When the IT department speaks, users listen. Or face the consequences Friday is here! A chance to slope off early, enjoy a few brews and look back on a week of hard work. Unless, of course, you are one of the unfortunate souls destined to be forever at the beck and call of users. Bask in the fact that it's not you as you peruse this latest instalment of On Call. Today's tale comes from a …
It is the same one I implement today. 2 years ago, at a previous company, a user got a virus on her machine that encrypted the bootsector. We removed the drive, quarantined it and put a new drive in the laptop and rolled out a new, standard image.
The user had been told many times that the company policy was that all files had to be stored on the network and any local files would be lost in the event of a disaster.
So she just had to suck ít up and live with the fact that any files she hadn't saved on the file server were gone.
The user had been told many times that the company policy was that all files had to be stored on the network and any local files would be lost in the event of a disaster.
We have this policy and even have a corporate OneDrive, and still, still not a week goes by where I don't hear some colleague shouting into the phone about lost product.
Yes, the nuke from orbit approach does convey a lack of understanding as its more often than not possible to rectify the issue without formatting or re-imaging, but yes, it does happen and it does sometimes have to happen. Right, wrong, doesn't matter - surely by now everyone knows its what IT support are likely to do and it's not like they haven't prepared opportunity for you to mitigate the consequences.
That's exactly how I set up a system about a decade ago, in this case specifically to stop multiple users using shared machines s***ting all over the desktop. Within a week a higher-up had disabled the overnight-wipe-and-reset* due to the users *demanding* to use the desktop as a junk pile.
*actually done as part of the user logon/logoff process, so done several times a day. You'd think that would smash the concept into their tiny minds.
"Within a week a higher-up had disabled the overnight-wipe-and-reset* due to the users *demanding* to use the desktop as a junk pile."
You were doing it wrong. The system should have been a standard image that restarted after every reboot and nothing _EVER_ saved to local disk, therefore no "wipe" to have to defend to the higher ups.
That is exactly what Chrome and gSuite achieve.
(I know that Google are as evil as anybody else, but at least they have thought through how an office situation should work from other people's experience, instead of having to keep tweaking what has gone before. Yes, Mr. Trading Desk Analyst, I know it doesn't handle your 128k row spreadsheet with thousands of macros, but you are not the typical office worker.)
No. That's not sadistic. That's actually the way to make sure people learn. They/ll learn the lesson in their first week when there isn't much to lose anyway, and they'll never have a problem with it.
What our BOFH's assistant did here, on the other hand, serves as a testament to the general lack of homicidal tendencies amongst normal people. The BOFH sent 12 emails over a year, so is perfectly aware that people *are* storing valuable (to the company) documents locally, but apparently it was too much effort to check in this case, so the company got screwed and presumably the BOFH and PFY tried to blame the end-user.
Maybe just toss out local hard disks altogether. Rather than putting a clean build onto a disk each night, every user gets a USB stick with a linux os. The stick is persistent so that you can save shortcuts and stuff like that, but woefully undersized for saving any decent amount of files to it. Then they have to save to the share drive, there's no other option.
Trust me they will choose floppy, which is about as good as not saving.
When i worked a college not a day went by a sad student with a floppy wanted help recovering work.
Time and time again i asked them why.
They said the teachers told them to
I asked the teachers why why on gods earth were they telling students to forsake the safe, clean, big, backed up, accessible Home drive and save data on a floppy.
.
"Because it says in the syllabus they have to know how to save to a floppy drive"
... And how adept did you become at removing the little metal covers off the floppy disks from the drives? Been there, seen it, done it, thrown away the t-shirt (was full of holes) - 2 expansion blankers and a little wiggling and it saves the price of a new drive.
Got out of education very soon after this and I've given up on council and NHS work as well (nope, never got IR35'd) - private only now.
Oddly enough, this was the policy at Manchester city council back around 2004 or so. I had a data entry job in the adult education department. Everything was administered through rdp, with no local storage whatsoever, and each session close cleared and reset anything that wasn't stored on the user's network partition. The sysadmin in my office spent most of his time sleeping behind his desk.
It happens with our Sh1trix XenApp servers, not sure if this is recommended design.
Bad news is that it is still Sh1trix, which is also now horribly expensive.
Outlook annoys me as unlike most apps which remember the last save location, Outlook always reverts to your Documents folder on startup
Sounds like you need a new administrator who actually understands how Xenapp and GPOs work. Every time I hear Sh1trix, it is usually because the environment is being administered by the inept.
If you are complaining about stuff being saved locally on the Xenapp servers being lost, ask the following questions.
Why are you doing this?
How are you doing this (should be blocked by competent admin)
Despite being called servers, Xenapp machines are your application client. Save stuff on the network. The Xenapp machines are probably provisioned with PVS or MCS, so will be reverted to clean base images every reboot.
Sh1trix also translates to me that it was installed by and managed by someone who did their one day training course and has little skill beyond that. When installed correctly by someone experienced it is faster at login, cleaner, fewer issues and far cheaper. But sadly I see too many poor examples of it in the wild and those who installed it appear to have charged a lot for their incomplete install.
We're supposed to be providing a service, not just ticking boxes. If users are often losing their work - you know, the work which actually earns the money our service costs - then you should fix that. Better backups, stricter permissions, etc.
What you don't do is wash your hands of it because you sent out an email and now your arse is covered.
I'd suggest both your suggestions are technical solutions to a people problem.
I'd approach it a little more brutally - send out a reminder that ALL work must be saved on the network drive, say checks will be performed next week, and that anyone caught using the local documents folder to save stuff will face disciplinary...
Even better, create a ramdrive and map the folder to it. Every time they reboot, it gets wiped. And, you know how often Windows has to reboot!
For some horrible reason (thankfully time has faded the memory of those evil days!) I had to use IE for stuff, or it may've just been Window's normal practices. Anyway, the "temporary internet files" and other "temp" stuff was getting tucked away by 95 or whatever version of 'doze I was using, rather than being deleted as they should be. Back when MS had coded the system to go to efforts to "move" instead of delete when you tried to get rid of them and so on.
I created a ram drive for the explicit purpose of stuffing these things on there, in the hopes of being able to wipe them.
Nope, someone at MS had thought of that as well - the OS proceeded to copy the 'temp' folder back to the HDD at shut down.
So I wouldn't hold much hope that idea would work. MS would make sure they kept a copy of the data somewhere you didn't want it. Hell, these days I suspect if you use a MS format/delete tool it'll carefully copy every byte to one of their stores before doing anything else with it.
Have you ever wrestled with MS software of that era?
Remember it took decades for MS to add real symbolic links to NTFS, and FAT32 (Win95/98/ME) never had them. You could do the opposite (assign a drive letter to a directory) easily with the 'subst' command, but not assign a folder to a mapped drive.
Did that work with network drives though? I have some distant memory of using PC/NFS in the 90s and finding stuff like that not working as wanted/expected.
ISTR something similar with Personal Netware or another such package as well. A lot of stuff was much easier but various other things refused to work with network shares.
I'm not buying the "Remapping was not easily possible" line in the story.
This was 98. Even trying to move the temp folder was impossible - put it somewhere wiped at shutdown (like a ram drive) and windows would copy the data back. Try to change a path, and it either couldn't be done or windows would revert it anyway.
Don't forget this was the day when you could enter a password and log in to the machine using the password, or click "cancel" on the login in prompt and log in to the same machine without using the password (which I delighted in showing one guy who was a 'windows expert' and had his machine so locked down I could never crack his password. Was a bit miffed that I didn't need to!)
Don't forget this was the day when you could enter a password and log in to the machine using the password, or click "cancel" on the login in prompt and log in to the same machine without using the password
You could then go to the Windows folder, delete the .PWL file and reset their password. Hehehehe
People problems are more difficult to solve though, and technical solutions are easier implemented. Who would enforce the disciplinary action? I wouldn't want to be the IT guy telling some supervisor he has a new job to do once I give him a list of names next week. At a place I worked at, the IT person said that: "If I walk into a room full of people at computers, and none of them are choking on their mouse, those people have all reached the maximum level of computer proficiency I can reasonably expect of them."
I agree completely. IT is here to support the business and is not the business itself (unless IT services is your business). Now given the limitations of the technology at hand I can understand that sometimes you have to rely on the user doing "the right thing" but, in general, I would have measured this as a risk and would have looked for a compensating control. Perhaps a script that was run once a day to copy the contents of the "My Documents" directory to the mapped home drive as these should be known variables. As someone earlier in the comments mentioned OneDrive, a nice aspect of this service in locations with the appropriate enterprise agreements and infrastructure you can use GPO's and have directories directly replicated up to the OneDrive as appropriate. While we can't hold the end user as having no responsibilities, we should be looking at common risks and trying to address them as commensurate with the value of the loss.
>> IT is here to support the business and is not the business itself
In spite of how irritating as some end users could be,
when something went wrong, I might add some color commentary but I'd still go the extra mile to resolve things. More than once I've used disk repair tools to recover files.
As one of my mentors told me.. we don't have to like each other but we must work together.
As one of my mentors told me.. we don't have to like each other but we must work together.
That works both ways.
How often should you be recovering files for users (which can be a very lengthy process!) when the need to recover files is because they have repeatedly refused to follow simple instructions?
User gets told once to do things a certain way and messes up, fine. Gets reminded a few months later because of a mess up, fine. Gets told monthly for a year and still screws up? Not fine. No way that should be on IT. They should be getting charged IT's time that is wasted supporting them when it was their refusal to follow basic instructions that got them in trouble.
How often should you be recovering files for users (which can be a very lengthy process!) when the need to recover files is because they have repeatedly refused to follow simple instructions?
How much is the users data worth to the company? IF $datacost >= $ITstaffcost then recover it as often as required by the business. I had a user like this in our sales dept with critical information in the win 3.1 days. My solution was an absurdly inelegant batch file. Initially it was set to run manually and managed through basic procedure management; the users management checked the completion screen was showing daily. It was later (win95 iirc) set to kick off via a scheduled task at 3PM daily.
Basically my batch file had 30 days backups; every day when run the script deleted folder 30, then did a rename of folder 29 to folder 30 and so on back to folder zero, and folder zero was then created by being xcopied up to the server from data held on the client PC.
Incredibly inelegant, but unsurprisingly we never actually lost any information, regardless of how many times people accidentally (or deliberately) deleted things. I vaguely recall getting fed up being asked to do restores and knocking up a script to prompt for a number and then copy that folder back to the users PC.
That little script ran for something like 15 years, being ported from one replacement PC to the next. It actually kept going past the point of when it should rationally have done (with the advent of roaming and redirected profiles etc) simply because of the simple restore functionality which had saved the sales department bacon quite a lot. It ended when it was discovered that over the years the data had grown to something like several hundred megabytes making the total size stored on the network something in the multigigabyte range, which at the time was a noticible chunk of the hard drive it was being stored on.
It's never been that difficult to automate these things, it's mostly a question of will on the part of the administrator. IT departments that pick up attitudes like that of the chap in this story are the ones that end up getting outsourced because your role is business support, and if your not supporting the business then the business probably wants shot of you.
How much is the users data worth to the company? IF $datacost >= $ITstaffcost then recover it as often as required by the business. I had a user like this in our sales dept with critical information in the win 3.1 days.
Take a document that is auto-saved every 5 minutes. It is open for weeks on end.
It is saved outside of the expected location (perhaps in some deliberate fashion because the user doesn't trust IT with the data for some (usually) idiotic reason), and is saved outside of that location despite instructions from their boss to the contrary.
Said file gets lost and needs some deeper level recovery. How many versions do you think can be recovered? I've seen over 200,000 versions of one spreadsheet on a large recovery. Date-stamps may be a good help, but are not guaranteed. So the user's machine is offline for a few hours, maybe a day, while the recovery software looks for files and pulls what it can off to another disk. You hope that it's saved under the normal extension but odds are good that the user changed the extension because IT are too dumb to know about changed file extensions, and the user cannot recall what they changed it to.
How many hours do you think it takes to trawl through trying to find the file and then the last version of the file? It's not always quick and easy to recover data.
Now. This would not have happened had the user taken a moment to follow the correct procedure, but instead their arrogance means at least a couple of people are unproductive for hours if not days dealing with their problem.
How much is a person's time worth? Why should arrogant idiots who waste company time by not following procedures be given a pass? It's not IT's fault they're incompetent, and if you wish to make the claim of "there to support the business" then how abotu the user do the job they were hired to do without messing up other people's lives by their selfish arrogant incompetence?. My time is for people who do their job to the best of their abilities and follow the proper procedures, the reasons for which were explained to them. If they truly knew better then I wouldn't have been losing a week or more a year of time on other jobs due to their actions. No one else had a problem. No one else needed more than a few seconds of time to recover a file because it was saved in a nice network location with plenty of resources for keeping older versions. At most they lost an hour's work and at most I spent 5 minutes locating it.
If I'd had the authority, they would've been gone on the 2nd incident. (and if I'd had the authority, their HDD would've had just enough room for the OS and some local files, at least then I would've only had maybe a couple of gig of space to look through, not a 1tb HDD with only XP and some stuff - maybe 10G used in total, the rest of the disk gaining deleted flies as the system had no need to over-write 'empty' space for a very long time).
--> I have done scripts similar to yours, especially to keep my own stuff backed up across disks. Messy, but usually quick to implement and as reliable (if not more than) as some of the more expensive stuff. Especially if you're only working with changed files!
Agreed - if you know the normative outcomes of failure to follow a data policy, then you set the user machines up so that violating the policy is extremely difficult. At work we are responsible for saving our own files (tho we all save to the Z drive as a matter of course), but if said documents are mission critical - like anything to do with invoicing or inventory, then the machines are set up to automatically back up anything created to the server.You can't fix stupid, but you can create situations where the company doesn't go TITSUP just because you forgot the primary axiom of the BOFH manual: A: (L)users are to be kept from messing up a network at all cost, and B: you can't buy a pint if you've got no dosh because you failed to follow A!!!
