Being an IT administrator can be an enjoyable, rewarding job. So is parenting, for that matter. But being an IT administrator can also be incredibly stressful with frequent hair-pulling moments. Again, those amongst us that are parents no doubt share those experiences, too. The only difference is that, after 18 years, your kids are adults and can become someone else’s headache!
So how do you reduce those hair-pulling moments at work so you can continue to quietly endure them at home? Let’s talk about what you can do to keep your IT environment safe from uncomfortable circumstances.
Have you ever turned up to work only to find there is an outage or something has broken? Did you ever ask yourself who’s touched or changed something? I know I have.
Many moons ago, I was a major incident manager for a large financial institution in Australia. Major outages were becoming a common occurrence and, as usual, no one knew or admitted to knowing who made a change or broke the system. A bit of honesty would have gone a long way in shortening the outage window, but of course, no one wanted to take the fall, especially when they feared their job was on the line.
And parenting is no different. One day last week, I noticed that my home Wi-Fi wasn’t working. When I asked my children who touched the router, I got the same response from all four kids: “It wasn’t me!” As you can imagine, I was more displeased with the lack of admitting to the wrongdoing than the fact that the Wi-Fi wasn’t working. As it turned out, my oldest kid had been looking over my shoulder when I was setting some restrictions on the router to limit the use and decided to try his luck on removing the limitations I had imposed.
This is no different than when an administrator tries to make a change (approved or not) and causes an outage. Just like my children, the administrator won’t want to fess up to their mistake in fear of getting in trouble with the boss. From experiences I’ve had, instead of coming clean, the administrator would often try to go off on their own and try to recover it. Doing this will not only hinder the time of service restoration, but also could lead to further issues.
So what information was needed? What change was made, who made the change, why was the change made and when was the change made that led to the outage? This information can be imperative to a speedy recovery of service.
Just like my son playing on the router, I was able to look at the logs and see when it happened. From there, I could work out that it was one of my two sons and, through a little coercion, I got a confession. Unlike kids, administrators are unlikely to admit to fault. A smart (or shifty) administrator will go one step further and delete the logs — or even change the retention period so they automatically purge. When asked for the logs, nine out of 10 times, I was told they have been overwritten or deleted.
In a production environment, you can look at things such as locking down access from particular people or machines. The Quest® Change Auditor software solution not only blocks access regardless if you’re a domain administrator or not, it can also log all the events of attempting Active Directory (AD) changes. This is written to its own logs that can’t be deleted. Stored in a secure SQL database, it won’t care that the administrator has deleted the local logs. Change Auditor is independent of those native logs and collects the information with a direct API connection. So you no longer get stories about lost native logs, or the typical story of logs being deleted on a domain controller (DC) because there wasn’t enough space on them/if only the DC had higher specs.
Applying this back to parenting, what if your kids invite the neighbor’s kids over to play. Your kids give them access to the Wi-Fi and, before you know it, you’re using your monthly download limit in the first week, and boy does your internet run slow! Who would have thought that playing the latest online game would limit your ability to do your online banking?
So is true with people outside your organization gain access to your environment for a set piece of work, but unknowingly, you don’t remove it from them. What if a contractor comes in to do a set task, you give them Domain Admins rights to complete their work, and then one day, this contractor is sick and assigns Domain Admins rights to their work colleagues? They are working remotely, and you haven’t vetted or approved this person to have elevated rights. How would you know?
Ideally, you would want to limit who can get access to privileged groups. Lock it down without preventing authorized users from doing their jobs. Again, Change Auditor not only protects these privileged groups, it can also alert you to the fact that someone is attempting to do this. With that information, you can target these people with some warnings or training about what they have tried to do — much like educating your children on the dangers of giving out access to your home network.
Being a parent can be rewarding and challenging. Being an IT manager can also have its challenges and rewards. But armed with the right tools and skills, you can help eliminate those “Oops Dad, I accidentally broke the TV” moments.