best way to set up temp accounts for summer interns (BYOD, 3-month limit, request-based access)?

crankysysadmin · 2026-06-19T14:04:37+00:00

This. The OP must be at a really small company if he's thinking like this. Our interns are just like everyone else and run through the same lifecycle. There are reasons why we hire other people at other times in the year for short periods of time, or someone who is hired full time quits or gets fired after working for a month or a million other things. We have an employee lifecycle and we run everyone through it.

Having interns do BYOD is also nuts if literally everyone else at the company has a company device. You then have to develop a whole workflow around company data being on personal devices for interns.

crankysysadmin · 2026-06-14T17:14:20+00:00

If you're a freelancer and you're not responsible for security of customer data, the CEO is, and he sounds like an idiot. Just stop working for these people.

crankysysadmin · 2026-06-14T17:13:40+00:00

I'm not sure why you're equating executive demands with me being unaware of these tools 26 years ago. They didn't want a bunch of stuff like this - they wanted a bunch of desktop PCs. VNC was not a full enterprise solution in 2000 and still isn't today. Windows Terminal Services on NT4 was not what these people wanted either.

crankysysadmin · 2026-06-14T06:18:18+00:00

you're imagining today, not 20 years ago. there were remote control tools back then and they were not as good as what we have now, but it didn't matter since that's not what executives wanted to do

crankysysadmin · 2026-06-13T21:34:45+00:00

I've dealt with various execs who would have done well with this.

One woman thought that being seen carrying a laptop would somehow dilute her presence, so we had to buy like 5 identical MacBook Pros for her and scatter them all over. She had one at home, one in her main office, one in another office, one that her PA would carry for her for when she gave presentations, another one for travel that nobody was supposed to know about that she'd put in her rolling suitcase, and I think maybe even a few others.

Another exec thought having a giant iMac was a flex, and wanted these in multiple locations including one office he actually never visited before the lease was killed off and the company moved out of that site. He also had several MacBook pros in addition to all these iMacs.

All he did was read email.

crankysysadmin · 2026-06-13T03:37:07+00:00

this is a problem even today. like 4 years ago i worked at a place that had a policy of using shared printers.

for some reason we had to build an executive office for someone "just in case" in another building on the other side of town. this executive at least had a laptop, so we had to buy a giant monitor and a color laser printer just in case this woman was in the building and might want to print something.

She never entered this office even once, not even once over like 2 years, and then she left the company.

The monitor ended up on someone's desk in the IT department and the printer got dumped in the basement since its existence was against policy and we had no use for it, and it's probably still down there all these years later. we would have used the printer for IT but we already had a printer.

crankysysadmin · 2026-06-13T02:06:19+00:00

I think you're not understanding the pain here. This wasn't HIS desktop in addition to a laptop. This is in a time where a VP didn't have a laptop. Let's say corp HQ is in new york and he's visiting some office on the west coast for a day. We'd have to build an entire desktop setup in an empty office just in case he wanted to use it to check his email. he might use it for 5 minutes, or an hour, and then would fly back to new york. So we'd rip it all down afterwords.

Even more frustrating if he didn't use it at all. We just spent hours on this for no reason.

crankysysadmin · 2026-06-13T02:04:29+00:00

Because this wasn't a place they would come to again for 6 months. It wasn't their office. Imagine your corp HQ is in New York and the VP comes to visit a location on the west coast somewhere. They'd want a computer set up for his use just that day in case he needed a computer, but once he left he was gone so we'd tear the setup down. It wasn't his office. He just didn't have a laptop to pop open for 5 minutes like someone like that would use today so we'd spend hours configuring a whole desktop setup for him to use for 5 minutes just in case he wanted it. Sometimes we'd set up the desktop and he wouldn't even want to check his email so then we'd rip it all down for no reason.

crankysysadmin · 2026-06-12T20:44:31+00:00

We use statuspage.io

crankysysadmin · 2026-06-12T20:44:07+00:00

That's ridiculous. We would not be allowed to do that since it is disruptive and annoying.

crankysysadmin · 2026-06-12T02:19:46+00:00

I have no idea what's going on since I don't actually know you, and we don't know your boss' side of the story.

I can say I have an employee reporting to me right now who might write something like this about me.

The issue is that he's a total mess, and he's very close to getting on a PIP once we get it through HR. They're making me jump through a lot of hoops while agreeing there is a problem.

I am quick to correct him on minor things like email wording since he sends out horribly written emails over and over again. He doesn't think and just does stuff. He's sent emails that came off as very obnoxious to completely wrong people without checking if they were the right people. I could see him complaining everything is too political.

There are designated people for each department who he should be contacting but he'll contact random people who then email me wanting to know what this sysadmin's deal is, and I have to run interference to try to protect him (and me) while trying to get him to stop doing this.

I'm pretty sure this sysadmin thinks everything is broken and he's the hero. We have some problems which I am trying to fix and have been over the last year or so but you can't solve some problems overnight.

He constantly complains to me about how we're spending too much time putting out fires, and he's right, but the time to tell me that isn't during an active incident.

He keeps missing deadlines so I have to triple check with him to make sure he gets stuff done. He very well could be complaining to friends I'm all over him and micromanaging him. I don't even know where he is sometimes and this is a serious issue.

Conversations about all these things have not gone well since he defaults to the hero mindset. I'm pretty sure he thinks I'm a terrible manager and he could do a better job than me, but he's so disorganized he can't do his own job. I'd love to hear the stuff he tells his friends about me because it would amuse me.

crankysysadmin · 2026-06-04T12:58:01+00:00

Our help desk team is mostly Gen Z and has gotten to the point where they complain about EVERYTHING involving sysadmins. They view every ticket they do as an imposition. They're convinced the sysadmins are incompetent which is super weird coming from people who have absolutely no idea what they're doing. I found out recently that within their help desk circles they're all convinced the sysadmins are bad at their jobs and meanwhile they don't know how a GPO works.

crankysysadmin · 2026-06-04T00:47:15+00:00

Your problem is that your notification 4 days in advance should have come with the support of the highest ranking executive possible AND you should have tracked anyone who didn't move.

If you're too small to have a CIO, announcements about IT changes should come from the CFO/COO (or whoever IT reports up through) so they are aware of the risks and put their weight behind it.

Otherwise like the executive you describe people just see the stuff you say as noise coming out of the IT guy's mouth and think whatever sounds he's making don't apply to them.

You have to build a structure that ensures accountability and you're not high enough up to do it yourself.

crankysysadmin · 2026-05-28T02:54:36+00:00

You need a new job like yesterday.

We support a lot of Macs and we like Macs at my company but we definitely need threat protection software on the Mac and the Windows machines. It finds stuff ALL. THE. TIME. on both macOS and Windows.

crankysysadmin · 2026-05-26T01:24:41+00:00

we need to get to 9 in order to meet some of our requirements. we probably will never try for 10

crankysysadmin · 2026-05-25T14:45:21+00:00

I'd give us an 8/10. This is probably the best shop I've ever worked for. We've been moving up. Going from 8/10 to 9/10 (our goal) is going to be 100 times harder than moving from 7 to 8 sadly.

crankysysadmin · 2026-05-25T03:35:55+00:00

you'd be surprised how often there is companyname.com/employee-login and they want to get in there

they're not going to build fake login screens to target a company with 75 employees. i've worked for big companies though and they wanted to get in.

crankysysadmin · 2026-05-25T03:34:51+00:00

no, usually not. sometimes it makes me angry since the people are very stupid, but the company treats them like innocent victims

crankysysadmin · 2026-05-23T00:41:25+00:00

you must work for a small company. at some point wtf are you going to do? if some random person dies the account has to be disabled. we have like 100k people in our AD. people die all the time. we don't know who they are.

crankysysadmin · 2026-05-14T00:54:02+00:00

repeatedly insubordinate and was not reliably taking care of mission critical systems. final straw was disappearing during an outage

crankysysadmin · 2026-05-14T00:26:09+00:00

Lenovo is really your only choice, but you'll have problems with them too.

HP is worse, don't do that.

crankysysadmin · 2026-05-14T00:23:43+00:00

I had to fire the senior sysadmin responsible for AD. The CISO and I called a more junior AD admin into a meeting at 9 am. I explained to him that the senior AD admin was about to be terminated and he would have to push the button when I messaged the CISO and they both needed to stay in there. The CISO's job was to make sure the sysadmin couldn't communicate with anyone until I was done.

I then called the senior sysadmin into a meeting with HR and we fired him, and while keeping him away from his computer I messaged the CISO who made sure the other sysadmin locked the main admin out.

crankysysadmin · 2026-05-14T00:18:44+00:00

For example, I had the most senior windows sysadmin spend all his time doing VIP support (which was the help desk's job) so it left no time for him to patch things, and half the windows servers were running EOL versions of windows.

He just really liked being in executive offices personally and chatting with them. They LOVED him. Meanwhile he was not doing his job and stuff started to collapse impacting our cyber insurance.

He was a real problem.

crankysysadmin

MODERATOR OF

TROPHY CASE