of restrictions the company is willing to enforce.

      If companies are going to include limiting statements in corporate policies, they should stand behind the entities they have given the responsibility of enforcing those policies.

      The next “SOX”: corporate failure to enforce documented policies.

    • #3324991

      Your NOT a Tyrant

      by it_techie_guy ·

      In reply to Am I A Tyrant?

      I am in the same boat with you. I have a host sonic wall and 12 remote sites all with sonic wall. I have been with this company for a year as there IT Manager. I am the only one in the IT department. When I started people were using internet radio, downloading what ever they wanted and there was on policy at all. After being here for a month 1 user got a virus, thank god my 6 servers did not get infected but a hand full of other machines in our network did. That employee thought it was funny. Nothing was done to him but I can say that now I am 1 of the most hated people in the company and I really dont care. MY job and YOUR job is to protect our network from this happening. I documented and showed the company CEO, General Manager, and Operations Manager how much money was being lost by letting people do what they want and suck up bandwidth. Not to mention the time that could of been lost because an idiot thought it was funny that he infected a hand full of systems. You wont be popular but you have to protect the network. Its our job.

    • #3324976

      No you are not a tyrant

      by doriginalxcaliber ·

      In reply to Am I A Tyrant?

      I would rather hear the complaints and jeers than to be fired for having the proverbial screen door on the submarine (netsec-wise).

      What the heck are the employees doing surfing the net anyway? I understand there is down time, I understand there is such a thing called “lunch” or “breaks”. But if the employees understand the primacy of their work and the importance of your job TO PROTECT THEIR WORK, then they should stop whining.

    • #3324962

      Over the top

      by r ·

      In reply to Am I A Tyrant?

      Dont do a typical i’m GOD in IT and go totally over the top!

      Communication is everything.
      I manage a realatively small network of 80 users. EVERY one of the users know that they can pretty much do or go where they please… except no porn vids or any high bandwidth action.

      Break the rules… written warning.

      I find that because i am reasonable users dont take advantage the same. We really dont have these bandwidth issues.

      • #3342923

        The Good Of All This

        by gulsath ·

        In reply to Over the top

        Doing this post did relieve the initial frustration I had at the time, but the best thing about it was being able to step back from it, see what we’re doing right and wrong and come up with a plan.

        I will review our current policies, we’ll provide training for new employees and refresh the veterans, and also use the data I get as a resource to be discussed. So, I still think my intentions were good, and based on past experiences at this company my actions were good. But other peoples opinions of job responsibility had changed and not discussed. This too, has been addressed.

    • #3344270

      Fiduciary Responsibility

      by bronzemouse2003 ·

      In reply to Am I A Tyrant?

      I like that phrase. So do most corporate executives.

      The IT Department has a “fiduciary responsibility” to maintain the organizations computer assets. This includes limiting (and terminating) non-business related use and abuse of those assets.

      Legitimate needs can be addressed. And those wishing to access non-business related sites can always submit a request for approval.

      Stand your ground and consider the consequence of failing to safeguard your system. When a virus takes down the network, or a hacker trashes your data, the first head to roll will be in IT for failing to secure the system.

    • #3342921

      No Your Not

      by officetrouble ·

      In reply to Am I A Tyrant?

      I have similar issue as well. I had to set up the new firewall which now people are not able to do some of the thing they were able to do. I also like you did restriction per our internet policy……I was the bad guy (gal) I like you stated that it was per our policy (which they all read and signed). Just to let you know people do not like change but they will get over it.

      I work with the users and do a lot of compromising to make everyone happy, but still not go out side of our company policy.

    • #3342917

      Goto the members

      by great gray ·

      In reply to Am I A Tyrant?

      It sounds like it is time to goto the members/stockholders and have them set the policy.

    • #3342881

      Sounds like standard stuff to me.

      by flyers70 ·

      In reply to Am I A Tyrant?

      If you’re not blocking this type of stuff, you’re probably hurting your company. I’m sure there is some sort of policy in place to use computing resources for company business only, right? If there isn’t, there should be.

      I get annoyed at some of the things that get blocked where I work (like personal yahoo mail, games, blogger, etc), but I understand why it’s done. Not everyone is a responsible user and you typically have to assume most of the people you support are not responsible users.

      Make sure you cover your posterior is anyone above you asks you to unblock anything!

    • #3342846

      Are Employees Professionals or Hourly?

      by the.erinyes ·

      In reply to Am I A Tyrant?

      If you are trying to keep a bunch of hourly workers from not doing their job, then I suppose you are justified.

      However, if you are working in a professional orgranization, then you are treating them like they cannot manage their own time, which means you are WRONG!

    • #3342837

      Not your issue

      by mgostovich ·

      In reply to Am I A Tyrant?

      Your not a tirant, but you shouldn’t be involved in this. This is an HR issue and should be left at that. It is not our job to be the “Internet Police”.

      • #3342798


        by riffl ·

        In reply to Not your issue

        I agree with mgostovich. IT should not get involved in filtering, editing, restricting, or controlling the content or sites accessed by employees on the Internet. If company resources (employee time, bandwidth, and equipment) are being used inappropriately, this is a Management issue, not a technical one (or even one for HR).
        At most, you should be providing management with a report of who is visiting what sites and how often (available from your firewall logs). Any action they take (if any) is up to them. If you allow yourself to be turned into the Internet Police, then the users will begin to see YOU as the problem. Anyone in IT can tell a story of how they got caught in the middle when they implemented a new policy that made some user angry enough to gripe to management and then management blamed them for creating the problem.

    • #3342826

      You Own It

      by logos-systems ·

      In reply to Am I A Tyrant?

      Well lets see, who really owns the hardware that users are surfing the internet on. Also who pays the bills for internet access. It seems that it the company, not the user’s who own and are granting access. So long as the policy is followed consistently for all, from the CEO to the lowest worker, then I see no problem!

      One finial note, I’m wondering about. Are the user’s getting paid for the time they are spending surfing the internet. If so this sounds to me like a form of thievery at worst, or at a minimum a form of unrecognized benefits that your employee?s think they have an automatic and unqualified right to. It seems to me that if these employees don?t like the company?s policy then maybe they should find somewhere else to work; either on their own or at the company?s request.

    • #3342804

      It’s a tough call but…

      by david_thomson ·

      In reply to Am I A Tyrant?

      Let me open with the following questions:
      Do you keep track of everyone’s telephone calls? Do you track the number of cigarette breaks an employee has?

      Now, is it really IT’s area of responsibility to determine what is blocked or not and what makes a ‘business site’?

      Sure there will be some misuse but that is for the manager to deal with. In a perfect world the manager would approach IT and ask for someone’s workstation to be monitored for proof of misuse and then appropriate actions should be taken.

      In larger businesses, it is commonly thought that IT people are power hungry and love to lord it over the other depts as a means of ‘proving’ their worth.

      From a business point of view, having someone at their desk during their lunch break (admittedly surfing the net) is better than that person leaving the office to do it at an internet cafe (and potentially be unavailable for longer than the lunch break).

      As I mentioned earlier, it is not IT’s responsiblity to keep track of each employee and make sure they are working, I’ll lay good odds on the fact that you do not know what each job role in the company does and what is requried.

      I’ll also lay good odds on your company having a zero tolerance for the Adult content sites and the like. So: If someone vies these sites that person gets sacked (forced to quit, asked to leave, whatever you want to call it – they’re gone). Problem solved. Two or three people later nobody browses Adult content at work.

      You don’t have to be tyrant to work in the company’s best interest (unless you get a salary bonus for the number of web sites that are restricted in which I say block it all!)

    • #3342799

      Absolutely not!!!

      by mtufts ·

      In reply to Am I A Tyrant?

      We block any sites involving games, porn, (or related items–depending on the classification of the web site)and VOLUNTARILY block sites for our employees based on their history with the site. Our CEO is a pastor–and we are a mental healthcare agency. One violation and out the door you go–and some days it doesn’t even take a half an hour! We DO provide “open season” for GAME sites only for an hour prior to Normal Working Hours and an hour at COB along with the “lunchtime” break from 11 to 2. Then its back to work…and everyone is so glad that they HAVE a job here they’re just grateful for a computer and internet use. We also monitor e-mail. Works for us…

    • #3342793

      Use your HR

      by theeborg ·

      In reply to Am I A Tyrant?

      Our company does this:
      User accesses banned site.
      User receives a page informing of this with details of the steps to follow (clickable link creating email with URL of banned site). This is sent to our HR department for OK / NO go of exclusion of the URL based on the reasons supplied by the user.
      This has 2 benefits:
      1) IT does not have the burden of making the decision of whether the site is OK for use.
      2) The user has to really want the site for a valid reason, HR is not a department to burden with lightweight requests.

      We have never had an issue with this approach in the 5 years of its operation.

    • #3342781

      Not a Tyrant, just doing your job

      by jdcmshaw ·

      In reply to Am I A Tyrant?

      I am the IS Manager for a TAFE institute in Australia.
      This problem has been with us for a long time and needs to be addressed in relation to the business continuity of the organisation and productivity of staff.
      I have policies and procedures in place affecting both staff and students. Not only do we need to ensure that staff are productive and not spending hours on non work related internet, but we have a legal requirement to ensure that inappropriate material is not available to students or being accessed by staff.
      There have been several legal cases against TAFE Colleges for not providing adequate protection.

      What staff or students do away from the workplace is of no concern to me, but what they do whilst using our systems is of vital concern, as it should be for all IS Managers.

      It is only our policies and procedures backed up by our security systems that provide us with any protection. (And support from our MD, CEO etc)

      John S.

    • #3342779

      Good idea

      by bektas ·

      In reply to Am I A Tyrant?

      No, you are not. Sensoring the others is a bad idea.
      If the employer does not hire responsible people, you cannot control them anyways. So, the issue is not restricting the access but communicating with the people.

      Kenan Bektas

    • #3342775

      In a similar Pickle

      by jrslyrics ·

      In reply to Am I A Tyrant?

      I am the ISO of a hospital. My age (27) has been enough of a challenge for people to accept. It was the bulk of my responsibility to revise, re-introduce and enforce Security policies relating to the internet and it’s usage. The greif that I get becasue of the categories that I am blocking is unbeleivable. But working for a healthcare organization has it’s own inheirent risks especially with the New federal HIPAA regulations.

      Now, my security auditing and incident reporting is costing someone their job. I’m wondering if the user community will began to hate me or what…I mean no one liked this guy at all…but I hate to see someone lose there job.

      • #3342696

        IT needs support from above

        by potato chip ·

        In reply to In a similar Pickle

        Putting IT in the position of both writing the rules and enforcing them is unfair. The policy can be drafted by IT, but needs to have as it’s author someone at the top level of the administration. The administration then can review by category, or better yet, what we did at our hospital was establish a security committee that reviewed web site blocking. Once the security committee established the rules, we automated the system so that every time a user attempted to access a blocked site, the security rule was displayed on the page. This has pretty much ended most of the complaints. The real challenge, though is the doctors.

        • #3343542

          You said a mouthful…

          by jrslyrics ·

          In reply to IT needs support from above

          The doctors are impossible. I mean we do make provisions for them in the Physicians lounge. Just yesterday however, I had a doctor tell me that she’s trying to get to a site that is classified as “Shopping”. The warning message is displayed with a link to our policy and she plainly told me that this is the only opportunity that she gets to go on the internet so could I just unblock her PC since she is a physician…the nerve!

      • #3342661

        Self-inflicted wound

        by harrybarracuda ·

        In reply to In a similar Pickle

        If the guy new the boundaries and the consequences, you have no need to concern yourself as long as you are fair and even handed with everyone.

      • #3343569


        by gulsath ·

        In reply to In a similar Pickle

        Listen, health care costs enough and having an asthmatic wife sit in a waiting room for several hours is not a great experience. I understand the human side of someone losing their job, but hey, we’re paid a salary for a honest day’s work.

    • #3342664

      Deflect and educate

      by davoren ·

      In reply to Am I A Tyrant?

      You mention bandwidth complaints. I say let them at it , then when you get complaints ask them to put it in writing and direct it to the person who told you it was not IT’s responsibility to directly control access.

      Everytime you receive a complaint and detect who is using most of your bandwidth, make sure the company knows about this, ie it is not IT’s issue but a company problem which IT has solved.

      If you get heat from above over bandwidth performance, make sure you have some stats ready. Then inform them that basically it comes down to 2 choices, enforcing a “work related only” access policy or purchasing additional bandwidth to support internet radio etc

    • #3342655

      Yes, you are! But so what?

      by pioneering ·

      In reply to Am I A Tyrant?

      If you have to ask the question, then yes, you probably ARE a “tyrant”! But so what?

      You simply must do what you, in your professional opinion, think is best. Just leave yourself open to other’s opinions. Then, decide and DO!

    • #3342635

      Last I checked, people went to work for work

      by visor57 ·

      In reply to Am I A Tyrant?

      It’s a case of something not being restricted from the start becoming something taken for granted, and as soon as you begin to correct the situation people feel offended because you’re “punishing” them for “no good reason”.
      Unrestricted Inet access at work is a real time waster and causes a truck load of IT overhead due to malware, jokes and viruses brought on by such activity. Your average pen-pushing desktop user doesn’t know a desktop “wallpaper” from a “screensaver” and these are the people that until now had unrestricted access to the destructive power of the Inet. As far as I’m concerned, your company should put the whining crowd in their place and not let you take the flak for something that was inevitable.

    • #3342618

      Web filtering

      by davedamian ·

      In reply to Am I A Tyrant?

      The Problem is that users dont understand, i have just installed a proxy server and filter on our business network. before it was totally unregulated, using a gateway, users had time to do there shopping, etc, which wasnt very efficient.

      I didnt realise until i set up the filter how much un-work related internet access was going on.

      I am very happy with the filter and basically, IT control the environment that the users operate in, I say to them if they want to do something specific then to contact IT.

      At the end of the day, you will be the one who gets in trouble if any *.exe or dogdy files are downloaded.

      Damian Hall
      Network and Systems Developer

    • #3343469

      Bandwidth is money

      by is girl ·

      In reply to Am I A Tyrant?

      Once you demonstrate to the powers that be – and your co-workers if they participate in any kind of profit sharing plan – that the use of bandwith is an actual expense to the business, you will get their full support.

      People tend to think of the internet as free and I beleive they should be allowed to check out the news or order something on Ebay on their lunch hours and shouldn’t be restricted from reasonable use of company resources….as long as it doesn’t cost the company money.

      I addressed this in my company by monitoring and logging bandwith usage and presenting reports broken down by user and by category – ie internet radio, sports tickers, AIM, etc.. Instantly, people turned off things that got them ranked high on the list of offenders and I blocked them from being reinstalled. Then, I demonstrated to the company how much bandwith would be available for business purposes if all the non-essential usage was disallowed. This lead to the implementation of a usage policy.

      Now, I routinely monitor and block anything that is non-business related that uses excessive amounts of bandwith.

      I don’t, however, prevent them from non-business internet activities that are not resources intensive. I truly believe that people should have a little fun at work and be allowed a little latitude as long as they are not cost the company money.

    • #3343445

      Not a tyrant -its our responsibilty.

      by 32bitswide ·

      In reply to Am I A Tyrant?

      I would agree with many of the comments here. IT is usually responsible for control and utilization of the companies assets and is our responsibility.

      I worked for a small startup and internet access was a god given right, if not, well, at least an employee entitlement.

      The R&D manager was too busy trying to be the engineers buddy (which is where I had most of my problems) so the way I handled it was creating a list of major internet activities (IM, peer-to-peer, downloading, browsing, etc.) some pro-cons of each (collaboration, copyright infrigment, etc.) and schedule time during an executive meeting.

      When I got called in it was basically here are the activities, here are your options, what is your tolerance for risk and spending (for faster i-net access) and let them set the standards.

      After that I could open or lock things down according to their tolerance of $$$ and risk; if anyone had a problem I sent them to their manager. If it was a “Sr.” Mgr and referred them to the minutes of the meeting and offered them the suggestion to add the item to the next meeting agenda, invite me and we could all rediscuss it or change the priorities.

    • #3343435

      A Waste of Time

      by luv64 ·

      In reply to Am I A Tyrant?

      This issue has always been used as a make work project for the IT Department. Why is this different from employee phone abuse? Or abuse of lunch breaks? OR abuse of vacation time? OR theft of the company aupply of stationery for little Johnny’s use at school? It is a discipline problem that must be solved by supervisors and managers, not some egghead at a computer screen with no knowledge of the company business process. Too much time is already wasted trying to access URL’s that are business related and blocked by an idiot piece of software that was sold as an all-inclusive security solution.

    • #3343393

      It’s their business

      by justin ·

      In reply to Am I A Tyrant?

      It’s thier business, let them do it until legal or compliance tells you othterwise.
      It is not IT’s decision to choose what users see on the internet. Each department manager should be responsible for what their employess are using the internet for. Follow their lead and offer suggestions.

      • #3343375

        Message from CEO

        by rick ·

        In reply to It’s their business

        Thanks for all your really super inputs on this situation. I did not realize all of the issues involved until I read the 200 messages on this thread.
        Having said that, the originator and all IT folks: relax a bit, this is not your responsibility–it is mine. I set the policies in this company. Period.
        What I depend on you for is to let me know what you think those policies should be, and why.
        It is my job to make the decision on the trade-off between allowing access to ESPN sports versus the productivity of a particular developer.
        What I need from you is your view of the cost of that decision. I’ll get the value of it from the developer’s boss.
        I understand (even better now) the concerns that you have about access rights. I agree that some sites should be prohibited to everyone. I don’t agree that the decision of what those limitations are should fall on your shoulders or the HR folks. It is a management issue, clearly, to be decided after input from all parties.
        I realize that at some levels, the management in some companies does not readily give the clear guidance indicated above. How can you deal with that?
        Having been the IT guy, head of development, project manager, technical lead, sysadmin and programmer, I can only offer this:
        Send the paper to your boss indicating the risks and benefits involved in the situation and if they don’t provide answers, do what you think is best. Talking with the various users has helped me a lot to discover exactly why a particular site is needed or important to someone.
        Your actions are highly valued by the company, and we need your efforts in order for us to be successful. I just don’t want you to have to suffer unneccessarily as an enforcer when you don’t need to have that role. Help me define the policies, and then refer the complaints to me.
        Thanks for your continued value to the company,
        CEO of 2000 person company in three locations.

        • #3343344

          Solid Explaination

          by skicat ·

          In reply to Message from CEO

          Thanks Rick for your explaination. You said what I was thinking as I read several of these posts.

          Unless you are told by upper management, it is not your place to implement policy, rather inform management of what is going on, who is making the complaint and what they are complaining about. If management does nothing, I would request more bandwidth and let them explain to the share holders why the overhead is X% higher this quarter than last.

          Jut be sure to document EVERYTHING! You may trust your boss but you need to CYA!

    • #3343340

      Lack of communication may be the real problem

      by gina ·

      In reply to Am I A Tyrant?

      It sounds like your blocked/restricted web access policy is reasonable. Perhaps what you lacked was adequate communication with your users? I have found that >most< people will respect policies such as internet/web restrictions if they understand why it is necessary. The average user does not understand that listening to live radio over the web can slow down the entire network for everyone. In our organization, the HR department determines the level of blocked or restricted sites. Although, most employees think the IT department is one who sets these limits. Any requested changes have to go through HR. Our blocked/restricted sites are also based on our internet use and security policies, and high bandwidth use sites are blocked. Stand your ground, but back it up with the reasons behind the policy. Get support from managment and let them defend the policy for you.

    • #3343315

      I AM

      by d.shepard ·

      In reply to Am I A Tyrant?

      I am accused of being the Gestapo, but when I see the most frequently visited web site and bandwidth hog is a non business related site, and it is one person. I block it. I have not had a complaint yet. What are they going to do go complain to their manger ?I can?t get to my dating site at work??

    • #3343301

      not a tyrant

      by halonsx ·

      In reply to Am I A Tyrant?

      this is BS….i experience the same thing at my work place. Here you are trying to make employees more productive which is what i would thing management would…then you are told the opposite…nothing pisses me off more than when i am directed to do something and then when i do it people become upset.

    • #3341818


      by chad.gniffke ·

      In reply to Am I A Tyrant?

      Work is for work, not play. If you want to open up shopping during lunch you can use Websense to put rules in place based on time of day and type of group that someone might be a part of. There is a great report too in that basically reports to upper management how much any one or all person are costing them on a daily basis by surfing the web. I have used this solution to actually get someone fired for surfing porn.

    • #3341776

      YOU ARE NOT!!!!!

      by makitel ·

      In reply to Am I A Tyrant?

      As a IT Manager I know clients can get high and mighty about what they feel is acceptable. Unfortunately, their interpretation of acceptable and my own does not match up. You are doing what most people do not even consider. AND!!! You are accepting accountability for your job by making sure that there is no “funny business” on your network.
      It is difficult to lay down the law to your peers but when we have commitments to a job we must commit to them

    • #3341731

      What about lunch?

      by bobrouseatl ·

      In reply to Am I A Tyrant?

      I can understand not wanting people to be surfing the web when they should be working, but what about during their lunch hour? I usually eat lunch at my desk and visit some humor sites and message forums. They certainly don’t eat any significant bandwidth, and I’m not downloading porn. What’s wrong with that?

    • #3341651

      this is too far!

      by casilvis ·

      In reply to Am I A Tyrant?

      I am a DBA and am trying to send a file to an ftp site of a vendor but I can’t because of the restrictions in place at our site. I understand the need to secure access and stop unauthorized use but now I have to go track down a network analyst or a security analyst and have them tweak this or that, wasting valuable time and frustrating the heck out of me!

      • #3341585

        Its not all about you.

        by jamesrl ·

        In reply to this is too far!

        Its about the needs of the whole company.

        Sure there should be some documentation about how to do FTPs through the firewall. But unless you own the company, you don’t dictate the policy, the overall needs of the company do.

        These policies exist because bad things have happened and will continue to happen.


      • #3343839

        FTP through my firewall…….afraid not

        by ric28147 ·

        In reply to this is too far!

        A big problem with FTP is that usernames and passwords are sent in plain text. I would never open my PIX to FTP or Telnet externally. I?m in charge of 2 ISA servers on a college campus and we monitor and block inappropriate sites. I have to stress the word ?monitor?.

    • #3343730


      by ajcosta ·

      In reply to Am I A Tyrant?

      I am a consultant for a tril law firm. They do not want anyone going to non-related work sites, shopping or simply browsing. New users do what they want on the pc. When approached to do a usage policy for new empolyees they refuse saying the really do not want to be a cop. They finally agreed to change the bowser to one that locks down only to the authorized favorites.

      I will be installing this today. By the time I have completed all installations, my guess is that they will say it is too restrictive and start pulling specific users off the browser and allowing total surfing and shopping again. Many of these users are the ones that abuse the system.

      When those users get into trouble and say that they have problems, the powers to be say “I have seen people surfing during work hours to unrelated sites” we will go down the same exact road again. Explaining to the users you cannot surf these sites during work hours; new users respond “OH? I did not know that!” old users say “I need to get there.”

      Everyone simply wants their cake and to eat it too……This time its not on my shoulders for not bringing it to the attention of the powers. They turned down the usage policy as well as restricted abusive users. But paid for it to be addressed.

      If your firm wants you to be a PUPPET and only act when they instruct! then get that in writting! Make sure you have documents to back it up (people forget). In your own mind remember your getting paid and if they want to wast their money then it might as well be in your pocket!

    • #3322134

      You Could Be On the Hook

      by jthomson60016 ·

      In reply to Am I A Tyrant?

      There has been much good advice given already, so I just want to add a little perspective from the outside looking in.

      1) CYA. If your Credit Union is goofing up this badly on such a simple issue, what else is going on that could bring down the company? You should be prepared to bail on a moments notice. Start interviewing for a better position NOW, whether you plan to take it or not. At least you will be in practice interviewing when it becomes truly necessary.

      2) You might have a fiduciary responsibility. I know you are just a part of management, not a company officer, but still… If the Credit Union collapses due to data theft through YOUR insecure network, who goes to jail? Whos reputation is ruined? Who won’t be able to get another job in the IT or Financial fields?

      3) Document, document, document. The network, what your bosses have been telling you, load factors, etc. As someone else said, have hard data when you go to Senior Management to get the policy enforced.

      4) Involve the Corporate Council. As a member of Management, you can involve them to explain to you the ramifications of Sarbanes-Oxley, the Patriot Act, and other legislation relating to data security at a financial institution. Have the Council outline in plain English, the legal duties you have toward network security, and the legal consequinces of a willful failure to enforce that security.

      4) Work within the system. Take the legal opinions from the CC, the hard data you acquired on bandwidth usage, virus and malware attack frequency and severity, costs, etc. to your direct supervisor and enlist his/her help to climb the ladder all the way to the CEO.

      5) If you get shot down by the CEO, take the next decent job that comes along, get your own money, 401k, stock, etc OUT of that company and leave in a hurry.

      6) After getting comfortable in your new job, call the office of the Comptroller of the Currency and file a Whistleblower affadavit. You will be protecting the innocent members of the Credit Union from disaster and the loss of their savings. You’ll also be protecting me from an increase in my income taxes to help pay for the collapse of your Credit Union!

      Good luck.

    • #3343188

      No-you’re not a tyrant!

      by katrina ·

      In reply to Am I A Tyrant?

      As a business owner, and as an employee in the past for both small and large companies, I can see both sides of the fence. I think your company might consider some sort of reward system for employees who have met certain goals — i.e. allow them to surf during certain hours and use extra bandwidth for internet radio, sports ticker and other bandwidth purposes as their reward; or if they want such services and you’all do not want to use a reward system, charge them for it through a reduction in salary, and make it part of their overall “employee benefit package”…but give them a choice.

      I think you’re doing the right thing, as long as the “head” of the company…and your manager, has set the parameters. If so, there is no reason why anyone should be laying into you at all! I suggest you have your manager or the person you report to settle the issue — as I’m sure this decision was not yours alone. Next time someone says anything to you, say “go see Manager’s Name”! Good luck!

    • #3336926

      Re: Tyrant

      by vltiii ·

      In reply to Am I A Tyrant?

      If your intent is to block everything that is not work related, then in my opinion you are being a tyrant. The examples you listed were all valid for blocking, except perhaps internet radio. Every internet access policy that I have ever seen has made allowances for what may be considered personal use, such as checking the latest news while on a break/lunch, or checking on their kids at the schools website, basically anything that is not abusive in nature. Clearly (and I’ve seen this happen) anyone that wants to place a bet on an online gambling site is going way overboard. I think their should be some balance. I think allowing employees some leeway makes them more productive employees. If it becomes too restrictive then they spend the entire day thinking about the end of the day.

      While the IT personnel are there to ensure a smooth running network, management has to consider business impact. If the company policy is written in such a way that there is room for interpretation between the IT staff and the end users, one of two (or both) things need to happen: 1) Cognizant authority should clarify the policy; 2) The policy needs to be rewritten so that there is no doubt as to the intent.

    • #3336183

      Yup but that’s your job to be one……..

      by sleepin’dawg ·

      In reply to Am I A Tyrant?

      until someone in higher authority establishes clear guidelines.


    • #3056186

      Not a tyrant at all

      by jmk1024 ·

      In reply to Am I A Tyrant?

      Im currently studying to become a net admin. I see students all the time going to web sites/pages that ask for them to install different things, and I know this has to be a headache for the IT dept. to keep up with. So no, your not a tyrant, just trying to keep you and your people from working many extra hours reinitilizing alot of equipment due to “Joe” needing to see his baseball scores, and downloading the wrong stuff and hammering the system.

      • #3054653

        IT does not dictate HR policy

        by angry_white_male ·

        In reply to Not a tyrant at all

        The issue of people wasting time surfing ESPN, eBay or other recreational/non-business website is something for management or HR to decide on – not IT. It’s not up to IT to micromanage or dictate people’s behavior. There are categories that can put the network in jeopardy (web-based mail, spyware sites, etc…), you need to make the pitch to management and have them approve the block. Have sufficient data to support your justification (network security, bandwidth, etc…).

        Yes, IT security policy is developed by IT but given the sign-off by management. That’s how it is. Don’t put yourself in the position of violating your own policy by making up your own rules as you go without the buy-in from your management.

Viewing 93 reply threads