Thanks, but don't get me started on the other engineers - software and test. There are perhaps 5 of them out of 75 or so whom I'd trust out of my sight near a computer with or without admin privileges.
Fortunately, they're mostly sequestered in a lab that's across a layer3 boundary, and have mostly stopped causing chaos in the production network. Kurt On Fri, Sep 25, 2015 at 6:22 AM, Jonathan Raper <[email protected]> wrote: > Like doctors who make terrible patients.... > > Engineers make some of the worst end users! > > Thanks for the laugh and I'm so sorry. > > Jonathan > > Sent by Outlook for Android > > > > > On Thu, Sep 24, 2015 at 3:50 PM -0700, "Kurt Buff" <[email protected]> > wrote: > > I want to take away admin rights from all of our users. It's not just > about security. It's about ignorance/stupidity > > One of our field engineers came to us for the 3rd time in a little > over a week, with a laptop that was borked. The accounts had been > deleted, the machine was no longer joined to the domain, the local > administrator account had a blank password and most of the settings > were gone. > > The first two times I wasn't there, and our helpdesk guy had rebuilt > the machine. > > This time, I was there, and we had a quick discussion. > > He's mentioned that he was trying to stand up multiple VMs under > hyper-v, and was ruining his machine in the process. He just didn't > understand how. > > (He wants to stand up multiple VMs, because our customers use a > plethora of VPN clients that like to step all over each other, and it > would make life a *lot* easier to have a dedicated VM per VPN client > type/version - it's a good idea, surprisingly) > > So I had him describe to me what he was doing. (I had to slow him > down, and focus his conversation - he *loves* to talk and digress) > > It turns out that he was building a VM, then doing a sysprep before > copying the VM to stand up a new one. > > Of course, he was sysprepping his host machine, and not the VM. > > What I later learned from the helpdesk guy is that the field engineer > thought that dragging the cmd box on top of the VM and then running > sysprep in it would be sufficient for sysprep to know that it should > be sysprepping the VM, and not his laptop. > > *FACEPALM* > > Kurt > >
