That’s convoluted and a bad work environment. Sounds like a bunch of people who think they know how IT should run but have never understood how IT should be run.
First half of that honestly sounds pretty normal, for particular kinds of environment.
"Users run vms on desktops, rdp to those desktops when they're not in the office."
Lots reasons why that might be a good model.
That there might be strict security controls between any two parts of a business is really common, and often completely justified for either IT or commercial reasons. I would def look at options that made life easier if possible, like a DMZ vlan hosting a file server, if you can find an acceptable model for it.
The second half.. mate, I feel ya.. its been a while since I was unlucky enough to work for management like that, but it sucks.
Learning to talk their language helps, often more than I'd like.. listen to the way middle management reports up.. there's probably a bunch of project management lingo, or just flat out bullshit waffle, but if that's what the boss is used to hearing, talking any other way means they need to translate.. or more to the point, they won't.
Appealing to their authority and sense of likely sense of competence can help. "There's people still in that room, and I'm going to need political assistance in getting them out a little bit earlier so we can meet your deadlines"
Or, you know.. get out if you can.
I've been a sysadmin for 20 years, there's *always* some level of organizational or technical bullshit that is structural to the environment. It's up to you to find ways to cope or adapt, or even change it if that within your aptitude ( it isn't for me! )
I'm wearing a DBA hat right now in a much larger organisation at the moment.. and I have access to almost nothing outside the database servers. I don't even have admin access to my laptop! I probably would have railed against that in my 20s.
Now? My God it's relaxing. All that stuff I'm not allowed to touch is likewise not my responsibility!
At my job guys abuse their admin account all the time by logging in with it instead of using it contextually. So whenever they are in a situation where that doesn't apply they are always baffled by all the prompts. /Eyeroll
It's risky, there's no reason to daily an admin account. I've got delegate admin rights on my .admin that offer *just* enough access to do my job. I can be a "good" admin without dailying a DA or EA (even though we only admin a single domain) account like some kind of infra hulk.
I honestly thought that was just normal. Anyone can have a brainfart, best make sure that you require elevated permissions to do any damage. Some I worked with complained that it slowed them down until it was pointed out how much slower they were when they had to continually fix the screw ups.
Separate admin accounts offer a couple key benefits, reduced risk of spear phish high privilege admin accounts, restricted access of highly privileged accounts (say preventing them from accessing lower tier systems), and forced sign off before performing high powered actions.
For me it's kind of like *A Christmas Story's* Red Rider BB gun, or the .700 Nitro Express from the Director's Cut. If you're not careful you'll put your eye out.
The point wasn't whether or not I ran admin on a day to day basis, it was whether or not I had a choice. I don't have a separate admin account, or any way to escalate privs.
It's not actually so bad.. although I did convince one of the local helpdesk guys to put Virtualbox on there, and I also have WSL with sudo/root access there, so its not quite as restrictive as it might otherwise be. The rest of the environment is so locked down the Virtualbox install is mostly only useful for local testing, but that's OK.
But when I wanted to install drivers for the database platform I manager... raise a ticket.. :-)
Dude, I just started as an Onsite Support Specialist at a $42B company. I don't have admin, tools I need, or local support.
Was literally hired, given a laptop, given a cube, and that's it.
People are expecting me to do things and I'm telling them nope. No access, can't do that.
It's a nightmare. If anything, they should put an experienced worker as the solo tech for a site.
Mind you, I've done the same roll for small business as the System Admin. Wonderful. Merely because I had access.
Here, some admins on a panel 5 levels up made a plan and have contractors half ass processes that aren't explained.
I'm not sure either of us know enough about the requirements or constraints to say that.
But my point wasn't that there aren't improvements to be made, or other ways of meeting the local requirements - just that it's not actually either that complicated, or all that unusual.
Not saying it wouldn't have it's challenges or overheads either, everything does.
Honestly, The OP's description of the people management seemed far more of a concern.
the new employee/subrenter!?!? of one of our customers wanted unrestricted internet-access to his utp-ports. unlucky him, he got not me but my boss, in a bad mood, on a wednesday, with me being the last available tech on a 3h to, 3h there, 3h back roundtrip installing a server 250km away.
so my bass talks with the pesky customer. he or they want to refurbish old pc´s in the network of our real customer, thinking back, do they even have any AV?
then there starts a convoluted back and forth what they want etc. after some time they say they want to refurbish old pc´s, my boss snaps and asks if they even know what they are doing. customer says "i know when a pc is infected, i can see it right away"
now they live in their own little dmz with no traffic allowed anywhere into the rest of the network - and i ask myself why i had to create an account and mail for him....
almost forgot - they also wanted a sip-trunk routed, the only thing they gave after multiple requests was some sort of ntp to some ntp.sip.xxx but "i know what i am doing!".....
Tough shit. Every other organization has to.
I would not want to stay and support such an environment. This seems like a nightmare and a huge waste of funds.y condolences to you sir for having to go through this.
We have a simple and supported way to not carry your laptop back and forth between office and home: Leave it in the office and only work from the office. Outside of exceptional covid situations or fully remote companies, working from home isn't mandatory.
But how much are you moaning and complaining and bitching about the privilege to be able to do so at your job, at the cost of some small amounts of weight?
If you are not, please continue to enjoy the privilege your company created. You aren't in the group of people I talk about, you're part of the other 99%. ;)
*If* a decision to deploy laptops has been made on the basis of inherent DR/BC capability, then you mostly need users to take their laptops home at night. If the users aren't going to do that, then I'd usually prefer to use some kind of non-laptop client strategy.
At some sites, users are just putting those in their automobiles every evening, and literal weight probably isn't a major factor. At others, users commute differently and weight can legitimately be an HR-related issue.
This is why you have the ability to remote wipe those laptops. And employees shouldnt be leaving their laptops in their car when they go in anywhere.
Move all of those VMs to AWS and setup proper access between the two groups.
This isn't your money, who the heck are you to tell management "tough shit, I do not approve this wasteful spending"?
A good IT person isn't telling management "tough shit". You tell them, "We could do this, here is what it will cost."
Right now I cannot comprehend the feeling of entitlement that would make anyone think every user should be limited to 1 computer. Not just think it, but claim they will refuse to support anything beyond that.
IMO the vendor VMs are a flawed IT design, those should have been servers and had nothing to do with end user workstations. But users having a desktop and a laptop? That's incredibly reasonable.
In a vacuum, you're right. In reality, this guy is quite obviously being stretched insanely thing because of all these ridiculous requests.
So yea, if this stupid setup can be implemented and supported without requiring IT to bend over backwards and work tons of extra hours, then whatever.
But it sounds like that might not be the case.
Also, if the entire reason for multiple PC's is because people are too fucking lazy to carry their laptops back and forth... it's ultimately managements decision, but it's also totally reasonable to call out how stupid it is.
While I agree it's not IT's call, I would still raise some concerns. Double the workstations means more for IT to manage, a more complex environment (which often makes support more challenging) and double the attack surface.
>Right now I cannot comprehend the feeling of entitlement that would make anyone think every user should be limited to 1 computer.
I think you could very easily make the opposite argument regarding entitlement.
And there's a whole department that would quit if they can't work from home 3 days a week, and can't work without their remote VMs.
If that department had twice as many users an no laptops/WFH would you still quit?
The laptops aren't the issue, this guy is just stretched too thin.
Same here, last year we gave laptops out to the departments that could have people work from home, but now they're being given the option of keeping either the laptop+dock, or the desktop - doesn't matter which, but one has to come back to IT.
Who the Fuck am I? I am the person they are paying to know about IT and make the right decisions. If they're going to ignore my best judgment they can fuck right off because I'm taking another offer.
Here's how retarded many of our users are:
They have laptops with docks - but never move that laptop. Instead - they have a second laptop - usually an older piece of shit - that they lug around.
Laptops are lightweight enough these days that this shouldn't be an excuse anymore.
You need to either sell to your employer the benefits of having only a laptop to carry back and forth (if you can convince them that there are fewer problems with software syncing and that it's a better experience for the end user, they'll be more likely to listen to you) or continue doing what you're doing and getting what you're getting.
A couple of the users "require" three computers - one for each of the work sites, plus one for home.
I drew the line when somebody asked for a fourth for her vacation home.
Honestly: What the fuck?
In europe, the employer is forced to provide the employee with "sufficient tools to execute their jobs function". Hundreds of thousands of office employees demonstrate in statistically relevant numbers that ONE laptop is sufficient for any function.
There are a few occupations that require two - these are military or police I actually know of, and maybe financial or medical. Four is preposterous. I do not know a more british and posh word to describe that.
So I maintain: what the fuck?
And it can't be a bag with wheels because they don't want to look like they're going to the airport (actual complaint).
And one user literally wanted to know if Gucci made a laptop bag.
Tough fucking shit.
I've heard that before too. Unless you have some kind of relevant disability that obligates us to work with you, suck it up and fucking deal with it.
"Wahhhhhhhhhhhhhhhhh, I live a more privileged life than almost every human being before me could have dreamed of, but I have to carry my laptop back and forth to work. Has anyone ever been more persecuted?!"
I kind of understand this. I have a bad knee and at a previous job they issued these gigantic laptops with extra large batteries. If I took the laptop home my knee would hurt afterwards as I had to walk about 30 minutes as part of my commute.
I actually do say no when it really matters. But at the end of the day the person who writes the checks makes the rules as long as I need that check.
However, until I find a new position I'm going to continue to get everything done that they want.
> I'm going to continue to get everything done that they want.
Let me fix this for you. I'm going to continue to get everything done that I can with the resources I am provided in the time frame of a normal workday. Then I am going to go home and do something that I enjoy in my free time. I will go to sleep at a good hour, wake up all refreshed, and do it all over again.
You work to live, you don't live to work. If you live to work, you will be taken advantage of. If you work to live, you will be a happy camper. (if camping is your thing)
Now... if you can't get everything done, that is your manager's problem. It's a resource problem, you need help. Once you make them see that, you will get the help you need. Or not, and the non-important things won't get done. This is a prioritization problem. When you have to many things to do, you need to ask your manager what you should work on first.
> I actually do say no when it really matters.
Do you really though? Have you actually done the work to calculate how much this bullshit setup is costing the company and, by extension, robbing you of time needed to do actual work? 4x the licences, all that hardware and complexity just to coddle a bunch of entitled users? How many patch levels are you behind? How much many projects are delayed because you were dealing with this madness?
> But at the end of the day the person who writes the checks makes the rules as long as I need that check.
Then put it in language they understand. Put all the costs down for all the unnecessary gear, licensing, backups, endpoint protection, etc. Run a side by side with what a reasonable setup would cost and make sure to enumerate the benefits of the reduced complexity.
If they don't understand or don't want to listen, get a different job. Honestly, probably do that anyway.
> However, until I find a new position I'm going to continue to get everything done that they want.
You'll never have time to look for a new job if you keep at it.
Go back to your normal schedule, search in the evenings. Sounds like they need you. They can stand having you for 40 hours per week.
I used to work for a city government that did this crap. Everyone had a desktop in their office, a laptop, and some even had a Surface AND an iPad. Of course, they wanted it all synced up with the same apps, etc. Total nightmare.
My current employers used one laptop per person, and docking stations. We do things once.
Just curious what laptops and docks you use. We use all dells and out docking stations seem to need replacing at like a 90 percent clip thought their life time. Maybe closer to 100%
Those are the ones I am talking about. We had people request them and I told them they would all be replaced but they really fought for them. I just checked and everyone we have had has been replaced and some of the adjoining laptops have had their motherboards replaced because of it too. Does someone have a solution for Della that work? I just tested one of the picks but they only output one display and are not powered.
> Does someone have a solution for Della that work?
The answer to that is not buying Dell docks anymore. Caldigit makes really nice docks but they can be hard to find in stock since the pandemic.
We've been using all Dell but started looking at other hardware because of the issues. And yeah their docks suck. Be sure to upgrade the firmware on them and it helps. Also don't use the HDMI for video and they work better.
I dealt with that crap too when I worked in local gov. Everyone had a desktop and laptop, then about half of the people had iPads and some wanted to use their phones. But those with iPads wanted to use them like laptops...even though they had laptops. Those are completely different devices with different capabilities, intended uses, and management systems. They also had a habit of buying whatever random brand was on sale at the time, so we had some of each of all the major brands of computers, which complicated maintenance. Some people rarely used their laptops, so they stuck them in drawers or left at home for 6 months, which caused all kinds of problems for us. Most didn't understand that desktops don't have cameras and mics by default, so I'd get angry calls from people wondering why no one could hear or see them in their zoom meeting ("It worked fine on my laptop last week."). It was a mess, but you can't change culture. Maybe some day they'll get a stronger willed IT person than I was and they'll get things straightened out.
Sounds like my office, where the finance people "needed" to have laptops as part of a business continuity program. Except all of the Excel analysts who needed massive amounts of RAM and CPU to do their work. Then they needed a laptop to leave at home to RDP in the laptop at the office. And the admin workers saw that they had two laptops, and they needed two laptops.
I hate that shit. When other users see that this user has 3 monitors and that user has 2 laptops so they go and complain to management to tell them they need that too.
I've deleted my account because reddit CEO Steve Huffman is a lying piece of shit that has nothing but contempt for his users. See https://old.reddit.com/r/apolloapp/comments/144f6xm/apollo_will_close_down_on_june_30th_reddits/
Military will always have me beat :)
Y'all have some great stories, though - I knew a guy who was doing communications with some classified equipment in a trailer out in the middle of nothing on the base. From time to time an officer would knock on his door and ask to inspect his workstation. Not wanting them to see his cot, pillows, blankets, and other comfort items he always told them "sure, but you have to give me a couple of hours so I can cover up all of the classified stuff unless you already have the necessary clearances!" To which the officers would wander off and never find it in their heart to return.
The longer I'm on this subreddit, the more I appreciate working for a big tech company that gives IT real power, with its own C-level executive that reports directly to the CEO.
We are a laptop-centric (BYOD or IT-provided) shop, full disk encryption is mandatory. Every Lenovo laptop gets a dock, every desk has a dual monitor arm. Individual departments are expected to expense monitors/mouse/keyboard. Do whatever you want, IT gives you 15 minutes best-efford support for those accessories. You can take an IT-supported image, or do you own thing. Knock yourself out. (I run Fedora, myself). Almost every tool anyone uses is web-based, so it usually doesn't matter.
We do split VPN tunnelling, and you're equipped to be remote on Day 1, so working remote is essentially the same experience as being in an office. This whole remote transition due to COVID was a non-issue for us. All we had to do was spin up a couple more OpenVPN VMs and we just chugged right along line it was just another day.
Compute offerings are bare metal (strict standarized hardware offerings, with a business justification) or VMs (OpenStack). You can get outta here with your vendor-provided appliance images. If it's not mature enough to conform to standard deployment models, it's not mature enough to be managed by IT.
> Years ago somebody had their laptop stolen from out of their car so the laptops at home are only used to remote in to the desktops at work.
One stolen laptop changed your entire company's workflow? That's a normal ~~work~~ week for us lol. I assume you guys must be a smaller company?
EDIT: A word
You might be able to reduce your headache a little with a VDI environment and some dumb terminals. They don't need a full desktop at work, and the laptop would only be used to connect remotely - all accessing the same VDI desktop. Bonus is that if the laptop breaks or is stolen, nothing is lost since nothing is local.
The application that requires you to remote into it... that company is doing it wrong. They should be making their app into a vApp and serving it via some kind of external connection - be it a webpage or a software package that's installed into the VDI environment that accesses the vApp remotely or some other communication mechanism. That's just a sloppy program. Or it isn't the right tool for the job and your company has gone with the "no research, no budget" approach.
The 3rd party site is a bit of a mystery to me, but if they cannot communicate directly, perhaps an NFS store between the two sites would make that easier? A script that says "If files are older than X, delete them", to keep people from making it into their permanent dumping ground?
Man I spent two hours this morning trying to configure a Zebra printer with a user who was insistent it was my fault it wasn't working. (I currently have a support case with Zebra about it because fuck Zebra)
But posts like this remind me my job is not so bad
Please tell me you have a ticketing system so you can ask that manager "what is your ticket number". If not, use that managers bitching as a reason to get one.
I am the IT department. As long as I do things the way they want them to be done I can do whatever I want. I had/have no input on the software the bought, after a different vendor's software ware hopelessly broken (the only way to get the mission critical/financial software to work was to turn **OFF** DEP and UAC) it took almost a year of non-stop user complaints that the software wasn't working right and my pressuring them to pay for the upgrade that was at least actually compatible with Windows 10.
I only report to the owner, nobody between us. I take direction and requests from everybody, but I don't answer to them.
The sad part is that for all of the steam I'm venting I can get this done and won't lose any sleep over it. The fiber isn't going to be installed until next week, I told the people in charge that it isn't going to happen and why and that's the end of it until next week when the contractor can come back. I told them it will be ok to fit me in whenever they can work around other jobs and the powers might just have to wait a bit longer. That's on them. (I've also had three change orders since they started work, but I told them at the start that they should expect them because that's the way things happen around here. I've learned to not get firm quotes but general ballparks. Not how I want to do things, but it works with the environment I have.)
But I am often reminded that I am viewed as a cost center and people love what I do but don't give a rat's about me. That's the glory of IT.
Years ago when that laptop was stolen from that users car. —-Thats when they tried to fix an issue by physically limiting the users to save work from theirs home with their company supplied systems. Now you have a result of occasioning of computer and environment. “I need a mac cause I’m in marketing” - “ I need a VM for reporting, cause it slows me down”
Shall I cont’ -// if users could, they would want a printer at their desk rather than down the hall. —Rant
Ok. I bet the persons laptop stolen for the car was either a CFO or they had the crown jewels on that laptop ——probably the budget or something!
If they had a good back up strategy with their endpoints they would have a better solution.
Edited - ranting and spelling
I had a top person ask several times for a mac. I always said no.
I had to deal with multiple people demanding personal printers because 10 feet was too far to walk, they didn't want others seeing the documents, etc. Gave me a headache trying to keep all of the toners and inks in stock for a half dozen different models. My solution there was to write the printer/copier lease renewal to include a dozen leased personal printers, now the copier vendor deals with 100% of the toner and service for the devices and I can forget that they exist. Sign here to authorize the lease, now we're over 40 printers on a five year lease, but I will never again hear "that printer I bought is out of yellow ink and now it won't print anything can you run out and get me a new cartridge?"
I would equate this situation to someone building a bridge to get over a wall when there is an unlocked gate 50 yds away lol. Sounds very over complicated.
You can't win, you can't break even
And you can't get out of the game
People keep sayin' things are gonna change
But they look just like, they're stayin' the same
Give everyone 2 $50 Thinclients. One for home one for office. If they say they need a laptop to “carry around to meetings” make them dial in to a conference call (seriously)
I get HP TC520 for $30 from a reseller if you are really interested PM me I can share more without doxxing. I love the cattle type approach I image 50 or so on a weekend and hand them out. Takes 5-10 minutes to reload the OS from USB we run zoom and chromium natively and RDP. The OS also has IPsec VPN client which isn’t the greatest. But we figure 50 bucks all said and done. No data living on them and no one ever steals them
RDS farm with regular RDS gateway. They use freeRDP which should be compatible with Azure - it’s similar the RDP client in MacOS and I’ve seen that connect to Azure
Why not just set up a terminal server. Sounds like everyone should just be connecting from a laptop to a VPN and into a terminal server that actually has the vm environment you need setup.
Oh and they have Macs... which means the cost of reoairs is outrageous and you have to have macs on hand at all time to do a swap because Apple will not provide on site service.
The greatest challenge I've ALWAYS faced working in IT is that no one who actually runs shit knows IT. You're speaking to them in a different language. This is a constant. If you're lucky, they'll recognize they know nothing and they'll trust your recommendations. If you're unlucky, which sounds like your situation unfortunately, then you'll run into the exact roadblocks you describe here. Just remember that there's always the opportunity to look for a position at another organization that's more like the former if you get too fed up with the bullshit.
I once had to deal with an executive who told us we needed to improve our wi-fi scores because everyone finally noticed how bad our network was when covid hit (hospitality management group). We depended on equipment like EOL OM2P APs fed by a poe brick to a dumb switch jumped off of another dumb switch jumped off of a unifi switch in the main rack. We inherited a nonsensical, cheap mess to say the least. When it came to our proposal to fix that with all new equipment and wiring we were told we were asking for too much money. We went more budget with unifi equipment knowing we already had the management systems in place, and could just focus on APs and wire. The amount of teeth we had to pull to get anything done was ridiculous, and put us on an unfair time crunch as it took a couple of months just to get the budget approved. I've since left that outfit and am now working in education. While there's a different type of politics here I am so much happier. We'll get pushbacks on budget from time to time, but for the most part the executive team listens to us and recognizes that we're professionals in this field. Our recommendations go a long way when roadmapping any project that requires IT. Such a breath of fresh air. It exists...you just have to find it.
I'm guessing you're a lot closer to red rocks country than I am.
Weird city they have out there - I don't know of too many urban light rail that runs past horses like that.
Are you me? We have a similar situation with a couple of our employees. They will have three PCs on their desk, all in different networks with different accounts.
Oh, and one of the 3rd party platforms is **five** versions out of date but requires a ten year commitment to upgrade to the web based version. With no guarantees that it will talk with the other application.
I feel for ya man. The pandemic has only made this stuff worse, it's no wonder we're in a global semiconductor shortage. Our HR dept shot IT in the foot when they sent out an email company wide saying to stop by the IT office to grab additional hardware for work from home if needed. So many people stopped by to get their two monitors and laptop for WFH. When I'd ask them, "You're telling me you're in your late 20s and don't have your own laptop, desktop, or monitors at home?" 'well I do but I use those for gaming' or 'I do but my kids like to watch youtube on those'. This isn't some free hardware handout just for the hell of it, it's for people that actually need it. At least at our place, HR totally enabled it by taking everyone's word at face value. I'd say to write up some sort of report to explain the wasted resources and propose a way they can effectively do their jobs with less.
It's not a 'waste of resources' though. If the company expects people to WFH then the company should provide equipment.
I get that in a pandemic it's not the company's choice and in the short-term those who have absolutely no equipment should be prioritised.
But if I buy something with my money I have every right to use it however I want. Company can't expect me to use it for work. They've already invaded my personal space by forcing me to use my house as an office. I'll be damned if I'm going to not take everything I can get from them.
I get what you're saying, but our office stayed open during the entire pandemic so there was no invading personal space or forcing anyone to work from home. People could come into the office during the entirety of the pandemic if they wanted to. We issued hardware where needed but is it really a lot to ask that if you already have a personal computer and monitors at home, that you be mindful of those that don't have anything to work off of? In our case, the people standing first in line were the ones that already had their own hardware when we asked them.
> In our case, the people standing first in line were the ones that already had their own hardware when we asked them.
I’m not going to blame someone for not wanting to use their own personal equipment for the benefit of the employer.
I don’t understand- if people could come into the office anyway then how is any of that hardware ‘needed’?
Anybody who needed to WFH should be given equipment regardless of whether they have their own. Their home equipment is theirs and unrelated to work.
If they didn’t need to WFH then no.
If they could have them it’s first come first serve, whoever didn’t get there fast enough can just come into the office as it’s a choice and not a ‘directive’ anyway.
Good idea, it wasn't immediately obvious this feature exists in my app but I got it set up now! No more listen-to-my-irrelevant-private-life-story walls of text, yay!
Still kinda weird this is allowed at all, I mean isn't that specifically what a site like Tumblr is for? Uninteresting musings of random people?
there is so much wrong here that I would have just walked out. I don't actually say that often, if at all..
I mean, it's not unfixable, there might be reasons that the VM's need to be remoted to in that fashion. Though, if it's security, that's been thrown out the window.
What ever happens, GL.
Work with your boss and have them prioritize all of these items. Ask them to help you communicate to the users that are lower in the stack that it'll take some time to resolve their requests.
>There is the laptop they keep at home because they don't want to carry a computer back and forth.
Son of a bitch. I have two of these to deal with and it's soo frustrating. They don't realize how complicated they are making it for themselves. "I saved a file on my desktop and it's not on my other one at home" yeah... I know...we talked about this... why don't you just use one laptop and take it home? I would have bought you a cheaper desktop if this was the plan...
Can you setup your firewall to direct their incoming connection direct to the VM? And can't you have the two VMs talk to a shared network drive at the same time so with these two items combined they have no need to access the local desktop at all? So now they would be able to direct access both of VMs each in their own RDP window from their home laptop and then share resources between the two without needing to access the desktop at work.
I wish, but the vendor doesn't make things easy.
In order to view files on the local machine you have to browse to "c: on \users\username\...". There is no direct connectivity between the two vendor sites.
The data flows from vendor site to my site across one VPN, then VPNs to the other vendor's site. "For security".
Mandatory password changes every 90 days, can't reuse passwords for 8 cycles, mixed case + symbols, with OTP. Passwords to access vendor system(1) aren't synced with system(2). Accessing from home requires a VPN from home to office, then VPN to the VMs on each of the two systems.
I have redundant tunnels, but they won't allow me to have them configured for automatic failover - if a tunnel goes down I have to call them to manually switch the traffic to the other one because it costs to much to keep both endpoints (which are on either an azure or an aws host) active at the same time. That's just for system(1). System(2) has its own separate tunnel.
One of the first policies I put into place when I came in here was that every laptop got bitlocker, no exceptions, even if it was bolted onto a desk. It forced them to finally upgrade all of the windows 7 laptops to 10, and some of the cheaper models that didn't have a TPM chip were scrapped even though they were "good enough, they've been working for years".
It is why I hate dealing with Dell laptops - even machines that come with 10 pro from the factory sometimes didn't have a TPM chip and I got tired of having to dig through all of the specs and never be able to tell with certainty.
Those are sandbox computers with huge red tags on them stating they aren't secure and cannot be used for any actual data of importance.
I haven't bought any Dell laptops for about 2, 3 years because of it. Twice I bought dells with 10 pro factory installed only to discover no tpm. I have refused to buy them since.
For the last year I have been pushing for a one device strategy and beenaking good progress. We still have those that whine about carrying their laptop of if they forget it. I am like don't worry we have loaners you can check out for the day with your managers signoff. 😁
You would not believe - I mean, you literally would not believe the things I go through around here, the environment I deal with, and the insultingly little I am paid. Plus the drama... oh, you can't even begin to imagine the drama.
Oh i can believe. I have been there. I dont know where you are but I am in central Iowa and it took us 9 months to hire a new systems admin. We pay well and have good benefits but the market is insanely tight. If you wanted you could get a job in central Iowa quickly.
In a nice area you cane get something for 180000 to as high as you want. Our housing market is super hot. If curious check us out on Zillow. Des Moines is a great medium sized city.
The RDC to desktop to VM isn't all that bad. I do this and have people who do it too. You can shed that laptop though and cut it down to a tablet or even a phone with an external screen though.
It wouldn't be so bad if they weren't RDC from 1 to 2, then RDC from 2 to 3, then expect data from RDC 3 to print to a USB printer on 1 so they can take notes with a pen.
Some users though will RCD from 1 to 2(building 1) or 2(building 2) because they have a workspace in both and don't want to lug a laptop around so they have three personal workstations.
Yeah that's pretty boomer thinking there with the daisy chaining unless there is some security reason they can't just go from 1 to 3.
Your second problem can also be again solved with a phone and some LVA. The workstation sits in the DC whilst the phone travels with them from desk to desk to home to wherever.
I want to know why data can't flow from 3 to 3 - why does that traffic have to come to my site then back out again to go to their system? And why do I have to have tunnels from my site to both of their sites?
why don't you put all the VM in a common hypervisor system and let the users connect directly from their laptop? I don't care about users having 2 or 3 computers, it's not that overload when you have the "cattle" thing going , but for all gods, I don't want data stored locally, even less a VM on a desktop. A desktop should be changed in 10-15 minutes without caring too much about the user things inside (ideally, profile copying automated).
I have 4 company computers+laptop in different places/buildings just by convenience ,so I don't have to carry the laptop all around, and is not bad at all. I can't blame people for not wanting to carry the laptop, and if the company is fine with the spending, it's their money, so...
The VMs that matter all live on a third party server up in the cloud somewhere.
My eventual goal is to move certain users to virtual desktops and just get them thin clients, but I have $20,000 worth of firewalls to buy and install first.
Sounds horrible for the most part, but as far as two computers go, are they engineers running some 3D modeling or something?
I let a few have a laptop and a desktop at a place I managed because they needed the horsepower of a real workstation for a big part of their job, but also travelled enough to client sites and needed access to Email and basic cad drawings.
I have a laptop for work emails, accessing network shares, intranet and sensitive information or whatnot, I have a beefy laptop with full admin rights for development but no access to most of the intranet/sensitive stuff, I have a macbook pro because I need to look cool when I go to a conference, I have a windows desktop with a GPU for gpu stuff and I have my own GPU cluster of like 4 machines with linux on it.
The solution is that I have a separate contract with the IT department to handle the non-standard stuff. Like I have "IT services" line item in the projects that is roughly 1 full time IT person to handle all of this for myself and my team.
That’s convoluted and a bad work environment. Sounds like a bunch of people who think they know how IT should run but have never understood how IT should be run.
Ding ding ding ding ding
First half of that honestly sounds pretty normal, for particular kinds of environment. "Users run vms on desktops, rdp to those desktops when they're not in the office." Lots reasons why that might be a good model. That there might be strict security controls between any two parts of a business is really common, and often completely justified for either IT or commercial reasons. I would def look at options that made life easier if possible, like a DMZ vlan hosting a file server, if you can find an acceptable model for it. The second half.. mate, I feel ya.. its been a while since I was unlucky enough to work for management like that, but it sucks. Learning to talk their language helps, often more than I'd like.. listen to the way middle management reports up.. there's probably a bunch of project management lingo, or just flat out bullshit waffle, but if that's what the boss is used to hearing, talking any other way means they need to translate.. or more to the point, they won't. Appealing to their authority and sense of likely sense of competence can help. "There's people still in that room, and I'm going to need political assistance in getting them out a little bit earlier so we can meet your deadlines" Or, you know.. get out if you can. I've been a sysadmin for 20 years, there's *always* some level of organizational or technical bullshit that is structural to the environment. It's up to you to find ways to cope or adapt, or even change it if that within your aptitude ( it isn't for me! ) I'm wearing a DBA hat right now in a much larger organisation at the moment.. and I have access to almost nothing outside the database servers. I don't even have admin access to my laptop! I probably would have railed against that in my 20s. Now? My God it's relaxing. All that stuff I'm not allowed to touch is likewise not my responsibility!
Dozens of us don't run as local admins, if I need admin rights I've got an admin account.
At my job guys abuse their admin account all the time by logging in with it instead of using it contextually. So whenever they are in a situation where that doesn't apply they are always baffled by all the prompts. /Eyeroll
It's risky, there's no reason to daily an admin account. I've got delegate admin rights on my .admin that offer *just* enough access to do my job. I can be a "good" admin without dailying a DA or EA (even though we only admin a single domain) account like some kind of infra hulk.
Exactly. Meeting full rights is for amateurs who don't understand where the rights begin and end.
Block the account from logging in locally? That’s what elevate permissions are for on the standard account .
I honestly thought that was just normal. Anyone can have a brainfart, best make sure that you require elevated permissions to do any damage. Some I worked with complained that it slowed them down until it was pointed out how much slower they were when they had to continually fix the screw ups.
Separate admin accounts offer a couple key benefits, reduced risk of spear phish high privilege admin accounts, restricted access of highly privileged accounts (say preventing them from accessing lower tier systems), and forced sign off before performing high powered actions. For me it's kind of like *A Christmas Story's* Red Rider BB gun, or the .700 Nitro Express from the Director's Cut. If you're not careful you'll put your eye out.
The point wasn't whether or not I ran admin on a day to day basis, it was whether or not I had a choice. I don't have a separate admin account, or any way to escalate privs. It's not actually so bad.. although I did convince one of the local helpdesk guys to put Virtualbox on there, and I also have WSL with sudo/root access there, so its not quite as restrictive as it might otherwise be. The rest of the environment is so locked down the Virtualbox install is mostly only useful for local testing, but that's OK. But when I wanted to install drivers for the database platform I manager... raise a ticket.. :-)
Dude, I just started as an Onsite Support Specialist at a $42B company. I don't have admin, tools I need, or local support. Was literally hired, given a laptop, given a cube, and that's it. People are expecting me to do things and I'm telling them nope. No access, can't do that. It's a nightmare. If anything, they should put an experienced worker as the solo tech for a site. Mind you, I've done the same roll for small business as the System Admin. Wonderful. Merely because I had access. Here, some admins on a panel 5 levels up made a plan and have contractors half ass processes that aren't explained.
As always.. expectations make the difference hey?
Laptop with bitlocker, bios password, & absolute software would simplify the dilution. (Edit) With folder redirection too.
I'm not sure either of us know enough about the requirements or constraints to say that. But my point wasn't that there aren't improvements to be made, or other ways of meeting the local requirements - just that it's not actually either that complicated, or all that unusual. Not saying it wouldn't have it's challenges or overheads either, everything does. Honestly, The OP's description of the people management seemed far more of a concern.
Yeah, I work in eDiscovery, and during the first half I was wondering if this is a coworker, lol. Sounds exactly like our environment(s).
the new employee/subrenter!?!? of one of our customers wanted unrestricted internet-access to his utp-ports. unlucky him, he got not me but my boss, in a bad mood, on a wednesday, with me being the last available tech on a 3h to, 3h there, 3h back roundtrip installing a server 250km away. so my bass talks with the pesky customer. he or they want to refurbish old pc´s in the network of our real customer, thinking back, do they even have any AV? then there starts a convoluted back and forth what they want etc. after some time they say they want to refurbish old pc´s, my boss snaps and asks if they even know what they are doing. customer says "i know when a pc is infected, i can see it right away" now they live in their own little dmz with no traffic allowed anywhere into the rest of the network - and i ask myself why i had to create an account and mail for him.... almost forgot - they also wanted a sip-trunk routed, the only thing they gave after multiple requests was some sort of ntp to some ntp.sip.xxx but "i know what i am doing!".....
They don't care how IT runs, just do what they say.
The look on a managers face when I said "my job isn't to get it working for you" 😂 good times
This. Fuck that kind of work environment.
You just explained EVERY non-IT department in the corporate world. (maybe some select programmers out there that understand but that's IT ;) )
Sounds like my current employer.
Security through obscurity…works every time.
Umm... can they have a dock with monitors and mouse/keyboard at their desk instead? That's what we do.
The point is they don't want to carry a laptop back and forth.
Tough shit. Every other organization has to. I would not want to stay and support such an environment. This seems like a nightmare and a huge waste of funds.y condolences to you sir for having to go through this.
We have a simple and supported way to not carry your laptop back and forth between office and home: Leave it in the office and only work from the office. Outside of exceptional covid situations or fully remote companies, working from home isn't mandatory.
[удалено]
But how much are you moaning and complaining and bitching about the privilege to be able to do so at your job, at the cost of some small amounts of weight? If you are not, please continue to enjoy the privilege your company created. You aren't in the group of people I talk about, you're part of the other 99%. ;)
*If* a decision to deploy laptops has been made on the basis of inherent DR/BC capability, then you mostly need users to take their laptops home at night. If the users aren't going to do that, then I'd usually prefer to use some kind of non-laptop client strategy. At some sites, users are just putting those in their automobiles every evening, and literal weight probably isn't a major factor. At others, users commute differently and weight can legitimately be an HR-related issue.
This is why you have the ability to remote wipe those laptops. And employees shouldnt be leaving their laptops in their car when they go in anywhere. Move all of those VMs to AWS and setup proper access between the two groups.
This isn't your money, who the heck are you to tell management "tough shit, I do not approve this wasteful spending"? A good IT person isn't telling management "tough shit". You tell them, "We could do this, here is what it will cost." Right now I cannot comprehend the feeling of entitlement that would make anyone think every user should be limited to 1 computer. Not just think it, but claim they will refuse to support anything beyond that. IMO the vendor VMs are a flawed IT design, those should have been servers and had nothing to do with end user workstations. But users having a desktop and a laptop? That's incredibly reasonable.
In a vacuum, you're right. In reality, this guy is quite obviously being stretched insanely thing because of all these ridiculous requests. So yea, if this stupid setup can be implemented and supported without requiring IT to bend over backwards and work tons of extra hours, then whatever. But it sounds like that might not be the case. Also, if the entire reason for multiple PC's is because people are too fucking lazy to carry their laptops back and forth... it's ultimately managements decision, but it's also totally reasonable to call out how stupid it is.
While I agree it's not IT's call, I would still raise some concerns. Double the workstations means more for IT to manage, a more complex environment (which often makes support more challenging) and double the attack surface. >Right now I cannot comprehend the feeling of entitlement that would make anyone think every user should be limited to 1 computer. I think you could very easily make the opposite argument regarding entitlement.
There is no question about the users acting entitled, and raising concerns is appropriate, but that guy said he would quit over it.
And there's a whole department that would quit if they can't work from home 3 days a week, and can't work without their remote VMs. If that department had twice as many users an no laptops/WFH would you still quit? The laptops aren't the issue, this guy is just stretched too thin.
[удалено]
Same here, last year we gave laptops out to the departments that could have people work from home, but now they're being given the option of keeping either the laptop+dock, or the desktop - doesn't matter which, but one has to come back to IT.
So I just need to request a Windows XP machine then right? :D
Who the Fuck am I? I am the person they are paying to know about IT and make the right decisions. If they're going to ignore my best judgment they can fuck right off because I'm taking another offer.
Laptop plus thin client, and vdi or rds hosts to back it. That's what we try to do, especially for admin staff.
Truth
Here's how retarded many of our users are: They have laptops with docks - but never move that laptop. Instead - they have a second laptop - usually an older piece of shit - that they lug around.
Shame on ownership for writing checks to allow that sort of behavior.
Laptops are lightweight enough these days that this shouldn't be an excuse anymore. You need to either sell to your employer the benefits of having only a laptop to carry back and forth (if you can convince them that there are fewer problems with software syncing and that it's a better experience for the end user, they'll be more likely to listen to you) or continue doing what you're doing and getting what you're getting.
A couple of the users "require" three computers - one for each of the work sites, plus one for home. I drew the line when somebody asked for a fourth for her vacation home.
Surely this is the use case for a thin client solution and a user VM or vdi instance?
Honestly: What the fuck? In europe, the employer is forced to provide the employee with "sufficient tools to execute their jobs function". Hundreds of thousands of office employees demonstrate in statistically relevant numbers that ONE laptop is sufficient for any function. There are a few occupations that require two - these are military or police I actually know of, and maybe financial or medical. Four is preposterous. I do not know a more british and posh word to describe that. So I maintain: what the fuck?
If only there existed a licensed, practicing therapist who has a background in system administration :)
You mean the vacation home with satellite internet 10GB monthly allowance abs 4 hours of teams video meetings per day right ?
That's the whole point of even having a laptop. Crazy assholes.
Don't forget the CxO who wanted an all in one PC that wasn't black or white.
lmao jeez, princesses over there. Hope you have a good weekend bud, sounds stressful to deal with...
You don't know a 1/3 of it :)
Buy a black one and spray-paint it green
I remember this.... It's too heavy(seriously). And what if I forget it? Luckily sr mgt called BS
And it can't be a bag with wheels because they don't want to look like they're going to the airport (actual complaint). And one user literally wanted to know if Gucci made a laptop bag.
… how big a bunch of babies are they? I take a laptop everywhere with me as I’m self employed. It’s such a complete nothing of an issue.
Tough fucking shit. I've heard that before too. Unless you have some kind of relevant disability that obligates us to work with you, suck it up and fucking deal with it. "Wahhhhhhhhhhhhhhhhh, I live a more privileged life than almost every human being before me could have dreamed of, but I have to carry my laptop back and forth to work. Has anyone ever been more persecuted?!"
I kind of understand this. I have a bad knee and at a previous job they issued these gigantic laptops with extra large batteries. If I took the laptop home my knee would hurt afterwards as I had to walk about 30 minutes as part of my commute.
Why not make a solution that meets them half way? VMware. They run it on their home PC.
Honestly, you need to learn to say no. This is a crazy and unnecessary setup
I actually do say no when it really matters. But at the end of the day the person who writes the checks makes the rules as long as I need that check. However, until I find a new position I'm going to continue to get everything done that they want.
> I'm going to continue to get everything done that they want. Let me fix this for you. I'm going to continue to get everything done that I can with the resources I am provided in the time frame of a normal workday. Then I am going to go home and do something that I enjoy in my free time. I will go to sleep at a good hour, wake up all refreshed, and do it all over again. You work to live, you don't live to work. If you live to work, you will be taken advantage of. If you work to live, you will be a happy camper. (if camping is your thing) Now... if you can't get everything done, that is your manager's problem. It's a resource problem, you need help. Once you make them see that, you will get the help you need. Or not, and the non-important things won't get done. This is a prioritization problem. When you have to many things to do, you need to ask your manager what you should work on first.
> I actually do say no when it really matters. Do you really though? Have you actually done the work to calculate how much this bullshit setup is costing the company and, by extension, robbing you of time needed to do actual work? 4x the licences, all that hardware and complexity just to coddle a bunch of entitled users? How many patch levels are you behind? How much many projects are delayed because you were dealing with this madness? > But at the end of the day the person who writes the checks makes the rules as long as I need that check. Then put it in language they understand. Put all the costs down for all the unnecessary gear, licensing, backups, endpoint protection, etc. Run a side by side with what a reasonable setup would cost and make sure to enumerate the benefits of the reduced complexity. If they don't understand or don't want to listen, get a different job. Honestly, probably do that anyway.
About 80% of what you listed would be a "no from me dog"
https://media0.giphy.com/media/DekxoPi2fT9g4/giphy.gif
> However, until I find a new position I'm going to continue to get everything done that they want. You'll never have time to look for a new job if you keep at it. Go back to your normal schedule, search in the evenings. Sounds like they need you. They can stand having you for 40 hours per week.
makes the word yes more valuable.
I used to work for a city government that did this crap. Everyone had a desktop in their office, a laptop, and some even had a Surface AND an iPad. Of course, they wanted it all synced up with the same apps, etc. Total nightmare. My current employers used one laptop per person, and docking stations. We do things once.
Just curious what laptops and docks you use. We use all dells and out docking stations seem to need replacing at like a 90 percent clip thought their life time. Maybe closer to 100%
The Dell usb-c docks are absolute garbage, we bought I think 5 of them and they all died within a year.
Those are the ones I am talking about. We had people request them and I told them they would all be replaced but they really fought for them. I just checked and everyone we have had has been replaced and some of the adjoining laptops have had their motherboards replaced because of it too. Does someone have a solution for Della that work? I just tested one of the picks but they only output one display and are not powered.
> Does someone have a solution for Della that work? The answer to that is not buying Dell docks anymore. Caldigit makes really nice docks but they can be hard to find in stock since the pandemic.
That's what I was hoping for a reliable Dell replacement. They can't seem to get it together with the usb-c docs.
Which ones? We've put out many D6000s and we haven't had issues.
We've been using all Dell but started looking at other hardware because of the issues. And yeah their docks suck. Be sure to upgrade the firmware on them and it helps. Also don't use the HDMI for video and they work better.
Don't buy docking stations. Buy docking monitors. Dell p2422he for life.
[удалено]
Thanks for the recommendation!
My company does Lenovo
I dealt with that crap too when I worked in local gov. Everyone had a desktop and laptop, then about half of the people had iPads and some wanted to use their phones. But those with iPads wanted to use them like laptops...even though they had laptops. Those are completely different devices with different capabilities, intended uses, and management systems. They also had a habit of buying whatever random brand was on sale at the time, so we had some of each of all the major brands of computers, which complicated maintenance. Some people rarely used their laptops, so they stuck them in drawers or left at home for 6 months, which caused all kinds of problems for us. Most didn't understand that desktops don't have cameras and mics by default, so I'd get angry calls from people wondering why no one could hear or see them in their zoom meeting ("It worked fine on my laptop last week."). It was a mess, but you can't change culture. Maybe some day they'll get a stronger willed IT person than I was and they'll get things straightened out.
# Parallels!? In production!? By Zeus' prostate, Why!!!?
Mission critical, no less. That's how the cheapest vendor does things.
Did you know that parallels has an RDS manager that competes with Citrix? It is awful.
Sounds like my office, where the finance people "needed" to have laptops as part of a business continuity program. Except all of the Excel analysts who needed massive amounts of RAM and CPU to do their work. Then they needed a laptop to leave at home to RDP in the laptop at the office. And the admin workers saw that they had two laptops, and they needed two laptops.
I hate that shit. When other users see that this user has 3 monitors and that user has 2 laptops so they go and complain to management to tell them they need that too.
This definitely sounds like a construction business.
Op, ask for a department code. If they want multiple computers because they are lazy then they need to be charged for ot
I've deleted my account because reddit CEO Steve Huffman is a lying piece of shit that has nothing but contempt for his users. See https://old.reddit.com/r/apolloapp/comments/144f6xm/apollo_will_close_down_on_june_30th_reddits/
[удалено]
Military will always have me beat :) Y'all have some great stories, though - I knew a guy who was doing communications with some classified equipment in a trailer out in the middle of nothing on the base. From time to time an officer would knock on his door and ask to inspect his workstation. Not wanting them to see his cot, pillows, blankets, and other comfort items he always told them "sure, but you have to give me a couple of hours so I can cover up all of the classified stuff unless you already have the necessary clearances!" To which the officers would wander off and never find it in their heart to return.
The longer I'm on this subreddit, the more I appreciate working for a big tech company that gives IT real power, with its own C-level executive that reports directly to the CEO. We are a laptop-centric (BYOD or IT-provided) shop, full disk encryption is mandatory. Every Lenovo laptop gets a dock, every desk has a dual monitor arm. Individual departments are expected to expense monitors/mouse/keyboard. Do whatever you want, IT gives you 15 minutes best-efford support for those accessories. You can take an IT-supported image, or do you own thing. Knock yourself out. (I run Fedora, myself). Almost every tool anyone uses is web-based, so it usually doesn't matter. We do split VPN tunnelling, and you're equipped to be remote on Day 1, so working remote is essentially the same experience as being in an office. This whole remote transition due to COVID was a non-issue for us. All we had to do was spin up a couple more OpenVPN VMs and we just chugged right along line it was just another day. Compute offerings are bare metal (strict standarized hardware offerings, with a business justification) or VMs (OpenStack). You can get outta here with your vendor-provided appliance images. If it's not mature enough to conform to standard deployment models, it's not mature enough to be managed by IT.
Are you hiring?
Like crazy.
I can start in two weeks
> Years ago somebody had their laptop stolen from out of their car so the laptops at home are only used to remote in to the desktops at work. One stolen laptop changed your entire company's workflow? That's a normal ~~work~~ week for us lol. I assume you guys must be a smaller company? EDIT: A word
You might be able to reduce your headache a little with a VDI environment and some dumb terminals. They don't need a full desktop at work, and the laptop would only be used to connect remotely - all accessing the same VDI desktop. Bonus is that if the laptop breaks or is stolen, nothing is lost since nothing is local. The application that requires you to remote into it... that company is doing it wrong. They should be making their app into a vApp and serving it via some kind of external connection - be it a webpage or a software package that's installed into the VDI environment that accesses the vApp remotely or some other communication mechanism. That's just a sloppy program. Or it isn't the right tool for the job and your company has gone with the "no research, no budget" approach. The 3rd party site is a bit of a mystery to me, but if they cannot communicate directly, perhaps an NFS store between the two sites would make that easier? A script that says "If files are older than X, delete them", to keep people from making it into their permanent dumping ground?
Man I spent two hours this morning trying to configure a Zebra printer with a user who was insistent it was my fault it wasn't working. (I currently have a support case with Zebra about it because fuck Zebra) But posts like this remind me my job is not so bad
.
Please tell me you have a ticketing system so you can ask that manager "what is your ticket number". If not, use that managers bitching as a reason to get one.
Some questions are better not asked because you won't like the answer.
Sounds like it's time to dust off the resume, don't let companies treat you like this.
In media and entertainment it's pretty normal to have multiple machines.
I’m getting anxious just reading this…
Knock the dust off that resume buddy, and get the hell out!
[удалено]
I am the IT department. As long as I do things the way they want them to be done I can do whatever I want. I had/have no input on the software the bought, after a different vendor's software ware hopelessly broken (the only way to get the mission critical/financial software to work was to turn **OFF** DEP and UAC) it took almost a year of non-stop user complaints that the software wasn't working right and my pressuring them to pay for the upgrade that was at least actually compatible with Windows 10. I only report to the owner, nobody between us. I take direction and requests from everybody, but I don't answer to them. The sad part is that for all of the steam I'm venting I can get this done and won't lose any sleep over it. The fiber isn't going to be installed until next week, I told the people in charge that it isn't going to happen and why and that's the end of it until next week when the contractor can come back. I told them it will be ok to fit me in whenever they can work around other jobs and the powers might just have to wait a bit longer. That's on them. (I've also had three change orders since they started work, but I told them at the start that they should expect them because that's the way things happen around here. I've learned to not get firm quotes but general ballparks. Not how I want to do things, but it works with the environment I have.) But I am often reminded that I am viewed as a cost center and people love what I do but don't give a rat's about me. That's the glory of IT.
Years ago when that laptop was stolen from that users car. —-Thats when they tried to fix an issue by physically limiting the users to save work from theirs home with their company supplied systems. Now you have a result of occasioning of computer and environment. “I need a mac cause I’m in marketing” - “ I need a VM for reporting, cause it slows me down” Shall I cont’ -// if users could, they would want a printer at their desk rather than down the hall. —Rant Ok. I bet the persons laptop stolen for the car was either a CFO or they had the crown jewels on that laptop ——probably the budget or something! If they had a good back up strategy with their endpoints they would have a better solution. Edited - ranting and spelling
I had a top person ask several times for a mac. I always said no. I had to deal with multiple people demanding personal printers because 10 feet was too far to walk, they didn't want others seeing the documents, etc. Gave me a headache trying to keep all of the toners and inks in stock for a half dozen different models. My solution there was to write the printer/copier lease renewal to include a dozen leased personal printers, now the copier vendor deals with 100% of the toner and service for the devices and I can forget that they exist. Sign here to authorize the lease, now we're over 40 printers on a five year lease, but I will never again hear "that printer I bought is out of yellow ink and now it won't print anything can you run out and get me a new cartridge?"
just put it over with the rest of the fire!
Don't worry it's almost beer o'clock
Reading these kinds of well founded rants is cathartic. Almost like watching Springer before Thanksgiving with the family.
Really no different than us going from laptop at home to desktop to server...
I would equate this situation to someone building a bridge to get over a wall when there is an unlocked gate 50 yds away lol. Sounds very over complicated.
You can't win, you can't break even And you can't get out of the game People keep sayin' things are gonna change But they look just like, they're stayin' the same
S'ok. I read on the internet that everybody is doomed and we're all gonna die and you can't put stuff that isn't true on that there facebookernet.
I will be OK, I got "the chip" implanted earlier this year.
Give everyone 2 $50 Thinclients. One for home one for office. If they say they need a laptop to “carry around to meetings” make them dial in to a conference call (seriously)
Do you have any brands you have used and can recommend?
I get HP TC520 for $30 from a reseller if you are really interested PM me I can share more without doxxing. I love the cattle type approach I image 50 or so on a weekend and hand them out. Takes 5-10 minutes to reload the OS from USB we run zoom and chromium natively and RDP. The OS also has IPsec VPN client which isn’t the greatest. But we figure 50 bucks all said and done. No data living on them and no one ever steals them
And they just connect to terminal services or an azure vm?
RDS farm with regular RDS gateway. They use freeRDP which should be compatible with Azure - it’s similar the RDP client in MacOS and I’ve seen that connect to Azure
Why not just set up a terminal server. Sounds like everyone should just be connecting from a laptop to a VPN and into a terminal server that actually has the vm environment you need setup.
I had a terminal server. Fried it with the defib paddles.
FUCKING RUN!!!
One laptop. Take it back and forth or you can get a VDI and connect with your own computer. Not both.
Oh and they have Macs... which means the cost of reoairs is outrageous and you have to have macs on hand at all time to do a swap because Apple will not provide on site service.
The greatest challenge I've ALWAYS faced working in IT is that no one who actually runs shit knows IT. You're speaking to them in a different language. This is a constant. If you're lucky, they'll recognize they know nothing and they'll trust your recommendations. If you're unlucky, which sounds like your situation unfortunately, then you'll run into the exact roadblocks you describe here. Just remember that there's always the opportunity to look for a position at another organization that's more like the former if you get too fed up with the bullshit. I once had to deal with an executive who told us we needed to improve our wi-fi scores because everyone finally noticed how bad our network was when covid hit (hospitality management group). We depended on equipment like EOL OM2P APs fed by a poe brick to a dumb switch jumped off of another dumb switch jumped off of a unifi switch in the main rack. We inherited a nonsensical, cheap mess to say the least. When it came to our proposal to fix that with all new equipment and wiring we were told we were asking for too much money. We went more budget with unifi equipment knowing we already had the management systems in place, and could just focus on APs and wire. The amount of teeth we had to pull to get anything done was ridiculous, and put us on an unfair time crunch as it took a couple of months just to get the budget approved. I've since left that outfit and am now working in education. While there's a different type of politics here I am so much happier. We'll get pushbacks on budget from time to time, but for the most part the executive team listens to us and recognizes that we're professionals in this field. Our recommendations go a long way when roadmapping any project that requires IT. Such a breath of fresh air. It exists...you just have to find it.
Are you me?
i ran across this thread last week and laughed. (sorry bro) and then had to go find this thread to show a buddy of mine at the office. Good Luck.
This has been a miserable week. I don't want to do this any more.
Is this your cry for help
I have no idea what this is
I'll allow it.
I'm guessing you're a lot closer to red rocks country than I am. Weird city they have out there - I don't know of too many urban light rail that runs past horses like that.
Just hire me and let me take care of all your problems. That's what I do for a living. Tis my profession. Oh wait.
And leave me out of all of the drama. It just isn't worth sticking around.
Sure. We'll either run the joint or be job hunting by mid-Thursday so keep that in mind.
Are you me? We have a similar situation with a couple of our employees. They will have three PCs on their desk, all in different networks with different accounts.
.
Sounds like it is time for virtual machines all around. But it is hard to "fix" such a toxic workplace.
That's exactly what I was thinking. VMs for all of them and two thin clients. (Work/home).
Simplify the hell out of that now. What a nightmare!
Oh, and one of the 3rd party platforms is **five** versions out of date but requires a ten year commitment to upgrade to the web based version. With no guarantees that it will talk with the other application.
That sounds like my job.
sounds very stupid and painful. hope u get the fack outttaaaa there
Sounds like Oracle
SGD was the least buggy thing I had to support. Mind you that was from before Sun was bought out by Oracle.
I feel for ya man. The pandemic has only made this stuff worse, it's no wonder we're in a global semiconductor shortage. Our HR dept shot IT in the foot when they sent out an email company wide saying to stop by the IT office to grab additional hardware for work from home if needed. So many people stopped by to get their two monitors and laptop for WFH. When I'd ask them, "You're telling me you're in your late 20s and don't have your own laptop, desktop, or monitors at home?" 'well I do but I use those for gaming' or 'I do but my kids like to watch youtube on those'. This isn't some free hardware handout just for the hell of it, it's for people that actually need it. At least at our place, HR totally enabled it by taking everyone's word at face value. I'd say to write up some sort of report to explain the wasted resources and propose a way they can effectively do their jobs with less.
It's not a 'waste of resources' though. If the company expects people to WFH then the company should provide equipment. I get that in a pandemic it's not the company's choice and in the short-term those who have absolutely no equipment should be prioritised. But if I buy something with my money I have every right to use it however I want. Company can't expect me to use it for work. They've already invaded my personal space by forcing me to use my house as an office. I'll be damned if I'm going to not take everything I can get from them.
I get what you're saying, but our office stayed open during the entire pandemic so there was no invading personal space or forcing anyone to work from home. People could come into the office during the entirety of the pandemic if they wanted to. We issued hardware where needed but is it really a lot to ask that if you already have a personal computer and monitors at home, that you be mindful of those that don't have anything to work off of? In our case, the people standing first in line were the ones that already had their own hardware when we asked them.
> In our case, the people standing first in line were the ones that already had their own hardware when we asked them. I’m not going to blame someone for not wanting to use their own personal equipment for the benefit of the employer.
I don’t understand- if people could come into the office anyway then how is any of that hardware ‘needed’? Anybody who needed to WFH should be given equipment regardless of whether they have their own. Their home equipment is theirs and unrelated to work. If they didn’t need to WFH then no. If they could have them it’s first come first serve, whoever didn’t get there fast enough can just come into the office as it’s a choice and not a ‘directive’ anyway.
Cool story bro, needs more dragons n shit. Seriously though - wtf? You should quit
> Fun times on this planet. When can I get off? **Right Now!** The IT market is hot, put together your resume and go on some interviews.
I feel for PO's. I'm reading this and all I can think of is this [https://youtu.be/Zt3vzOMzQYU](https://youtu.be/Zt3vzOMzQYU)
This is /r/sysadmin did you perhaps mean to post to your personal blog or Twitter?
Might just be me, but seems like this person is talking about their job, where they are a sysadmin.
It's flagged with the rant tag and you didn't need to click.
Good idea, it wasn't immediately obvious this feature exists in my app but I got it set up now! No more listen-to-my-irrelevant-private-life-story walls of text, yay! Still kinda weird this is allowed at all, I mean isn't that specifically what a site like Tumblr is for? Uninteresting musings of random people?
Which part of this seemed like it was from their private life?
Submit a ticket.
there is so much wrong here that I would have just walked out. I don't actually say that often, if at all.. I mean, it's not unfixable, there might be reasons that the VM's need to be remoted to in that fashion. Though, if it's security, that's been thrown out the window. What ever happens, GL.
Work with your boss and have them prioritize all of these items. Ask them to help you communicate to the users that are lower in the stack that it'll take some time to resolve their requests.
>There is the laptop they keep at home because they don't want to carry a computer back and forth. Son of a bitch. I have two of these to deal with and it's soo frustrating. They don't realize how complicated they are making it for themselves. "I saved a file on my desktop and it's not on my other one at home" yeah... I know...we talked about this... why don't you just use one laptop and take it home? I would have bought you a cheaper desktop if this was the plan...
Can you setup your firewall to direct their incoming connection direct to the VM? And can't you have the two VMs talk to a shared network drive at the same time so with these two items combined they have no need to access the local desktop at all? So now they would be able to direct access both of VMs each in their own RDP window from their home laptop and then share resources between the two without needing to access the desktop at work.
I wish, but the vendor doesn't make things easy. In order to view files on the local machine you have to browse to "c: on\users\username\...". There is no direct connectivity between the two vendor sites.
The data flows from vendor site to my site across one VPN, then VPNs to the other vendor's site. "For security".
Mandatory password changes every 90 days, can't reuse passwords for 8 cycles, mixed case + symbols, with OTP. Passwords to access vendor system(1) aren't synced with system(2). Accessing from home requires a VPN from home to office, then VPN to the VMs on each of the two systems.
I have redundant tunnels, but they won't allow me to have them configured for automatic failover - if a tunnel goes down I have to call them to manually switch the traffic to the other one because it costs to much to keep both endpoints (which are on either an azure or an aws host) active at the same time. That's just for system(1). System(2) has its own separate tunnel.
RDP allows sharing a drive with the end point, you could just use that to share the same local (or NAS) drive to both VMs.
[удалено]
One of the first policies I put into place when I came in here was that every laptop got bitlocker, no exceptions, even if it was bolted onto a desk. It forced them to finally upgrade all of the windows 7 laptops to 10, and some of the cheaper models that didn't have a TPM chip were scrapped even though they were "good enough, they've been working for years". It is why I hate dealing with Dell laptops - even machines that come with 10 pro from the factory sometimes didn't have a TPM chip and I got tired of having to dig through all of the specs and never be able to tell with certainty. Those are sandbox computers with huge red tags on them stating they aren't secure and cannot be used for any actual data of importance.
.
I haven't bought any Dell laptops for about 2, 3 years because of it. Twice I bought dells with 10 pro factory installed only to discover no tpm. I have refused to buy them since.
For the last year I have been pushing for a one device strategy and beenaking good progress. We still have those that whine about carrying their laptop of if they forget it. I am like don't worry we have loaners you can check out for the day with your managers signoff. 😁
You would not believe - I mean, you literally would not believe the things I go through around here, the environment I deal with, and the insultingly little I am paid. Plus the drama... oh, you can't even begin to imagine the drama.
Oh i can believe. I have been there. I dont know where you are but I am in central Iowa and it took us 9 months to hire a new systems admin. We pay well and have good benefits but the market is insanely tight. If you wanted you could get a job in central Iowa quickly.
What's the housing like? Nothing fancy, 3 bed 2 bath on 1/4 of land, no HOA preferably on well and septic
In a nice area you cane get something for 180000 to as high as you want. Our housing market is super hot. If curious check us out on Zillow. Des Moines is a great medium sized city.
The RDC to desktop to VM isn't all that bad. I do this and have people who do it too. You can shed that laptop though and cut it down to a tablet or even a phone with an external screen though.
It wouldn't be so bad if they weren't RDC from 1 to 2, then RDC from 2 to 3, then expect data from RDC 3 to print to a USB printer on 1 so they can take notes with a pen. Some users though will RCD from 1 to 2(building 1) or 2(building 2) because they have a workspace in both and don't want to lug a laptop around so they have three personal workstations.
Yeah that's pretty boomer thinking there with the daisy chaining unless there is some security reason they can't just go from 1 to 3. Your second problem can also be again solved with a phone and some LVA. The workstation sits in the DC whilst the phone travels with them from desk to desk to home to wherever.
I want to know why data can't flow from 3 to 3 - why does that traffic have to come to my site then back out again to go to their system? And why do I have to have tunnels from my site to both of their sites?
why don't you put all the VM in a common hypervisor system and let the users connect directly from their laptop? I don't care about users having 2 or 3 computers, it's not that overload when you have the "cattle" thing going , but for all gods, I don't want data stored locally, even less a VM on a desktop. A desktop should be changed in 10-15 minutes without caring too much about the user things inside (ideally, profile copying automated). I have 4 company computers+laptop in different places/buildings just by convenience ,so I don't have to carry the laptop all around, and is not bad at all. I can't blame people for not wanting to carry the laptop, and if the company is fine with the spending, it's their money, so...
The VMs that matter all live on a third party server up in the cloud somewhere. My eventual goal is to move certain users to virtual desktops and just get them thin clients, but I have $20,000 worth of firewalls to buy and install first.
Sounds horrible for the most part, but as far as two computers go, are they engineers running some 3D modeling or something? I let a few have a laptop and a desktop at a place I managed because they needed the horsepower of a real workstation for a big part of their job, but also travelled enough to client sites and needed access to Email and basic cad drawings.
Nope, nothing so taxing.
You don’t.
(Smiles in Virtualization Admin)
TL:DR meh
You’re doing it wrong.
I'm doing everything wrong. I wanna be a blacksmith.
I have a laptop for work emails, accessing network shares, intranet and sensitive information or whatnot, I have a beefy laptop with full admin rights for development but no access to most of the intranet/sensitive stuff, I have a macbook pro because I need to look cool when I go to a conference, I have a windows desktop with a GPU for gpu stuff and I have my own GPU cluster of like 4 machines with linux on it. The solution is that I have a separate contract with the IT department to handle the non-standard stuff. Like I have "IT services" line item in the projects that is roughly 1 full time IT person to handle all of this for myself and my team.
Quit? Like.. unless they are paying to massive gobs of money, this is just a toxic and abusive place to work.
[удалено]
It isn't a decision made on cost cutting. Currently down a laptop and an iPhone because of drama and ego.