I am not a happy camper right now so take what I have to say with a grain of salt. [insert disclaimer here]
That said, for those who are tasked with managing a large, multi-location network, using any tool that will help you do your job is highly prized. Unfortunately, within this context, it is common to confuse what the goal is. That is, the overall goal should be to assist the organization in meeting its mission. For some, this is manufacturing and for others a service. For us, it is the administration of justice.
However, the confusion comes in where some Information Technology (hereinafter IT) managers begin to think of the network as their own and that employees are invaders that, at best, must be tolerated and, at worst, must be tracked/blocked/spied upon.
Recently, under the guise of implementing a large network-based application, our IT division began surreptitiously installing a very costly program called LANDesk. I say surreptitiously because other than notifying a committee that does not regularly report to employees, IT refuses to let anyone know about the installation. They refuse to put up a notice on the internal intraweb site (which is what the site is for). They refuse to send a memo to all division explaining what the software is for and why it is being forced down on all desktops, via the network, without their prior knowledge or consent. In other words, they seem to be very closed and are essentially telling everyone else to "bug off" because IT knows what they are doing and no one else does nor needs to know. Of course, I don't know what IT knows but I note, yet again, IT has apparently hired a consultant to do the installation and configuration for them. Perhaps I'm wrong, but this would tend to indicate IT doesn't have the in-house expertise to install and configure such an application. But I digress.
LANDesk has several modules intended for different situations. But for users, the modules that affect us are: one that secretly "inventories" the users PC, one that surreptitiously allows IT to watch whatever is on your screen (in real time), and the one that can take over control of the PC itself. I would not be surprised if IT already reads all the emails coming and going within our system. But, I guess, that may not be enough in the war against employees. IT now seems to want dominion over all desktops attached to the network.
There are many unfortunate problems with this situation. The most important, right now, is that LANDesk does not seem to be compatible with some types of security software such as anti-virus and anti-spyware utilities. And by incompatible, speaking just for myself, I mean LANDesk will corrupt data to a point in which the user must reformat the drive. Within one week, I got between five and 10 blue screens of death and various other Windows errors that locked up my PC. Any of these episodes may have been the one(s) that finally caused by PC to become inoperable, but I can't say which one in particular did the deed. Although it is possible the installing of LANDesk was coincidental to my problems, common sense tells me otherwise.
In any case, I had to reformat my drive and re-install my applications. Needless to say, I am less than a happy camper because this occurred during the time I was working on the internal project I've mentioned before. This project started nine month ago and culminated in a 75 page report (30 pages of which are data tables) that I recently finished. Fortunately, I kept multiple copies of the report in different locations so when my PC went down, I still had access to the draft.
Did I mention I am not a happy camper?
Lastly, central control of all PCs on the network opens a door for a worm or virus to be spread, all at once, to every PC. Stunningly, IT seems to be blind to this possibility and has no procedures or policies, written or otherwise, for the physical security of the workstation that controls LANDesk nor any procedures or polices to cover the eventuality of an employee accidently, or on purpose, either spreading a virus/worm or the taking of confidential information from employee's PCs. This, even though it is common knowledge that the most common vector for spam has been internal IT employees stealing the information and selling it to spammers.
To me, the purpose of the network is to help employees do their job of meeting the mission of this department. However, it seems IT has decided users are a virus that must be stamped out, or at least controlled. This is, apparently, regardless of the consequences and without transparency or accountability.
More tomorrow when I will talk about the changes to MT 3.2 (and why this site is looking so strange).
Aloha!
Comments (2)
You and me both! And I'm in IT - but they've "outsourced" computer support and network management in our *large government organization* to a new organization created by pulling most of the "support" staff out into the new org. There's, again, no accountability back to us, no concern for what we need to be able to do our jobs, and a fondness for "one-size-fits-all" solutions that don't really fit anyone. Machines that aren't created in their image don't have full network connectivity (not just they aren't allowed to join the domain; I can see that - they're blocked from such sites as Microsoft [Windows Update, anyone?], Byte, Government Computer News, Security Focus, . . . .). I need administrative rights to at least my machine to carry out security scans on unmigrated (because they don't want to take them on) servers, but I can't have it becuse that doesn't fit in with their world-view. So I need to run the scans from a machine that's not part of their domain, but that can't get updates because it's been physically moved to their network. Oh, and did I mention that they still haven't deployed XP SP2? They've been testing it and are about to do so, but . . . Before they took over our systems, we were running SP2.
Posted by Jon | September 14, 2005 10:40 AM
Posted on September 14, 2005 10:40
Seems your IT folks have won this round.
Many in IT see it as an us-against-them struggle - protect the hardware/software from user abuses! The real problem is that while some of these kids in IT might be real geniuses, they lack the human touch and perspective you get from working the other side of the line.
Some day someone will see all of this cost-cutting for what it really is - stupid - and buy a clue. We can only hope it's soon.
Posted by John D | September 20, 2005 8:29 AM
Posted on September 20, 2005 08:29