Just seems like you're taking an awful lot of risk personally for your customer.
I've actually believe it or not spent time working with a bunch of SMBs. I guess I got the smart bunch of customers because I've always been able to convince them to do the right thing. Thanks, Brian Desmond [email protected] c - 312.731.3132 From: Jim Majorowicz [mailto:[email protected]] Sent: Wednesday, July 08, 2009 5:33 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain With all due respect Brian, You're applying MLB practice to a SOHO perspective. Even those of us in the SMB space understand the "service" Erik is doing here. Owners of small companies will not see the value in your perspective only the cost. Those of us that cater to the smaller business will do everything in our power to protect our clients from themselves. From: Brian Desmond [mailto:[email protected]] Sent: Tuesday, July 07, 2009 10:34 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Yes pretty much. Here's another way I'd think of this. What's your liability insurance got to say about this bonus service? What happens when you tell the customer you've made a backup of their whatever and their office burns down a couple days later? Sure you can just restore that bonus backup except your laptop got runover by a bus in between the backup and the fire. A colleague had some wise words for me the first time I did a gig at a legal services customer - "Just remember, they can sue you for free." Many customers I deal with, offsite backups consist of tapes going in these heavy duty metal boxes with locks on them. The boxes are barcoded or numbered or something and a guy comes to pick them up, signs for them, and the offsite people basically guarantee their safety until you sign for them when they come back. The delivery guy also drops off any locked tape boxes whose retention policies dictate their return as they've expired. In the unlikely event of some major crisis, the offsite people are on the nut to get your box of tapes somewhere in some prearranged guaranteed time window. Some customers are also sending stuff live (e.g. replicas on standby hardware) into a 3rd party datacenter designed for this sort of fallback plan (e.g. Sungard). They also have contracts where if their computer room burns down or something the vendor is on the nut to provide K servers of approximate configuration Z in location Y within X hours of notification of the requirement. These vendors have the kind of capacity and capability to deal with something like 9/11 or Katrina if the customer has the action plan to respond. Or perhaps something more simple like the two datacenter fires this past weekend - Seattle and Toronto both had high rise carrier hotel fires. One of them, I forget which, the electrical busing between floors was completely hosed (literally) from what I heard. Thanks, Brian Desmond [email protected] c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: Ken Schaefer [mailto:[email protected]] Sent: Tuesday, July 07, 2009 11:59 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain Erik, I'm going to have to agree with Brian on this. Making a copy of someone's DIT isn't the same as a proper backup. I don't think Brian's questioning your professionalism here - but if I was a customer I'd be quite nervous about this to. The type of clients that Brian works with don't need consultants to take offsite backups for them :-) Cheers Ken ________________________________ From: Erik Goldoff [[email protected]] Sent: Wednesday, 8 July 2009 6:39 AM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain You're entitled to your opinion ... but from my experience, providing and offsite backup at my expense ( zero charge if not needed ) is a very VALUABLE service to most of these small businesses. And I *NEVER* do this without fully informing the client, so they always have right of refusal. Most have no idea about proper business continuity planning, and don't think ahead on how to get the business runnining again after a network shutdown. That said, I think your characterization of 'walking off with a copy' a bit harsh, it's not like I'm stealing a copy for my own benefit, selling to black hats, or putting them at extended risk. I would hope, given YOUR background, that you already have fallback plans in place, and it would not be necessary for ME to cover your behind like I do for many of my clients that don't know any better. Erik Goldoff IT Consultant Systems, Networks, & Security ________________________________ From: Brian Desmond [mailto:[email protected]] Sent: Tuesday, July 07, 2009 2:39 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain IMO a "network security engineer" would know better than to take copies of sensitive customer data like that. Put it this way, if you were on my payroll and I found out you were walking off with a copy of my DIT you'd be shown the door straight away. Thanks, Brian Desmond [email protected] c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: Sherry Abercrombie [mailto:[email protected]] Sent: Tuesday, July 07, 2009 11:52 AM To: NT System Admin Issues Subject: Re: Win2003 DC on Win2000 domain Agree with best practices, but with personal experience in dealing with consultants, we make them sign a contract/NDA that prohibits them from using any information or disclosing it outside our organization. On Tue, Jul 7, 2009 at 11:47 AM, Erik Goldoff <[email protected]<mailto:[email protected]>> wrote: With all due respect, if they cannot trust a network security engineer that helps to maintain and improve their security ( have remote access to firewall and TS ) then they may as well still run on paper. Their internal security knowledge, as well as any BCP is practically non-existant. But from a best practices perspective, you are right. Erik Goldoff IT Consultant Systems, Networks, & Security ________________________________ From: Brian Desmond [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, July 07, 2009 12:28 PM To: NT System Admin Issues Subject: RE: Win2003 DC on Win2000 domain That is pretty scary from a risk management perspective that you're walking off with a copy of the customer's AD. Thanks, Brian Desmond [email protected]<mailto:[email protected]> c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
