Applications; Portable vs. Installed
-
@jmoore said in Applications; Portable vs. Installed:
I agree totally but HR does not deal with them properly, if at all.
That's incorrect. Whoever HR deals with them is how HR deals with them. What is "proper" is defined by HR. If HR doesn't "deal" with them at all, then the issue does not exist. Full stop. IT has nothing to do with defining what is proper. If HR approved or allows it, then it is IT attempting to undermine HR's decisions and IT that has gone rogue.
If HR wasn't doing what was wanted, then management above them have the duty to step in. They've not, so we have to assume HR is doing what is wanted and that IT alone is now the malicious actor trying to violate company policy.
There is never a connection from "HR did X, so IT has to make up for it by doing Y". As an IT pro, that thought should never enter your head. This is what we call "AJ Syndrome", where someone in IT decided that "the CEO is a fool and I should seize control of the company by force, to protect them from themselves." It's never a good idea.
-
@scottalanmiller said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
and ask me to enforce it as best I can.
Because they don't know how, presumably
Quite possible. I figured out I can use wmic to do this so I made it a script and run it every few weeks.
-
@jmoore said in Applications; Portable vs. Installed:
@scottalanmiller said in Applications; Portable vs. Installed:
Why is IT trying to enforce things HR is allowing? Why is one system admin deciding unilaterally that he's in charge of employee's and their jobs and that HR and their managers are not? And if he feels this way, why has he not addressed limiting the ability to run binaries?
Unfortunately I can't answer any of that.
I can. Because IT is the rogue security risk. Sure, not stealing data. But breaking the rule and going off on their own to try to get control that they were not granted. If any other user did this, IT would demand action against them. Right?
Imagine if any end user sensed IT doing this and starting trying to hack passwords or otherwise gain control of systems to "protect the company from IT"? Sounds bad, right? But that's what IT is doing in reverse.
-
@jmoore said in Applications; Portable vs. Installed:
I have never seen repercussions from someone doing these things. Basically we are paid so bad here , they don't get rid of people unless something truly outrageous happens and that is pretty rare. People almost always leave on their on first. We have a high turnover rate.
Right, so you even have some logic as to why these things are allowed - because it's perceived as part of the compensation package to have this freedom. So if IT is trying to interfere with HR's agreements with payroll and the employee, we've got a serious breach in the IT department.
If this was my company, and IT was attempting to sabotage employee relationships by attempting to seize HR's job and deciding unilaterally that the business wasn't allowed to make decisions and only a system admin in the middle of the IT stack was to run the company, you can bet we'd not look on it well.
From a CEO / owner perspective, this is a huge security risk having a system admin that is willing to act this way, as you can imagine. Put yourself in the CEO's shoes... you task HR with keeping employees happy, and one lone rogue actor in IT decides that he doesn't appreciate the CEO and HR's decisions and takes it on himself to punish employees. OMG!!!
-
@scottalanmiller said in Applications; Portable vs. Installed:
That's incorrect. Whoever HR deals with them is how HR deals with them. What is "proper" is defined by HR. If HR doesn't "deal" with them at all, then the issue does not exist. Full stop. IT has nothing to do with defining what is proper. If HR approved or allows it, then it is IT attempting to undermine HR's decisions and IT that has gone rogue.
Well Hr does not deal with them and I am told by my management to deal with it like this. Management = my supervisor & vp.
-
@jmoore said in Applications; Portable vs. Installed:
@scottalanmiller said in Applications; Portable vs. Installed:
No, you have no control. But you do have control over how you look at it and present it or talk about it. It's very, very important that you understand that it's hubris and confusion of an impotent admin who is attempting to flex his muscles (and failing) to try to show employees that he's their "master" and they must bow powerlessly before him, while defying HR and management, while also completely misunderstanding computing and failing to in any way do what he set out to do.
I get what your saying and am learning how to properly look at things. That is why these discussions are good!
Exactly, that's my goal. I know you can't fix a bad company. You can't change your circumstances, but you can change your reaction to it. And going through the exercise of "what are they doing wrong" can be incredibly educational. This is where @WrCombs can be getting a lot of his education... his employers know nothing of IT at any level, and if he learned to react to every word out of their mouths as gibberish, and then researched to find out what is true, he'd move a lot faster. The temptation to try to rationalize our employers and assume that they are somehow acting correctly in a way we can't quite explain is dangerous, because rarely is that true but we can mislead ourselves dramatically if we are not careful.
-
@scottalanmiller said in Applications; Portable vs. Installed:
There is never a connection from "HR did X, so IT has to make up for it by doing Y". As an IT pro, that thought should never enter your head. This is what we call "AJ Syndrome", where someone in IT decided that "the CEO is a fool and I should seize control of the company by force, to protect them from themselves." It's never a good idea.
I understand what your saying and I agree. I am not trying to make any connection, I am just following orders. I feel like a Nazi now:(
-
@jmoore said in Applications; Portable vs. Installed:
@scottalanmiller said in Applications; Portable vs. Installed:
That's incorrect. Whoever HR deals with them is how HR deals with them. What is "proper" is defined by HR. If HR doesn't "deal" with them at all, then the issue does not exist. Full stop. IT has nothing to do with defining what is proper. If HR approved or allows it, then it is IT attempting to undermine HR's decisions and IT that has gone rogue.
Well Hr does not deal with them and I am told by my management to deal with it like this. Management = my supervisor & vp.
Right, but does HR know that your manager is a rogue security risk in the org actively working to undermine the CEO and the organization as a whole? Even if you are powerless to do anything here, in any healthy company, it would be your responsibility to blow the whistle that you have a malicious person with access to systems and that someone (HR or higher) needs to determine if they should be allowed to keep having access.
On Wall St. if this wasn't reported, anyone who even knew about it could be fired as you aren't allowed to keep known malicious activity secret.
-
@scottalanmiller said in Applications; Portable vs. Installed:
If any other user did this, IT would demand action against them. Right?
Well, I have never seen that happen either and there have certainly been situations where it should have happened.
-
@scottalanmiller said in Applications; Portable vs. Installed:
If this was my company, and IT was attempting to sabotage employee relationships by attempting to seize HR's job and deciding unilaterally that the business wasn't allowed to make decisions and only a system admin in the middle of the IT stack was to run the company, you can bet we'd not look on it well.
Its not just the admin, its the vp too. I get put in all kinds of uncomfortable situations because of this.
-
@scottalanmiller said in Applications; Portable vs. Installed:
From a CEO / owner perspective, this is a huge security risk having a system admin that is willing to act this way, as you can imagine. Put yourself in the CEO's shoes... you task HR with keeping employees happy, and one lone rogue actor in IT decides that he doesn't appreciate the CEO and HR's decisions and takes it on himself to punish employees. OMG!!!
i agree totally. All these things you have mentioned have been the foundations of my complaints for years now. I just didn't voice them. I also agree it looks bad on me that I have stayed so long. I kept hoping I would be rewarded for loyalty and putting up with things. Bad logic, I know.
-
@scottalanmiller said in Applications; Portable vs. Installed:
his employers know nothing of IT at any level, and if he learned to react to every word out of their mouths as gibberish, and then researched to find out what is true, he'd move a lot faster
Yes i do take everything with a grain of salt. I was originally told we did not have a way to scan for rogue apps on our systems. Yet, I found a way to do it through wmic in powershell. I found that incredulous so researched it myself at home and found a solution quickly. After I presented it, she just said "good for you" and nothing more said of it.
-
@scottalanmiller said in Applications; Portable vs. Installed:
The temptation to try to rationalize our employers and assume that they are somehow acting correctly in a way we can't quite explain is dangerous, because rarely is that true but we can mislead ourselves dramatically if we are not careful.
I agree and I am as guilty of this as anyone, especially in the past when I had less experience. As I gain experience I am learning to evaluate things better little by little.
-
@scottalanmiller said in Applications; Portable vs. Installed:
Right, but does HR know that your manager is a rogue security risk in the org actively working to undermine the CEO and the organization as a whole?
Well the highest HR position is called a director of HR and lower than our VP of IT so she powerless in that situation. I disagree with this model entirely also, our VP's have too much power over other departments.
-
@jmoore said in Applications; Portable vs. Installed:
@scottalanmiller said in Applications; Portable vs. Installed:
Right, but does HR know that your manager is a rogue security risk in the org actively working to undermine the CEO and the organization as a whole?
Well the highest HR position is called a director of HR and lower than our VP of IT so she powerless in that situation. I disagree with this model entirely also, our VP's have too much power over other departments.
HR should have dominion over all including CEO.
-
Not making business decisions of course, but when it comes to human resources side. Nobody is immune
-
@gjacobse said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
@gjacobse said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
One thing I found about portable apps is occasionally a smarter user will install these. Yeah, it gets around our permissions in Ad because they do not modify the registry. so I do not like them for that reason. I can't have users installing whatever they want.
Something else you can do to make chocolatey easier to install in multiple places is use an xml file with the apps you want for yourself or for departments. I made one for myself but I really don't use it, however I have one for a few different departments here because they some specific things and its hard to remember the install names on each. So I just carry them around on a flash drive.
I'm curious on how you set this up,.. I know I have just been using a simple batch file once the core is installed.
<?xml version="1.0" encoding="utf-8"?> <packages> <package id="googlechrome" /> <package id="firefoxesr" /> <package id="flashplayerplugin" /> <package id="adobereader" /> <package id="jre8" /> <package id="7zip.install" /> <package id="vlc" /> <package id="powershell" /> <package id="silverlight" /> <package id="quicktime" /> <package id="irfanview" /> <package id="treesizefree" /> <package id="windirstat" /> <package id="crystaldiskinfo" /> </packages> </xml>
this file is called staff.config
Then i just use:choco install d:\packages.config –y
I'll have to give that a try on my next build. neat way to address the install.
Why not utilize proper configuration management tool for that? Ansible for example works very well with Chocolatey. The above approach might sound cool, but to me it's more of a stone age way.
-
@marcinozga said in Applications; Portable vs. Installed:
@gjacobse said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
@gjacobse said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
One thing I found about portable apps is occasionally a smarter user will install these. Yeah, it gets around our permissions in Ad because they do not modify the registry. so I do not like them for that reason. I can't have users installing whatever they want.
Something else you can do to make chocolatey easier to install in multiple places is use an xml file with the apps you want for yourself or for departments. I made one for myself but I really don't use it, however I have one for a few different departments here because they some specific things and its hard to remember the install names on each. So I just carry them around on a flash drive.
I'm curious on how you set this up,.. I know I have just been using a simple batch file once the core is installed.
<?xml version="1.0" encoding="utf-8"?> <packages> <package id="googlechrome" /> <package id="firefoxesr" /> <package id="flashplayerplugin" /> <package id="adobereader" /> <package id="jre8" /> <package id="7zip.install" /> <package id="vlc" /> <package id="powershell" /> <package id="silverlight" /> <package id="quicktime" /> <package id="irfanview" /> <package id="treesizefree" /> <package id="windirstat" /> <package id="crystaldiskinfo" /> </packages> </xml>
this file is called staff.config
Then i just use:choco install d:\packages.config –y
I'll have to give that a try on my next build. neat way to address the install.
Why not utilize proper configuration management tool for that? Ansible for example works very well with Chocolatey. The above approach might sound cool, but to me it's more of a stone age way.
Not approved here. However i can use powershell all I want.
-
@jmoore said in Applications; Portable vs. Installed:
@marcinozga said in Applications; Portable vs. Installed:
@gjacobse said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
@gjacobse said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
One thing I found about portable apps is occasionally a smarter user will install these. Yeah, it gets around our permissions in Ad because they do not modify the registry. so I do not like them for that reason. I can't have users installing whatever they want.
Something else you can do to make chocolatey easier to install in multiple places is use an xml file with the apps you want for yourself or for departments. I made one for myself but I really don't use it, however I have one for a few different departments here because they some specific things and its hard to remember the install names on each. So I just carry them around on a flash drive.
I'm curious on how you set this up,.. I know I have just been using a simple batch file once the core is installed.
<?xml version="1.0" encoding="utf-8"?> <packages> <package id="googlechrome" /> <package id="firefoxesr" /> <package id="flashplayerplugin" /> <package id="adobereader" /> <package id="jre8" /> <package id="7zip.install" /> <package id="vlc" /> <package id="powershell" /> <package id="silverlight" /> <package id="quicktime" /> <package id="irfanview" /> <package id="treesizefree" /> <package id="windirstat" /> <package id="crystaldiskinfo" /> </packages> </xml>
this file is called staff.config
Then i just use:choco install d:\packages.config –y
I'll have to give that a try on my next build. neat way to address the install.
Why not utilize proper configuration management tool for that? Ansible for example works very well with Chocolatey. The above approach might sound cool, but to me it's more of a stone age way.
Not approved here. However i can use powershell all I want.
What? You have java, flash, silverlight, quicktime and adobe reader approved but configuration management tools are not? Wtf?
-
@marcinozga said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
@marcinozga said in Applications; Portable vs. Installed:
@gjacobse said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
@gjacobse said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
@jmoore said in Applications; Portable vs. Installed:
One thing I found about portable apps is occasionally a smarter user will install these. Yeah, it gets around our permissions in Ad because they do not modify the registry. so I do not like them for that reason. I can't have users installing whatever they want.
Something else you can do to make chocolatey easier to install in multiple places is use an xml file with the apps you want for yourself or for departments. I made one for myself but I really don't use it, however I have one for a few different departments here because they some specific things and its hard to remember the install names on each. So I just carry them around on a flash drive.
I'm curious on how you set this up,.. I know I have just been using a simple batch file once the core is installed.
<?xml version="1.0" encoding="utf-8"?> <packages> <package id="googlechrome" /> <package id="firefoxesr" /> <package id="flashplayerplugin" /> <package id="adobereader" /> <package id="jre8" /> <package id="7zip.install" /> <package id="vlc" /> <package id="powershell" /> <package id="silverlight" /> <package id="quicktime" /> <package id="irfanview" /> <package id="treesizefree" /> <package id="windirstat" /> <package id="crystaldiskinfo" /> </packages> </xml>
this file is called staff.config
Then i just use:choco install d:\packages.config –y
I'll have to give that a try on my next build. neat way to address the install.
Why not utilize proper configuration management tool for that? Ansible for example works very well with Chocolatey. The above approach might sound cool, but to me it's more of a stone age way.
Not approved here. However i can use powershell all I want.
What? You have java, flash, silverlight, quicktime and adobe reader approved but configuration management tools are not? Wtf?
lol, see that other thread about where Scott and I are discussing my work. That should explain things.