On Fri, 04 Jul 2008 06:32:51 +0200, Gail Shaw wrote:

> "Jim Henderson" <nos### [at] nospamcom> wrote in message
> news:486d5613@news.povray.org...
>> On Thu, 03 Jul 2008 23:16:17 +0300, Eero Ahonen wrote:
>>
>> > Admins need to be people you can trust, because they actually can
>> > read your files/emails .
>>
>> I've been saying that for *years*.  I'd get questions every once in a
>> while from managers wanting to keep their IT people out of files on the
>> network.  My first question was always "why don't you trust your IT
>> admins?".
> 
> I see a similar question on the SQL forums all too often.
> 
> How do I prevent the database administrators from seeing the
> views\procs\data in a database?
> Simple answer: You don't

It's just amazing to me that this attitude exists in business.  At the 
same time, it's not surprising to me because clearly the people who are 
asking these questions don't understand the meaning of "unrestricted" in 
the phrase "unrestricted access".

> I was in a training course once with a whole bunch of sysadmins (windows
> server 2003) and while the instructor was out of the room, one was
> boasting that he could surf any website regardless of the company's
> internet usage policy and he would never get caught.

The funny thing is, a sysadmin who thinks like that is more or less bound 
to get caught violating the policy.  My first rule of use of systems in 
the office:  *Always* assume someone else is watching.  It might also be 
appropriate to add "and they're out to get you." - even valid sysadmin 
decisions to restrict access lead to users with a chip on their shoulder 
who want to show you up.  Don't give them the chance:  Follow the same 
rules you expect them to follow.

Otherwise, when they find out (and they will), you're the one with 
"hypocrite" tattooed on your forehead.  And that follows you to every job.

> For some reaon, I found that a most offensive attitude for a sysadmin to
> have.

I would agree with that.

Jim

Post a reply to this message