From Previous Admins With Love

loyalwinborn · 2015-10-09T16:10:48.000Z

Thanks for the critique bobmccoy.

National Institute of Standards and Technology (NIST) IT series has great process management on IT cycle, security and processes.

How does your team share/update sensitive configuration data in a secure manner? My administrative assistant has access to an electronic file, and the safe has a paper file of all new critical admin accounts. We log admin account access, so we can tell if they have ever been used as well. I do also assign admin access to Volume Licensing, and other things to other key staff members as well. They don’t make purchasing decisions on those things but they can access them and assist in my absence and even in a change of personnel in my own position.

What tools are you using to track changes to critical systems? We have a board and a team of key decision makers that are always notified of recommendations. Vote on the change, and track implementation. I have a major say in what we are doing, but I do not have the only say, and I do answer to people who document as well. We do not follow ISO standards on change logging, but we do keep all of our recommendations and actions recorded for the board and for our own review as well. Again, we do follow NIST recommendations loosely on documenting changes.

How are you now managing physical keys that will be needed at some future point? Keys are in a box on the wall in the safe. Our safe is a big room built to safe specifications much like a bank safe deposit room.

@bobmccoy

voyagerxii · 2015-10-09T16:55:26.000Z

After my predecessor retired and they hired me to take his place I found that all the computers are set to static IP, No DHCP, No group policies, no home directories for the users so they save files to their individual computers - if they fail, they will all loose their information. No firewall to the outside world, no real good anti-virus protection, we have only about 20 users but yet, there were more than 200 users in AD. I’ve been playing clean-up crew since I started this job, slowly but surely I will get this all corrected. Oh, Yeah, and the servers are all in an open office area instead of being in a server room. Now, take in consideration that were are a small manufacturing company, lot’s of welding going on out in the plant which results of lots of iron in the air, any piece of equipment with a fan looks bad and has to be cleaned every so often, more then normal cleaning. It’s scary and spooky but I still get it done.

dreniarb · 2015-10-09T17:10:23.000Z

HornAlum:

Jason1121:

Our internal Windows domain name matching our external domain name. We want to drop the www from our site but we can’t since internally the root of our domain points to our domain controller, not our web server.

From what I’ve seen, this used to be a bad thing, but it doesn’t seem like as bad practice as it used to be.

Yes, I’ve noticed that a lot of places are not warning against this now. But I have to wonder what they expect you to do if you want to run a website off that root domain? I can’t imagine anyone recommending running a public facing website off a domain controller. i’m sure it’s been done, but yikes.

mike-dresser · 2015-10-09T17:12:51.000Z

Paperclip didn’t work on the QNAP? They’re a pretty simple lock fortunately.

smairajali · 2015-10-09T17:35:44.000Z

For a change, my predecessor did a pretty good job of both documenting and making sure things were done accordingly, for the most part. My goal is to leave it the same way or better but I’m sure there will be somethings the next person will find. The only complain I do hear about him from users is that he also loved to watch surveillance videos and spent a little too much time on that.

alanmackenzie2 · 2015-10-09T20:20:55.000Z

If you need to pull one of those QNAP drives pronto, just keep pulling on the door. In my experience the “security” is nothing more than a little plastic tab that will break. No great loss.

chrishoyal · 2015-10-10T01:50:21.000Z

Not admin, but as the hardware tech, walked in to a job replacing a guy who was fired for sleeping on the job. First order of business was an inventory of equipment, because no one knew where anything was and I had over a months worth of tickets that didn’t appear to have been touched. 1 week later:

2 desktop PCs that did not exist. In the system as received and deployed, but not anywhere in the building (1 day after hours getting the SNs of every system in the building to confirm).

3 laptops setting in my office that didn’t exist in anywhere in the system (even had to go back to every deployment and recovery ticket from the past year… nope). What’s more… no one who was supposed to have gotten a laptop didn’t have one.

2 printers “deployed”… but not plugged into anything other then power (and no, they weren’t wireless). They had been “installed” in the offices in question for 6 months and no one ever figured out why they couldn’t print to them.

and that doesn’t do more then touch the tip of the iceberg. I spent my first 2 months there splitting time between cleaning up his shortcuts and actually doing the repair and installs I was hired for.

fengguanjin · 2015-10-10T03:09:58.000Z

smittymanjensen:

I intend to leave behind an easy to understand and well documented infrastructure one day.

What I recently inherited – a failure proof system of network and power cabling. The strips powering our phone, security DVR, and firewall are plugged into cheap PDUs plugged into another PDU and finally into a wall outlet.

I got one nearly as bad as this. I’ll post it up when i’m free…man…if u can tidy up this place, you should take a photo (before and after) and stick in on your Resume.

rmuniz9336 · 2015-10-10T15:40:37.000Z

Almost ever place I’ve ever had to take over, I’ve been left a mess, and when I leave, I leave a document behind on where things are (keys and etc.). The idea is, I wasn’t them to know where things are rather that have to stumble about.

In one case, I spent two weeks putting this together, gave it to the team lead, only to have all this stuff accidently tossed in the trash. Oh well, best laid plans . . .

ciaranreilly · 2015-10-11T14:55:00.000Z

Have I had the ‘mystery key’ issue? Yes

Have I had to physically break and drill out locks on NAS devices, servers and cabinets as a result: Yes

Have I found missing / long ‘decommissioned’ equipment still in place and the new replacements missing: Yes

Do I regularly find work that was never completed but was documented as being so: Yes

Do we have regular disasters caused by the tweaking of systems / changing of credentials to something not documented: Yes - see my post in this thread .

In short, we had a (thankfully, now ex colleague) who was a total nightmare. This guy was an information hoarder and deliberately went out of his way to keep key information and procedures to himself. When questioned and asked for key data, he saw it as a ‘threat’ / challenge to his obvious superiority over the rest of us. If asked ‘Bob whats the login details for ABC’ or ‘How does XYZ work?’ he would respond saying ‘No its Ok, I’ll do it’, in an effort to make himself indispensable and keep everyone else out of the loop, so we essentially couldn’t work on / fix certain systems.

When other people were equally / better skilled than him at something, he would take it as a personal insult and huff about it. Rather than co-operating and working as part of a team, he would isolate himself and go out installing / fixing / doing things by himself for days at a time. Even now a few years later we are still finding things out in the field that he claimed for days and weeks of overtime to complete, but we find the work was never done. He saw the day to day operations of the department and things like dealing with users as something that was beneath him and not his concern, and would pick and choose the fun little projects he wanted to be involved in and would disregard the mundane / hard stuff and everything else. He would make ad-hoc changes to critical systems and would then deny it when things screwed up and crashed, and would even go so far as to do the whole hero ‘Look at me, I fixed it!’ routine to management when he undid whatever change he shouldn’t have made in the first place. He treated the network like his own personal little lab to play around with and learn things. He constantly arrange overtime for ‘maintenance’ and would do no quantifiable work, he could be found sitting reading a book or watching Netflix. If other members of the department offered to stay and help he would either plain ignore them and not say what he was working on and needed help with, or fob them off by saying stuff like ‘Its really a one person job’. Then he would complain to management that he got no help and support from colleagues.

He was a very clever manipulative individual and for numerous reasons which I wont go into here, management seemed to have a total blind spot to what he was doing. One by one, every other member of the department voiced their concerns but it fell on deaf ears for a long time.

Long story short, he is no longer there, and although we are drowning in work, the atmosphere is just 100 times better than it was.

When he left he formatted his machine and I had to do a forensic recovery on it, on there we found tons of his own personal documentation where he had changed the passwords for numerous things to something different than what was in our documentation. From this we found some, but not all, the missing passwords and setups.

But, it’s just the gift that keeps on giving, not a month goes by when we don’t find something he interfered with, screwed up, or re-did in his own image, because ya know, his way was always ‘better’.

We’re slowly but surely finding and fixing everything he painstakingly fucked up.

From previous admins with love indeed

fengguanjin · 2015-10-11T23:03:00.000Z

KingKarp:

smittymanjensen:

I intend to leave behind an easy to understand and well documented infrastructure one day.

What I recently inherited – a failure proof system of network and power cabling. The strips powering our phone, security DVR, and firewall are plugged into cheap PDUs plugged into another PDU and finally into a wall outlet.

I got one nearly as bad as this. I’ll post it up when i’m free…man…if u can tidy up this place, you should take a photo (before and after) and stick in on your Resume.

As mentioned earlier, was really upset when I first saw the condition, when people about to resign, this is their attitude. It stinks.

BEFORE:

Before1.JPG800×598 110 KB

Before2.JPG717×960 94.9 KB

----------------------------------------------------------------------------------------------------

AFTER I cleaned it up:

After2.JPG800×598 105 KB

After1.JPG717×960 95.8 KB

warezwolf · 2015-10-12T13:35:09.000Z

Thanks fengguanjin . You have given me something to shoot for.

Since I have no time to clean or organize as I fly from one Fn emergency after another, I have decided my replacement will have at LEAST 6 months of digging out with no keys or passwords.

“How do you like me now?”

davidlimmage2324 · 2015-10-13T06:31:07.000Z

no passwords, no documentation, and the users have odd instructions such as

User of software 1: I open this software, click the first go button, then the second go button first up in the morning and before I leave.

Me: Can you tell me any more about what it is for, or anything else

User of software 1: If it says error I need to tell you.

User of software 2: Sometimes I have to open this software and click this button

Me: Do you know what for?

User of software 2: No.

Me: Do you need to click it at any particular times, or before or after any particular events?

User of software 2: No, just when ever I think of it.

Me: So how often do you click it?

User of software 2: Sometimes I get frustrated and click it repeatedly, but sometimes I’m busy and don’t do it for a week or 2.

Software1: was a B2B communication package, and was why deliveries to some companies kept on being rejected on the first attempt at delivery.

Software2: I’m not so sure of exactly what this was anymore, but I think it was to do with ensuring we had enough license keys to put into the software boxes we were selling. That was about 80% of the business of the company.

halhorton · 2015-10-13T09:45:30.000Z

Mt predecessor left me with basically the same setup. I had to figure it all out as I went along

alexanderp2 · 2015-10-13T11:30:10.000Z

NetTechMike:

Fix for the QNAS key:

Quick Fix: Lost QNAP Key for Hard Drive Tray

I’ve done something similar to this by taking the tube part of a bic pen, heating it up with a lighter, and shoving it over the post. Let it cool and twist.

Sick solution Thanks a lot.

The day will come when this saves a lot of asses somewhere… for sure…

BTW: If QNAS knows about this “emergency key” ? …

seanb1138 · 2015-10-14T12:09:02.000Z

My predecessor installed 2.5" SSDs in all of our workstations with no 2.5-3.5" adapter trays. Just left them, literally, hanging out inside the cases. Seriously? They’re like $2.00 each…

I’m assuming his predecessor did this: Purchased Office 2007 Upgrades, about 25-30 actual discs with licenses. Each software key seems to be good for three uses, I know this because some are marked “3 done” while others are marked with a single computer/user that it was used for. So I have a stack of licenses that may or may not be usable. It seems that it would have made more sense to expend all 3 uses on one, expend all 3 on the next one and so on, but that’s just me. And of course some of them are NOT marked appropriately so I’m rolling the dice as to whether or not I will be able to activate Office any time I have to reinstall. We build to need right now and have aging workstation hardware failures from time to time so re-installations are not uncommon.

jonathanvincent · 2015-10-23T09:13:58.000Z

I recall reading a reddit story about something like that a few months back… you wouldn’t happen to be the one who posted it, would you? I can provide a link if you’d like to read.

loyalwinborn · 2015-10-23T10:54:01.000Z

No, I don’t read or post on reddit. I am betting it is more common than just here. The picture of the QNAS is the actual item I am referencing.

benjatc · 2015-10-29T13:25:52.000Z

This was the office (and actual working conditions) from the guy before me. Took me two days to dig out of it. That’s not including the time it took me to vacuum all of the dead skin from of the desks and out of the folds of the chair. It took three years, but I finally got management to agree to replace that chair!

13137_10151581997350802_428544751_n.jpg800×600 102 KB

dreniarb · 2015-10-29T13:41:29.000Z

BenJATC:

This was the office (and actual working conditions) from the guy before me. Took me two days to dig out of it. That’s not including the time it took me to vacuum all of the dead skin from of the desks and out of the folds of the chair. It took three years, but I finally got management to agree to replace that chair!

Have you managed to keep it clean? Got an after picture?