We have a staff member who takes it upon himself to do IT troubleshooting way beyond what we would expect a user to do and based on these experiences we could or will be close to a potentially a more critical issue if not reigned in.
Has anyone come across this and if so, how do you handle it.
#1 was a department head with enough knowledge to be dangerous. I had to tread lightly so I just made sure I gave him ridiculously proactive help to the point where it became tedious for him to figure things out and way more efficient to ask me.
#2 was a secretary. He was hopeless - spreading his bad habits around the department. In one instance, he fiddled around with a âproblemâ all day, totally aggravating the director he was âhelping.â When they finally called me, I came down and fixed the problem in seconds because I KNOW WHAT IâM DOING. The Director got so angry at the time she wasted all day that she threw ME out of the office. Of course I didnât know that any of this had transpired so I was flabbergasted when she tossed me for fixing her problem. This secretary was the pet of his department head who liked having such a âknowledgeableâ person on staff.That meant I couldnât reign him in. I resorted to praying that he got a better job - which he did. He left 20 years ago and Iâm still struggling to un-teach the garbage he taught his co-workers.
#3 was a maintenance guy who liked computers better than he liked doing maintenance stuff. He was constantly in someoneâs office âworkingâ on their computer. It was maddening. Finally our network moved past his skills and he got caught by his boss.
#4 has me stymied. They hired a secretary a month ago who said she worked in IT in a help desk position. Three higher ups have decided sheâs going to be my backup for vacations or when Iâm swamped. They came up with this grand plan on the basis of the interview. They have no idea what her skill level is nor did they let me test her or probe her knowledge at all. When I researched the âIT Companyâ she worked for, their annual revenue was very small and they only had 2 employees â presumably her and the owner. I am left to wonder if they only had one customer or not many customers so it makes me worry about her skill level. (And, they went out of business a couple of years ago so I canât even check her references.) Thus I have no idea how much experience she actually has. I told my 3 bosses that I canât train her until she learns her actual secretarial position first so Iâve given myself a 6 month reprieve to learn about her IT skills. So far, she seems comfortable with tech but so do others in her age range. The real problem is that her boss is the type of guy who has their secretary do EVERYTHING for him. I donât think in reality he will be keen on me taking her attention away for example if I go on vacation for a week. My immediate supervisor wants me to hand routine tasks to her. I donât have routine tasks anymore. When I did, it was stuff like swapping tapes in our long-since-retired tape backup system. Now, Iâm pretty much working on new projects or answering help-desk questions. My day is always different. This new setup is a shame because our managed services provider was my backup. In the 5 years theyâve been my backup, theyâve only had to answer 3 calls. It was wonderful. When I had other internal staff serve as my backup, users were so rough on them they got physically sick leading up to my vacation time. This happened to 3 women who served as my backup. Two of them were the toughest, most confident women Iâve ever met and users gave them stress induced IBS. They never tried those shenanigans with the managed services company.
So, aside for talking to your problematic userâs department head, praying he or she gets a better job elsewhere or giving such stellar support co-workers turn to you instead of this user, I guess Iâm in the same boat as you with no real answer.
I mean, obviously you shouldnât give him admin credentials⌠otherwise, you can offer to send folks like this to be an âOffice Expertâ and do a short course on the MS Office suite. That tends to focus them with some actual expertise to scratch that itch, especially if you prop them and what theyâve learned up. Thereâs also the possibility that a course like that breaks them out of Dunning-Kruger so that they know enough to realize how little they do know. Regardless, theyâre more likely to turn to you when something outside their skill level pops up if youâve sent them for a bit of training.
Make sure there is a policy. We segment WiFi so that there are managed network (none of the users knows this password, it is picked up during Autopilot via Intune), BYOD network that we specify âdo not share the BYOD password with non-full-time or non-FTE staff,â and a guest network that we let any random office visitor join. That all decreases the impact and likelihood of an issue. Remember, people often do this kind of thing because they are presented with a problem, if you have an easy and readily available solution then theyâll do that instead of engaging in shadow IT stuff.
Iâm afraid that Iâm not familiar with the fiery controllers, but it probably behooves you to put up a sign that is a very brief âif you arenât able to printâ checklist. If cycling it is going to be a problem, slap in big letters âdo not turn off the powerâ as the first step. Personally, I donât usually get too bothered unless itâs stuff in a rack that people are cycling, but like I said, I know nothing about the fiery controllers, if they shouldnât be cycled then make that clear with signage that has a warning and gives steps to take even if itâs just one or two steps, try your print again, then call tech support.
I constantly ask, âHow can this be abused?â and try to at least minimize those risks. Or, to frame that another way, if someone did something irksome and I didnât have anything in place to stop them, I hold myself at least a little responsible. Some examples:
WiFi: we use RADIUS authentication: church-owned computers authenticate using their own certificates, and BYOD users authenticate using their own usernames and passwords, which are synced between systems, making it their username and password for most everything. If someone does share their password, it becomes very obvious very quickly who did it, and then I force a password reset upon them. (We also use RADIUS-assigned VLANs, so BYODs are completely firewalled from other stuff.)
Fiery: Iâm a little surprised that restarting a Fiery controller caused a problem. Ours is attached to our ImagePress, and if the machine is unresponsive, my standing instruction to the staff is to restart it.
The one other oddity weâve had is that sometimes folks have moved network cables around. Unplugged something to plug in their laptop or something. Itâs especially a problem if the user is plugging into a jack configured for the wrong VLAN. Havenât found a great solution for this yet, though I want to experiment with RADIUS-assigned VLANs on our wired network, too. Definitely want to get the BYOIDKs off our staff intranet.
Most of the approaches here seem to focus on preventing the staff from doing certain things. I agree with this, in that if they can do it, they should be allowed to - for the most part. They shouldnât have local admin, shouldnât have access to network switches or patch bays, and shouldnât be able to login to printers or switches or basically anything else on the network.
But, let me share an alternate method: let them help you. Be willing to train them up a bit, make them a part-time member of the IT team. You never know what might happen that could be beneficial to you and the church. I wasnât ârogueâ IT, as I was always given permission to do so, but when I started doing IT work at church if was always my initiative, I was hired as a more A/V/Production role. I was eager and helpful enough that now Iâm 100% IT (and have been for a while).
WiFi keys are always a problem. We once had an internal IT manager at one of our clients who was typing in a new WiFi key, and an employee looked over his shoulder and then told EVERYONE. It spread like wildfire. Literally had to change the key on a large network the next day. Unfortunately the client had a lot of technicianâs equipment running old software etc so WiFi keys had to be inserted manually.
For normal, controlled environments just use a device management platform such as Intune or MaaS360 to push out corporate WiFi keys to devices once onboarded. Likewise, new kit can have a technician to put a key in if needed there is zero justification for regular employees to have the key because chances are if the device has not passed through IT hands it shouldnât be on the network anyway.
Guest WiFi networks with separate VLANs can be deployed to bridge this issue.
Oh, and as for power cycling equipment this REALLY needs management involvement. An email from a director companywide along the lines of âplease raise any and all technical problems to the IT department for proper diagnostics - unauthorised self power-cycling of equipment (unless it is your own computer) may cause damage and is a disciplinary offenceâ should do the trick. They wonât be named in the email but they will know who they are ;0)