Take their rights away!!!

As all of you know, I work in the IT field.  It is my job to keep all of our users up and running at all times, so that their time at work is not spent twiddling their thumbs. Over the past couple months we have made the move to Windows 7.  With this move, we implemented a new security standard that took away all local admin rights on every user’s machine.  For those of you that may not know what this means, it simply means that the user is unable to install applications, make system changes, and ultimately they can only use the system as a work computer.  All of their freedom is stripped away and the only good their computer serves them is the ability to work.

Like with anything else, if you take a person’s freedom away they will protest it.  To combat against this, our company has a special form that requires a VP signature.  The form is filled out by the user and he or she must state the reason and benefit for their request to have local admin rights to their own system.  In one case, one of our employees raised a ruckus and was granted local admin rights.  I knew from day one that this was a mistake but I am not the one who makes that decision.  If the VP says that a specific person should have local admin rights and the freedom to do what they want on their machine, then I will follow that and support it.  In some cases, the user will need local admin rights because their job requires them to have the freedom they need to make changes to their system in order to do their job.  I am all for this, but in this specific case I knew it would be trouble.

Sure enough, today the person came to me and needed a new sprint card installed, which would allow them to grab an internet signal no matter where they are.  Ok fine, no problem right?  Wrong!  She gave me her laptop, I opened it up and turned it on.  HOLY SMOKES!!!!!  As soon as the system loaded to the desktop, the laptop started shooting off error messages.  The first sign that her system was completely hosed!  Her desktop was riddled with more communication, instant messeging, and VOIP (Voice over IP like Skype) applications then I even knew existed.  The computer spent the next 10 minutes just starting up all the programs loading up in the background.  The first thing I did was try to remove the old version of the program I needed to install for her in order for her to use the sprint card.  Unfortunately, I could not remove it.  This was the second sign that this system had more issues than meets the eye.  As soon as I tried to over write the old application with the new…. I received the dreaded ” Error: 1606.  The network location could not be located %Appdata%\.”  If your in IT, you know this error and it is one of the worst error an IT professional could experience when working on a user’s system.  This error simply means that no application can ever be installed moving forward.  There are tons of efforts to try to fix this issue and I have tried them all with no success.  This error (to me) usually meant I would have to rebuild the user’s system.

This really pissed me off inside, because I knew from day one this particular user should not be given local admin rights.  Obviously, I was right.  She hosed her system in a major way and has now cost me a couple hours of work time I could be doing other more important things.  Eh well.. it is my job to take care of these users even if I don’t always agree with their actions.  Sort of like a paramedic helping someone who injured themselves while committing a crime or a stupid act.  In any case, I was determined to find a fix.  Three hours later and a late night at work and it paid off!  I did some research on line and found many of the same fixes that I found before that did not work.  But, something dawned on me… while researching these fixes.  So, i grabbed information from one site and i compared it with another and it stood out like a sore thumb.  I came up with a theory to fix the issue so I gave it a shot…. and oh my lord.. it fixed the issue!  It even stopped all errors on boot up.  Amazing and I have documented it, so that I can pass it on to my peers.  This fix will save many many hours of work for our team, so this was a significant find.

Any how, the title of this post says it all:  Take their rights away!!!     I know many of you may not like to have your local admin rights removed, but you have to understand that we have to protect our network from people like the one described in this post.  Many people treat the work computer like it was their own and well i have some news for all of you… It’s not yours!  So treat it like it should be treated and make life easier on yourself and your IT professionals that support you.

Any how, I thought i would share that story so those who have had their local admin rights removed can see it from an IT perspective.

Off the subject, I have included a little taste of some music I was listening tonight.  Pretty peaceful stuff.

This is by a group called Delerium.  The song is called Lamentation.  Enjoy!


One response to “Take their rights away!!!

  • Jeff

    Spoken like a true irritated IT guy. 😉 I’m surprised you guys aren’t running VM’s for your desktop clients.

    I do agree with the scorched earth policy in business though. People are there to work, not play on the computer. I take a similar approach to client computers in the home. I have found that just keeping an admin account locked with a password and everyone else as limited users has saved a TON of headaches IF the clients stick to the plan. Those that don’t, call me at least 3 months later because of malware or something they changed when they were playing somewhere they shouldn’t be.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: