IT Employment

General discussion


User blocking net admin access

By efox ·
I have a user that under the excuse of storing highly sensitive information in his ws, blocks my access as a net admin to the pc.

Of course, without any supervision, the ws was infected shortly with a virus.

After a full reinstall, he changed the Windows password once again.
Now my boss asked me about a lost file in this user's pc.
He always refused to store any information on the server, that is backup nightly.

I'd like to hear from others in my same situation.

Thanks in advance,

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Well I haven't been in that situation exactly

by Tony Hopkinson In reply to User blocking net admin a ...

I was in a situation where I was not allowed to administer personels' server ( a pc really, but never mind).
The solution was quite simple I didn't administer it, they did. I sometimes got asked questions how to do things and if they were nice to me I helped them out.
If you can't administer it, don't is the simple and only answer. You could advise them on back up facilities, firewalling, anti-virus etc.
You're in a situation where you can't and they obviously aren't.
One of these issues needs adressing. Why don't they do an encrypted backup to your system. They have the key and can read it you have the file so it will be safe. As for the virus, well that's a good reason to go ballistic, if they can do that inside your DMZ or they are not inside it build another firewall around them immediately.

Conversely just beat them over the head with an admin manual until they die or something.

Collapse -

Issue for business manager

by stress junkie In reply to Well I haven't been in th ...

Tony's advice seems like a good approach to living with such a situation.

This sort of thing has to be taken up with management. If the appropriate people approve then there isn't any legitimate recourse. Try to keep your focus on the best interest of the business, which means, as Tony said, cooperating with the person in configuring the equipment.

My other observation is that system administrators are, by the nature of their job, in a position to see all business confidential documentation. The business management typically takes the position that the system administrator has got to be trustworthy. I question the legitimacy of the ws user's claim that the documents on the ws are too sensitive to be accessible to the system administrator. The only situation where this might be a legitimate claim is if there are classified military documents on the machine and if you do not have a clearance sufficient to access them.

My first thought, however, is that the ws user is either running a separate business and keeping documentation for that on the ws or they are keeping pornography on the ws.

Collapse -

Thats what happened

by Tony Hopkinson In reply to Issue for business manage ...

Lines were drawn, responsibilities established, end of conflict.
That's what's got to happen here as well, the current situation is untenable.
I could possibly have lived with being locked out of the data as an admin and provided backup facilities, the virus thing though, I don't understand how that can happen. Well actually I do, but he wouldn't be doing it inside my network.

I seriously think about monitoring what this guy is accessing after all threat and security investigation is definitely an admins responsibility

Collapse -

Tell him to go pound sand

by dafe2 In reply to User blocking net admin a ...

Put a firewall arround him (or) remove him from network. YOUR responsible.

Anyway, the guys a knob & puts the network at risk. Refuse to do anything for him.

Explain your position to management & ask what they want done.

On the other hand, as Domain Admin, you could do all kinds of other stuff to screw with this primadonnas head too ;-)

As Stress Junkie said.......I (too) have yet to meet an admin that was restricted from Info on the network. It's a position of trust by definition.

Collapse -


by DigitalXeron In reply to Tell him to go pound sand

If he places your network at risk (be it security or viruses), threaten to remove him unless he cleans his machine and can prove it, as stated in the previous post, it's not your responsability for the welfare of his files if he does not utilize the servers that are backed up but it's your responsability if he places your network at risk.

Collapse -

Does this user have Admin. privileges?

by deepsand In reply to User blocking net admin a ...

If so, does he really need them?

If not, set him up as a User, and reserve the Admin. privileges for yourself.

Collapse -

Admin rights

by efox In reply to Does this user have Admin ...

Yes, he has Admin rights because he is one of those users that likes to install whatever he wants.
I'd be in trouble if I tried to limit his actions.

The problem is that with that freedom, he degrades the OS very often.I agree that a net admin must be a trustworthy person and I don't fit in that level for this unruly user.


Collapse -

Sensitive Data

by BFilmFan In reply to Admin rights

I would have a discussion with the manager if he is holding HIPAA or SOX related data on that workstation.

And I would find out what the policy is on acceptable usage. As soon as he violates it, record the incident, follow the procedure (usually it is notifying IT management and HR and legal that an acceptable usage violation has occured and to protect company assets you are deactivating his network user and machine account. Then turn off his network port.)

If they are not willing to deal with the issue, notify your boss that all issues concerning this workstation will no longer be handled by you, since you cannot effectively administer the workstation. This means that management will be solely responsible for all legal ramifications of the loss of HIPAA or SOX data, inadvertant release of client data, etc.

Then when bozo user gets a virus or corrupts his system and needs help, point him to your boss and politely say, "I am sorry. I do not manage your workstation. You will need to discuss that issue with my manager."

Usually taking a hard line on the issue is the ONLY way to deal with these political games that happen in some offices. If you state clearly that you refuse to play them and management has to deal with it, the games usually quickly go away.

Collapse -

Put it in WRITING

by hstearns In reply to Sensitive Data

I have been in a similar situation and the only way to handle it (in my not so humble opinion) is to:

1. Inform management and make sure that they are aware of the possible ramifications of letting this "loose cannon" have his way. Put the information in writing. Maybe even have a manager sign-off giving this user the right to be an "exception".

2. Document EVERYTHING! He has a virus; document it. He refuses you access to his WS; document it. Track his network/Internet usage; document it. It can save your hide in the end-run.

Collapse -

You've got to wrap this guy

by Tony Hopkinson In reply to Admin rights

up. Does matter how much control he needs on his PC, or how secret the data is, wall him off from your network. If they won't pay for a hardware solution proxy the bleeder off a pc you do control, no way he can argue with that. As far as back up goes all he needs to do is take a copy encrypt it (RAR/Winzip with a password would probably convince this amateur) and then park it on your server for daily back up.

Set it all up looking extremely sullen as though he'd got one over on a mere pleb like you.

Then monitor the clown's traffic. I'm almost positive he'll give you a whole load of opportunities to **** him right out of the airlock.

Related Discussions

Related Forums