I see two sides. One is simple. It's the companies equipment and policies. If he doesn't like it, quit. The other side is tougher. It sounds like there may be issues with responding to problems and requests. If in fact there is nobody to unlock an account on a weekend, or be on top of issues, then you have other problems you need to think about. While security is a huge part of your job, it should not hinder people from doing theirs. If people are expected to work on weekends, then someone should be available to do things like unlock accounts. As for software installs, do you have a policy for this (something like requests for installs will be fulfilled within one working day or whatever)? I don't know how big your company is, or how high the risk is. Can you enlighten us a little more? There is a fine line in IT that helps create the love/hate atmosphere. If you are doing things just because you can, that's just dumb. If you are doing things because of specific reasons or experiences, then perhaps letting the others in on that may help. When I started at my company, the last IT guy had beat them senseless. They were like scared kids. They weren't even allowed to have desktop wallpaper and in fact a few had been ripped new ones for it on a number of occasions.
When I create or change a policy, I don't just tell the users how its gonna be. I explain why the changes are taking place and what has led to the decision. They are usually very accepting after knowing why. -----Original Message----- From: C.Rajagopalan [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 28, 2002 8:35 PM To: MSWinNT Discussions Subject: OT: User Outbursts - How to handle ? Hi ! We are a medium sized departmental network, with minimum administration and security policies in place. Connected to the Win 2K DC are predominantly Win 2K Pro boxes, with very few 9X machines. Our NW Admin & Security Policy is a clear guideline, framed by a Committee including the Management. Salient aspects of the approved Policy include min. 12 char complex passwd, to be changed every 30 days, cannot use last 12 passwds, only admin can install new programs, a/c locks after three unsuccessful attempts, etc. While everyone in the Dept. is comfortable with this arrangement, one User is not, and has shot off the following email (I reproduce the excerpts only). Focussing on the larger issues, I would like to know how your company handles such a situation ? From an Admin point of view ? From a Security point of view ? Are the policy features unreasonable ? Who should have the upper hand - the User or the Policy ? Would be happy to receive reactions and suggestions. TIA, C.Rajagopalan, NW Admin User Outburst (User Identity withheld) ========================== [snip] Now with your policies, it seems to me, we are like school kids, entering DPEND everyday, with a fear of getting a beating from the Administrator, for not doing the homework (policies are updated regularly with maximum hassles and minimum freedom for the user to use his own PC). It is like, if I have to enter my house, I need to go and get the key from the Administrator! (Because I am not allowed to have a key of my home!). I am not allowed to use any of my belongings in the house without the presence of the Administrator! The NW policies mimic the above situation. Users are not allowed to do even the defragmentation job without the help from the administrator. We are unable to update the scientific software, without the mercy of the administrator! By mistake if we type a wrong password on Friday evening, we need to wait a few days for the arrival of the Administrator! If we forgot to change the password , the PC is locked! If we need to install small software, we need to wait for the convenience of the administrator! These are highly objectionable policies. Why to impose so many restrictions on the users? The individuals are allowed to manage their costly equipments worth Lakhs and crores, without such restrictions, at their own risk! They sincerely keep the systems in healthy conditions. Department trust their employees and give them full freedom to look after and maintain the systems/equipments/labs. After all, why we need to open up the PC's for the administrator. The present policy would only help the administrator to be the King and everyone needs to be at his Mercy. There is absolutely no benefits other than that. I do not understand what we benefit from all these controls? It is quite easy to say that all these measures are for keeping the virus out. But someone can easily send a virus file from outside. Or someone can bring a file from another infected PC. Then the PC is affected! NO virus packages can guarantee full protections to the PC's. Then why do we blame the virus, for each and everything! In brief, the network policies are really unwanted and the users are wasting lots of their precious time to satisfy the requirements and policies of the administrators rather than their own benefits. E.g.: DPEND LAN can not be accessed by others. Why do we need to change the passwords every month? That too with the maximum complications? (14 character, no previous 13 passwords etc..) Who do you afraid of? Do you fear the DPEND users so much? What is the necessity of locking the PC for 760hrs? After all there are many options available in the Administrator set up of Windows 2000, and you have chosen the worst option, which no other Administrator ever opted for. While the Administrator has NO faith in the users (e.g.: password policy), the users have to blindly trust the administrator! [snip] ================ ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to %%email.unsub%% ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
