You're not allowed to install anything by yourself!



  • Okay, following scenario: My father is a principal of a primary school and recently changed to a new school. Only slightly larger than the old one.

    Now, with funding being what it is, this previously meant that I had to help him a bit in the computer department. Like, using an old Pentium-133 using fli4l to get the 7 PCs allocated for the pupils connected to the internet. With ISDN speed, that is (hence fli4l - I simply was unable to find a cheap ISDN router anymore) I also had to build some biquad WLAN antennas to boost the signal between class rooms and the router due to the school being formed like a U, with the router in one end of the U and the class rooms on the other side, plus not being allowed to lay network cable.
    Thus I became accustomed to being the guy who helped my father with the computers in his school.

    Forward to the new school. You may also remember the thread where I complained about a software with a 16bit installer - while I tried to install that program, I also took a look around the PC to see whether anything was amiss. Did look fine, lacked only Secunia PSI which I've come to like because it reminds me of every software update not distributed through Windows Update. Thus I installed it. It's free and makes your PC more secure. What's not to like?

    Cue forward one week where I got a call from my father because the technician was irate that there was one piece of unauthorized software installed. After being lambasted by the technician for installing stuff (how should I have known? My father didn't tell me and there was no single logo in sight anywhere, not on the casing, the desktop, nowhere), I asked him how one would go about "authorizing" a piece of software (NOT specifically this kind of software. ANY kind of software).

    Answer: You can't.
    And the discussion only went downhill from there.

    This is a small tech support company we're talking about here, 20 people or so. They're also paid by the district to help the schools in the district. Thus, strictly speaking, the school is their customer. The guy also admitted that he personally uses Secunia himself and considers it a worthwhile piece of software. And yet, when I asked him if they could not consider looking at adding such software to their default setup (I also mentioned VNC so they wouldn't have to drive there every time for support), I only got two answers: "We can't do that." and "We were not ordered to [think, I dare say]".

    Good grief. I mean, I can understand not wanting to install every software under the sun. But such a bullshit reason?

    Considering my background, I'll most probably end up being responsible for the network of another school. However, this company will be very low on my list of recommendations should my principal ask me to pick a company for tech support.



  •  Instein ones said "No good did never go not punished"



  • I used to work for a public school district as an IT person.

    You should consider yourself lucky if they don't suck out your soul and tear it to shreds.



  • @KrakenLover said:

    I used to work for a public school district as an IT person.

    You should consider yourself lucky if they don't suck out your soul and tear it to shreds.

    Much as they do to the students.



  •  @SilentRunner said:

    @KrakenLover said:

    I used to work for a public school district as an IT person.

    You should consider yourself lucky if they don't suck out your soul and tear it to shreds.

    Much as they do to the students.

    Rising class sizes *do* have an advange!  Soul surplus!

     


  • Garbage Person

    @Rhywden said:

    Secunia PSI
    Never heard of this. Neat. Thanks.


  • :belt_onion:

    @KrakenLover said:

    I used to work for a public school district as an IT person.

    You should consider yourself lucky if they don't suck out your soul and tear it to shreds.

    I [i]still[/i] work as a systems/network admin for a private school. And we have the same policies disallowing installation of software, except we rarely have to enforce them because we hand out local administrator rights once in a blue moon. Where's the WTF? (Other than that they won't even consider giving permission for installation of software; we'll consider it and install it ourselves if we approve it.)



  • @heterodox said:

    I still work as a systems/network admin for a private school. And we have the same policies disallowing installation of software, except we rarely have to enforce them because we hand out local administrator rights once in a blue moon. Where's the WTF? (Other than that they won't even consider giving permission for installation of software; we'll consider it and install it ourselves if we approve it.)
    I've bolded the relevant part of your response.

     



  • @heterodox said:

    Where's the WTF? (Other than that they won't even consider giving permission for installation of software; we'll consider it and install it ourselves if we approve it.)
    I think that's.... exactly it.  Isn't that exactly what he said?


  • :belt_onion:

    @Sutherlands said:

    @heterodox said:

    Where's the WTF? (Other than that they won't even consider giving permission for installation of software; we'll consider it and install it ourselves if we approve it.)
    I think that's.... exactly it.  Isn't that exactly what he said?

    Perhaps I was reading too much into the subject of this thread. Any environment in which end users can install software by themselves is completely unmaintainable.

    @KrakenLover said:

    @heterodox said:

    I still work as a systems/network admin for a private school. And we have the same policies disallowing installation of software, except we rarely have to enforce them because we hand out local administrator rights once in a blue moon. Where's the WTF? (Other than that they won't even consider giving permission for installation of software; we'll consider it and install it ourselves if we approve it.)
    I've bolded the relevant part of your response.

     

    I fail to see your point; my point wasn't public vs. private, my point was that's not at all uncommon in any sort of corporate/organizational environment.



  • @heterodox said:

    @Sutherlands said:

    @heterodox said:

    Where's the WTF? (Other than that they won't even consider giving permission for installation of software; we'll consider it and install it ourselves if we approve it.)
    I think that's.... exactly it.  Isn't that exactly what he said?

    Perhaps I was reading too much into the subject of this thread. Any environment in which end users can install software by themselves is completely unmaintainable.

    Then maybe they should consider downgrading the user rights to "standard user" and not "super user"? It's not as if Windows does not have tools to disallow installation of software.



  • @heterodox said:

    Any environment in which end users can install software by themselves is completely unmaintainable.
    We have 50,000 desktops and our standard is to have users install their own software. If they need help, someone from the help desk will remote in and run the installer for them -- as the user. We found that it costs way more to send a tech to install something trivial like Visio than it costs to re-image computers that were hosed by the current inhabitant. We even have a few users that we put on a re-imaging schedule.


    We do push out stuff like MS Office and security updates, but pushing out software used by fewer than a thousand people is too expensive. The application deployment team bills our team $4,000 to package a single application, $6,000 if they are busy and need to hire a contractor to do the work.



  • @Jaime said:

    our standard is to have users install their own software. If they need help, someone from the help desk will remote in and run the installer for them -- as the user. We found that it costs way more to send a tech to install something trivial like Visio than it costs to re-image computers that were hosed by the current inhabitant.
     

    TRWTF, dare I say it, is Visio.

    I use Excel to draw diagrams, thangkewvurrymush.


  • :belt_onion:

    @Jaime said:

    @heterodox said:
    Any environment in which end users can install software by themselves is completely unmaintainable.
    We have 50,000 desktops and our standard is to have users install their own software. If they need help, someone from the help desk will remote in and run the installer for them -- as the user. We found that it costs way more to send a tech to install something trivial like Visio than it costs to re-image computers that were hosed by the current inhabitant. We even have a few users that we put on a re-imaging schedule.

    So if you re-image computers they lose all their software and have to start over with the installs? We do remote installs too; however, I can't charge $4,000 to package applications. I can only do it when I have time to sit down, read AppDeploy, and do the scripting and testing. We're looking at AutoInstalls for when I'm gone since it can be integrated into Ghost.

    I'm not saying your approach is wrong; I'm actually interested in learning alternate approaches which give us more time. We just like to have standardized images that apply across the board and be ready to re-image the whole domain at any time should we need to.



  • @heterodox said:

    @Jaime said:
    @heterodox said:
    Any environment in which end users can install software by themselves is completely unmaintainable.
    We have 50,000 desktops and our standard is to have users install their own software. If they need help, someone from the help desk will remote in and run the installer for them -- as the user. We found that it costs way more to send a tech to install something trivial like Visio than it costs to re-image computers that were hosed by the current inhabitant. We even have a few users that we put on a re-imaging schedule.
    So if you re-image computers they lose all their software and have to start over with the installs?
    Yes.  The non-standard software is the responsibility of the user.@heterodox said:
    We do remote installs too; however, I can't charge $4,000 to package applications. I can only do it when I have time to sit down, read AppDeploy, and do the scripting and testing. We're looking at AutoInstalls for when I'm gone since it can be integrated into Ghost. I'm not saying your approach is wrong; I'm actually interested in learning alternate approaches which give us more time. We just like to have standardized images that apply across the board and be ready to re-image the whole domain at any time should we need to.
    If it is your goal that IT can re-image every computer in a short period, then you have to have total control of the software.  However, I'd say the problem is your goal, not your solution.  The lost opportunity cost of limiting the software allowed on workstations and the time it takes to get software rolled out far outweighs the cost savings of centralized software management for us.

    In my experience, IT people have a hard time letting the past go.  Fifteen years ago, it was normal for IT to lock everything down.  Today, things like iPads and cloud computing are making our lives very different.  Pretty soon, an on-staff server guy is going to be the exception, not the rule.  Android, iOS, corporate web apps, and SaaS have made the "locked down desktop" a near impossibility for any company that wants their employees to take advantage of things that have been invented in the past five years.


  • :belt_onion:

    @Jaime said:

    If it is your goal that IT can re-image every computer in a short period, then you have to have total control of the software.  However, I'd say the problem is your goal, not your solution.  The lost opportunity cost of limiting the software allowed on workstations and the time it takes to get software rolled out far outweighs the cost savings of centralized software management for us.

    Must just be a difference in environments, I suppose. We've done this (since before my time) from the first version of Ghost was released we could use with NetWare servers (needless to say, we've moved on in some respects). In our cost/benefits analysis, we have to consider that we have three staff members: the department head, a part-time technician, and me (and I do very little except occasionally helping with Google Apps integration these days). We have way too much work to do as it is to learn another management solution. Also, the demands must be different in our environment. Almost no one needs any non-standard software. Even most of our historical exceptions (e.g. business office needs QuickBooks) have been moved to a terminal server, so that's only one endpoint that needs to be maintained.

    Guess all I've proven with my argument is that different organizations have different needs. :p


Log in to reply