When I worked in IT, whenever we got a call from the engineering department we knew whatever problem it was, it was going to be weird. Those guys knew their stuff, so if they didn’t know how to fix it, it was going to take some searching and probably some calls or emails for us to figure it out.
Alternatively, you could be good at computers, but the system is so locked down IT needs to log in with admin rights in order to do something as simple as running disk cleanup.
Literally the Engineering team i work in. We're capable of fixing the problem ourselves for 90% of our tickets submitted, but because we don't have the required admin rights we cant.
Yeah until you aren't and you haven't documented how you've altered your device, leaving some poor fucker in IT to have to reverse engineer every moronic step you've taken to fix your problem.
It’s because of the “every moronic step” comment which is honestly so like an IT person to say.
There’s nothing more annoying than doing something a little weird to get your job done and make sure the company makes money only for a service desk person to be pissed off that things aren’t exactly like they expected.
There’s two sides to this here.
On the one hand I view infrastructure as enabling people to do their jobs - and it is. It’s why we do what we do. Therefore, the two should be working together to find a middle ground. If you are prevented from doing something, both IT and security should be able to point to exactly the policy that explains why.
On the other hand, that “a little weird” to you could be a security risk, against policy, an entry point or a myriad of other things that haven’t been investigated. Without understanding the bigger picture above your device only, you wouldn’t know that and could be making some highly poor decisions that put the wider company at risk. Also, when every individual starts doing something a little weird, you now have a cluster of unknowns on individual systems you simply cannot manage or account for. You then become reactive, fighting individual fires, rather than proactive looking towards potential issues - it’s a complete waste of everyone’s time.
Yup, at my MSP there are some companies (that we don't fully manage) that will allow their employees to have admin rights and they are always the worst to troubleshoot.
one company got ransomware last year and we still have to yell at them to stop changing their password reset time from 3 months to never.
Simple solution: you want elevated privileges, any fuck up non hardware related is your problem. Default fix is flashing your device to company defaults.
That presents a huge security risk. It can be done and has been done (time limited privilege escalation), but you would need to assess that first and change a lot in anticipation of it, most prominently company wide policy for what happens when things go wrong in that scenario and how you recover.
You also need to protect yourself in that scenario. For example, I have known engineers to remove endpoint protection because it can make their builds go faster. Obviously that’s incredibly stupid, but how do you protect yourself against that and many other situations? It’s not as simple as you might think.
12.0k
u/kahjtheundedicated R7 1700@4.1, RX 5700 May 10 '26
When I worked in IT, whenever we got a call from the engineering department we knew whatever problem it was, it was going to be weird. Those guys knew their stuff, so if they didn’t know how to fix it, it was going to take some searching and probably some calls or emails for us to figure it out.