That’s rather shocking to me. I know that as a sysadmin you have access to passwords and privileged accounts but you’re given them for a very specific purpose not just for your amusement. It’s like your GP telling everybody about your sickness.

Since it looks like avoiding the bad sysadmins is going to be difficult, you have to defend yourself. The only sure defense in this case is not to use the computer at work for anything you’d prefer to remain private. You just can’t be sure otherwise. In many organizations IT staff who left may still have access to the company’s network. This increases your exposure even more. Like for example in this organization.

By the way, the research is already over a year old but it looks like it just got picked up by MSNBC and the blogosphere.

Related post(s)

• Bad system administrators (1)
• Security problem with WordPress (2)

1. Always change your systems without any plan.

This way you can assure that you spend more time than was really required to do the job, redoing and undoing what you did last week or the previous month. You will look very busy, probably even doing lots of overtime. This is guaranteed to look very good on your next salary review.

2. Do all new installations and updates directly on the production system.

It will give you an extra adrenaline rush when you scramble looking for a backup copy of very important file you’ve just deleted. Especially if your maintenance window is just closing. And it will give you bragging rights to other sysadmins. You will even look better to the management. After all you saved time by not testing the patches and configuration changes on a test machine and since you don’t have a test machine you obviously didn’t spend any money on it.

3. After connecting the servers to UPS batteries forget totally about installing any UPS monitoring software.

Who needs any monitoring software? You can always log on to the servers and shut them down when there’s no power. Excellent job security, now they can’t fire you. And if power does go down you can claim overtime.

4. Backup only some files.

You know very well which files should be backed up and which not. You’ll be saving space on the very expensive backup media. In case of a total server crash you won’t have everything to recover the pre-crash setup and you’ll spend extra hours setting it up to the same configuration. Or at least as close to it as you remember. For sure this will be a better configuration, after all the previous one did crash. Oh, and did I mention the overtime already?

5. Keep all the documentation about the set-up of your systems in your head.

And nowhere else. This way you can be sure nobody will be able to use your secret sysadmin password for some nefarious activity. And you’ll have more work, again making you look very busy. Another benefit is job security. Too risky hiring someone to replace you if they wouldn’t be able to do anything with the system.

6. Read your users emails.

This is really serious. You need to check whether they’re not sending spam, viruses or any confidential information without authorization. Nobody else in the company has this capability so it’s all up to you. Management will be thankful when you warn them that one of sales guys is planning to quit and take the customer database with him.

7. On your systems only install the applications you approve not what the users want.

Users don’t know what they really need, they just spend half a day sending emails and the rest chatting. If you let them decide what kind of programs are running on your systems you could as well give them full administrator access and just watch the systems fall apart. Soon they will want 15 different web browsers, 12 email programs and 22 instant messengers. They should understand that you’re just trying to save money on licenses and save time on maintenance of those “additional” programs.

8. Require each application to have a separate authentication scheme.

This way if some user’s account gets compromised (in spite of the strictly enforced rule that each password has to be at least 25 characters long, containing at least 10 non alpha numeric characters and not repeating any symbol) you can rest assured that it will affect only one account in one application. And when you’re at it make sure to talk to the company management to fire immediately any idiot writing down his super strong password on a post-it. Such weak brains definitely do not belong in your company. Management will definitely listen to your advice if you’ve been following the previous rules. They owe you.

Any system administrators out there would like to share some additional advice?

Related post(s)

• Is your colleague spying on you? (0)