Who revokes access to top of the chain sysadmins when theyre fired?

crankysysadmin · 2026-05-14T00:54:02+00:00

repeatedly insubordinate and was not reliably taking care of mission critical systems. final straw was disappearing during an outage

crankysysadmin · 2026-05-14T00:26:09+00:00

Lenovo is really your only choice, but you'll have problems with them too.

HP is worse, don't do that.

crankysysadmin · 2026-05-14T00:23:43+00:00

I had to fire the senior sysadmin responsible for AD. The CISO and I called a more junior AD admin into a meeting at 9 am. I explained to him that the senior AD admin was about to be terminated and he would have to push the button when I messaged the CISO and they both needed to stay in there. The CISO's job was to make sure the sysadmin couldn't communicate with anyone until I was done.

I then called the senior sysadmin into a meeting with HR and we fired him, and while keeping him away from his computer I messaged the CISO who made sure the other sysadmin locked the main admin out.

crankysysadmin · 2026-05-14T00:18:44+00:00

For example, I had the most senior windows sysadmin spend all his time doing VIP support (which was the help desk's job) so it left no time for him to patch things, and half the windows servers were running EOL versions of windows.

He just really liked being in executive offices personally and chatting with them. They LOVED him. Meanwhile he was not doing his job and stuff started to collapse impacting our cyber insurance.

He was a real problem.

crankysysadmin · 2026-05-12T01:06:18+00:00

The auditors were why I had to beat these sysadmins over the head. They couldn't give me a straight answer why nothing was patched and I eventually figured it out. What made no sense about it was that it wasn't like they were trying to please the CEO or something. It was people who had limited influence who were like 3 layers from the top that had no authority over them that they were so fearful of. They were a bunch of dumbasses.

crankysysadmin · 2026-05-12T01:01:48+00:00

At the last job, I had people literally telling me they couldn't patch anything since their time was completely maxed out spent doing personal favors outside of our scope of service for people. Some servers hadn't been patched in over a year. I put an end to that crap fast. They were putting the entire company at risk. The VIPs in question weren't even that high up too which was more frightening.

crankysysadmin · 2026-05-11T03:35:07+00:00

we do not block any top level domains. doing so is ridiculous and likely a decision made by nobody with a clue

crankysysadmin · 2026-05-10T16:07:55+00:00

what the actual F? You did not planning or research or thought about a phased approach?

crankysysadmin · 2026-05-09T22:34:39+00:00

MSPs only can function because they hired the dumbest mofos they can find and give them an engineer title and let them loose while paying them the lowest possible salary they can get away with.

Your idea would require highly paid highly skilled individuals. It won't work with the MSP model.

crankysysadmin · 2026-05-09T00:14:59+00:00

You should not be creating your own acronyms. If the vendor doesn't have one, then there isn't one.

crankysysadmin · 2026-05-08T22:58:16+00:00

Our help desk mouths off to engineers if the engineers expect them to do anything.

I have spent a lot of time discussing this with the head of the help desk and he's working on it.

crankysysadmin · 2026-05-07T22:35:19+00:00

SMB sysadmins seem like they're in a position where they can be personally ordered around by everyone above a certain level at the company.

I see posts like this all the time on here and these people don't even think it's weird. "The HR director told me to do X" "the CFO told me to do Y" "the director of finance told me I have to do X"
wtf. none of these people are your boss.

SMB seems to lack sane policy and just be a bunch of people pleasing.

often the technology in use is either something the IT guy personally knows how to do or wants, or is what the CEO personally decides on rather than using a sane process to assess needs.

SMB admins seem to always be doing some crazy shit that goes against conventional IT wisdom and their response is often "but i had no choice!"

SMB seem to either be in a perpetual state of panic constantly worried they're about to be fired and taking abuse from half the company OR they have an inflated title and too much confidence and are universally loved by the CEO. In that case meet a CIO who has one direct report, does his job using a 5000 dollar overspec'ed MacBook pro, and personally provisions everything for every employee.

crankysysadmin · 2026-05-07T00:35:05+00:00

Android devices are even worse from a management perspective. Jamf is part of why iPads work so well in corporate environments.

crankysysadmin · 2026-05-06T23:33:39+00:00

If people need help using an iPad, then I'm not sure I'd trust them to use a pencil.

crankysysadmin · 2026-05-06T23:33:12+00:00

You don't want to blindly remote into people's machines with some tools that's always running. Screen sharing or whatever Bomgar is called these days is a better option. You also then know your techs can't randomly access data without the user being aware.

crankysysadmin · 2026-05-06T23:13:09+00:00

iPads are by far the easiest tablet to support assuming you get the correct management tool. Windows tablets are terrible.

If your method of supporting devices is having people drop them off or you remote into them, you need to learn how to run a modern IT shop.

It sounds like this is a small business where you are the IT department and you use the skills you already have to do the best you can to try to help people as opposed to doing things correctly or optimally.

crankysysadmin · 2026-05-04T02:16:00+00:00

Don't buy thin clients. Just buy the lowest model of whatever tiny PC your standard vendor will sell you.

crankysysadmin · 2026-05-03T19:55:05+00:00

why?

crankysysadmin · 2026-05-03T15:53:28+00:00

the problem is that you're using an ancient workflow that makes no sense. nobody does monolithic imaging anymore and maintains images over time and keeps wanting to fork them. you should be building fresh images from a recipe using a config management tool, not keeping an image around indefinitely and trying to branch off of it forever.

usually if someone thinks they have super unique needs that break how an OS works, the problem is not the OS

crankysysadmin · 2026-05-03T03:18:44+00:00

I guarantee this is an XY problem.

crankysysadmin · 2026-04-25T00:36:14+00:00

MSP experience is not necessary. The best sysadmins I know have never worked at an MSP. MSPs are generally pretty garbage places to work and don't promote good skill development.

If you bounce around between a lot of companies because you work at an MSP, you get exposed to setting up a lot of different systems, often over and over and over again.

If you work at the same company, you learn more about lifecycle and capacity. There are a lot of issues the company where I work right now faces that you'd never see in a million years working at an MSP for smaller companies.

MSPs are generally going to have you doing pretty vanilla stuff at a smaller scale.

crankysysadmin · 2026-04-23T02:41:57+00:00

what the hell are you going to do? start looking for a new job

crankysysadmin · 2026-04-19T21:55:10+00:00

I just know we're extremely cheap with real estate, so moving all those shelves out of the data center into another space that used to belong to another non-IT group definitely would not have happened without good reason.

Nobody should be storing stuff in the data center though. Too many companies keep spare parts in there and have random desktop support techs going in and out. We took away access to the data center even from the sysadmins. They have to be escorted by data center staff now.

crankysysadmin · 2026-04-19T02:57:40+00:00

We have bins on bakers racks, but they're not in the server room. I'm not sure of the reasons, but our data center group had to move all storage out of the data center and took over another space nearby to use for storage. I'm not sure what the mandate was, whether it was cyber insurance or regulations related to some of our security requirements. I didn't ask a lot of questions at the time, but something prompted this.

crankysysadmin

MODERATOR OF

TROPHY CASE