General discussion

  • Creator
  • #2294667

    controlling a wannabe admin


    by lbofh ·

    Our company has 2 offices. I am responsible for the networks/desktops/phones/anything else with electrons company-wide.
    At the remote office, I have a wannabe admin. The problem is, he does not know much about computers/networks/etc. He just thinks he does. He is not interested in learning how to do things the right way, so there is no point in trying to use him in any sysadmin capacity. So, he is not authorized to do any administrative tasks, his responsibility is solely data entry.
    He refuses to accept this and management refuses to fire him for the things he has done/attempted to do.
    We just migrated to pure Windows 2000 on desktops and servers. I have locked things down so that only admins have privileges to install programs, etc and use a screensaver lock on all servers.
    This guy still has not quit trying to mess with things! Has anyone else ever dealt with this? What did you do to combat it? How can I best create a paper trail to prove to the boss that he is violating our policies so he can be terminated?

All Comments

  • Author
    • #2731895

      Politics will override policy

      by gralfus ·

      In reply to controlling a wannabe admin

      I had a guy that was actively distributing viruses through a game server he set up. Every time we removed it, he set it up again. I documented it and sent it up the food chain. It generated quite a stir and some zealous sounding emails…then nothing. This guy was the pretty boy of the R&D department and could not be fired. He knew that, so he could do literally anything he wanted to. Shortly thereafter the job cuts came through and now I have a job elsewhere.

      Short of setting him up for destruction, ala the BOFH, all you can do is lock things down and set your permissions and group policy as best you can.

      • #2732405

        ROI: Politics, Security, Policies, etc.

        by no one ·

        In reply to Politics will override policy

        Business is about money and Return on Investment. While every business would like to have the perfect security, policies and environment – it is not always cost effective. To that end management will choose on risk vs. cost. When a non technical communication can be made to upper management about the financial impact that the risk/behavior has had on the company supported by examples of how similar behavior has effected other companies, then upper management will be able to make effective decisions that benifits the company’s bottom line.

        If the (value of the work product) – (employee’s salary + cost of bad behaviors) > 0 then that employee still improves the company’s value.

        • #2732333

          opportunity costs too!

          by julian-lists<remove thys> at suggate dot co dot nz ·

          In reply to ROI: Politics, Security, Policies, etc.

          I agree that the best way to communicate with upper management is through recourse to cost vs benefits.

          However, I would prefer to work for a company that considers the opportunity costs of hiring average workers.

          The equation given,

          (value of the work product) – (employee’s salary + cost of bad behaviors) > 0
          => employee improves company value

          does not take this into account because an employee may be bringing only $5 a month into the company but ALSO taking up a valuable employment “slot” that could be filled with a more productive employee.

        • #2692829

          Comrade vs. Confrontation

          by debeifert ·

          In reply to opportunity costs too!

          It seems to me that if the person has some IT ability, and obviously IT interest, why not encourage cooperation and assistance, rather than alienation and confrontation. Having been on both sides, I’ve seen IT people that think they know better than anyone else what a person should and should not have access to. If it is not violating company policy (not IT “law”), and it’s not hurting anything, what is the big deal? If it is a problem, explaining the reason (not just “ordering from on high”) might get better results. I don’t think trying to fire a good employee for changing their screen saver is good management.

      • #2732289


        by mathieu_tl ·

        In reply to Politics will override policy

        Well, I must admit I do not have that much knowledge of the workings of Windows Server and the like,
        but through my Unix server I would have taken the rogue game server down and locked up the IP ranges and MAC addresses to be able to connect… Then again, the net I administer is pretty static and simple.

    • #2731885

      Published Roles?

      by pdo2000 ·

      In reply to controlling a wannabe admin

      I would caution you against an information reconnaissance mission. That practice is merely an effect of the problem that could easily consume you and distract you from your core responsibilities. Focus your energy on a solid solution.

      Is this person a subordinate, or a peer?

      It seems you may require clarity on your titles/roles/responsibilities. Good upper-management should support this and provide to you both. If his duties include IT administration (of any kind), they should be clearly defined and bordered … as should yours. If personnel conflict arises, or system damage occurs, management should act accordingly. If your organization does not have management of this caliber, perhaps your talent and integrity could be better utilized by another. Best of luck.

      • #2731875

        Roles are clear

        by lbofh ·

        In reply to Published Roles?

        Roles are very clear. He is a data entry staff member. He has no IT administration duties.
        Actually, my boss and I have both made it clear to him IN WRITING that he is not to attempt to administer or modify any company computers etc.
        However, he does not report directly to me or my boss. Yes, we outrank him on the org chart, but that doesn’t mean much. We don’t have the authority to discipline him.
        The person whom he reports to does not believe that there is a problem.
        So, the next step is to take it his manager’s boss, who is also my manager’s boss. Let’s call him Bill.
        Bill is not strong on dealing with personnel issues. To make it worse, he does not understand the situation at all. We’ve tried to explain and didn’t get anywhere.
        What he requires is tangible proof that someone is doing something “wrong” before he will take any action.
        On one hand, I don’t want to waste time coming up with the paper trail. But, on the other hand, I am beginning to want this guy gone.
        What escalated the situation was doing a remote connect to the wannabe’s workstation after hours recently and finding it had been logged in as one of the admin accounts. I have no idea where he got the password. Passwords are held very closely around here and only 2 current employees knew that one.
        If you’re wondering, it was not easily guessable. It had more than 10 characters. Included upper and lower case, numeric and special (#@$^) characters, was not a word or a name, etc.

        • #2731797

          This is a test.

          by dc_guy ·

          In reply to Roles are clear

          A couple of suggestions:

          1. Don’t make it personal. You’re starting to sound like it’s a matter of honor to get rid of this guy. Try the decaf, dude: it’s just a job! Your mission is to serve the company, not to acquire the credentials of a superhero. Put the problem in the proper focus and work toward protecting the company’s information resources.

          2. Perfect your detective skills. It sounds like this guy is, by your standards, an internal saboteur. Perhaps he hasn’t done anything worse than annoy people and cause a bit of rework so far. But with the resources and contacts he seems to have acquired, he could probably do some real damage if he were a crook, a spy on your competitor’s payroll, or a self-appointed terrorist — instead of just an arrogant jerk. Use this as a security drill. Figure out how to thwart him using the resources at your disposal, which obviously do NOT include upper management. This is a fairly realistic case study: upper management often cannot be convinced that there is a serious computer security problem worthy of their attention until it has caused irreversible damage.

          If you can solve this problem without gaining the support of upper management, you can be really proud of yourself. At that point it’s OK to take it personally. ^_^

        • #2732725

          DC_Guy nailed this one

          by tomsal ·

          In reply to This is a test.

          I agree whole-heartedly with the advice DC_Guy presented in his post.

          And the most imporant rule is “DO NOT TAKE IT PERSONAL”. I’ve been in the admin field for a decade now, I knew next to nothing about admining when I first started — I was lucky to be taught by someone who really knew their stuff..kind of like I was an apprentice admin. So I have full respect for the knowledge and responsibilities of being an admin today. Also, yep – we just got rid of a “wannabe” type last June. He was his own downfall though, he gradually spent more and more time “trying” to do admin like things (without authorization btw) that he eventually wasn’t spending any time do the job he was actually paid to do! lol.

          Oh yeah his real job responsibility? Data entry and scanning work orders into a database.

        • #2732707

          I think so too

          by lbofh ·

          In reply to DC_Guy nailed this one

          I agree with you. DC_Guy is right in saying that it is a good case study/security drill. I also think that approaching it in that manner will help to make it less personal and more of a learning experience.
          Heck, maybe we’ll change his job description and consider him an internal security auditor/pen-tester!
          I also think that given time, he will go the way of your “wannabe” type, as it sounds just like him, right down to the real job responsibilities. Thanks to both of you for the reminder to not take it personally. I think it gets too easy for it to become personal when one is spending most waking hours at work!

        • #2733574

          Take it personal, use the situation to your advantage.

          by psifiscout ·

          In reply to I think so too

          Your self education is/IMHO should be, very personal. Use this guy and the situation as an educational resource. He is a wannabe, you are the admin, so be an admin! Security is part of the job, make it your responsibility to thwart this guy’s intrusion. If he thrusts… you parry. Make it your business to ensure he can’t penetrate your security. Taking care of the network is the admins duty, so take care of hte network. Keep on top of the situation and make it your responsibility to stay one step ahead of this internal hacker (hack?).

        • #2733522

          Good Idea for a Security Situation

          by isrowley_03 ·

          In reply to Take it personal, use the situation to your advantage.

          I am in favor of using this as a Security Situation. As the Admin, you and your department should publish a Security Proceedure that would include internal people from over-stepping their responsibilities. I did this last year, at a Company that had no proceedures at all. I wrote new guidelines and sent it to all upper management for approval, then anyone who went around the guidelines was immediately reprimanded. Using the current Global situation, these proceedures were quickly approved by management and once it is in place, anyone who breaks the rules will have to be addressed.

        • #2732717

          If he has stolen or acquired a password

          by oz_media ·

          In reply to Roles are clear

          He is breaching company security. Write out a letter explaining that an unauthorized user had accessed the network using a system administrators password and you are investigating the issue.

          Firstly, change the password and disable the one he has used.

          Secondly wait about a day and a half and follow up your original letter with an update that you have found the breached account being used after hours and have changed the administrator passowrds while tracking login attempts. This tracking shows you that ‘user name’ has been using an unauthorized passowrd to access the company network after hours. If he has changed or screwed anything up, include what changes had been made and that this person is havnig an adverse effect on the company’s data security and network integrity.

          If your employer does not respond to hearing an unknown hacker is in the network, he may respond when you tell him it is an internal security breach. If not, give it about as much attention as the boss does, let the user have at it, just remember to include al the unneccesary fixes on your admin report so that they can see how much time is wasted cleaning up.

          Personally, this sounds like more of a comfort zone issue where you feel someone is trying to step on your toes and it is making you feel insecure. Think hard about that one, it is hard to see, harder to realize your own faults and much harder to get over them unles syou realize them.

        • #2732705

          That’s a switch from your first post

          by lbofh ·

          In reply to If he has stolen or acquired a password

          So, do you still think this is just about squashing a “wannabe”?
          The password was changed and the account disabled immediately after discovery.

          I will think about your advice to write notification letters. I’ve already suggested something similar to my boss.
          However, I already know what my “employer” will think. Although my boss is understands and is furious, the big boss doesn’t understand networks/computer security breaches or why it is an issue and may not ever. My boss might be able to get it across to him that we could lose clients if this continued and/or they knew about it, but even then, I don’t know that he would do much. So that goes back to my second post about gathering more evidence before anything is taken seriously.
          The only thing that would quickly get the attention of the big boss is if his ability to check email is impacted by my “wannabe”.
          He would probably also pay attention if systems are downed.

          But at that point, isn’t it too late?
          Clients will complain, management will be angry about lost productivity and they will all want to know why it wasn’t prevented. It may impact the bottom line, which is unacceptable. So, I have to disagree with letting someone “have at it” just because an upper manager doesn’t understand why it is a problem. He didn’t understand the need for the server UPS either, but that didn’t mean I didn’t push to protect my servers from power problems.

          I will seriously consider if there is a comfort zone issue here too. Although I do enjoy reading it, I do not want to turn into the BOFH.
          My first thought (besides the bottom line/client impact) is that I have recently spent a lot of long hours cleaning up the remote office’s network, documenting, upgrading and securing things, etc, etc, etc.
          So, I think if there is any comfort zone issue, it has to do with potentially watching hard work be obliterated. For example, documentation becomes obsolete fast enough without someone making unauthorized changes.
          I think that the key is to take earlier advice and back off a little, tighten security/auditing further and watch the guy hang himself. If the situation points out security weaknesses and I learn something in the process then that will be even better.

        • #2732703

          The difference

          by oz_media ·

          In reply to That’s a switch from your first post

          In my first post I was replying to your original posting about this wannabe net admin, stepping on toes (in a nutshell).

          I still stand by my thoughts on THAT issue completely, I’ve seen it all too often as well as being on YOUR end and the other guys end of the issue.

          All you can do is doscument any breaches, don’t bother trying to be big brother or ‘catching’ him at something, just document breaches that MAY jeopardize security or custoemr records, data integrity etc. If you spend all your time cleaning up again and the boss asks what is going on, you can easily justilfy your work by showing him that it has been an issue for a while and you have informed him before. It is up to him at that point to take action, if not, he can pay you to keep your neyworl clean and up to date. Either way it’s a paycheck right?

        • #2733508

          Group Policy Controls

          by djuan.carter ·

          In reply to That’s a switch from your first post

          Since you are running a 2k network the easiest way to lock him out would be using your group policys. I would set a policy specifically for him. Since he probally is using his own computer I would setup his desktop and his permissions so that all he has access to is what is needed for his job. The upper management can’t complain about it because you are not hindering what he does.

        • #2733499

          Why was GP not used previously?

          by support ·

          In reply to Group Policy Controls

          I am not sure I understand why the user’s workstation was not locked down from the beginning. On my Win2k network, my users have access to the tasks they must perform daily and nothing else. How else can an Admin say they have true network security if the users can thwart security policies? As far as the Admin password being used – Why is there a situation where two people know the password to one username? It would be better practice to have two usernames with equal access rights and unique passwords. This way if there is a password breach, the user that password was assigned to should have to answer to why the password was used by someone else.

        • #2732418

          Problem with equivalent rights

          by oz_media ·

          In reply to Why was GP not used previously?

          When assigning your rights (ESPECIALLY as ADMIN) it is a BAD practice to use the Wqual to: feature.

          The worst is creating an “equal to:’ admin account.

          If th eadmin account is damaged and unrecoverable, you have no way of logging in unless the object is available. You will be shut out of your own domain. Someone told me a long time ago to ALWAYA create seperate folder access rights and NEVER use the equal to feature. I did it anyway. Then for some ODD reason my admin account was damaged one day and I couldn’t access the server because I was equal to admin an there was no object to compare my own rights to. It took three solid days of copy and pastnig a gazillion files from one server to another to recreate the account without starting over.

          So now I will also warn anyone who does this ”
          !!!NEVER!!!! USE ‘EQUAL TO:’ for assigning rights. It is a bad mistake and a very lazy one at that.

        • #2732377

          “Remote” Administrators

          by markinsac ·

          In reply to That’s a switch from your first post

          Here is a thought – give that office a “local” administrator password with some limited, although added, capabilities. Let the guy have his way with machines in that office (set it up so only machines in that office have that account), and track any complaints or problems outside the normal paths.

          Good Luck!!

        • #2732332

          That won’t work though

          by oz_media ·

          In reply to “Remote” Administrators

          The other guy is not supposed to be in IT, whether his boss knows it or not.

          To offer him a way to legitimately screw up things and cause even minor problems is like ‘authorizing’ him to do so. It is not the admin’s job to hand out passwords to users this way and would probably get you fired if the guy caused problems, not the other way around.

          If HE screws up the systems, it is due to someone else failing to secure them or leaking passwords.
          Not his fault but the fault of the admin.

        • #2732194


          by macaries ·

          In reply to “Remote” Administrators

          The IT guy with the “company wide” don’t mess with my network ego could could foster an ally and learn a little more about W2K with this guy in the remote office by using the active directory to set him up as a remote admin.

        • #2732323


          by buschman_007 ·

          In reply to That’s a switch from your first post

          I agree with the sentiments that you need to lock the wannabe’s account down as much as possible. You need to track everything you do and come up with contengency plans for anything he might be able to access and mess up. It’s not like you’re going out of your way as you should be doing this anyways as the admin. But I think documentation is the key.

          I am the engineer at the HQ of my company and have to deal with an Admin in the India office. We are polite to each other and that’s about all I can say about him personally. Professionally we bump heads all the time when those grey area’s arise. One of the more bitter fights we got into was about fixing poor video conferencing settings over the routers. To make a long story short, we both consulted Cisco on our own and came up with our own code. It got into a nasty back and forth. Rather childish and stupid, so it’s not like I don’t understand where your frustration comes from. In the end my Boss suggested I just bite my lip and be the one to back off the argument first. I did and allowed him to use his code first. In the end he calmed he fixed it it, but he used my code with one minor syntax tweak. I used documentation to prove whose code fixed the problem. My boss understood, so even if that wannabe thinks he got the upper hand, my boss knows the truth and I have the documentation to keep my butt gainfully employed.

          Like the others said, don’t take it personally, but protect yourself from an intrusive user if management is unwilling to do something. If and when the fit hits the shan, then they can’t touch you with a ten foot pole. You warned them, they ignored your warnings. You tried to stop him, but he persisted. You have a backup plan ready to go, but the inconvenience is their own fault for not listening to you in the first place and taking your advice more seriously. You end up saving the day and hanging him out to dry.

          Not saying you should set a potential disaster up for him to fall in, but be ready for anything that might come your way. Your increased readiness will only make you a sharper admin.

          Good Luck,

        • #2732421


          by wmijangos1 ·

          In reply to If he has stolen or acquired a password


          we have a server nt 2000 and we forgot the password, how can i have access to the server to change the password?


        • #2732282

          recover local and domain passwords

          by ahleychris ·

          In reply to password

          Google NT Password Recovery Domain Contoler

          There are about a millon sites showing you how to do it, takes about 90 seconds to do it with the “linux NT rape disk” and 3 minutes with 2K Recovery Console. You must do it localy.

        • #2732628

          Reply To: controlling a wannabe admin

          by vincelyons ·

          In reply to Roles are clear

          It’s obvious that the password was written down on a note by one of those authorized to use it and the note was found.

          So, part of your problem is your administrator passwords are too long and cryptic to be kept in non-volatile brain.

        • #2732568

          Bathroom wall

          by oz_media ·

          In reply to Reply To: controlling a wannabe admin

          That’s my guess

          “for a good hack, call “aDmIn@911!!”

        • #2733545

          access lists

          by csobott ·

          In reply to Reply To: controlling a wannabe admin

          Have you tried placing an access list restriction on any incoming ip or tcp traffic from his ip address on any server that you want him out of on your router? Placing your servers in a particular VLAN on your switches would also keep him out. If you can’t get it done from the Microsoft prospective try it from the Cisco side.

        • #2733514

          may be not a leak?

          by vectra-v6 ·

          In reply to Reply To: controlling a wannabe admin

          We dont know the level of skill this wannabe has but maybe he has not seen the admin password written down.
          He works at the remote office, if he has unrestricted physical access to the system, knowledge of how use, and a copy of, NTFS DOS he could simply be extracting the SAM file and decrypting it off-site. Is he this smart?
          Finding the source of his passwords is the key to starting to keep this hacker out.

        • #2732341

          Hardware password capture

          by beardd ·

          In reply to Reply To: controlling a wannabe admin

          The password doesn’t have to have been writen down. I caught a guy who had PHYSICAL access to his fellow employee’s workstations – using a HARDWARE keylogger from!

        • #2732292

          What??????? What about LC4!

          by viper777 ·

          In reply to Reply To: controlling a wannabe admin

          One of the departments I had serviced in the past had so much restriction, a legit programmer couldn’t even install his products without making times and requests and having some there to allow installations of setup and runtimes as they wouldn’t let him install things on his own. Worked in the same department but the IT administrator does have a big ego to contend with. He believed nothing could challenge his pride and joy, so keeping some things secret helped stop giving a feel of threat to him. If he invited me to demonstrate how easily it could be done on his system, he would freak and would refuse to acknowledge it.

          If someone has “power” or “administrator priv” on their own computer, all you do is use LC4, a product that can read virtual passwords and find all accounts, and decode it to find out the Administrator’s password within a short time – with the cable unplugged from the back, then later clear all logs just in case. I’ve used this on rogue users’ computers who had changed the admin local password and so on – works well.

          The piece of paper bit may have occured but one could have used a hardware logger – the unit can be plugged in between the keyboard and computer – the computer won’t sense it and some models can take up to 1 million keystrokes or more. To retrieve it, you enter a unique password – one that noone else could ever type and the unit stream the keyboard capture data to wordpad etc and the computer believes it is coming from the keyboard itself. There isn’t anything available to combat this let alone detect it! So why you are all saying this and that, if someone wants to get in and has a fair amount of info OR have one of these units, they will get in – like it or not. With the unit, I can carry away some bosses Confidential report if I had installed the unit before they come in, and take the unit home to my PC – all is revealed…

        • #2733533

          IT vs staff

          by warpindy ·

          In reply to Roles are clear

          From you last replay you stated that this guy got a hold of your closly guarded admin password. That I would say is a big volation of procdures and put your company at risk for on so many differnt levels. My question is it documented in logs that this person at this remote workstation used the password and logged? If have this then go back to your boss and state to them that he has voliated sever and workstation security. Stress to your boss that if a problem should arise that the IT dept would take more hit than the person you the password leaked out to.

          Good look.

        • #2733488

          Do some recon on his system

          by rpatton ·

          In reply to Roles are clear

          This wannabe may know more than you think. The admin password may have been found through a key logger or an old program called Lopht Crack. I suggest a group policy and restricting what this user can and cannot access. You could lock him down to a point where he couldnt even access his own CD-rom or floppy drives. A lot could be said in the name of security when this user cries foul about his access limitations. Documentation is good to keep on record if this user trys to go over your head with complaints. Stay firm on your grounds for limited access for the sake of keeping your network and systems safe.

        • #2732450

          A breach of security is serious….

          by isgirl ·

          In reply to Do some recon on his system

          An internal breach of security is serious – even if your boss’s boss doesn’t think so.

          Personally, I wouldn’t even name names. I would simply announce to those that I’m accountable that there has been an internal security breach and begin to tighten up security. This might mean that I disable the Administrator account and use my user name with Admin privileges only. If there is one other person who has Administrative privileges, you can safely suspect that they are the source of the password. I would give them a separate user name and password stressing that it is for their use only and turn on logging for all user logins so I can the activity on that account.

          Now, your “wanna-be” doesn’t have access…but if he is able to break back in using one of your two user names with Admin privileges, you have more information as to how he’s getting the password.

          If my backup Admin was giving away their password, I would force frequent changes and reduce his privileges drastically. If he isn’t giving it away, his workstation may have been compromised and you should look closely for key loggers and other tools that might be the give away.

          Last, lock down your “wanna-be” to the nth degree. Flex your muscle a little and show him that you are the Admin. He can’t complain that you’ve taken away privileges he isn’t supposed to have.

          Just keep saying that there was “an internal breach of security” that concerns you deeply and ask your users for patience and understanding as you expire passwords more often and require more complex passwords, etc. Security is very serious and you would be remiss to let this issue pass.

          The point is that you should be tightening security accross the board and not appear to be picking on him. Other users may be budding “wanna-bes” too and you should nip that in the bud.

        • #2732224

          Political Problem not Technical

          by jimmac454ss ·

          In reply to Roles are clear

          Your problem is a political/managment problem and cannot be solved through technology. You must make it clear to the senior level management that you support employees developing their skills, etc. but there has to be limits that will not affect the operation of the business. A reference to the effect of a disaster upon stock prices and the subsequent involvement of auditors in your boss’s boss’s operation will allow him to take action.

        • #2735925

          hacking admin passwords very POSSIBLE!!

          by zekeallmon ·

          In reply to Roles are clear

          Hello, i wont go too far into this, as you probably know way more than I do. I am only a PC tech at a mom and pop pc repair company. I on ly have my A+, and net + certs.

          However, i do have a copy of a piece of software that allows a user to boot to CD, and run a program that tells him the admin user names and passwords.

          YOu may want to look into the possiblitly of that happening!!

          I cannot remember the name of the program off the top of my head, but it does come in handy when a customer drops there computer off to us to fix, then have password protection on it. I can get into their computer w/out them even being bothered by a call from me. Also, its kind of cool to tell them, that i did that. If you need to know the name of the software, email me at

        • #2735924

          hacking admin passwords very POSSIBLE!!

          by zekeallmon ·

          In reply to Roles are clear

          Hello, i wont go too far into this, as you probably know way more than I do. I am only a PC tech at a mom and pop pc repair company. I on ly have my A+, and net + certs.

          However, i do have a copy of a piece of software that allows a user to boot to CD, and run a program that tells him the admin user names and passwords.

          YOu may want to look into the possiblitly of that happening!!

          I cannot remember the name of the program off the top of my head, but it does come in handy when a customer drops there computer off to us to fix, then have password protection on it. I can get into their computer w/out them even being bothered by a call from me. Also, its kind of cool to tell them, that i did that. If you need to know the name of the software, email me at

      • #2732155

        Firm documented computer use policypolicy

        by durand ·

        In reply to Published Roles?

        What ever happened to the good old days of 1994 and prior when we had a very firm computer use policy? It seems the more technically advanced we become, our tolerance for this type of behavior rises. One large mistake of horse playing by a ‘wanna be admin’ is enough. The third mistake by this individual is the mistake of the management staff.

    • #2732721

      Your title is SOOOO negative!

      by oz_media ·

      In reply to controlling a wannabe admin

      First of all you have said a couple of really bad things for someone in your position, that tells me this has to do with YOU wanting control and having it shared (even if not by choice) is not giong well with you.

      You say you want to “CONTROL” a net admin “WANNABE”.

      This speaks volumes in itself. First, I’d say sit down and realize it’s not YOUR company, yuo don’t have to CONTROL anybody and every net admin is a WANNABE to another netadmin.

      Now this guy doesn’t know what je’s diong, did you when you first got your knees dirty or were you just as curious as to how things worked?
      That WANNABE interest builds some of the best admins around, convince your boss to let you either train him or send him to school. I know many guys who thought they knew it all and caused nothing but problems, but then the users came to me to fix things and it was soon apparent exactly who knew what they were doing. After a while, they would never ask the other guy and would always call me first, knowing from my demonstarted ability that I could resolve their issue without creating further problems.

      If I was you, I would take advantage of someone so eager to get into IT. Teach him the simple redundant crap you can’t be bothered to do. Actually don’t teach him, just send him info and ask him to do thingsm, he will soon be over his head and realize it, at that point he will either back off and let you do the work, or take an interest and come to you with questions.

      It is quite a common issue in several offices I have worked with in the past as well as one of my existing customers.

      So instead of trying to STOP him, encourage him, once he realizes that you want him to help you work and not just to play around, he’ll either be scared off and bee TOO BUSY from no on or he will become a great help.

      Do me a favour, come to Canada and try to take over my job duties, you’re more than welcome to. If you screw up, my contracts pay me to clean up the mess so you’re just feeding me while proving that I know best.

      • #2732708

        But it is justified

        by lbofh ·

        In reply to Your title is SOOOO negative!

        You know, I think you are rather judgemental without knowing the facts.
        We did initially try to have him help with some tasks. Problem was, he took advantage of his new privileges and started installing things he shouldn’t and generally mucking with servers. (Another favorite thing to do was to randomly edit the registry on various workstations.) He was not willing to listen or learn and he was sure that he knew best in all situations.
        After he screwed up yet another server, (which he wasn’t supposed to touch anyway) he was told by my boss that his assistance was not wanted and asked to concentrate on his data entry duties.
        I want you to know that I have a very soft spot for “wannabes” because that IS how I started out. I too, believe that the interest/desire to learn makes the best admins.
        The difference with me was that I didn’t ASSUME that I knew ANYTHING. I read the book/researched, tested and most importantly, DIDN’T SCREW UP PRODUCTION SYSTEMS! If I wasn’t sure what I was doing, I ASKED. And also important is having the balls to admit when you’ve touched something and accidentally screwed it up.
        That is NOT the case here. Believe me, I have plenty of jobs that I’d like to delegate. It would also be nice to have a set of eyes and ears in that remote office for troubleshooting purposes.
        The reason I’m so negative about this guy is that it is ultimately MY responsibility (and my ass) when things get screwed up. It’s my cell phone that rings 24/7 not his. I already live at the office and I don’t have time to clean up messes that someone else makes.
        If someone is willing to take responsibility and is open to being shown a better way then fine. But otherwise, leave my network the hell alone.

        • #2732701

          So lock him out.

          by oz_media ·

          In reply to But it is justified

          Create another user with the same rights (separately created not just equal to admin)and keep it to yourself. THIS is YOUR new private access password.

          Setup the login scripts to restrict the admin logging in after hours, if he manages to get the new admin account info, he can’t login after hours.

          SHUT down access to the Windows registry on all remote machines, this should be yours only. There’s a few programs that will block the registry, shortcuts, DOS prompt, Boot prompts etc., but I use Netware so you’d have to explore MS options if that’s what you use.

          Now to address your previous comment:
          “You know, I think you are rather judgemental without knowing the facts.”

          You asked for input based on the facts you had provided. If you neglected to include pertinent information until a later posting, then it is not me who is to blame for my comments but yourself for not providing the whole story up front. What did you expect?

          Try that in a courtroom and see if you can talk your way out of jail by saying “…but they didn’t get the whole story before they passed judgement!”

          Good luck with your pain in the butt, but remember EVERY company has one.

        • #2733602

          Re: So Lock him out for good or you are out

          by wkktai84842002 ·

          In reply to So lock him out.

          I totally agree with Oz. Almost every company has one or more of such person. Even worse, these people are arrogant, has no respect and no responsibility. It’s a nightmare when they acquire more knowledge. They turn abusive and pathetically, the upper management thinks they r heroes. Whoever who takes the previous admin work that the person is still in the company, you will know what i meant.

          What do you do if you’re in my shoes which is you are also facing? Find another job. You will find you days clearing up his mess and you don’t have time to advance your career. Of course, if all your attempts failed. It was mostly failed due to upper management decision making.

          You can find a lot of programs that can track him down, eg attacker from the server that he tries to intrude to.

          Hope this helps.

        • #2733584

          New Segnment and lock the network down

          by sohohelpdesk ·

          In reply to So lock him out.

          If you try to fight this guy it will only get worse for you, it sounds like you are getting consumed by it now, keep it simple, give him the rights to what he has to to do his job and that is it, nothing more and nothing less. You have recieved alot of good information in all the posts. I advise that you take the Security + Course you will get alot of insight into what this guy could do to the network if you do not take control now. this guy is the Windows 2000 God, the best Tech write ever and he has everything you need to know about W2K Good Luck
          Network & Internet Support Specialist, A+
          Working on my MCSA for 2003

        • #2733578

          Mark Minasi

          by david.mcginty ·

          In reply to New Segnment and lock the network down

          Sorry to butt in like this. But, in case someone is trying to get to Mark’s site. It is I sure this is just a common error.

          David McGinty
          MCSA 2000, 2003

        • #2732252

          Stop wasting time

          by my mac is faster than your pc ·

          In reply to New Segnment and lock the network down

          Your solution is simple and takes multiple paths.

          1) Start from scratch. Know what apps he needs and do a fresh install of the OS and apps. Also do a recon of all hardware and servers for anything amiss.
          PS You do have locked server room don’t you? Or some sort of physical server security

          2) Write a policy toward machine use…… No outside apps, no personal email, no installs except by the authorized people. (use names or titles).

          3) Have your other admin using a password policy that requires change on Tuesday and Thursday and make them aware that a misused password is grounds for termination. And turn on all appropriate logs.

          4) You cannot reprimand the rogue BUT you and your boss can sit down with him in a meeting with his boss and layout what you know and the new policies. Make him sign a statement that he understands them. Good old paper stands up well when having to fire someone.

          Finally, the poster that suggested using this as a security drill had a VERY good idea.
          We all have those mundane tasks of adding users and password changes, and we ALL read about the cool things others are doing with their gear (I admin. OS X myself), well you’ve been handed a sweet piece. You can use this as a reason to go to security demos/seminars. You can also use this as a reason to demo new security software and hardware.
          Biometrics anyone?
          Give your other admin. a fingerprint log in and a portable reader. Viola.
          Yes, if they are plotting together it can be defeated with a Jell-O mold but key it to a specific reader.
          You are monitoring the rogue’s outgoing email for large attachments aren’t you?

        • #2733515

          Right on Oz!!…. Get over it

          by jafa ·

          In reply to So lock him out.

          It appears that you are being totaly consumed by this dilemma. It’s obvious that you don’t or will ever have control over this individual. Everyone has their “problem child” and you are no different. I feel there is something deeper than you’re letting on. The title of your article gives it away that you are dealing with some major CONTROL issues. Even your alias “The Admin” appears to be inflated. Let the air out,come back to earth and join the rest of the human race. Mr. (as YOU call him) “wannabe” will eventually hang himself if he is truly inflicting serious damage to your company. Mean time use your “admin” skills to YOUR job and don’t worry about his.

        • #2733595

          welcome to the club

          by dotgaz ·

          In reply to But it is justified

          I think all of us sys Admins have had similar problems, mine was my boss a company secretary. He caused me a massive problem and I had to work all night to fix it. I pulled him aside and thanked him for making me work all night. He had done various other small things but nothing that killed a server before. He apologised and doesn’t touch anything now. In a previous employ I found one of my IT staff was sabotaging me. I spoke to him at length showed him the logs where he had played around but to no avail. Spoke to my bosses but nothing. So I named and shamed him in an all staff email when I apologised to the staff that couldn’t work because of what he had done. He was ostracized by fellow workers. Harsh !! maybe but it worked he left quietly. I was told off but I took the whole thing personally. I should have thought of it as some of the others said a job nothing more.

        • #2732404

          Simple Solution

          by the_punisher79 ·

          In reply to But it is justified

          Wow, I think this discussion has struck a deep chord with alot of Admins since we all have people like this in our work environments. There are two sides to the matter, but they are simple. One, if he cannot be trusted with Admin access or technical duties, DON’T GIVE THEM TO HIM. Give him power user access to his machine and leave it at that. It is ludicrous to think that ANYONE would give someone admin access to their network, just to “learn” or neglect the responsibilities that they was hired for. The second option is to still give him power user access to the workstations and ask him to assist other less technical users with simple stuff like adding printers off a print server, ect… Active Directory DOES have a User Rights Delegation wizard you can use to give him access to reset passwords, make accounts, and so on without giving him ADMIN access to the network (as long as you have AD incorporated). I support a remote location over 5000 miles away and it is SO NICE to have someone there that knows a little about computers to help me when there are problems. It’s also nice to have people locally that can help their coworkers do the menial things that every tech HATES getting calls about. If he is willing and has time AFTER his assigned tasks, use him to your advantage.

        • #2732344

          Rarely a simple solution

          by dcox ·

          In reply to Simple Solution

          I see both sides as I have been on both sides. I am now Manager of IT Ops and know the benefits and risks of users that know less than they realize.

          Although having technically skilled assistance at a remote site is useful, it must be managed with care and common sense. Most users that are technically literate like to play with settings in an attempt to boost performance, secure a box, block “Big Brother”, and the sort.

          When they start playing with settings that can have devastating effects, like going to the root of a system drive and setting all file/folder access as everyone “read only”, this becomes a serious problem. I have actually seen this happen.

          All you can do is document the event, report it, resolve it and move on.

          You must remember that Management does not care about emotions, just facts. Management is always looking for people to become sub managers, people that can be neutral, calm and deal with issues with minimal intervention.

          If you can prove this person is taking unauthorized actions; document it, ask your boss for advice on how to approach the culprit, advise the culprit of the situation and what you have been instructed to do and keep a running document with a log of dates and times of all events.

          If this person is such a threat that systems are being blasted, then remember you must do your job, and only your job. This includes keeping your boss informed of all related matters and how you tried to resolve them professionally without escalation.

          Also, remember that all communications between you and the other party must be professional; you must ?stay above the fray?. Keep your tone and inflection (both in conversations and emails) courteous and professional.

          You should appear as more the victim than the killer.

          If not, you are also part of the problem.

        • #2732368

          How Do You Know Who . . . .

          by joe_at_stavka ·

          In reply to But it is justified

          How do you know who used that workstation after hours? If two or more people know a common USERID and password, then neither can be held responsible for its use. More importantly, you cannot prove that the person in question was at his terminal when the admin logged on. While it probably was the person involved, proving that becomes problematic in the face of shared USERIDs and passwords.

          If you gave him admin rights in the past, then it seems possible that he cracked one or more passwords while he had the rights. At the very least, I think it prudent to change all administrator passwords and eliminate any shared USERIDs.

          As I understand it, administrators should use USERIDs with administrative rights. They should not use the Administrator account. In addition, turning on strong passwords seems like a good idea if it is not in use now.

      • #2732439

        Be a Listener & Leader, not a controller

        by axlehead ·

        In reply to Your title is SOOOO negative!

        It’s time for you to become a master listener. Individuals like your Wannabe Admin often have very valuable suggestions that can help increase work efficiency entire groups in an organization. Use this guys as a contribution and resources for you to do a better job, keep him as a friend, he obviously has an interest and some skill with computers, help him get some training, be a leader, not a career wrecker.

      • #2732363

        Reply To: controlling a wannabe admin

        by pickleman ·

        In reply to Your title is SOOOO negative!

        I couldn’t help but laugh at this “Oz_Media” clown. By the sounds of things, you’re either one of those wannabes yourself, or you clearly have some mental disorder whereby you enjoy having other people making your life miserable.

        Regardless of what terms the original poster used, whether it’s “CONTROL” or “WANNABE”, it doesn’t change the fact that HE is charged with the duties and responsibilities of being the system administrator. It’s not his company. We know that. He never made any such claims. But when there’s some yo-yo running around the office causing you grief which then forces YOU to work overtime and takes you away from your friends/family/girlfriend/wife, then yes, you have every right to be upset and to try and do something about it.

        I am truly astounded by the number of people in this thread who seem to be taking such a “who cares” approach. Just because the guy hasn’t yet caused serious and irreversible damange to the company doesn’t mean that he won’t do it tomorrow or the next day. If you have one of these ass-clowns running around doing things that go BEYOND their job description which directly interfere with YOUR own job, then yes, you have every right to be pissed off and take matters into your own hands.

        Ultimately, matters are made ten times worse when you have an idiot boss who doens’t understand the issue, or in this case, the remote office boss who either doesn’t get it or simply doesn’t care enough about it.

        But to say that this is a power struggle is ludicrous. The guy is simply trying to do his job, and not allow some moron to cause him further aggravation. Yes yes I’ve heard the argument that maybe the wannabe is eager to learn. But that doesn’t sound like it’s the case here. If someone is eager to learn, I would tell them the following:

        – go pick up a book
        – go take a course
        – set up a network at home and practice
        – ask questions before you touch something

        But I would definitely NOT be giving him the impression that it’s somehow “okay” to go and screw around with a production server all because he wants to “learn”. Learning is fine and is to be admired, but you don’t LEARN by taking apart a running car on the highway.

        I have more than enough experience in dealing with matters such as this, and all I can say is that if you’ve already documented all your problems and you’ve approached your boss and he talked to the moron in question, and you’re still not getting results…then it’s time to make it clear to them (in writing) that it’s only a matter of time before that “wannabe” does something which will have serious reprocussions on the company, and in such an event, YOU will not be held responsible because you went out of your way to warn them months in advance and you did everything you could humanly do to prevent it from happening.

        Very few people understand what’s truly at stake in these situations because they’re nothing more than arm-chair admins. They haven’t done a single day’s work of looking after a network, and yet they go on to give their “advice”, and some clowns even go so far as to say you should ENCOURAGE the troublemaker because the poor guy is just trying to learn. Please, give me a break. When the guy does one day cause a major problem which will screw up something seriously, not only will your job be on the line, but if the company you work for is stupid enough to let this go on, then believe me – they will be stupid enough to want to hold YOU accountable and may even try to take legal action against you, claiming that YOU were the cause of the problem because it was YOUR job to make sure things like this didn’t happen, and it was YOU that ended up costing the company tens of thousands of dollars, and it was YOU that should be held liable and be made to pay compensatory damages. Think it can’t happen? Think again.

        The absolute worst thing you could do in this situation is to do nothing and to keep letting it happen. If all else fails and those in charge refuse to listen to you, put down all your grievances in writing, and make it clear to them that it’s only a matter of time until this blows up in their faces and you refuse to be around when it does – and then resign. There are plenty of companies always looking for knowledgeable, talented people who know what they’re doing, and don’t have this idiotic mindset that we can just “let it go because it hasn’t hurt anyone (yet)”.

        • #2732337

          YEAH!!! Preach on, Brother!

          by -loanman ·

          In reply to Reply To: controlling a wannabe admin

          I worked for just such a company and you are right on; that’s exactly what happened.

          Ass-clowns, indeed.

        • #2732137

          Well done

          by oz_media ·

          In reply to Reply To: controlling a wannabe admin

          Hey you actually did have some point to your comments but you begin by reducing yourself and bashing a previous post that you have obviously misunderstood or failed to comprehend entirely.

          Now nobody thinks this guy should be left alone, in fact it is SO easy to shut him out, unfortunately the ‘Admin’ will preobably have to ask the ‘wannabe’ how to do this.

          As for my comments regarding the Power trip and control, if you had ANY formal knowledge of psychology and egoism, you would comlpetely see the point.

          This person SCREAMS insecurity in every comment he made. The wannabe is definitely wrong, but can easily be thwarted without the admin needing to ‘get this guy fired’ as he so hopes to do. What id The Admin creates enough stir that the boss says ONE of you has to go, well it sounds like he’s pretty friendly with the wannabe, so it’s bye bye to ‘The_Admin’.

          This guy is looking to put HIMSELF out of work, not the wannabe.

          His attitude is egotistical, his thoughts are detrimnetal instead of becoming positive that someone has an interest in performing network duties. Well it will be interesting to see if the admin creates a tir in his office, but al I can say is “NO I’m not hiring.”

          As for the assumptions that I am also a newbie, well I suppose in some ways you are right. I am new to running my own network support business, I am SOMEWHAT new to computers (started with Win3.11) but I am far from new when it comes to saying how people fit into an office. I have managed hundreds and seen SO many ego driven employees like The_Admin it’s not funny. I will say without a shadow of a doubt though, if he takes the same attitude to the ‘other boss’ he will get his walking papers long before the ‘wannabe’ does.

          As for people like that causing you to work overtime, what kind of sap are you?

          “Overtime? Sure boss, see you in the morning.”

          Learn to write an employment contract that works for you instead of just begging for a job. I worked over time ONCE (okay maybe twice) in my life, by choice.
          Certainly I work some pretty odd hours these days, but then again, I do work my own hours when I want to work. This way I don’t care if someone buggers up their company network, I get paid to fix it, when I have time.

        • #2692355

          Just Be Rational and Detached when Dealing with Such “wannabes”

          by perseus ·

          In reply to Well done

          I agree with OZ_Media Completely. AND I am definitely not a newbe when it comes to Administration. I have had my quota of antacid tablets and wannabes. BUT the author and many of the posters IMHO are taking a egostical approch to this whole issue.

          Why does it have to be me or him ? You know very well that as far as senor management is concerned, you are not much of a ROI compared to that other guy. So take a deep brath and keep Sr. Management out of this.

          If you can’t manage this scenario with the admin resources at hand then may be you don’t deserve to be a admin. C’mon how much does it take to lock him down ?

          But rather than taking such a drastic step, I’d rather talk to him one on one. Have a decent discussion and make him understand the things. If his activities are causing problems that you need to fix then I will make him fix it himself. (Certainly not on my free time. I will make sure I get paid to fix it. ) In my experience, when these guys see the amount of rework they have to do to fix it then mostly they will take care not to cause trouble and get noticed by you. If they are wannabes then they have a pretty goos idea of what you are capable of. Last thing they’d want is to get you mad.

          Lastly that bit about rogue Game Servers, which is a real sore point for many of us. Well it seems many take the view that If I don’t get to play why should he ? Or how dare he plays when I am working ?

          Well I have one piece of advice to those. either join him or forget it. The senior management must be aware of it. They are not blind. If they are turning a blind eye then why don’t you ?

      • #2732271

        Agree and Disagree…

        by yanipen ·

        In reply to Your title is SOOOO negative!

        Oz, I agree to what you said, teach this to the guy, and so and so. Especially on the 2nd to the last paragraph. We share the same thoughts.

        But let us make clear that the guy is being disrespectful to other people’s job. I guess we have been long enough, most of us, to recornize this. Even if the guy is in the top management, he should have respect on the job assigned to him, and others.

        I’ve had similar cases for the past years. Instead of being the police, I became a friend, or mentor. But first, again, respect. That guy must know what kind of ground he is standing in. That is where the company’s management kicks in. Even if he is treated as the golden boy. After some “lively” discussions, the management decision should still be adhered. Of course, the management can become lenient at sometimes, but it will still serve you and make your point be heard.

        Then things will workout fine afterwards. And it will keep you on your toes.

    • #2733603

      Support and educate

      by jadamson ·

      In reply to controlling a wannabe admin

      One simple way to deal with this would to be to train the offender in your procedures, educate them on your policies and give them a little more responsibility as this is what they obviously seek. By doing this instead of having a problem you may actually developme a valuble team member instead of getting rid of what could prove to be a valuable asset.

      • #2733546

        Finally Hit the Point

        by ttrimb1e ·

        In reply to Support and educate

        Thanks for finally hitting the point. There is way too much ego flying here. It does not sound like the wannabee has the goal of company destruction. Most Wannabees really just “want to be”. Your request to management should be to train this person, not to fire him. Don’t try to protect your world from him, get him ready to join it. Training others is in the job description of any good admin I have ever worked with.

        • #2732440

          Make him an ally

          by foobear ·

          In reply to Finally Hit the Point

          God knows that there is always too much work for the typical Network Administrator to accomplish. If you can work with him and mentor him then you will gain an assistant. Steer him the direction to get some proper training and fill him in on the proper procedures to follow when he is ‘assisting’ you.

          If he still fouls up, then you can discuss the situation with his/your manager and suggest that the person should direct his activities elsewhere.

          If he proves competent, then you will have an assistant and will achieve some credit for mentoring him; something which is always good during review time.

        • #2692370

          Way to much ego

          by jadamson ·

          In reply to Finally Hit the Point

          Regardless of whether the person being discussed should or should not be sacked/supported you are right there is way to much ego flying around here so typical of the tech community. A holier than thou attitude that the rest of humanity is in some way inferior to themselves and therefore should be treated as such. This was something i have witnessed and despised over the years and something i have tried to prevent in my workplace. Wouldn’t it be nice if everyone was able to show patience and understanding with those less “knowledgeable” than themselves instead of the automatic and often nasty destruction of ideas and confidence of those deemed “less worthy.”

        • #2692238

          Here’s the kicker

          by oz_media ·

          In reply to Way to much ego

          I remember a time, not so long ago, when a computer geek wouldn’t DARE have an attitude. It would great just to be accepted by mainstream society. When I was climbing the corporate ladder I often saw these geeky dudes get hired and they’d sit quietly in these ‘computer rooms’ and keep my networks operating. They never joined the rest of the crowd for beers after work or even managed to socialize on the most primative levels.

          Now we see ‘geeks’ actually throwing their 80 pounds around and expectnig to be heard, I guess that’s what happens when a repressed responsibility is finally aknowledged as useful to the company. Sales reps used to have a similar attitude, as a sales manager I often saw the guys with the over inflated ego thinking they were going to sell your company into the next level of success, only to find out they were human all along.

          Well now it’s the geeks turn to have an overinflated attitude. My god I just can’t escape it, I also manage a couple of bands and run a promotional/management company, belive me when I say, musicians are the biggest bunch of over inflated Prima Donna’s on the planet.

          It seems our newer admins are right there in line behind the musicians now. What’s the world coming to??

        • #2692748

          Worse yet….

          by jellimonsta ·

          In reply to Here’s the kicker

          I am an admin AND a musician. I do not really feel I have an over inflated ego though. I can’t help if I am always right :)…. j/k.
          In all seriousness though, I do not feel life has time for ego’s. I have too much real stuff to accomplish than to spend time worrying about what someone thinks of me.

        • #2692645

          Well done

          by oz_media ·

          In reply to Worse yet….

          I love seeing that frame of mind in people.

          Who really gives a crap what Jeff thinks or what Sally does?

          Live your life and enjoy every waking moment of it, I have had an awakening that proved to me no matter what you do, how careul you are or how well you plan, s**t happens and you have NO control over it. So instead of worry about what others think or do, I just live instead. It’s a LOT easier and a lot more fun.


    • #2733601

      Don’t get personal

      by bill ·

      In reply to controlling a wannabe admin

      As frustrating as his behaviour apparently is, any paper trail you create would need to be company wide rather than just for him. Personal 1:1 audits without good reason could be construed as part of a constructive dismissal strategy on your part. Does your company have a Human Resources department? That’s a good route.

      Good Luck

      • #2733516

        re: Don’t get personal

        by warpindy ·

        In reply to Don’t get personal

        Have read more it the replys and I have to agree with people on a lot of differnet points.
        1. Don’t make this personal.
        2. Try and use some of the software on the market to lock down and track this person’s usage.
        3. If you asked this person to help at one point but due to his abuse of powers asked him to stop. Check with HR and see if what he is doing now is a volation of computer usage rules.

        I myself has gone though this problem and with proper documentation and a proactive IT director we were able to stop this person from abusing workstations and certian server apps. Also letting a it tech know to keep a beter control of the admin password helped out too.

        Good luck.

    • #2733600


      by matrixcsl ·

      In reply to controlling a wannabe admin


      I had the same problem last year. The only way we found to successfully deal with the problem was to give the “wannabe” very basic rights (not even installation rights/web access), each day, give him a list of duties, at the end of every day, ensure that they had been done. If anyting else was arried out over and above the prescribed duties (without authorisation), a formal disciplinary was carried out. Eventually (after 3 disciplinaries), we had to fire this guy.

      You must get him to sign a “compliance” document, which clearly defines his/her EXACT role, what duties are authorised, what duties ARE NOT. It should be made clear that any unauthorised activities will lead to disciplinary action (you should check with your personnel department, what the disciplnary rules are etc).

      Off the record, you should also have a chat with this person and again make it very clear what could happen if his/her actions continue.

      Not very nice (I sympathise with you), but, lfe is stressful enough isn’t it!!! Good luck.

      • #2733585

        Smart idea there

        by selvarin ·

        In reply to Heavy-handed

        Work it by the numbers, watch him hang due to his own disregard for agreements that he himself has signed.

      • #2733576

        Difference between “wannabe admin” and power user?

        by lyates99 ·

        In reply to Heavy-handed

        I’m sick of admins who lock down the network so tight that I can’t use the PERSONAL computer in a manner that’s so crippled that it’s impossible for me to perform efficiently.

        • #2733490

          RE: Difference between “wannabe admin” and power user

          by kmlong_az ·

          In reply to Difference between “wannabe admin” and power user?

          Okay…time that I jumped into this conversation. LaptopLarry uses some very interesting wording in the phrase “PERSONAL” computer. I have a few users that have the mentality that they “own” their work computer, therefore it is theirs to do with as they please. I try to educate my users that these computers actually belong to the company and are not their personal property. The Admin’s job is to make sure that their users have the tools necessary to complete their daily tasks. I routinely have to discuss (read “argue”) with “Power Users” that they don’t require the right to install software on-demand as part of their daily job function. I believe that a good sysadmin follows the principle of least privilege when setting up permissions on desktop computers and unfortunately this doesn’t go well with the “Power User”. Can’t we all just get along?

        • #2732376

          Power Users often don’t “Wannabe” Administrators

          by persepone ·

          In reply to RE: Difference between “wannabe admin” and power user

          I don’t want to be a System Administrator. However, I want to be able to do my job. As an outside consultant, I’m often called upon to provide complex technical documentation on a very tight deadline in “camera-ready” or other final format.

          I’m simply amazed at the lack of understanding of my needs that I get from System Administrators. Often the PC they provide is one that will not handle my needs. When I ask them to load an application and to do a “custom installation,” for example, invariably they do not and I’m left without the tools I need to perform my job. They usually take 6 or 8 visits to “get it right.” When you have a 4 week start-to-finish deadline, this makes it impossible to do the work without a workaround.

          To meet my deadlines, I usually bring my own laptop, loaded up with my own applications, and work “off line.” I show the sys. admin. or other rep. who shows up exactly what I’m using and for what. They usually don’t pay much attention because they are so sure that they “know” that they don’t want to hear anything I have to say. The bottom line is that I work on my PC so that I only have to load my work on to their network (or burn it to CD and let them load it) by the time I leave. Frequently I leave the CDs.

          I don’t mess with people’s networks or PCs that are not mine. Can I? Yes. I do so on my own network and my own PC. Will I? No. I’m not being paid to do so and it’s no skin off my nose since I can burn CDs to give my work to my customers.

          But I’m appalled at companies who call in consultants and request that the consultant prepare stuff that uses specific software they do not own or that is not loaded on the PCs they provide to work on. A common example is a company that specifically requests files in Word format and in Adobe Acrobat or one that requests Visio diagrams, etc. And it turns out that the Sys. Admin. will not load Visio or Adobe Acrobat–and sometimes they do not even “own” the application!

          I’ve found that IT people do not understand why certain users need some of the seldom-used functions or why users may need certain fonts loaded, etc. Guess what? If you hire someone to do a translation into/out of a language with a different alphabet, you need to load those language fonts, files, etc. These people need a “custom load” to do their jobs!

          I’m amazed that most of the IT people I have encountered over the years know much more than I do about how to do MY job and what tools I need to do it. I wonder why the IT person isn’t doing the job I just got hired to do. It’s got to be a better job than theirs.

          Because I’m an outsider with a high $$ rate, my manager tends to be pretty high in the tree, and a call to IT gets attention. However, I’m often amazed at how employees of a company get bulldozed.

          I was at a company with a stupidly slow network printer and one morning we were all standing around waiting for the print queue to spit out our jobs and I mentioned to the division president that this particular morning wait around the printer was costing him in the thousands/hour range (we’d been there about 15 minutes–and 5 of the people earned in the 3 figures, and 3 others in the high 2 figures. The IT department had “done a study” and found there were not enough users on this printer to justify a better printer! Stupid! Stupid! Stupid! But how does a division president let himself get blindfolded by the IT guys?

          I can well understand why employees get frustrated by IT and take things into their own hands and play sys. admin. I can understand it if an employee is asked by his/her manager to provide Visio diagrams for next Thursday’s meeting why they get hold of a copy of the program and load it. The managers, for the most part, don’t understand why the employee can’t go the store and buy Visio, expense it, load it up and get the diagrams done! First, the managers don’t really understand the IT department needs–they just know that they want Visio diagrams. The employee does not undertstand that the boss doesn’t understand the IT policy–he just knows he will get punished if he/she does not have the diagrams by Thursday.

          As long as IT Systems Administrators continue to play god and disregard the needs of their users, the “power users” out there will do what they have to do to play “sys. admin.” if they don’t have the workaround of their own personal well-configured PCs to use to meet their boss’ demands.

          I am not excusing people who load up games, download MP3s, etc.

          I am not condoning people who load pirated software on their work PCs.

          I am saying, however, that if sys. admins. don’t learn to listen to user’s business needs, and don’t have a mechanism in place to load software quickly (within hours–not weeks) when it is needed for business deadlines, then this problem will persist.

          If an employee goes to the sys. admin. with a request for a software load that the sys. admin. truly thinks should not be loaded for whatever reason, then the sys. admin. should be willing to explain this to the employee’s manager! There should be a genuine technical or business reason for the refusal and the sys. admin. (or his boss). My experience and observation is that generally this does not happen.

          As an aside, if a company has more than one location, there should ALWAYS be someone on site to serve as a deputy sys. admin. I like the notion of training a true power user or “Wannabe” Administrator for this role. The bottom line is that there needs to be someone on site who can respond quickly to needs for new software, reloads, etc.

        • #2732325


          by lyates99 ·

          In reply to Power Users often don’t “Wannabe” Administrators

          I knew I’d get that oh-so-smug remark regarding the “PERSONAL in PC” remark :-).
          Of course, I don’t think that I OWN the workplace PC. I just want to use my tools to do my job.
          Sometimes it’s like an adult riding a tricycle.
          …You described my situation EXACTLY.

        • #2732276

          Tools for your job

          by ahleychris ·

          In reply to EXACTLY!!!!

          If you have the tools to do your “JOB” and your job doesn’t include shoping at EBay, or installing some new misson critical software that the company isn’t providing.(BTW, if you install an eval ver of winzip, or any eval with expire date, and don’t buy it or uninstall it, the company is leagly responsible, not the user)

          If, as a user, your workstation is too locked down, then you should contact your boss/IT and state that you cannot perform your job as currently setup. They, in turn, should evaluate how much your setup is locked down, how much more access you need, and the other users with similar issues. It IS the IT dept’s job to provide Users with the tools they need, if you users can’t work, then IT needs to fix it. And if you can do your job and nothing more with your workstation, then good on the sys/net admins for a job well done.

          It is doubtful, that you need some software that noone else in the company needs. I would go so far to say that the blocking of many sites is well within the admin’s scope of power, I mean, most jobs don’t rely on yahoo and hotmail to get things done.

        • #2732135

          laptop trouble

          by wiremaster ·

          In reply to EXACTLY!!!!

          laptoplarry, i have so many powerusers asking if i can setup a lot of stuff on the laptops they got to work with that i cannot count them.
          I don’t wanna start any flaming here but i think that one who signed a “contract” saying that the laptop is his company’s property and he should not do ANYTHING but running the preinstalled software he found on it, he should be forbidden by any means to do something else.
          Often those contracts say that in case of lost you have to pay twice (or more) the market price; that’s clearly intended to keep the users well-in-paranoia with the laptop they use but don’t own.
          The reason is very simple: if you are supposed to word-excel-powerpoint your work and your (censored) win_xp crashes, i’ll setup everything again so that you can work: that’s what i’m paid for.
          If you come with your OS nearly dead and i find p2p, games, porn etc. i’ll write that you (or somebody else, but’s still your fault) did that mess so that the manager(s) knows why am i spending so many hours on your pc.
          I cannot bear the boss’ anger ’cause somebody is bored; so lock everything.

        • #2737533

          Reply To: controlling a wannabe admin

          by wmdcrowder ·

          In reply to RE: Difference between “wannabe admin” and power user

          What I did when I was MIS Director of 4 radio stations here in Phoenix was simply use Ghost.
          All our systems were the same platform, so I was able to make a Ghost image of needed apps.
          Users were told that all necessary files were to be saved on their network drives (set to save there automatically)
          If I ever had someone installing anything nonwork related that caused an issue it was a simple matter of Ghosting their machine….problem solved and I didn’t need to waste time trying to dig out what they’ve broken.
          Every time this happened would be logged and tracked. Users who were constantly breaking their systems by ‘tweaking’ their machine would get more and more restrictions. They couldn’t gripe about it as our policies and SLA’s clearly stated what would happen if this occured.
          And I was *very* lenient with software they wanted installed. It *is* a control issue..I wanted to be sure that anything running on MY network wouldn’t cause issues I was unaware of.
          I say MY network since it was. An IT manager/admin job is to ensure that the network is safe, secure, and running properly at all times. If it broke, it was I that the responsiblity ultimately fell on.
          Joe Blow doesn’t get in trouble if the servers crash or computers fail….the admin does, even if it is due to someone ‘tweaking’ something or installing something not approved.

        • #2737541

          Give me a break…

          by wmdcrowder ·

          In reply to Difference between “wannabe admin” and power user?

          Quoting:Difference between “wannabe admin” and power user?
          “I’m sick of admins who lock down the network so tight that I can’t use the PERSONAL computer in a manner that’s so crippled that it’s impossible for me to perform efficiently.”

          I simply can’t believe that response…ie: PERSONAL computer.
          Did the Admin come into your home and lock down your PC? No. It’s a WORK computer…not your personal toy to do with as you will.
          If you can’t work efficiently due to security measures, SPEAK UP! Let it be known what you need to do your job and LISTEN to why it can or cannot be done that way.
          I’m not saying your personal experience has been fair as I don’t know what it is; the response of a PERSONAL computer is simply ludicrous. It is a piece of company equipment, just like the fax machine and the copier. While many of us abuse the use of these systems (nonwork related issues)
          using the computer in this manner is STILL a violation of MOST companies policies.
          I’ve read most of this thread since it started…
          The admin is *NOT* being egotistical or arrogant…he has an end user who is doing things NOT RELATED TO HIS JOB FUNCTION that is having a detrimental effect on the network.
          So the admin has to fix it, right? So what, it’s his job, right?
          TO A POINT that is correct, but what do you do when you are always fixing things that one guy is constantly is screwing up. What this user is doing is not allowed, nor is it authorized.
          It’s already been tried to give him more authority and he abused it…the next step is to see what can be done to lock him down and prevent unauthorized access, etc.
          The *BEST* thing to do would be to bring up the companies computer usage policy..hopefully you do have one. If not, it’s time to implement one, get with HR and have *ALL* employees sign it.
          Once that’s in place, full documentation of each infringement leads to disciplinary action, up to and including termination.
          There should be no axe to grind towards this guy, but if his actions are taking me away from other, valid projects continuously, I feel a correct remedy is to get rid of the guy.
          Breaking rules should get you hammered…if you have a policy in effect, it really helps when you go to HR with your issues.

          Management can be shown how your time is being wasted fixing this guys problems….that means they are losing money..and THAT will definitely get something done….

    • #2733599

      Dont get personal

      by ramrod ·

      In reply to controlling a wannabe admin

      I share your pain. First and foremost do not let it get personal because I have found when that happens your judgement becomes very clouded. If you take a step back you will find that it is you who really has control as to what people can and cannot do. An earlier suggestion was to give him basic priviledges, that might be a bad idea because he will only see it as a challenge and will try even harder to bug you. The compliance document is great idea because it sets it out in black and white what he can and can’t do. I would suggest that you should add specific examples of the things that can go wrong if he does certain things and make middle management aware of the fact that it will effect the bottom line: MONEY LOST THROUGH LACK OF PRODUCTION THROUGH IT PROBLEMS, if that does not get their attention then you may be in th wrong place

      • #2733597

        Ditto on not letting it get personal

        by bigpooz ·

        In reply to Dont get personal

        Whatever you do, don’t build documentation for one person without building equivalent documentation for everyone else. If you single out one person, and then lawyers get involved, you may find yourself answering some hard questions.

        I don’t know your specific situation, but before I started my own business, I had trouble with a network administrator whose standards made it impossible for me to run my software, which was a highly sophisticated engineering design package. At the time, the program was only available on NT, and it required a huge page file. My administrator wouldn’t make the required changes, and he wouldn’t give me privileges so that I could make them. In the end, we both “won” after a round of discussions with the software supplier.

        Have you tried to reach this person on the phone? If so, did you talk with him/her as a respected peer, or did you plan the part of a parent with superior knowledge? If the latter, your doing yourself, the employee, and your company a huge disservice.

    • #2733598

      Give him is own fake admin account

      by i386 ·

      In reply to controlling a wannabe admin

      Give him his own computer with a fake admin account and put him on a seperate subnet. Make him think he’s running things when he’s not. Also, enable auditting and change your admin password frequently. Better yet, rename the administrator account.

    • #2733582

      If you’ve locked it down, you’ve done your job

      by kevin.dorrell ·

      In reply to controlling a wannabe admin

      This guy is not a NetAdmin, right? So if you’ve locked down the network properly, then he shouldn’t be able to do anything except what he is authorised to do. So you don’t have a problem any more. Or am I missing something here?

    • #2733581

      2 ways to look at it

      by mattyb_aus ·

      In reply to controlling a wannabe admin

      There are 2 ways to look at this… he’s a pain and needs to be got rid of… and the ensuing arguments, legal battles or maybe… just maybe.. use his potential….

      I had a similar problem, and instead of locking him out, had him commit to training, examinations (the first he failed thinking it was all easy) and yes, he finally saw what we knew and the effort we went to and the reasons.. and became a useful remote admin tool for me when I needed hands on the console..

      Motto”When life hands you a lemon – turn it into lemonade”

      Why are tech admins so negative about educating people, its not YOUR network – it belongs to the company.

      • #2692253

        ABS RIGHT!!

        by andreas.glaubrecht ·

        In reply to 2 ways to look at it

        So, this is what I think:
        Most (maybe not all) “wannabe netadmins” want to improve performance and usability of networks for their company.
        When they cause malfunction, it’s a lack of internal net security management or educational information, and no reason to try to get rid of them. (See my post some pages down).

      • #2737529

        Reply To: controlling a wannabe admin

        by wmdcrowder ·

        In reply to 2 ways to look at it’s is the companies network…but it is MY responsiblity to ensure it’s working properly.
        That includes everything from a Palm pilot hooked up to a PC to the AS400’s in the server room.
        And no, I’m not one of those IT ogres who wields power because I’m a geek with a salary.
        I would have regular meetings with all department heads to determine their future needs so IT could plan for it. I also had an open door policy to *all* users. If they wanted something ‘frilly’ on their system, I’d get a copy and test it. As long as their direct supervisor had no issues with using/purchasing it and it didn’t affect the computers performance or the network it would get loaded *and* supported.
        Too many companies have this problem with their IT departments. Everyone is trying to do their job to the best of their ability. Being an IT Nazi doesn’t help anyone and just makes your life more of a pain.

    • #2733579

      Everyone needs a reality check from time to time…

      by network_analyst ·

      In reply to controlling a wannabe admin

      Some of our collegues write like socialist revolutionaries. In a corporate environment where equity is generated by investor capital and wages and benefits are dependent upon worker productivity, no one has the “right to dabble.”

      Ever since the advent of the Certification Movement and Tech-TV, the number of pseudo-techs has proliferated to the point that it is becoming akin to an infestation. Nowadays, everyone seems to think they can manage a complex information management system where security, network traffic throughput, and user productivity are issues subordinated to the “wizbang nifties” associated with the clever switches Microsoft has integrated into their operating systems. The result is often a disasterous slide into the undocumented region of ad hoc configurations.

      I’d say begin by interviewing all of the people in the organization who have been victimized by this weenie’s meddling. Find out how their productivity has been affected. See if you can get the financial people to help you put a dollar sign on this trend and then submit your findings to management in the form of an objective report that states these facts using empirical evidence and scientific observation.

      Strategic management usually responds to this approach because it is their job to protect the assets of the organization. If this fellow has violated the company’s trust, they won’t expose themselves OR the company’s potential for too long a time. Be prepared to offer a remedy that takes him out of your sphere of responsibility but allows management to deal with the issue on their own terms. I don’t know how serious his interference has been but I wouldn’t think dismissal is the most appropriate first response.

      • #2733570

        Get a grip everyone!

        by psychologist ·

        In reply to Everyone needs a reality check from time to time…

        People like this wannabe, only learn by the effect they produce.

        You are not the H.R. police. If you see a violation of company policy, stop and think of two things:
        1. Does this reduce/hamper a potentional (not yet happened) security issue?
        2. Does this reduce the effectiveness of the workers and the reliability of the system as a whole?

        Since I gather this guy is NOT the REAL NetAdmin, lock them out of the system and have the NetAdmin have a face-to-face over the REAL issues.

        Do you people read your own posts? Lets get this guy!; How do I document this so I can get him fired?; etc.

        The IT section has been and will continue to be very compeditive. Since this person seems to have the same skills as most managers (I.E. to get people to do what THEY want), do you really want to piss this guy off so that when he does accuire the skills you claim to have, he returns to burn your ass inside and out?

        Sit down, drink a glass of water, and give the guy a clue.

        If after that, it doesn’t take, THEN and only then, start the “Dick Tracey Investigation” tactics!

      • #2733569

        Get a grip everyone!

        by psychologist ·

        In reply to Everyone needs a reality check from time to time…

        People like this wannabe, only learn by the effect they produce.

        You are not the H.R. police. If you see a violation of company policy, stop and think of two things:
        1. Does this reduce/hamper a potentional (not yet happened) security issue?
        2. Does this reduce the effectiveness of the workers and the reliability of the system as a whole?

        Since I gather this guy is NOT the REAL NetAdmin, lock them out of the system and have the NetAdmin have a face-to-face over the REAL issues.

        Do you people read your own posts? Lets get this guy!; How do I document this so I can get him fired?; etc.

        The IT section has been and will continue to be very compeditive. Since this person seems to have the same skills as most managers (I.E. to get people to do what THEY want), do you really want to piss this guy off so that when he does accuire the skills you claim to have, he returns to burn your ass inside and out?

        Sit down, drink a glass of water, and give the guy a clue.

        If after that, it doesn’t take, THEN and only then, start the “Dick Tracey Investigation” tactics!

      • #2737528

        Reply To: controlling a wannabe admin

        by wmdcrowder ·

        In reply to Everyone needs a reality check from time to time…

        Pefectly stated….

    • #2733565

      Difference between “wannabe admin” and power user?

      by lyates99 ·

      In reply to controlling a wannabe admin

      I’m sick of “God-Happy” admins who lock down the network so tight that I can’t use the PERSONAL computer in a manner that’s so crippled that it’s impossible for me to perform efficiently.

      • #2733540

        Give And Take On That One

        by johnnysacks ·

        In reply to Difference between “wannabe admin” and power user?

        ‘PERSONAL’ computer? Did you buy it? Are you paying the ISP bill for internet access? After seeing what a 13 year old can do to a computer and network with a broadband connection at home, it sends chills up my spine thinking of the havoc an office full of menaces like this guy can wreak with admin rights. A dumbo bomb that can go off under the sysadmins butt at any given time of the day (or in this case, night also).

        User rights can be a tough call but in a pure data entry environment with off-site network admin, there is no need for those rights. Don’t get me wrong though, I feel your pain because some roles require flexibility, I’ve paid for personal licenses for TextPad and WinZip, two benign and extremely useful tools, so would like to install and use them without a formal request up the management tree. Unfortunately, the same rights also allow crap like IM, streaming video, streaming audio, spyware, illegally obtained software, etc. to be installed.

        If you don’t feel comfortable asking to have something installed, maybe it shouldn’t be installed. Does not preclude being victimized by the ‘God Happy’ syndrome, unfortunately, we’ve all been involved in a personality clashes which in hindsight, could have been minimized by not overstaying our welcome.
        (aren’t all offices petri dishes for the growth of abnormal personalities?)

        • #2733536

          Personal Computer / Power User / Server User?

          by mcwebtree ·

          In reply to Give And Take On That One

          Firstly people should read the posts before replying. If training has been tried then its been tried, and other suggestions should be given.

          The other thing people are discussing is power users vs dumb terminals. Surely even a power user has no place changing other peoples computer settings, or messing with servers which the original poster has set.

          How about a script which runs on logon for all administrator group accounts, logging the time, date, ip address and terminal. Paired with the security logs on the logon servers. This will allow you to prove who is using the accounts and then you can point to changes which cause problems and as other people have suggested put a time / money cost on the unauthorised changes.

          Either way, best of luck.

        • #2732311

          Inane Admins

          by lyates99 ·

          In reply to Give And Take On That One

          I knew I’d get that oh-so-smug remark regarding the “PERSONAL in PC” :-).
          Of course, I don’t think that I OWN the workplace PC. I just want to use my tools to do my job.
          Sometimes it’s like an adult riding a tricycle.
          What really irks me are inane admins!

      • #2732291


        by mathieu_tl ·

        In reply to Difference between “wannabe admin” and power user?

        Well, I sometimes feel like I’m god in my work as an administrator for a Unix server and network of around 30 computers…

        You have to understand that sometimes, locking up the network is a way to make sure that people don’t go looking into what they aren’t supposed to. While my network used to be completely static and locked to specific IP for each of the frozen workstations, we had to add access for laptops that could change locations from time to time… And so security had to be loosened. What’s i’ve seen though, is that as soon as the security went down a bit I could notice people looking around, poking at stuff they should not really be checking out.
        What I mean is, while users want to be able to perform efficiently, it is the same thing for the network administrators. As the infinite amounts of problems of the type “non-working mouse” and the more complex network downtimes arise, we just want to make sure that we don’t have to give in 5 more hours per day monitoring all the traffic that we had during the day.

    • #2733560

      Been there, done tat

      by robita ·

      In reply to controlling a wannabe admin

      First, frustration is showing all over your posting and second, no one in your company cares. That?s a harsh statement but true. I do not want other people creeping into my role either because this is serious stuff which can have negative consequences on the company so I don?t need non-professional people that are not willing to follow the standards so it looks like a MacJob. Your job qualifications should include some minimum certification(s) so work with his boss to have him achieve them before he can do more. If not, this person, based on what you have said, would be classified as a hacker or cracker. I always wonder why people like this have so much time for things that are not part of their job but the boss never seems to ask any questions.

    • #2733561

      Been there, done tat

      by robita ·

      In reply to controlling a wannabe admin

      First, frustration is showing all over your posting and second, no one in your company cares. That?s a harsh statement but true. I do not want other people creeping into my role either because this is serious stuff which can have negative consequences on the company so I don?t need non-professional people that are not willing to follow the standards so it looks like a MacJob. Your job qualifications should include some minimum certification(s) so work with his boss to have him achieve them before he can do more. If not, this person, based on what you have said, would be classified as a hacker or cracker. I always wonder why people like this have so much time for things that are not part of their job but the boss never seems to ask any questions.

    • #2733558

      Security Engineer

      by ctecboy ·

      In reply to controlling a wannabe admin

      Interesting possition your in.

      No one person can tell you how to handle the problem, but I can relate a story and tell you the out come.

      I installed a system for a company and the “administrator” was called in after the fact. The system became corrupt with in a week. I was called to a meeting and in the meeting the problems were addressed. I challenged the admin to his knowledge and creditials becouse of the communication skills. I then challenge to prove what he stated in the meetting and show all parties how he came to the conclusion.

      I still have the contract and last heared he was working at a car repair place.

      Sometimes a bad situation can become a good resolve. It’s all in how you handle yourself. Don’t point a finger, find a solution, and respond with back up data.

      Good luck

      • #2732328

        Similar story from the other side

        by -loanman ·

        In reply to Security Engineer

        I had an installer come in, hired by a Vice-President of a production department and I, the administrator, was called in after the fact because he could not get any of the veep’s workstations to talk to the server.

        This bozo set up his document imaging server as a PDC of its own domain! He did not consult with the admin to find out anything about the existing network, but guess whose job it was to make it work after he set it up however the hell he wanted?!?

        I challenged the installer as to his knowledge and, surprise surprise; it turned out he had none.

        His product was removed, my company exercised its option to fire them and cancel the million-dollar contract and go with someone else. Lesson learned by both parties.

        You say don’t point the finger yet that’s exactly what you did when you “challenged the admin to his knowledge and credentials” in an open meeting. Let me know who you work for so I can avoid you like the plague you are.

        So you see class, one antecdote provided by one tech boy does not provide the one-size-fits-all solution to a complex problem. Next?

    • #2733555

      Lockdown or Liberty

      by technicaltrainer ·

      In reply to controlling a wannabe admin

      I have a problem with network admins who want to hold all the keys to kingdom. Users want to have a degree of freedom and I believe they must have a degree of freedom to continue to be of value in the workplace. If you have someone who wants to flaunt “policy,” instead of working to get him fired, have a chat with him and give him additional rights.

      I have worked in one organization that had everyone on lockdown and I have worked in another that allowed power-users. In the tight organization, users could not install or uninstall any software, could not get to a command prompt, could not customize their desktops, nor could they change their browser homepage or add to their browser favorites. In the loose organization, after achieving power-user status, such users are able to administer their own boxes in line with overall company policy.

      Obviously, I prefer the latter.

      • #2733517

        What our we some sort of pagan priesthood?

        by ir8tech ·

        In reply to Lockdown or Liberty

        I get very leary of admin’s claiming they need to “control” their users. Here’s another point of view taken from personal experience: After 7 years of Admin experience (incl. DBA work) I’ve been relegated via re-org to desktop support (less $). After training other (cheaper) people how to admin systems I used to deal with, my trainees now turn away any suggestions I make with a superior air of “we know best, we’re the admins” (this of course is too priceless when they run into big problems … then I turn back into the in-house guru/consultant). I don’t know the exact situation you are in but are you even listening to this guy? I mean the fact that he “obtained” a closely held credential indicates either sloppy security on your part or actual technical (hack) knowledge on this wannabe’s part. So let me ask you to honestly ask yourself, do you treat the opinions and suggestions of the users with respect or do you act like the pagan priest-god keeping any iota of knowledge away from the great unwashed?

      • #2732275

        Loosey Goosey

        by ahleychris ·

        In reply to Lockdown or Liberty

        I am not sure what type of work you were doing that required the command prompt, or customized desktops, or the ability to uninstall software the company has paid $$$ for, or install software that the company hasn’t paid $$$ for. I am sure, that if these things were actualy required, you would have had the ability to do it.
        All of this “Ask your self honestly, don’t you admins have this major control issue…?” crap is obviously from none sys/net admins. Or, if they are admin’s it is of a very small or insignificant network with nothing to lose if it all went bye-bye right now due to the mistakes of the many users. Someone else said it earlier, you’re not taking away privlages if he shouldn’t or didn’t need/have them in the first place. The admins must protect the intrests of the company and if that includes restricting your browser favorites and the command prompt, then that is what they should do. The Admins should exercise least privlage untill a user has a legitimate complaint about work related productivity and then ease up on security and tighten till they complain again, repeat.

        As I said before, I don’t know what you do, but not every workstation needs internet access, or to be able to “administer” the company’s workstations and network access.

      • #2732146

        liberty of what?

        by wiremaster ·

        In reply to Lockdown or Liberty

        I agree that working in a tight-locked environment can be a stress factor but, unfortunately, a lot of users think that They Know… and they don’t.
        I remember one guy always connected with a p2p network with his “business consultant’s workstation” and complaining ’cause the network was slow; i told him that p2p was not supposed to be part of his workstation’s sw equipment and not to reinstall it after the tenth HDD format.
        You know what? He is the boss’daughter’s boyfriend and has The Power.
        If you have to fight with that kind of animals, better to look for another job; it takes a very big liver to hear the boss telling you that the guy is a very important figure in the company and he should be allowed to play in the afterhours…
        So i told them twas not my business and, please, pay my bill…
        A few days later they wanted me to tell’em if i could track a suspect insider sabotage… they wanted to hire me… lol! I prefer to work in a shop where all the trouble comes from a few customers than go to bury myself in a position “between anvil and hammer”.
        If one has to work on a pc he/she has to work; i can admit playing a CD but nothing more. To make stupid/dangerous things they have another pc at home.
        My dream is to admin a *nix network, so that i can rm -rf /home/stupiduser whenever i like (sounds like BOFH?)
        Just kiddin’; ciao.

    • #2733548

      controlling a wannabe admin

      by golfosj ·

      In reply to controlling a wannabe admin

      There is a way to deal with this, document the manpower wasted i.e. hours and resources, on having to correct this wannabe mistakes. Speak to his supervisor about the situation, if you get no results, go to the next level. Also watch the individual habits, eventually he will screw up so bad somebody important will notice, lock the individuals PC down even further if necessary. Lay the bait and the idiot will try again, he can not resist. Department pollicies should be mandated and enforced. I personally have dealt with this problem on many occasions and had to go great lengths to finally get the management to realize this problem. Ultimately the individuals were counseled, wrote up and even terminated. Finally do not let your personal feeling get the best of you it is not worth it. I know it is difficult, however you prevail. Good Luck!

      • #2733544

        Hard Ball

        by jromero ·

        In reply to controlling a wannabe admin

        When things get out of control, you must do what is necessary to regain it. It is your responsibility. It is my experience that when there is no consequence that is widespread, that is an obvious effect from your ?wannabe?, then it is easily ignored. This makes for a situation that must be forced. Create an effect that can be directly attributed to the actions of your rouge associate. Allow a limited and calculated failure of resources as a direct result of his actions – the more public and visible the problem/failure the better. Staging, while admittedly ethically questionable, has been effective for me in the past. A visible action will force an appropriately calculated reaction. Just make sure there is little doubt this person was the cause and then present your documentation after you have saved the day, and watch the problem be taken care of. If not, you need to find new employ because the individual has a golden wrapper you cannot penetrate.

      • #2732397

        cool, but clever?

        by andreas.glaubrecht ·

        In reply to controlling a wannabe admin

        Hi, my name is Andreas.
        And I?m a ?wannabe? netadmin in my company.
        At first, a few words relaying the company I work for.
        It?s a company in media industry, and Europe?s biggest.
        It has about 45.000 employees in 40 countries all over the world.
        It has a unique, compatible network structure all over the world with at least 50.000 computers and servers (estimated), all reachable on my computer?s mouseclick.
        This company has a few hundreds network admins all over the world, and a bunch of them in our local place in Germany.
        Policy is (understandable for me) very strict, when rights-management is concerned.
        In my second job, I?m (beside other functions) a network admin for a couple of small, local companies.
        What made me really angry sometimes:
        Rights management can be so strict, that I thought, I have to call the local admin to have the toilet door get open.
        What was/is my strategy?
        Do become useful for the admins.
        It started with local admin rights on my own workstation and others around me.
        Now I have the rights to at least read and write on a few Unix Servers in my direct environment and to combine data for some very useful queries.
        And that is eough to do a good job, no reason to go further.
        So this is my advice:
        Lookout for some wannabe netadmins, there might be some very helpful persons among them. Avoid ignorance and help them to understand the network infrastructure and their security policies.
        Not all ?just data input idiots? are too dumb to understand your job!!

        • #2732270

          Reply To: controlling a wannabe admin

          by ahleychris ·

          In reply to cool, but clever?

          Sounds like you did the right thing, whereas the rogue in this situation from the discussion did not have your wisdom. If, he sought help or tried to off assistance then this would just be a case of he tried to help(when asked/offered) and it didn’t work out-move on. But, in this example, the case is he tried, he failed, he was asked to stop and thank you for your effort, and he continues to do his own thing. That is the problem and difference from your positive and valuable actions in your own company.

          I am all for help and techie newbies, but everyone should know one thing before they start something new-“You know nothing, and from here you can learn everything.”

    • #2733538

      “Those home grown admins/computer wiz”

      by luiggi ·

      In reply to controlling a wannabe admin

      I too have encountered these life forms. But we can’t blame all of them! I say the majority of businesses does not have or even considered employing some type of regulation or policy for end-users. I have mentioned this countless times to HR, CFO, Controller even VP Sales manager and they all listen well with a deaf ear. Most companies prefer not to employ these policies because they may hurt employees feelngs especially those who have been there for a couple of centuries. But the way the managers see it is as long as they have someone to clean up the mess who cares. The wanna be admins will always exist as long as managers do not get involve.

      • #2733524

        Seems like an HR issue to me

        by schlub ·

        In reply to “Those home grown admins/computer wiz”

        Just a quick analogy ? if you worked in a business that had a fleet of cars or trucks and were in charge of maintaining the motor pool, and you knew that an employee was without authorization stealing keys to vehicles, taking them on joy rides ? possibly getting involved in auto accidents, possibly creating liability issues for your company and certainly crating logistical issues ? would you think twice about going directly to HR and (after gathering proof of these transgressions) turning that employee in? I would do it in a heartbeat. The implications for you, your company, and your fellow employees would be too serious to allow this to take place.
        The transgressor could say ?I?m a good driver!? But that?s not the point is it? There?s a reason you were entrusted with YOUR task and part of that task is to make sure no hotshots go for joyrides ? whether they think they?re qualified or not. And even if they?re part of the ?motor pool? squad and have rights to one vehicle ? that doesn?t mean they can take the Executive limo out on a Saturday night!
        I?m always amused and sometimes dismayed at how often people look at PC?s, networks and services provided by their employer specifically for work related purposes (hopefully as detailed in their job description) and think that because things LOOK like their home computer they should be able to do whatever they do on their home computer. They also get hacked on their home computer. They also spread viruses on their home computer. Is that okay for them to do at work too?

        Just because you KNOW how to do something doesn?t mean that it is in the best interests of your company that you do something you?re not authorized to do ? what else are you doing that you shouldn?t be? That?s an HR issue that may have other implications ? physical access to buildings, etc. If I cannot trust someone to act ethically and responsibly on their computer ? I cannot trust them in any other aspect of their work either.
        In most cases there?s a reason why various people are given various levels of trust and responsibility. And it sounds to me like your wannabee is acting irresponsibly and possibly unethically.

    • #2733534

      Accept, Educate, Relegate

      by jcutshall ·

      In reply to controlling a wannabe admin

      Every Sys Admin was once in a Junior position where they had to learn. In this case you should accept that somebody is trying to help. You can provide them with a little education so that their work is productive and not generating negative work.
      Most importantly: RELEGATE. If this person wants to help, let them do the menial, time consuming tasks. Have them collect some data for reports on a daily basis. Find the boring, tedious things that you can offload and have them do it. If they can learn these things, you can create an ally within the company.

    • #2733527

      Documentation and Policies

      by myndkrime ·

      In reply to controlling a wannabe admin

      What changes were made that you can confirm in documentation that have caused down time or production interruption.

      Frequency of these occurences, has this happened more than once? Documented?

      Tracking of the problem user and their activity on the network. Document actions, resources, and time consumed by the problem user performing these unassigned tasks. Documented?


      FIRM policies on proper computer access and usage.
      Are these stated in company handbook or agreements that user has been assigned.

      Update policies and agreements to include job title, responsibility, and expectations of users.

      Included in policies statements should be made to directly address issues on PROPER and APPROVED company computer and network usage.

      Also it should be addressed and approved on the ramifications of crossing or ignoring of these policies.

      Sometimes you will have to take the fight to management and HR to make sure that these issues are included in employee handbooks and agreements so there is not any misinformation on what is and IS NOT approved company computer and network usage. It would also be very beneficial to provide management with documentation and statistics on what causes the most damage to company networks and data, internal threats and lack security.

      That being stated there is a lot that still weighs on the management that you have in place. If they are lackadaisical as to the issue of network security and data integrity, go ahead and update your resume, because in today’s environment they will not be in business for long.

    • #2733523

      reponse to admin wannabe control

      by david ·

      In reply to controlling a wannabe admin

      What exactly do you want to stop him from messing with? It looks like you got the right to install software restricted and a lock on the servers.

      Let me know what it is you want to deny him?

    • #2733520

      Are your policies at fault

      by kovalcik ·

      In reply to controlling a wannabe admin

      Is this guy being held back by overly restrictive policies, especially at a remote site. I was at a remote site and we had a sys admin at the main office. He locked everything down so we could barely see our own files let alone work as a group. He was also very unresponsive to our requests for help. We finally had to have management force him to give admin privilages to someone on site just so we would not loose days of work waiting for him to change a file’s permissions so we could work.

      Take some time to learn why he wants to be an admin. Maybe there is a good reason.

    • #2733519

      Change Management Process

      by vincent.pearce ·

      In reply to controlling a wannabe admin

      Assuming you have an ITIL based change management process, all changes must be be made via the defined change process.

      Therefore if “the _admin” wants to make a change he must submit a request for change, it will be reviewed logged approved or rejected as approprate.

      If he make a change without following the defined process he has commited an act of Gross missconduct, and he gets fired.

      This assumes you have a change management process, and “the_admin” is not your CIO.

    • #2733518

      Lock out not down

      by db8abl ·

      In reply to controlling a wannabe admin

      I agree with several concepts discussed here with a few exceptions. I’m not a firm believer in locking down desktops and have found that countless hours have been spent discussing the merits of “controlling the user” vs. controlling the user’s environment. The power user or wannabe will always find a way around the locked down desktop and the productive user will not try. You design a client configuration in order to optimize the employee’s effectiveness and call it a “build.” If the employee messes with the “build” in such a way that they are no longer productive then you reinstall the baseline (deleting any additions by the way) and log the time it took you for that user.
      In your status report you attibute the excess time to that user and ask your boss to copy the radical’s superior. Your job is to keep the department running. If your boss and the wannabe’s boss think that your time is best spent supporting this one individual then document it and don’t worry about it. Make sure their actions are visible and the wannabe will be hoist by their own petard. Also ensure the common systems are locked out so this individual cannot do harm to any other “productive” employee. My guess is that after the third time you reload their machine they will be gone and you will have done your job without conflict.

    • #2733513

      Keep your allies close, and your enemies closer!

      by rallcorn ·

      In reply to controlling a wannabe admin

      Dear Admin:

      Its hard to find someone with a drive like this guy has … you’ve done your job in locking down the network and protecting the servers. Now go to management and get him on some training courser. Take him with you to conferences. Place ADMIN training requirements on his plate. He’ll either step up to the plate, or leave the table.

      In any case, if he “wants” to be an admin, take advantage of the fire that burns within him … direct it, refine it, and benefit from it.

      Obiwan (just kidding)
      Seriously, he could be a good asset to have at “that end” of the spectrum. People are your most valuable asset. He needs to realize what you’ve had to go through to get to where you are today. If he is “really” interested in what you do, place it on his plate … as a “requirement” for continued employment. Force him to learn so he becomes an asset and not a liability.

      You be the mentor … the teacher, if you will, and help him grow.

      Gool luck!

      Rich Allcorn
      Computer Consultant

      (I was once a “wannabe” too!)

    • #2733512

      Educate, then think like a hacker

      by steelneil ·

      In reply to controlling a wannabe admin

      In reading through some of the responces I see that it appears upper and middle management dont see the problem with the unauthorized access through the admin accounts. It could be time to do some homework on the effects of hackers on company infrastructures and present it to them in a way that they may understand. Maybe they should add to the job discription of a network/security admin, educator as well. Sometimes education has to begin at the top. Show them in a well put together report how hackers both interneal and external have affected other companies, the dammage done, downtime logged, etc. Much of this information is available if you look for it.
      Then set up a packet sniffer on the network to document traffic if you have to.
      If all else fails you might have to think like a hacker. Get into this guys head if you have to, to figure out what makes him tick. Set up a dummy admin account and let him have at it, make the settings to record all actions taken or apparrently taken through that account and keep it all on the QT and record all the logs to both file and hard copy.
      Sometimes to stop a hacker you have to think like a hacker.

    • #2733507

      different approach

      by dw in wisconsin ·

      In reply to controlling a wannabe admin

      If this guy has so much time on his hands that he is messing things up it might be easier to prove his position isn’t needed than proving he’s a trouble maker. Then he’s gone and you improve the bottom line, too.

    • #2733506

      Lock him down.

      by ks_mcdonald ·

      In reply to controlling a wannabe admin

      Remove all of his right except the basics for his job. When he calls and says he can?t do something if it is related to his job give it to him, if not tell him you need to have an email from his supervisor to give him those rights. Make it a new policy after about the third time his boss will start seeing that this guy is going places he should not be going. This is all of your fault that this happen in the first place if you are the Admin. Trying to get rid of someone only take up time you could be spending on how to prevent this from happening in the future. Sorry for the harshness.

    • #2733505

      Make Lemoade out of Lemons

      by c.milhaus ·

      In reply to controlling a wannabe admin

      Sounds to me like there is a LOT of ego at play here…YOURS, try to ease off and take a deep breath or two. You may have a valuable ally here who is looking for a little support. Why don’t you try to point him in a direction where he can make a valued contribution?

    • #2733501

      What a negative title.. Use this to your advantage

      by goblenc ·

      In reply to controlling a wannabe admin

      If your approach to Mngt was anything like the title of your article than maybe that was your problem. I wouldnt listen either if you called one of my employees a newbie because it sounds personal. Calling someone with data enty expierience a “net admin” is another problem because data entry and administration are completely differnt things that in no way need to overlap generaly speaking. If the guy doesnt know what hes doing then why was he hired anyway?
      Calling someone with less expierince than you a “newbie” is pretty stupid in my opinion because I have no doubt you were probably a stupid newbie who couldnt leave well enough alone also at some point. It Seems to be how the most expierinced admins develop there skills but it goes without saying they shouldnt learn these skills on a company network. While management may be to blame for the hiring and lack of firing this person I see a opportunity for you as the admin to “shine” by proving the irresponsible nature of this employee and how his actions could compromise the entire company.

    • #2733497

      Patience, Patience & Documentation

      by chenning ·

      In reply to controlling a wannabe admin

      Dear Admin,
      I sympathize with your siuation, BUT as you rightly put it, management refuses to let him/her go. My advice, try and find out WHY – if the person has family ties upwards in the company, here’s your answer.
      But I would certainly make a record of each and every unauthorized change attempt, BUT also keep it to myself… I might choose to let my manager know, at a suitable occasion, that you are doing your job well, as part of which is to log any unauthorized change attempts. This should certainly be part of your job, and it would neatly empower you to deal with any problems caused by this other person. Documetation counts – that’s my experience.

      Hope it works – all the best, Henning C. Denmark

    • #2733493

      maybe he is right

      by techrepublic ·

      In reply to controlling a wannabe admin

      Ever thought of asking why he continues to try and “fix” the system? Maybe he is just trying to make it work well enough to get his job done. Many network system admins become control freaks who have no sympathy for the user who simply wants to get his job done effectivley and can’t because the system will not let him. Try asking what is wrong and fixing it right away for the user and these things should stop.

    • #2733489

      Where is your manager in all of this?

      by youraveragemanager ·

      In reply to controlling a wannabe admin

      Others identified some good paths.

      Present your business case to your manager and request a meeting with the manager of the individual creating the problem. Perhaps you have not found the root problem. I see 24/7 repeatedly, and over time this leads toward a perceptual blending of personal and work life. It is said that this blending is not good even for an owner of a business. I assume you want to depersonalize and resolve the issue, thus remove the stress this creates. Put the responsibility back where it belongs. Right back into your management?s lap.

      Communication is the first step. Communicate IT best practices in context of their daily business operations. Do take the time to explain to non-IT managers that IT is like their business operations, we try to become as efficient as possible given the time and financial constraints we operate within. Standards help keep their systems up and running smoothly. Relate the problems that you are sure were caused by non-IT personnel actions to time and cost. Demonstrate the wider impact of the problem, show them how this affected the other departments. It is a quality issue as well. You can focus time on fires or assisting managers move ahead on their future objectives. If they fail to understand your point, identify the problems you would create by hiring someone to perform non-IT functions in their department without their knowledge or understanding.

      Back to 24/7, it would appear that technical resources are short at times. This could be interpreted as the need to hire qualified full or part-time personnel. Unspoken and assumed are the end-users and their management?s tolerance or promotion of the novice?s activities. Provided that a computing use policy is accepted and understood, this detrimental practice is allowed to continue out of ignorance or perceived as a need for immediate on-site response. For the practice to continue, either management is unaware of the problem, or perceives some benefit by allowing it to continue. Ask them questions that help you understand the best way to proceed. Educate them by identifying both the risks and benefits.

      As far as really wanting to get this person fired, stop that, you have enough on your shoulders. Check your emotions at the door before any discussion. Do what Network Administrators do best, operate based on the facts. The root cause of your problem is not directly that offending person. It is your job to determine where the root cause responsibility resides and address your efforts to your manager, and that person?s manager and supervisor. Let them do their job of removing this barrier to your productivity, their profitability, and lastly your job satisfaction. The network is the thread that touches every part of the organization, your are in a unique position to educate them on the wider impact.

      Good luck!

    • #2732455

      wannabe admin

      by bclary ·

      In reply to controlling a wannabe admin

      There are several monitoring softwares on the market that will document every move the wannabe makes on his or her pc. We had a similar problem in our office and installed the software to monitor the person in questions machine. Within two weeks this person was terminated for installing software to his/her pc. The software will pay for itself in no time by solving situations like this.

    • #2732454

      And now you have a choice.

      by vaxenguy ·

      In reply to controlling a wannabe admin

      You are the official Network Administrator, correct? You have a staff of how many? Perhaps you should appeal to your boss, that it might be interesting to use this person as a junior network guy with several strings attached.

      First, they come to the main site and learn how the company wants things done. Your boss grades his work, not you. So that if he doesn’t do things correctly, you are not critized for nitpicking the guy.

      And if he does learn to do the job properly, and works out at the main site, then with a year of real network experience, he would be the fellow to send out to clean up other wanabes.

      If it works, you get a trained worker. If it doesn’t, he gets to be unemployed like the rest of us AND you get the credit for finding a potential network leak.

      Or you can be a controller and off the guy. The result will be how management perceives you.

    • #2732451

      Beware of Office Politics!!!!

      by jakcap ·

      In reply to controlling a wannabe admin

      In my opinion if ?the wanna be” has not been reprimanded in this situation then I?ll have to assume he?s more important to corporate then the network itself. I had a similar problem at work. After numerous written warnings nothing was done about my ?wanna be? until he brought the whole network down. To add to frustration your ?wanna be? is in a branch office which makes it more difficult to control.
      We all have understand ?IT?( other then R&D) is considered by most corporations as pure overhead.
      In other words we are not part of the corporate structure that actually earns the money!!!!!!!!!
      Be careful of your actions towards this person. It?s very plausible that one day he may be in a position to harass/fire you.

      Corporate America considers us as technicians??a necessary evil for a new type of communications system?. To them we are the ?AV/TV repairmen of the 21st century?.
      When economies get bad we are the first to get going??That?s right?get going right out the front door with a pink slip.

      I don?t care what title they give you? 99% of us don?t actually run our departments.
      We all answer to man hating Ms. Synergy. Our boss, the one with the business degree from a lame local community college. The one who is 100lbs overweight and chokes us with bad perfume and cigarette breath.


      As for the ?wanna be? you should tactically leak the admin password for the branch to him and let him hang himself ?

    • #2732446

      A Kinder Gentler approach….

      by schlub ·

      In reply to controlling a wannabe admin

      If you have already established what policies are for IT staff and if your ?wannabee? is not following those guidelines AND if management does not wish to do anything about it, I certainly sympathize with you too. There are a number of reasons that management may not wish to intercede ? as some have stated, it may be due to the way you presented this problem ? but I have no way of knowing that for sure. Or there may be some internal political issue that makes management reluctant to discipline this employee. And unfortunately sometimes management is just afraid or disinterested in getting involved until after some disaster has occurred. This could be a good opportunity to help educate your management team about the implications of your company?s information and systems.
      In any case, I agree with chenning that once you?ve presented the situation to management, and they?ve showed no interest – there?s not a lot left you can do and that your job now then would be to document any information that shows how this loose canon can potentially hurt the company ? financially, security-wise, legally etc. Provide that information to management and KEEP that documentation!
      But you can?t make management do something they don?t wish to do (however unfortunate it is that they?ve turned a blind eye to the situation). At least by documenting and keeping management informed you?ve got a track record available to illustrate how you tried to remedy the situation if something catastrophic DOES occur. (Yes this is a ?covering your butt? task ? but if management is not responsive to you NOW ? they may turn around and blame you if things go south.)
      But there are also some questions that might be looked at prior to the situation getting to this point:
      Have you really (unemotionally) spoken with this employee and have let him know that this is a problem for the company? Have you (as others have suggested) gone out of your way to remove any ?personal? component from these interactions? What kind of team-based meetings does your IT Department regularly have with all staff involved? What kinds of policy and responsibility issues are raised at these meetings? If YOU are a team player ? you?re doing all you can do. Continue to document everything, keep your management informed, and then take a deep breath and keep trying to be the most ethical and responsible person YOU can be. That?s all any of us can do!
      GOOD LUCK!

    • #2732442

      Where I would go . . .

      by gentlerf ·

      In reply to controlling a wannabe admin

      Where I would go with this is to set up a security policy such that attempts by a non-authorized user to gain admin privileges be considered the same as theft of corporate assets. While this approach is highly negative and has its drawbacks, it will resolve the issue in such a way this person, if they have any learning capability at all, will be forced to learn the company way or be terminated. Spyware on the machines at the remote site would also be of assistance in creating an audit trail of his abuse of company resources. A person who does not wish to learn things the right way, is not an asset but a liability.

    • #2732437

      This post should not be here….

      by onbliss ·

      In reply to controlling a wannabe admin

      …LOL just kidding. It should be in some kind of hall of fame (as far as I am concerned).

      I am not an admin… but by just reading the first 20 odd posts… I have gained so much respect for what the admins do, office Politics (maybe somebody should make OfficeSpace vX.x.x movie), Ego issues, career, how to create paper trails….. man it is just awesome…

      I will keep reading and keep learning from you guys.

      BTW, good luck the_admin!!! Your sense of duty amazes me… i like the point where you gave an analogy of pushing the UPS on the servers…. you are a good guy.

    • #2732436

      big fish in a little pond?

      by gdf ·

      In reply to controlling a wannabe admin

      OK, so I read the article and some of the responses. I was left with more questions than answers, most of which I will not bore you with. But one really big one stands out: what kind of rinky-dink little IT operation are you running, anyway? Congrats on finally migrating to a 4-plus-year-old OS. Way to have servers accessible so they can be tinkered with by staff. I’m so sure you let him get ahold of an important password. Nice department where all problems come to you personally, are you ever allowed to sleep or take vacations?

      Obviously I don’t know what the real situation is. But I’ve been around the block enough times to suspect that the following conditions pertain:

      1. You’re probably the lone IT support person in a small company.

      2. The management doesn’t understand computers but can’t live without them.

      3. Any “policies” that exist about desktops and software were written by you and you have no real recourse when they are ignored.

      4. Other people in the company, particularly your rogue pseudo-netadmin, have more pull with upper management than you do, and the likelihood of their violating your “policy” causing them personal harm is approximately zero.

      If most of the above points are true, you have little choice other than to co-opt this person and turn him into your tool. You know you can’t get rid of him and it wouldn’t surprise me to find that, if it came down to “him vs. you”, you’d be packing up your desk. So learn to deal with it.

    • #2732435

      Use the accountants

      by macquarrie ·

      In reply to controlling a wannabe admin

      Most requests of this nature are caused by the apparent unresponsiveness of the System Administrators. By formalizing the process you may be able to reduce the cross-organization sniping while at the same time increasing the awareness of your role.
      It’s highly unlikely that the financial / accounting people would react positively when they encountered a request for some kind of supplemental funding for “Additional SysAdmin Support for J. Blow’s Department”, especially after the reasoning behind the request is laid out.
      A request outlining the potential cost and security risks should be crafted. It should show that it is being originated by J. Blow, and that he has secured the appropriate departmental authorizations.
      In most cases, the J. Blow you are dealing with will not have the desire to proceed with the request.
      If your J. Blow does manage to get it through his chain of command you should still be able to express your disapproval when it arrives in your department.
      The overall goal is to improve: you may simply end up educating J. Blow about unseen perils, or you may become more responsive to users. In either case, it should result in better communication.

      • #2732391

        The language management understands…

        by salamander ·

        In reply to Use the accountants

        I agree with the recommendation to use the accountants in the above post. Using the language that management understands ($$ on the bottom line), in my experience, yeilds the best results. If you can rally the finance people to your cause, then you stand a much better chance of achieving your goals, indirectly navigating the politics of the situation, AND providing documentation in case something goes wrong if the request is denied.

    • #2732430

      Been there, done that, got the T-shirt

      by thumper1 ·

      In reply to controlling a wannabe admin

      I went through admin hell with a new office manager. Spent the first four months being micro-managed by her. Had to explain and justify everything I did in detail. Spent the next four months looking over my shoulder while the management committee made a decision about getting rid of me. (I found out by accident that they thought they could manage without an Admin) She told it was coming from management, later I found out it she was the instigator.
      I simply stayed focused on the job of securing data and keeping everything working. I made sure that I documented everything. She was finally fired for pissing off the wrong Attorney in our firm. Knowing I am not real good at office politics, simply concentrating on the primary job worked well in this instance.

    • #2732429


      by dwdino ·

      In reply to controlling a wannabe admin

      One thing everyone is overlooking is the setting.

      All of us were “wannabe admins” at some point in our lives. Everyone had an abundance of desire, limited knowledge, and no experience.

      But, what did we, the now educated do. We purchased scrap equipment and software, went home and practiced. We blew up our systems, we gave ourselves viruses, we took down our switches.

      Image if you took a web dev team and gave them only a live server, no development server. Every thing they tested was live, every change effecting all users … There is no way anyone would do such a thing.

      Same here!

      If this person wants to learn/develop, do it at home on your time. NOT ON MY PRODUCTION NETWORK OR SYSTEMS!!!

    • #2732422

      Simple process of managing the user

      by dcox ·

      In reply to controlling a wannabe admin

      First, it is not the job of IT to fire users. That is for management to decide.

      To manage rogue users requires a little more work.

      I recommend:

      1. Enable full logging on the user?s system

      2. Log all user activity on the servers

      3. Restrict user admin level access on workstations

      4 If you do not have a formal security policy, implement one immediately

      5. Once a policy is in place (management approved), release the document to all users via email and hard copy

      6. Generate an email with portions of the log files and send it to the user with copy to management, reminding them of the policy

      7. If abuse continues, repeat this process until management either says to let it go, or takes action on the user

      Some users are considered valuable and thereby given special privileges. In some cases they are protected to the point that an adversarial IT person could be soon unemployed.

      Your best defense is a solid one with a non aggressive approach. Gather facts, report the facts and keep all emotion out of it. Do not make it personal! Remember, it is not a matter of “how do I get this person fired”, but rather “how do I get this person to stop violating the corporate security policy”.


      Danny H. Cox

    • #2732416

      Security Threat ?

      by searcher34 ·

      In reply to controlling a wannabe admin

      If you feel this strongly about this you are going to have to do some work to stop the problem.
      The strongest way to get managements attention to terminate the problem is to show the intruder as a security threat.

      Its going to boil down to how much time “you” are willing to put in to the problem. Take advantage of this problem and use it as a learning expirence to strengthen your skills and your networks security.

      Review your networks security policies, make sure it covers this type of activities and have the target sign a policy statement that they have read and understand the policy and what will happen if they violate this policy. This should be standard practice anyway. This may scare him off it may not but you will have it in writing that they are in violation of company security policies.

      Log his work stations activities.

      Mirror his hard drive so you can examine it at your leasure for any unauthorized material he may have pilvered from the company, any unathorized software he may have added to assist in his activities, such as loggers, password crackers, etc. The courts have said this is fair game since its company property and a security issue.

      Lock down his work station to only what he needs to preform his duties and log his violation and attempts to circumvent security, etc…

      There are a ton of ways to build your case; Its up to you as to how far you are willing to go with this.
      Don’t let yourself get carried away with it either in that you begin to neglect your regular duties.
      Use this as a learning expirence. Examine the problem and build a network profile to find your network weaknesses and correct them. It will only make you better at your job in the long run.

    • #2732415

      The Proactive Reaction!

      by zmanisin ·

      In reply to controlling a wannabe admin

      It sounds like you haven’t gotten the support that you need for this issue from above, so my response assumes the perspective that you might have to establish (manipulate) an environment where this guy can hang himself, while riding out the duration by continuing to protect your realm of responsibility.

      I’ve become somewhat of an operations guy and moved out of the IT-specific arena but a few things are constant no matter what we’re talking about:

      Every second this guy is spending on your turf, he’s NOT doing his own job. IT funding comes from the stakeholders – the business units – so, surely, that’s got to translate into being a bottom-line budget consideration for the productivity of your (& his) unit. I’m sure you can think of many ways to approach the issues of “success” and “productivity” initiatives (even by just planting a spark that makes your boss think they’re his idea), that will have to uncover:

      (1) Why does this guy have time to play with someone else’s toys?
      (2) How is he held accountable for the time he spends on his own work? It must not be sufficient.
      (3) Where is the failure in our security procedure, if the world’s security ‘best practices’ state that the greatest risk management issue involved in security are within the operations of the company, not in the way it protects its outer shell.
      – Who’s responsible for security?
      – Does you company have a Computer Use policy?
      and, more specifically,
      – Does you company have an IT Staff-specific
      Systems Use policy?
      (Published complete with the repercussions for specific actions?

      You can’t (or shouldn’t) waste time on all the dweebs that can hinder your operation. Your job is to create an environment where they can’t matter. Ya might as well score some points while you do it.

    • #2732409

      Always 3 options,take the time to think of it

      by asuwere ·

      In reply to controlling a wannabe admin

      I appreciate the straightforward approach. At some point determine how the want-to-be is still beneficial to the company. Weight the training alternatives (cost) and figure a payback (first years cost /first years savings) in years. Now figure the losses in time (avg) you all spend thwarting the want-to-be. These 2 figures will give you a baseline. The person has drive and ambition but no discipline.

      So maybe I will present you with the best points of the most highlighted reasonable ideas thus far.

      We will use a 2 stage using an existing idea of training and testing for certification. The first stage must present a small project (user rights, print admin etc.) to the want-to-be and the existing network staff approved by at least one principle. Do not let the want-to-be know that someone else is working on the small project, whom maybe given to an intern or sysadmin in training. Reason for this is never depend on just one person for an important job to be done. The point being “Is there any reasonable common sense of the what-to-be has regarding good decisions. Asking the want-to-be the question “Do you really think that we would risk our very business and jobs so you can try and learn computers on company time?” .Then ash the want-to-be “If you were the business owner, would you risk your business and job so you could train some want-to-be with your computer system?

      Second stage is a summation and debriefing to the want-to-be and the concerned staff. You have lots of options here. Just remember how happen stance networking all was when we started and we will all be better off if the want-to-be is lemonade.

    • #2732403

      Prove to the Boss?

      by ·

      In reply to controlling a wannabe admin

      If you have to develop a paper trail of violations to “prove to the boss”, something’s wrong with the boss and no “proof” is going to solve the problem. Sit down with the boss and have a heart-to-heart talk about what the boss expects to be accomplished through network admin and WHO IS RESPONSIBLE. A reasonable person should understand that the people assigned to the jobs are the ones who must be responsible.

      Be nice. The boss probably has some political problems limiting resolution of the problem. Plan to solve the problem together. Without this commitment, you’re doomed.

    • #2732401

      Did you say wannabe?

      by russell_dazzle ·

      In reply to controlling a wannabe admin

      Hello and Good Day. I happen to be also a wannabe and currentlt unemployed. But I do not accept or apply to a position which I can’t do much. I am more exposed on the computer system as a freelance computer technician but not as a netword admin or a system admin.

      In view of the issues concerned, he should know that it is not under his job description to fix systems or network. He may give comments but not touch the system or network at all.

      As an advise, try telling him that he should wait for the IT staffs to do the job and not argue with him. Try convincing him that it would be better if the staffs of the IT department does the things. If your company has an employee relations staff or officer, try asking for an advise about the scenario. Maybe they could help with the paper works you wanted to prove to the boss. Supported with the IT department, meaning the IT department should investigate the damages done to the system.

      If he the case is that he is violating the corporate policies. Then it is unprofessional and unethical of him to do such a thing.

    • #2732399

      here’s a wonnabe admin taking part!

      by andreas.glaubrecht ·

      In reply to controlling a wannabe admin

      Hi, my name is Andreas.
      And I?m a ?wannabe? netadmin in my company.
      At first, a few words relaying the company I work for.
      It?s a company in media industry, and Europe?s biggest.
      It has about 45.000 employees in 40 countries all over the world.
      It has a unique, compatible network structure all over the world with at least 50.000 computers and servers (estimated), all reachable on my computer?s mouseclick.
      This company has a few hundreds network admins all over the world, and a bunch of them in our local place in Germany.
      Policy is (understandable for me) very strict, when rights-management is concerned.
      In my second job, I?m (beside other functions) a network admin for a couple of small, local companies.
      What made me really angry sometimes:
      Rights management can be so strict, that I thought, I have to call the local admin to have the toilet door get open.
      What was/is my strategy?
      Do become useful for the admins.
      It started with local admin rights on my own workstation and others around me.
      Now I have the rights to at least read and write on a few Unix Servers in my direct environment and to combine data for some very useful queries.
      So this is my advice:
      Lookout for some wannabe netadmins, there might be some very helpful persons among them. Avoid ignorance and help them to understand the network infrastructure and their security policies.
      Not all ?just data input idiots? are too dumb to understand your job!!

      • #2732393

        wannabe’s cooked in their own juice

        by pw6string ·

        In reply to here’s a wonnabe admin taking part!

        Seems like you have tried to reason with this person, and make them an asset, so now I agree with the others to make it a security case study and lock out.

        Other good thing you have working for you is that his data entry numbers will probably go in the toilet. If you haven’t alerted his boss yet that most of this guys energy is on things outside his job description I would go that route as well. Then when they have a productivity meeting he can’t blame the network.

        • #2732389

          re cooking in own juice

          by andreas.glaubrecht ·

          In reply to wannabe’s cooked in their own juice

          That’s what I call ignorance.
          The queries I developed gave me a better job, and our admins look on me from face to face in equal position.
          But maybe my English is too poor for you to understand.
          Thanks for your admittance

        • #2732388

          re cooking in own juice

          by andreas.glaubrecht ·

          In reply to wannabe’s cooked in their own juice

          That’s what I call ignorance.
          The queries I developed gave me a better job, and our admins look on me from face to face in equal position.
          But maybe my English is too poor for you to understand.
          Thanks for your admittance

      • #2737289

        here’s a wonnabe admin taking part! – a reply

        by yanipen ·

        In reply to here’s a wonnabe admin taking part!

        I do not know if you can still read this but, I am writing this anyway.

        Wannabe admins only do it in 2 ways. Doing it the right way, and, over-doing it. In your case, you are doing it the right way. In the case stated by the_admin, that wannabe is overdoing it.

        But the point here is that, the sentiments posted by the_admin is clearly justifiable. That wannabe is just plainly overdoing it. Instead of helping the IT, that golden boy wannabe just became an additional baggage that IT proffesionals can do with out.

        The whole point in this discussion has little to do with policies, rights and everything else. It has something to do with job decription and respect onto others. Being an IT works in many ways. Instead of being like the police, why not instead became a friend to everyone, which involves a give and take relationship, or think of something else better. If that wo’nt work, then it is time for an administrative decision on the boss’ part.

    • #2732396

      More info needed.

      by arosas ·

      In reply to controlling a wannabe admin

      Hi Admin,

      I used to manage 30 people in the IT department in a bank/stock broker in Mexico.

      I need more info about your problem,

      Is this wanna be in your department?
      If yes then his boss is at your level? higer? lower?
      If no then why he can have somo access to the network infra? How you manage the security issue?

      If you can give me this answers we can discuss furthermore abou it, and I’ll be glad to help you in the way I can.


      • #2732324

        Maybe your company is doing things on a cheap budget.

        by dseeger ·

        In reply to More info needed.

        Your company obviously allows your net admin wannabe get away with what he does, so why not pay him for the work he is supposed to do and if he knows a bit about assigning rights and permissions its an added bonus, for not paying the right people to do the job. Or maybe you company’s management is not so clued up on how important company data can be.

    • #2732383

      Try to discover motive

      by alan.deschner ·

      In reply to controlling a wannabe admin

      Your wish to “terminate” the wannabe is rather draconian, at least given the info in your posting. First try talking to him, seriously, one-on-one, about his job. Find out why he is trying to go around the policies. Does he not know what they are or understand why they are there? Is his boss asking him to do something where he needs more privs? Have you talked to his boss? Does he not know what his job really is? What is the business problem he is trying to solve? Is the policy itself appropriate?

      You may need to educate him and make him an admin in order for him to do his job, but his boss has to buy in to that idea. Overall, I would try to address the underlying issue and correct that before declaring him insubordinate and terminating him. Of course, it might come to that in the end, but it should be the very last resort.

      Good luck with the problem, the non-technical ones are always the hardest.

    • #2732381

      another vote for DC guy’s approach

      by ghostguy ·

      In reply to controlling a wannabe admin

      i’m currently in college studying network-management-admin, and from what you say, your wannbee is a straight out of the textbook security
      flaw waiting to happen

    • #2732367

      Would your job be at stake in the near future…

      by onbliss ·

      In reply to controlling a wannabe admin

      Well, I kept reading and saw many posts that talked about the wannabe’s political clout. And, many have suggested coopting.

      Meanwhile a thought to keep at the back of your mind, if your company is real small, and the wannabe knows your stance regarding him (I’m sure he must have an idea about it by now)… can he replace you? Is that possible? If yes… maybe time to update the resume.

    • #2732362

      Juvenile admins

      by dotxen ·

      In reply to controlling a wannabe admin

      In the UK we cut their hands off. Or we give them a damn good bashing in some obscure broom cupboard.

      Getting technical or even caring and explanatory is a complete waste of time. Some of these people still think that digital watches are a pretty neat idea!


    • #2732336

      response to the wannabe admin

      by dseeger ·

      In reply to controlling a wannabe admin

      Your best bet with dealing with the net admin wannabe, is by reading the company policy that has been placed for the employees, using the company’s computers. If there is none, then you will not know whether what you are trying to install on the computers is right or wrong, maybe the company has strong security issues that are being implemented without your knowledge, which basically leaves you on a need to know basis. As long as your net admin leaves you with enough rights so that you are capable of getting the job done then that is fine, but if you have further need for more resources, then you should submit a letter of request to your manager and he/she should inform the net admin to give you what you want. It’s not a solution for getting rid of the net admin, but it is a solution for atleast trying to get what you want.

    • #2732327

      OK; Anybody actually read the story???

      by -loanman ·

      In reply to controlling a wannabe admin

      All these suggestions to “offer to let him help” seem to come from people who missed a crucial part of the story, to wit: “He is not interested in learning how to do things the right way, so there is no point in trying to use him in any sysadmin capacity.”

      For those who were napping, he is not interested in learning how to do things the right way, so there is no point in trying to use him in any sysadmin capacity.

      Now, in case you missed it, he is not interested in learning how to do things the right way, so there is no point in trying to use him in any sysadmin capacity.

      Did you get it that time?

      I have a headache…

      • #2732222

        Yeah I read it!

        by schlub ·

        In reply to OK; Anybody actually read the story???

        Yeah I read it! And I agree with you ? a lot of the suggestions about ?making him a partner? etc seem to have missed this point – but there?s also the possibility that ?the Admin? has just presumed this attitude of wannabee to be true. I didn?t read anything where the Admin actually spoke with the wannabee did you? There were a number of conclusions about what wannabee did or did not want to do ? but nothing specific about what transpired when the Admin actually spoke with him.
        I only mention this because I have seen instances where an Admin (with the best of intentions) made an assumption about some behavior of a staff member (not me!) and was angered by the supposed affront and acted from that anger rather than first trying communication and next staying even-tempered and professional. In a couple of instances I went to the person involved in the dust up and spoke with them and said ?what?s up?? and have been able to clear things up sufficiently to avoid more rigorous actions.
        Communication skills are NOT the strong suit of most people in IT, unfortunately.
        But mainly I agree with the ?lock down ? document ? say goodbye to?? solutions posted ? if just talking with the person involved doesn?t begin to move things in the right direction ? and quickly!
        It also seems like several postings seemed to take things a bit personally themselves regarding the ?power? of the Admin. Hey ? that?s WHY that person is the admin and you?re not!
        Being the administer of a network doesn?t just involve technical skills and logistical knowledge ? it involves an understanding of company policies and taking the responsibility to insure that the stability, security and productive use of the network is a constant in the workplace. And let?s face it, wannabee or not ? there are many users who don?t seem to ?get? that and see their local workstation (or even worse ? their entire network) as a glorified play station where they can hone their skills for there next job ? or just mess around for the heck of it.
        If that?s the case, the Admin should make sure this person gets a nice push towards that ?next? job as quickly as possible!

        • #2692259

          You’re right, of course.

          by -loanman ·

          In reply to Yeah I read it!

          All we have to go on is what the_admin said about the situation; we are all inferring a lot of things based on our own experiences that may or may not be true. I agree with your assessment, all the points you made, and wish I had been that thorough in my post. You said exactly what I wish I had said (I guess I wasn’t as even-tempered as I should have been).

          Now I’ve personally been a net admin for 9 years for a national bank and now do it for a nation-wide government agency. Before that I was a PC tech extraordinaire for 4 years (since I’m not using my real name it is not boasting to say that).

          But I guess it is time for me to sheepishly admit that I’ve been on both sides of this situation; I started out as the wannabe at a small company who had no real IT person (this was before the term IT was even used; back then, it was MIS). I fixed other people’s problems at the company and became the de facto computer guy, to the chagrin of the aptly-titled Controller who knew much less than I but had nonetheless designated himself as the “computer guy” (he knew how to run chkdsk /f and format /s and that was about it). Yes, I neglected my actual job duties. Yes, I messed with my computer to teach myself about them. Yes, I screwed up stuff. Was I wrong to do what I did? Sure was. Should I have focussed on the job I was paid to do instead of using the company as my own personal computer lab? Of course. If I could go back in time, would I do it again? Abso-freakin-lutely. I’m much better off as a computer guy than I would be as a social services guy. So I can sympathize with both sides, although in my situation there was no the_admin there telling me to stop. Nor did I forge blindly ahead without attempting to learn best practices or in spite of a more knowledgable person telling me I was doing it wrong.

          When I finally lost that job because I wasn’t doing what I was supposed to, I was able to skew the unofficial computer experience angle enough to get a job at a local PC repair shop. And the rest is history.

          Thanks for setting me straight and making the points that I should have made, but was unable to get them to crystalize.

        • #2692234

          Actually that can’t be taken seriously

          by oz_media ·

          In reply to You’re right, of course.

          THe guy wants his hands in everything but is then said to not want to learn anything? I think not.

          It is probably just that he doesn’t want The_Admin to teach him anything, I’ve seen that before more than once.

          I know nothing about The_Admin and no nothing about his personality, going simply on what information is provided here and the varbage used in the original post, it doesn’t take a brain surgeon to figure out that The_Admin may not be the easiest person to work with or under. Again, this is mere speculation and I don’t want to defame the admins achievements but it is a VERY common issue with the “this is MY domain” and I am the great Domain Ruler.

          You know the Saturday Night Live sketch with the computer guy who just steps in and rolls his eyes at all the users? Well they got that concept from somewhere, it isn’t just fabrication.

        • #2737449

          Just be ready

          by user@# ·

          In reply to Yeah I read it!

          I’ve scanned a bunch of the replies and such to this. Your’s sounded pretty decent– just one suggestion: when you get ready to give the “fire him or else” message be prepared to have to walk out. If they won’t do anything about him and it makes things intolerable for you to stay then you need to be prepared to let them have the bed they want by finding a better position for yourself.

      • #2692772

        Have you read the story

        by jadamson ·

        In reply to OK; Anybody actually read the story???

        just because the_admin says he has no interest in learning does not make it so. Where is his justification of this clause? What attempts has he made to educate. Read between the lines the_admin has a grudge (possibly justified but that has yet to be seen) and has no interest in educating. He mearly wants to dispose of an employee and thus keep his percieved position “at the top of the admin food chain.”

    • #2732326

      Audit his @ss

      by fahfahn ·

      In reply to controlling a wannabe admin

      Enable the auditing feature on his computer. This will allow you to track his successful and failed logon attempts and even privelage usage. You can then export those entrys into a text document and submit it to his supervisor. If you’re running a windows 2k or 2k3 server, you should be able to administer this feature from your server so you won’t have to make up some excuse to use his computer.

      Good luck!

    • #2732321

      It’s all about career manamgement.

      by ena ·

      In reply to controlling a wannabe admin

      From the discussions I get the feeling that trying to fix the problem by dealing with the “Wannabe admin? side is not going to work for you.
      Your best bet is to manage his actual role, not the role he is playing with. As fas as his management is concerned, if he completes his official work there is no problem. It’s his official role you have to “manage”. If he fails here, his management will take notice.
      Why is he playing at a “Wannabe admin”, what are his reasons? Why does he think this way? How is he dealing with the official role?
      When you know these points you can manage him right out the door.

    • #2732302

      What goes around comes around!

      by harry-0 ·

      In reply to controlling a wannabe admin

      Simplest solution is a key stroke capturing program installed on his machine. Have th results ent to you via email. The program will be hidden your mail will be hidden from the user. Had same problem – you migh get more than you suspected – and cretainly it is info that can be shown to tjhe boss! Have fun see example program below:

      WinWhatWhere Investigator by WinWhatWhere Corp.

      Download WinWhatWhere Investigator (7.64 MB)
      WinWhatWhere Investigator monitors all PC activity in Stealth including every keystroke, mouse click and application run on the PC and can send that data remotely via email. Version 3.0 adds the capability to monitor “both sides” of Instant Messaging, Chat and Email applications for unprecedented monitoring reach and detail. Granular detail monitored by Investigator 3.0 include, date, time, elapsed time, window titles, URL’s, dialog boxes, file activity and both formatted and unformatted keystrokes. Investigator can selectively monitor applications or time periods and provides an optional Notification Banner to let users know they are being monitored.

      While hacker attacks and virus outbreaks grab headlines, many security experts consider disgruntled insiders as a greater security threat to an organization. WinWhatWhere Investigator’s stealth and forensic detail make it ideal in these investigations for law enforcement, government, business, and private individuals. Used in corporations and high profile FBI cases, Investigator can also be used to discover computer abuse in the home. Other uses for Investigator’s powerful monitoring capabilities include; providing audit trails, software license verification and emergency back up data.

      Stealth Installation: Investigator runs silently in the background
      Stealth Email: Email Investigator data in Stealth
      Notification Banner: Let users know they are being monitored
      Hi an Low Detail: Provides different levels of monitored detail
      Selective Application Monitoring: Monitor only certain applications
      Email, Chat and Instant Messaging Monitoring: Capture both sides of these sessions
      File Activity Monitoring: Monitor changes to files
      Deploy Utility: Standardize your installations
      Auto Summary Reports: Convenient Summaries of Investigator Data

      Found this on Wugnet

      Have Fun – Good hunting


    • #2732262


      by fluxit ·

      In reply to controlling a wannabe admin

      I have to deal with a three week wonder who thinks he is a programmer but lacks any degree of coding skill. Yet he is assessing my and others work informing us and the boss of what is right or wrong with our code. He is thoroughly documented but the company refuses to fire him because he has an attorney deal with his human resource issues. Worst yet he got promoted and a pay raise.

      You’ll have to do the psychological thing on him. Begin by limiting rights and priveleges to manage this guy. I would innocuously turn on system auditing and track everyone’s behavior including his. (Strongly suggest that a independent pc do the tracking so the servers are not tasked) They all should be notified of the auditing system in use to track security issues. Flash a banner on login and cite Federal Reg’s or local code in the text on the banner. ie:

      “This is is for official company use only. Use of the system constitutes consent to monitoring pursuant to CFR xxx.xx.x and City ordinance 123-123. Regular system reports will be submitted to management citing website, software installation, virus, and other dubious activities. If you do not agree with this policy then LOGOFF the system IMMEDIATELY addressing your concerns to proper management.”

      Other psychological things you can do:

      1. Trumph up a computer incident. Have a investigation into some security issue closely similiar to this guys activities. Have independent auditors – private investigators (ask a friend unknown to the others) to come in to conduct the forensic investigation. Have the investigator get all excited about his findings and grab you in front of this guy for a private conference. Make sure the investigator sort of leans forward and looks at this guy kind of eyeing him.

      2. Write up an draft incident report discussing the circumstances around a problem. Cite in the draft report some activities closely similiar to his. Accidentally leave it in the clear for him to see.

      3. Get a pager and have the system page you when software is installed or certain other activities are conducted. Have the pager go off in front him once or twice then run to the computer room.

      4. Have monitoring messages pop up on his machine accidentally because you forgot to set some things. Then apologize for the disruptions. Heck use net send to pop a message up if you don’t have the monitoring software.

      5. Have the company attorney on retainer draft a letter stating the law regarding computer law and legal actions. Have him stipulate in the letter that his firm deals with employee misconduct and he looks forward to working closely with you. Leave the letter in the clear to be seen.

      If you are a technology guy you are already demented enough to do these kinds of things with a great deal of skill. Technology guys are known for being psycho’s and you can have this guy so paranoid that he’ll be fearful of logging in if you are even slightly skilled at this.

      • #2732207

        need better people skills

        by kblack1a ·

        In reply to I FEEL THE PAIN…

        Have you thought about becoming a civilian guard in Iraq? They ran out of “trumped” up ideas for dealing with problem people. Be careful, this same problem solving technique might be used on you.

        • #2692490


          by fluxit ·

          In reply to need better people skills

          You’re a day late and a dollar short. Things like this are done every day – even by your own church against you!

    • #2732253

      Sorry but, is this your failure?

      by rcom ·

      In reply to controlling a wannabe admin

      First, if he’s a “wannabe” how come he’s getting past your security or if he’s unsuccessfully attempting to gain access to features not available to him, so what! Either way if he’s not supposed to do these things it’s up to you to stop him.

      Everyone administrator has dealt with this situation and yes it can be very frustrating. But you have to look at this as just another security issue and find a way to deal with it. It’s best to handle this between yourself and the person involved. I promise you, upper management doesn’t want to be bothered with this type of non-productive flack between IT and the users they are there to support.

      Your statement about trying to get the person fired is what shows you’re not considering what’s best for the company. You have a personal problem with the individual and that would be evident to anyone you bring this up to. Unless he’s really breaking the law or some serious company rules you won’t get him fired. Why would the company spend the money, time and effort to go through the new hire process?

      You mentioned what may be the solution. If he’s got some experience and is interested in helping you may be able to use that to your advantage. You’re saying he doesn’t want to do things the “right way”. IMO you really mean “your way”. Establishing a workable solution to this situation shouldn’t be that hard. Get rid of the hostility and look at it by considering what’s best for the company and this will work out just fine.

      Remember, by trying to get him fired you may end up loosing your own job.

    • #2732249

      You have to lock him down

      by developer+ ·

      In reply to controlling a wannabe admin

      It’s a remote office so it makes some of this harder, but if takes a drive/flight to the remote office that may be what you have to do.

      If he’s doing data entry/scanning he should have little or no need for diskette or cdrom access or internet access. You need to configure the bios so he can’t boot from other devices besides the HD. Assign a BIOS password, lock the computer case shut. Make sure he’s only a member of groups he needs to be. Use group policy to limit which apps he can run.

      All of this should’ve be done before he got access to the computer – since it’s after the fact you’ll have to either restore from a clean image or search the best you can for any extra software he’s installed or has downloaded.

      The same should be done to other computers in the remote location. I know the other users aren’t the problem but if you take away the options on his computer but leave others open he’ll use theirs.

      I know this is quite a task and will take time/money. But without doing this you won’t be able even start keeping him out.

      If he were to take over and restrict your access what would you do to get it back. IE you’ve gotta start thinking like a hacker to get out in front of this guy and start blocking him – rather than playing catch-up.

      If you can’t do anything crank up the auditing on the local admin account and his for that matter.

    • #2732233

      Change your attitude

      by rnmathur ·

      In reply to controlling a wannabe admin

      You are making two contradicting statements. On the one hand you say that he does not know much about computers/networks/etc and he is not interested in learning how to do things the right way, so there is no point in trying to use him in any sysadmin capacity. On the other hand you say that he has not quit trying to mess with things!
      If he doesnot have sound knowledge of systems, how he could mess with things, that too in W2K environment where virtually everything is under system administrator’s control.

      It seems you are afraid of his knowledge capacity and because of his managerial influence you fear about his becoming your substitute. That is why you want him fired by any mean. I have seen so many system administrators trying to scuttle learning curve of users. Almost all require dumb users who should be completely dependant over them even for simpler tasks like copying a file. I suggest you change your attitude from negative to positive and encourage him to understand the underlying principles of systems. He can be very useful for you in the long term by assisting you in managing your systems efficiently by lightening your workload. He is closer to other users than you are. So he can teach others how to use systems efficiently and more productively for ultimate gain of your organisation.

    • #2732220

      Wanna be Admin

      by cshipman ·

      In reply to controlling a wannabe admin

      First, stop looking for a way to fire the guy, that’s not your business you don’t have time. Second, find out what it is his office thinks you not providing. Third go to his work stantion, lock him down to a user only, so he gets the message, don’t fool around. Stop trying to do it from your consol, visit the work station.

    • #2732173


      by riffl ·

      In reply to controlling a wannabe admin

      I agree with those who have cautioned you about making this a personal crusade. You need to rein in your emotional reaction to this clear affront to your authority. If you have already taken the issue to management, then you did your job in warning them of the threat to security. Your next step is to improve your security procedures and document any further attempts to violate security policy. (You *do* have a written security policy that has been approved by management?) I would be most concerned that an admin password had leaked. You may have more than one security problem here.

      The most important thing is that your conduct and attitude be kept at a professional level. If you come off to management as petulant, petty, and vindictive then *you* will be viewed as the problem and not the wannabee.

      Good luck.

    • #2732164

      Different perspective

      by elwoos ·

      In reply to controlling a wannabe admin

      I have a slightly different view of this. I am essentially a DB admin, but I also provide support to a unit. My unit has been partly moved under the jurisdiction of a new group of Network Admins.

      Where I previously had order, they have brought in chaos and inconsistency. Previously working software (and I’m talking Word and Excel here so nothing unusual) does no longer function as required (e.g. can no longer save to the network!, can’t use VBA, not patched etc…)

      They change their rules every five minutes and end up causing twice as much work for others as they resolve. To add insult to injury they are now trying to tell me how to manage my database when they clearly don’t know how to manage a database. They have messed up my system so much that no-one, especially me, knows what’s going on any more. And if I need them to do something e.g. a simple login, it can take months and months. One computer has taken them nearly a year to configure, so long that they have had to do it again with a newer OS!!! I’m not the only one who complains but as their boss is next door to them and “pop’s in when something is wrong and they deal with it quickly” there is not a percieved problem. In addition my manager isn’t interested without hard evidence.

    • #2692488

      Another View

      by dwdino ·

      In reply to controlling a wannabe admin

      Let’s put this in a different department, Accounting perhaps.

      We now have a rogue accountant, a “CFO Wannabe” if you will. He steps into the office of the CFO and changes financial documents, approves funding requests, and cuts funding where he feels is needed.

      When the CFO returns, many departments are upset with changes instituted by the CFO that he has know idea about. The CFO then has to work extra to resolve these fires.

      Upon finding that employee X had done these things the stuff would hit the fan. The employee we be removed before he could put down the pencil! There would be no “taking the person in”, or “training their passion”. Simply, ADIOS!!

      Now let’s twist the story a little bit. Employee X is the bosses relative. He is covered by “Daddy”. The CFO makes known the ruinous ways and actions of Employee X. “Daddy” defends Employee X and passifies the CFO.

      From now on the office of the CFO and all documents therein remain tightly secured as this is the only recourse.

      Why any different here?!

      We are entrusted with the network and all attached devices (or our sphere of responsibility). We are tasked to make performance enhancements, maintain stability, and minimize loses. Any threat to this responsibility must be mitigated and removed.

      If Employee X wanted to be a CFO, he would need to study and practice elsewhere, and wait for the opportunity; not just assume the role. Same in I.T.! Like the cliche says, “Just because you can, doesn’t mean you should”.

      If like the CFO your hands are trully tied, LOCK IT UP! Put Employee X on the SH*& LIST and make him have to ask permission for everything. If or when he learns to follow these rules you can back off a little.

      If questioned about the tightened security explain that you have taken steps to minimize a security threat, and will loosen restrictions upon removal of said threat.

    • #2692432

      logically you’re not the real admin

      by ·

      In reply to controlling a wannabe admin

      You said you’re in charge of everything “electron”. You said he’s a wannabe and messes things up systems-wise obviously.

      You cannot lock him up. You need paper trail and we’re dealing with “electron”. Have you heard of logging? Have you heard of remote computer administration? If you can’t do this you’re not the real admin. Perhaps, the other guy will be once he gets your administrative privileges.

      In this situation I would rather let him do things below the critical line of trespassing corporate policies. How critical is server screen-saver locking anyway?

      As I gather, you already had a brush with him and it provoked enmity. Maybe it’s not too late to patch things up and make him earn your respect.

      • #2692422


        by warbug ·

        In reply to logically you’re not the real admin

        If the data entry guy can can get around your “security” can you imagine what the real hacks out there are useing your company for?…:P

        It should be simple to shut this guy down, I think there is more to the story than we have been treated to!


      • #2692232

        Well said but

        by oz_media ·

        In reply to logically you’re not the real admin

        “Maybe it’s not too late to patch things up and make him earn your respect.”

        Perhaps it is not wannabe who needs to earn the Admin’s repect but the other way around. Maybe The Admin needs to earn a little of the wannabe’s respect.

        • #2737559

          Take IT Outside

          by driv ·

          In reply to Well said but

          Is there a parking lot out back? If that doesn’t solve it REAL QUICK maybe management will decide REAL QUICK to “OUTSOURCE” both of you problem children!
          Suggest: “How to Win Friends and Influence People”
          BE A LEADER

    • #2692407

      Why terminate when you can traim?

      by brad.ashforth ·

      In reply to controlling a wannabe admin

      I remember during the early 80’s when I had an interest in computers (and like your nemesis) knew enough to be dangerous. But NO ONE would bother TRAINING ME for the career that I was obviously interested in!! In fact, it was quite apparent that they were really more interested in keeping me from learning how to do their job simply as “job security”. Why not approach your nemesis and ask a few pointed questions, such as:
      What do you want to do career-wise?
      Do you LIKE working on the network?
      Are you INTERESTED in learning how to do it right using proper procedures?

      I personally think that it is a good thing to have a PROPERLY trained person at a remote site. Saves travel. Be a mentor.

    • #2692190

      apprentice, ego check, etc.

      by k.h. ·

      In reply to controlling a wannabe admin

      ive been on both sides of this scenario before – as a newbie to admin duties years ago to a current admin. my best advice is this. continue to do your job in securing the network. document and file your logs to track any security breach, internal or external, including this one. and don’t take it personally if someone wants your job. take that as a compliment and consider mentoring newbies (not necessarily this one).
      remember that its your job to provide data security and integrity. if your boss doesn’t understand this guy could be a potential problem, give him a “what if” explanation – what if he gained access to sensitive information and leaked it out. im sure your boss wouldn’t want that.
      ive worked along side a lot of intelligent admins, as well as a lot of ego-driven admins. make sure your ego is in check here too. don’t be puffed up with pride and taint your view of this newbie if in fact its just a problem inside yourself. i’ve always appreciated the apprentice working for me.

    • #2692189

      Try This

      by naiser ·

      In reply to controlling a wannabe admin

      Set up a dummy node and have him mess with it and in way when you show it to the boss make it appear that the entire network is corrupt by his actions. This is a simplistic idea that you may want to try. Plain old way just set him up somehow.

      • #2692738

        Oh joy….

        by jellimonsta ·

        In reply to Try This

        Oh, it brings me such joy to see the decline or civil morality. I wonder why people are even surprised by corporate scandals or immorality issues.
        [q]”Plain old way just set him up somehow.”[/q]
        Is this what the work force has come to? We cannot accept someone else is capable of performing our job functions and are so insecure we would “set them up”?
        I don’t think I would be able to comfortably look myself in the mirror if I stooped so low.

      • #2692737

        Say What???

        by jafa ·

        In reply to Try This

        Man…What are you talking about? What a REAL BAD piece of advice!!! Who do you think would take the fall on this one?? If I had an admin (or anyone for that matter) in my office deliberately attempt any stunt like that “HE” would be the one looking for a job!! Your idea of “setting up” the user and then lying to the boss to accomplish such ill gotten gain would be purely bad ethics. And I thought the acts of the The_Admin were a bit sceptical but your idea takes the cake!!!!

        • #2692644


          by oz_media ·

          In reply to Say What???

          I was shocked as hell when I saw the post myself, I figured ‘oh well I guess that’s what people have come to now’. I guess not, based on the replies, so I will also say, the post was so underhanded and dirty the guy is going to be running for president in no time.

          Get a job in politics, you are no help to the business community.

    • #2692813

      He IS the Admin

      by bucky kaufman (mcsd) ·

      In reply to controlling a wannabe admin

      He refuses to accept this and management refuses to fire him for the things he has done/attempted to do.

      If you can’t lock him down, and he has admin privledges – he’s not just a wannabe. He IS the admin – YOU are the wannabe. Your management team confirms this by tacit approval.

      You claim that he does all kinds of bad things to the network, but that you have no way to document it. If you’re not capable of DOCUMENTING a network, you’re certainly not capable of ADMINISTERING one.

    • #2692754

      dealing with the “expert”

      by user@# ·

      In reply to controlling a wannabe admin

      Not quite in the same realm, but we had one guy who constantly jiggered with the thermostats. One night, after he left, we put in a computer-controlled thermostat, locked the keyboard and hid it behind a calendar. After a few days of suddenly non-responsive “working” (we never removed the old thermostat– partly to see what would happen), he took it upon himself to call a repair service– a call we quickly quashed once we found out (he did not have the authority to do so). Eventually, we had to get rid of him.

    • #2692540

      Sometimes we are forced into the position of wannabe…

      by wgp_enoch ·

      In reply to controlling a wannabe admin

      In my company I am labeled the wannabe on many occasions. I am a central office phoneman. I am responsible for the flow of data related to the phone service and the maintenance of that service. Unfortunately my stuff rides across the IT network to get out to the wild wild web.

      I think this convergences thing is going to get nasty before it gets better. Whenever a problem arises our management will always side with IT whether or not it affects customer service.

      I could tell many stories of me losing control of the phone network and even lost hardware that was purchased under my budget. Imagine losing a $200K system to the IT department because I am just a phoneman. I’m not bitter.

      • #2690578

        We all depend on each other

        by marimar60 ·

        In reply to Sometimes we are forced into the position of wannabe…

        It’s to bad that people that work within a company can’t realize everyones job description is intertwined, and everyone depends on everyone to keep a company running smoothly. However, it doesn’t matter where you work, you are always going to have one or more employees forgeting where their job description ends or begins, then you have problems. Admin, have you ever approached this guy face to face about his after hour activities? If the head honcho won’t do anything about it, try taking matters into your own hands. Sometimes simply sending an email isn’t as powerful as that face to face communication.

    • #2691183

      I feel your pain.

      by mmarble ·

      In reply to controlling a wannabe admin

      I don’t have a great solution. All I can say is once we implemented strict user access policies, 90% of our software issues went away. I used our helpdesk requests statistics to document the increase in IT’s efficiency. I made sure management was aware of any IT accomplishments resulting from not having to spend time putting out fires.

    • #2737557

      Those shouting to give this guy more power…

      by jdurand1970 ·

      In reply to controlling a wannabe admin

      …are crazy or want to lose their jobs as network administrators.

      Yeah, it would be nice in a “Waltons” kind of way to turn this joker into a friendly “underling”, but that is not, and should not be, your primary focus and you should feel absolutely no obligation to.

      Based on your description of him, I’d dare say he wouldn’t respect that role anyway. I?m telling you this is a classic ?give ’em an inch and they?ll try to take a mile? kinda situation and kinda guy.

      Forget all this armchair psycho-analysis mumbo-jumbo some of these crackpot posters have been spouting. Lock down your network as best you can and push management to define clear roles for both you and this annoyance. CYOA, man! CYOA.

      What it really all boils down to is your paycheck. You have been given the responsibility to maintain your company?s network infrastructure. Behind basic functionality, security is the most important aspect of what you do. Your compensation is dependant upon how well you do this job. Don?t let this joker take that away from you.

      If he has aspirations to become a network admin, let the guy approach learning through proper channels: suck up to you, take a class and get a clue, learn at home on his own P.O.S. network or, better yet, hack someone else’s network (maybe the network of one of those ?feel good? network admins that advised you to ?give him more power?).

      • #2736746


        by kratos7 ·

        In reply to Those shouting to give this guy more power…

        I’m just graduating with my MSCIS and I am changing my profession from Law Enforcement to INFOSEC in the very, very near future, so be gentle if I sound a little elementary because I’m new.

        I totally disagree with giving this guy some type of admin position just because he wont stop doing what he’s been told not to do. That’s like letting a child do whatever he wants growing up, then when he’s 14, you cant figure out why he comes and goes when he pleases. At what point do you stop rewarding his disobedience, when he has your job? He’ll have a Pavlovian response, he’ll keep expanding his reach into the network because he’ll think that his position will be increased.

        Since some have said that maybe this should be taken as an opportunity to really lock down the network, why not go on the offensive? Is there any reason why you can’t delete his account from the network, everytime you catch a breech from him? Let HIM explain to the boss why he cant work for the next 24 hours because is account is gone. Let HIM put HIS job on the line, instead of yours. Can you do the same thing to the other people who gave him that admin password? If we cant do that, somebody explain it to me so I can learn. This sounds like a problem that I might face in the future.

    • #2736993

      Not a solution, but a good story

      by variscite ·

      In reply to controlling a wannabe admin

      Years ago the non-IT “boy wonder” of the company was accessing my system after hours (not remotely, but on-site). I let his boss know. His boss told me what a good worker “boy wonder” was and that he even worked 20 hours a day (that I knew because he was staying late and accessing the system). “Boy Wonder” was always curious about what tracking was available – I told him none and then tracked all his activities. His boss did nothing, but I documented that I did report it. After I left the company I found out that “boy wonder” had stolen much electronic company information, actual physical maps and embezelled millions of dollars. They discovered this when he went on vacation back to his homeland and did not return to the US. Although I didn’t work there any more, I visited his bosses’s boss and told him that I had reported the employee. I got the satisfaction of watching the boss being escorted to the door that very day.

    • #2731744

      doccument doccument doccument

      by jimmypi ·

      In reply to controlling a wannabe admin

      Since I am like every other tech in the trenches I hate that work. I like to be the “fixer” who comes and just makes everything work. BUT I always get 1 or 2 people who think they know networking or computers and want to change things like thier default gateway, then tell everyone else to change it, and off I go to fix 100 people who listen to the village idiot. After doing this week after week, month after month, for the same people, I started relying on a tracking system to do my work with. Enter a ticket, put down the resoution and the people involed. Nothing is better than waking into a managers office with a pound of papers from his one employee, and usually its the one employee that is giving him a problem also…..

    • #2736757

      who is the problem?

      by jcrose ·

      In reply to controlling a wannabe admin

      You are not bright/skilled enough to lock him out or have a candid conversation with him and his supervisor so you want him fired?

      Work on your leadership skills that from the evidence here do not yet exist. You may come across other curious employees. If we fire them all, we will not need the system so much.

    • #2736471

      Paper Trail Remedy

      by mtreske ·

      In reply to controlling a wannabe admin

      Hi, I found a great program called Spector Pro, that can help you with the papertrail issus.
      I have employed it on several occasions to prove that someone is “messing” with things that they are not allowed to.
      This program will record screenshots, emails and keystrokes. Ideal to print out and show the Boss if their is any doubts as to what the guy is doing.
      Your Boss needs to understand that you cannot be held resposible for the security risk to your network with this guy messing with the systems.
      I’d also get a policy in place very specific as to what a user can and cannot do with your companies equipment. I downloaded one from TechRepublic last year and it has served us very well with the employees.
      Hope this helps!

    • #2736303

      keeping a user “a user”

      by paulas ·

      In reply to controlling a wannabe admin

      We have a Service Level Commitment as opposed to a Service Level Document due to lack of manpower to meet most time constraints…but, we refer to it whenever our users want to “balk” the system. We have one user in particular who has wanted Admin rights ever since he started because as a remoter user in his previous employment, he was allowed to do his own pc work. We have repeatedly told him for three years now he cannot have admin rights or install software himself, spoken to his supv many times, etc. We simply continue to tell him he cannot install software & that it must come through our helpdesk. Sometimes you cannot ever get the user to understand your policies or reasons for not letting them do the work themselves!

    • #2726582

      This is a business problem, not an “IT” problem

      by eugene ·

      In reply to controlling a wannabe admin

      It sounds like 99% of your users play within your policies and rely upon you standard IT solutions.

      This fellow is either being tasked to do stuff he is not suitable for or he is acting off his own initiative. The solution is the same.

      The pain he is causing is not being felt by his boss in a meaningful way. Once pain can can be quantified ($$$), the message will come through loud and clear.
      Account for the time taken to fix the mess he causes and bill his office/cost centre.

      His boss will have a choice of using the ‘preferred solution’ (you), at no charge or paying a premium for using someone else and their 2nd rate solutions that will need to be re-worked anyway.

      I am sure that once you add up the costs of you as a resource (a qualified SysAdmin + ad-hoc responses + the opportunity cost of having you diverted from your propper job + the time involved in tracking exactly what this guy is up to) it will far outweigh the cost of a data entry resource, no matter how fast he types.

      The remote office can then have the choice of a direct impact on their bottom line.

      Money has a funny way of making a manager face up to their responsibilities. If they still persist, at least the IT department is recovering costs.


Viewing 82 reply threads