Non-IT Staff - Rogue IT Troubleshooting

We have a staff member who takes it upon himself to do IT troubleshooting way beyond what we would expect a user to do and based on these experiences we could or will be close to a potentially a more critical issue if not reigned in.

Has anyone come across this and if so, how do you handle it.

Thank you, Blane

In 32 years I have had that happen 4 times.

#1 was a department head with enough knowledge to be dangerous. I had to tread lightly so I just made sure I gave him ridiculously proactive help to the point where it became tedious for him to figure things out and way more efficient to ask me.

#2 was a secretary. He was hopeless - spreading his bad habits around the department. In one instance, he fiddled around with a “problem” all day, totally aggravating the director he was “helping.” When they finally called me, I came down and fixed the problem in seconds because I KNOW WHAT I’M DOING. The Director got so angry at the time she wasted all day that she threw ME out of the office. Of course I didn’t know that any of this had transpired so I was flabbergasted when she tossed me for fixing her problem. This secretary was the pet of his department head who liked having such a “knowledgeable” person on staff.That meant I couldn’t reign him in. I resorted to praying that he got a better job - which he did. He left 20 years ago and I’m still struggling to un-teach the garbage he taught his co-workers.

#3 was a maintenance guy who liked computers better than he liked doing maintenance stuff. He was constantly in someone’s office “working” on their computer. It was maddening. Finally our network moved past his skills and he got caught by his boss.

#4 has me stymied. They hired a secretary a month ago who said she worked in IT in a help desk position. Three higher ups have decided she’s going to be my backup for vacations or when I’m swamped. They came up with this grand plan on the basis of the interview. They have no idea what her skill level is nor did they let me test her or probe her knowledge at all. When I researched the “IT Company” she worked for, their annual revenue was very small and they only had 2 employees – presumably her and the owner. I am left to wonder if they only had one customer or not many customers so it makes me worry about her skill level. (And, they went out of business a couple of years ago so I can’t even check her references.) Thus I have no idea how much experience she actually has. I told my 3 bosses that I can’t train her until she learns her actual secretarial position first so I’ve given myself a 6 month reprieve to learn about her IT skills. So far, she seems comfortable with tech but so do others in her age range. The real problem is that her boss is the type of guy who has their secretary do EVERYTHING for him. I don’t think in reality he will be keen on me taking her attention away for example if I go on vacation for a week. My immediate supervisor wants me to hand routine tasks to her. I don’t have routine tasks anymore. When I did, it was stuff like swapping tapes in our long-since-retired tape backup system. Now, I’m pretty much working on new projects or answering help-desk questions. My day is always different. This new setup is a shame because our managed services provider was my backup. In the 5 years they’ve been my backup, they’ve only had to answer 3 calls. It was wonderful. When I had other internal staff serve as my backup, users were so rough on them they got physically sick leading up to my vacation time. This happened to 3 women who served as my backup. Two of them were the toughest, most confident women I’ve ever met and users gave them stress induced IBS. They never tried those shenanigans with the managed services company.

So, aside for talking to your problematic user’s department head, praying he or she gets a better job elsewhere or giving such stellar support co-workers turn to you instead of this user, I guess I’m in the same boat as you with no real answer.

1 Like

Maybe no real answer … but pretty helpful in sharing the experiences you have had.

I mean, obviously you shouldn’t give him admin credentials… otherwise, you can offer to send folks like this to be an “Office Expert” and do a short course on the MS Office suite. That tends to focus them with some actual expertise to scratch that itch, especially if you prop them and what they’ve learned up. There’s also the possibility that a course like that breaks them out of Dunning-Kruger so that they know enough to realize how little they do know. Regardless, they’re more likely to turn to you when something outside their skill level pops up if you’ve sent them for a bit of training.

1 Like

I like the input and advice you all have gave here.

Some more context :).

Two major issues, one was a wifi shared key was given to non staff and the other was power cycling our C70 and Firery controller without asking.

We do encourage people to help each other on software and equipment usability, etc.

Thanks for all the input so far!

  • Blane

Make sure there is a policy. We segment WiFi so that there are managed network (none of the users knows this password, it is picked up during Autopilot via Intune), BYOD network that we specify “do not share the BYOD password with non-full-time or non-FTE staff,” and a guest network that we let any random office visitor join. That all decreases the impact and likelihood of an issue. Remember, people often do this kind of thing because they are presented with a problem, if you have an easy and readily available solution then they’ll do that instead of engaging in shadow IT stuff. :man_technologist:

I’m afraid that I’m not familiar with the fiery controllers, but it probably behooves you to put up a sign that is a very brief “if you aren’t able to print” checklist. If cycling it is going to be a problem, slap in big letters “do not turn off the power” as the first step. Personally, I don’t usually get too bothered unless it’s stuff in a rack that people are cycling, but like I said, I know nothing about the fiery controllers, if they shouldn’t be cycled then make that clear with signage that has a warning and gives steps to take even if it’s just one or two steps, try your print again, then call tech support. :thinking:

I constantly ask, “How can this be abused?” and try to at least minimize those risks. Or, to frame that another way, if someone did something irksome and I didn’t have anything in place to stop them, I hold myself at least a little responsible. Some examples:

WiFi: we use RADIUS authentication: church-owned computers authenticate using their own certificates, and BYOD users authenticate using their own usernames and passwords, which are synced between systems, making it their username and password for most everything. If someone does share their password, it becomes very obvious very quickly who did it, and then I force a password reset upon them. (We also use RADIUS-assigned VLANs, so BYODs are completely firewalled from other stuff.)

Fiery: I’m a little surprised that restarting a Fiery controller caused a problem. Ours is attached to our ImagePress, and if the machine is unresponsive, my standing instruction to the staff is to restart it.

The one other oddity we’ve had is that sometimes folks have moved network cables around. Unplugged something to plug in their laptop or something. It’s especially a problem if the user is plugging into a jack configured for the wrong VLAN. Haven’t found a great solution for this yet, though I want to experiment with RADIUS-assigned VLANs on our wired network, too. Definitely want to get the BYOIDKs off our staff intranet.

Most of the approaches here seem to focus on preventing the staff from doing certain things. I agree with this, in that if they can do it, they should be allowed to - for the most part. They shouldn’t have local admin, shouldn’t have access to network switches or patch bays, and shouldn’t be able to login to printers or switches or basically anything else on the network.

But, let me share an alternate method: let them help you. Be willing to train them up a bit, make them a part-time member of the IT team. You never know what might happen that could be beneficial to you and the church. I wasn’t “rogue” IT, as I was always given permission to do so, but when I started doing IT work at church if was always my initiative, I was hired as a more A/V/Production role. I was eager and helpful enough that now I’m 100% IT (and have been for a while).

WiFi keys are always a problem. We once had an internal IT manager at one of our clients who was typing in a new WiFi key, and an employee looked over his shoulder and then told EVERYONE. It spread like wildfire. Literally had to change the key on a large network the next day. Unfortunately the client had a lot of technician’s equipment running old software etc so WiFi keys had to be inserted manually.

For normal, controlled environments just use a device management platform such as Intune or MaaS360 to push out corporate WiFi keys to devices once onboarded. Likewise, new kit can have a technician to put a key in if needed there is zero justification for regular employees to have the key because chances are if the device has not passed through IT hands it shouldn’t be on the network anyway.

Guest WiFi networks with separate VLANs can be deployed to bridge this issue.

Oh, and as for power cycling equipment this REALLY needs management involvement. An email from a director companywide along the lines of ‘please raise any and all technical problems to the IT department for proper diagnostics - unauthorised self power-cycling of equipment (unless it is your own computer) may cause damage and is a disciplinary offence’ should do the trick. They won’t be named in the email but they will know who they are ;0)