gaining admin rights

This topic was created by mark 63 .

  1. mark 63 Silver badge

    gaining admin rights

    I'm am mostly posting this out of frustration , and this is a noisy keyborad, my typing now is probably being heard two doors down!

    I am working temporarily , for a very large employer ( you'll have heard of them ) in a desktop capacity. I do all admin by logging into eah pc as local administrator.

    I would much rather they pushed out an AD group into each machines administrators group and put my account in the AD group . This is because logging in as local admin only:

    - you are not authenticated to anything

    - no drives are mapped

    the ball ache this causes is unbelievable , the amoutn of times i have to type my AD password in to get to a resource...

    It also makes some tasks that should be transparent pretty much impossible such as remotely reading event logs or reading anything from AD.

    I suggested the simple , elegent and probably industry standard solution above and got "well we've never heard of that" . At which point yougive up. Threres no point suggesting somthing so glaringly obvious, with the amoutn of OK ing that would have to come from all corneres all the way up the tree.

    I'd just seem like some meddling newcomer saying "this would work much better if you put that there"

    I just have to live with it

    I'm investingating various tedious workarounds

    1. asddf

      Re: gaining admin rights

      So what did I learn over the years. many of you are probably asking yourselves. First of all it's understanding the quarterly and monthly operating cycle. This time of year is usually busy and hectic as the sales force and accounting are closing the books. Knowing this is a big plus as this can determine whether servers can be touched, for upgrades and other maintenance tasks, or if one should plan on extra O/T for extra support at the month end/quarter end/ fiscal year end cycles.

    2. Anonymous Coward
      Anonymous Coward

      Re: gaining admin rights

      "I'm investingating various tedious workarounds"

      No, start looking for a better job *now* before you find even more horrible, horrible cludges you have to find 'tedious workarounds' to - and when you leave, on the last day of your contract, explain to them why thier network setup sucks donkey balls and don't beat about the bush, either.

      I've not seen a site with AD in use at more than a very basic level where there wasn't at least a decemt local admin account (ideally a 'support' account without AD local user admin rights on the schema - IE an account that can do all on workstations, but can't dick with domain level GPO, leave that to whomever is the actual admin is)on the domain - even if some did have hilariously poor password protection; at least the logic was there. They saw 2+2 and got 5, but at least they were *close*.

      It's temporary, and if they're that incompetent, the reference won't matter if you go to a *sane* employer/recruitman consultant.

      I've worked a few places like that, and there is nothing as satisfying as on your last day, arranging an exit interview with the senior admin an dCTO telling the CTO that the senior admin is fucking clueless, I can tell you. Just make sure you know whaty you're on about, they might have a (poorly thought out) reason for it....

      That's the glorious benefit of temp/contract work - you can call people out on their heinous bullshit and get away with it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020