'It's not my fault': Client pays IT specialist $1000 after sharing the administrator password with entire team, leading to major technical issues

Advertisement
  • 01
    "Stop talking nonsense...
  • 02
    Have you considered not giving the administrator password to everyone?
  • 03
    If everyone involved were honest, I imagine the conversation would go like this: "Hello, I am $manager from $customerCompany and I need assistance with a bug! Some important files have AGAIN been changed/moved/deleted/defaced." "Hello, I am $OP, your stupidly expensive consultant here to fix your mess, again. This is not a bug, the files were modified on $date by the Administrator account."
  • 04
    "That's not possible, I'm the only person using the administrator account and I didn't do anything." "Are you 100% sure? If so you may have a security breach and I will need to alert everyone, change passwords, etc etc..." "No, don't change the password, otherwise I'll need to tell everyone all over again!" "Everyone? You said you are the only person with the password."
  • 05
    "Well OF COURSE my coworker has the password for when I'm out. And my team for the jobs I don't want to do myself. And the CEO because he asked, and how can you say no to the CEO." "I'll pretend I didn't hear that. Don't put it into an email or I'll be forced to reset your passwords for real. You know that you shouldn't share passwords, right?" "But we all need to work on this and we all need the highest permissions and anyway I trust everyone not to do anything wrong, ever."
  • 06
    "Sure, I guess those files got deleted all on their own?" "It must have been the new employee, they're very stupid, it won't happen again." "Right. Listen, this is the 24601th time this happened already. How about we make INDIVIDUAL, NAMED accounts for everyone here? I'll even give you all admin privileges, even though I know it's a bad idea, because I know you'll share passwords anyway and at least next time someone breaks something we'll
  • 07
    know exactly who it is and we can go frown at them and get them some basic remedial computer training." "That would be smart, and save us a lot of money and headaches in the long run, so I have to refuse. We will continue with the current system of letting everyone use the administrator account, and I'll call it in a couple of weeks when If k up something else. I meant the intern, it was definitely the fault of an intern."
  • 08
    "Sure thing, that'll be 1k and thanks for your contribution to my quarterly bonus." ... Fictional conversation, real customer. Instead they just insist they have NO IDEA what's happening and I have to roll with it. Take it from me, consultants are not paid for their expertise, we're paid not to laugh in the customer's face when they lie to us about their y security practices. S
  • 09
    Rathmun Set the system to auto-reset the password when more than two devices. log in with it at the same time. "Why does it keep resetting the password!?" "Because you're password all over the place." sharing your
  • 10
    djnehi Nah. When your cow is this stupid just keep milking it.
  • 11
    Brett707 Had a client that gave control of their IT to a marketing guy. He was really good with computers. This guy made his everyday login a domain admin. Then he would use this login to map drives via a batch file on EVERY SINGLE COMPUTER in the clear. He would also send his credentials to every vendor that required
  • 12
    access to software on a server. He would send the creds in the clear as well and even put them in the SUBJECT of emails so to make it easier for him and the vendor. Somehow the company suffered a ransomware a ack and it used his credentials. That guy tried to blame my company for the breach.
  • 13
    rentacle OP I love that, it makes my idiots look positively brilliant by comparison.
  • 14
    1radiationman Sounds like you need to raise your rates by 25% just for this issue... And triple them for the inevitable security incident that's coming...
  • 15
    Equivalent-Salary357 this is the 24601th time Something about oddly specific numbers like this helps make the story even better. Thanks for the smile.
  • 16
    joppedi_72 A company I used to work for around 2010 had all their users being local admin on their company laptops. While some never caused any problems other clicked yes on every popup ever, installed. suspect video codec libraries to watch their illegaly downloaded movies or installed cra d software on their
  • 17
    laptops with the obvious outcome of getting them maleware ridden. Luckily enough they never got any ransomware. I tried telling my manager that this is an accident waiting to happen but he always retorted with "well upper management don't want to inconvinient the sales and marketing staff".
  • 18
    Well one of the biggest perpetraitors were the hopelessly clueless entitled marketing manager. Just to give an example, he bought a song in Apple Music and though that gave him the right to use that song in a marketing video. It wasn't discovered until he showed off the completed video in house and I happened to ask him how he managed to get permission from the artist to use the song.
  • 19
    His respons: "What do you mean, I payed for the song i Apple Music it's mine to use." He ended up having to pay someone to create a new songtrack for the video when I told him and upper management the cost of a potential copyright infringement lawsuit from a major record company.
  • 20
    Anyways back to the admin priviledge issue. This guy's total ineptitude would turn out to be what was needed to get upper management to understand that that they not willing to "inconvinience" the employees by removing local admin priviledges from their laptops was going to cost them reputation, business and embarrasment.
  • 21
    The fatefull day came when our inept marketing manager was holding a meeting with potential large clients, showing off his latest marketing b || t powerpoint presentation on the large projector screen, and his malware ridden laptop suddenly decided to start showing р o popup ads all over his presentation.
  • 22
    Let's just say that it didn't even take a week for upper management to approve the removal of local admin priviledges for everyone.
  • 23
    PXranger And here I thought we were the only company in the world to have a shared Admin account. Ours is in use by the service desk and our field techs, I was flabbergasted to learn when I hired in that it was
  • 24
    shared, it's a fairly small pool of suspects, but we have a few smooth brained techs that cause more work than they fix. It would be nice to know sometimes which one to blame.
  • 25
    rentacle OP And here I thought we were the only company in the world to have a shared Admin account. At this point in my career, I'm more surprised when I'm asked to work on a new system and I DON'T immediately receive every single password.
  • 26
    Ich_mag_Kartoffeln One place I worked we all had separate user accounts. Except IT had gotten sick of people forgetting their login/password, so had changed everybody's account to: Username: SurnameInitial Password: Firstname (or some shortened variation thereof).
  • 27
    So Timothy Smith would logon as SmithT, password Tim; Eric Jones would logon as JonesE, password Eric. And so on. Really hard to work out everybody's logons once you spotted the pattern (which did not take the observational skill of Sherlock and his Homies).
  • 28
    Best part: there was no logging on that system. There was no way of knowing who made what changes, or from where.
  • 29
    Taleigh Years ago I was freelance Network admin for a store. Mostly loved the job, I worked at home with an occasional foray in to one of the 10 store to fix something physical. The only people with network admin passwords were me, the Bookkeeper and the CEO.
  • 30
    One day I started getting calls that the the network was extremely slow. Bookkeeper said that it was taking 1-2 minutes to enter an invoice and stores had to wait 3-5 minutes to process a sale. In I go to discover after checking processes that a music server was running on RAID 3. Logged in under CEO's account. So I called him to get
  • 31
    an explanation. He had given his password to his Son in law. SIL said he needed some storage and we had all these harddrives so why not. Turns out the SIL was running a music service for all his friends and after explaining to CEO I shut it down changed his password and he promised he would never give out his password to anyone again.

Tags

Scroll Down For The Next Article