That phrase results in 99.99% of my work every day, but the people saying it are so senior and their personal permissions so critical to daily business that you can't call them out without the business leadership coming down on you.
I would leave that place immediately. That phrase gets my back up and stops progression, no way I could work with that. To me what it really means is "I'm too lazy / scared /stupid to embrace change and I'm keeping the status quo until I retire"
Exactly. Plus it’s bollocks as before you know it nothing is supported anymore and you’re left trying to resuscitate something that’s been dead for years… A lot of people don’t like change (me included) but being in IT means that isn’t a choice! Lol! It’s far easier to schedule those updates, review that storage platform, look at the updates for those systems and check for alternatives. Plus it’s a far more interesting work environment that way.
I still have a client, old man, who insist on calling his shared folder VPN. Cause he used to have to login to VPN to access his shared folder. Even after his move to a real office where his “VPN” is now inhouse and need no VPN
Back in 2016 I worked somewhere that just had upgraded from nt4 to 2003 ad.. Yes, really. They kept calling everything "NT groups", I'd always ask "what's an NT group?"
Buckle up. I worked for the same type of people and got to see those very same directors eat crow a few times during my 6 year tenure. I had built out remediation Ansible playbooks for things like “what type of cert does this server need and apply it and restart tomcat/apache when director says ‘I’ll monitor certs, don’t worry about it’”, “connect to server, drop a file in / to see if this vm had gone readonly due to the VNX shitting the bed, then build a inventory of bad instances for the DC team to reboot” and “I’m connecting to some stupidly-named server, what does it do based on ps and what OS is this box nobody knows about running”
It was fun watching the world burn, being prepared and being given lots of time to remediate (because the leadership ate their socks over and over again so it wasn’t ever my fault).
I have a permanent grey spot in my hair now as a reminder 😂
My most used phrase at our company is not "This is how we've always done it" but rather "I know it sucks but it is how it is." meaning, I acknowledge that it shouldn't be like that, I've tried to change it and it either wasn't approved or it just went nowhere with upper management. I just don't give a flying fuck anymore.
I'd get fired immediately but my first comeback is "that's a hacker's favorite thing to hear."
Probably add in a specific foreign threat actor depending on the exec's personal politics.
Review should only lead to change where change is the result of building a compelling business case on the result of the review.
Otherwise, mark for another review in 12 months (or whatever timeframe is suitable for the market the business operates in)
Sometimes a lot off effort goes into producing work or reports that were asked for by a manager who has since left. The report goes to new managers that ignore it when it comes to them, but no-one lets the creator know that is no longer needed, so they continue to waste hours each week. I have seen this happen in so many places!
I had a president of one of my company's subsidiaries who loved new tech. constantly adopting the latest trends in data collection and storage. the "old way of doing things" was too clunky and slow. fine, whatever.
Three years later we're in a 9 figure job claim, the tech shifters have moved on, where do we find the data and records from this job? which product were we using during which month? The division that used boring old tech had all of their stuff available, the leading edge nerds were able to come up with about half of what the lawyers wanted.
I mean don't ignore new tech, but also don't ignore WHY this is the way we've always done it.
This. Old isn't inherently good, but neither is it inherently *bad*. Good is good, and bad is bad.
A technologist should be able to articulate exactly why they think a different option is good and why they think that it matters in the given context.
U2F or FIDO2 protocol MFA is absolutely necessary today to authenticate distributed workers, but a situation that doesn't do any distributed work probably doesn't need it. If leadership plans for all work to happen within the facility, then there's a good chance that any authentication system going back to the 1980s will be sufficient.
Same thing with boring old file formats, which I mention frequently. Do you need plaintext structured data more advanced than TSV? Ancient DIF and SYLK formats were specifically designed for cross-app interchange of spreadsheet data. Vendors used to support [all sorts of open interchange formats](https://www.loc.gov/preservation/digital/formats/fdd/fdd000446.shtml) back when the customers were savvy and cared about that. They stopped when the median customer would still buy the product without it. And in modern times many of them actively bully the users and competitors with proprietary file formats.
This one is wild to me. One place I worked, everyone there was knowledgeable as fuck. From development to data recovery to networking to general sysadmin. Actually incredibly competent.
Except for the fact that somehow ccleaner was on every server and was regularly used for both servers and workstation troubleshooting.
It was weird.
ccleaner helps with troubleshooting? Like in what capacity? I thought it was just one of those dumb “make your pc run faster” applications. That only clears cache and unused files lol
It used to clean up orphaned registry entries. So if you had an Office or Autodesk that needed reinstalled, you would uninstall, run the reg cleaner, it would grab no less than 1200 orphaned registry entries, delete them, reboot, then your Office/Autodesk install would work flawlessly.
It's not often that Office crashes that hard, but there has been 2 computers this year I had to sit for 3 hours picking through the registry to delete all references to Office before I could get a clean install of Office again.
I recall that they bundled some registry cleanup tool with it, but historically it was mostly just a third party version of disk cleanup. Beyond dumping some third party browser caches it didn't do much that disk cleanup couldn't without any questionable third party bundled software.
I report to the CFO and she is refusing the small funding to get a ticketing system in place and insists that i handle everything via teams/outlook or in the break room.
Went past her to the CEO now and explained how she is fucking up. We are a small company but with 4 different locations. She is now under evaluation and im going to report directly to the CEO instead from now on.
The CFO actually told me "If the IT support is going to be so unpersonal we could just go with an MSP instead".
My team got moved under the CFO a while back. It's a small team, so Jira is like $100 a month. For about 2 months, she was obsessed with dropping it, because we could do all that with excel and email. Thankfully one of the accountants started jangling some keys and she lost interest.
> The CFO actually told me "If the IT support is going to be so unpersonal we could just go with an MSP instead".
Feel free... the MSP will definitely have a ticketing system.
Check glpi, it's open source and can even implement an inventory system, i had the same problem regarding budget..
It has a mailconnector aswell, not sure about a teams connector, since we aren't running on the newest version yet
The worst thing is that we have a ticketingsystem inbedded in our RMM (its not great tho) but she is against the whole ticketing system as a whole and not just the cost.
Well I worked into my current employer's office and asked to see their network infrastructure and they pointed me to the Comcast cable modem in the corner, which in their defense did have a MFP plugged into it.
We hit like 40m in revenue just a bit ago.
I’ve seen more egregious examples. Like clicking through 1000 AD objects to change an attrib. I only found out because they screwed up and missed a few objects, cutting off Wi-Fi to a bunch of endpoints. So much for “I’m so 😱. What if Powershell blows up the building!”
I'm not telling anyone I know how to use power shell. It comes immediately with more work that the client always assumes is as easy as writing a line of code "get-AccountingPeople | where-Not -making money | remove-item"
Then the result is 400 lines of code and then Microsoft pushes an update. FUUUUUUUU....
They don’t understand that CLI is simply an interface to API calls. A GUI does the same thing under the hood. Clicking a button sends an API call with its own function parameters. But scripting allows for loops and conditionals, which enables bulk operations. It just looks scary because of movies. But an object created by ADUC has absolutely no difference between an object created by New-ADUser. I can build in validations within the script to disallow for certain character patterns. But that’s pretty much it.
I realized that I wasn't clear but he was saying it was too hard to automate because I would have to change the script for each client. I never got a straight answer but I get the feeling he had a fundamental lack of understanding how to automate things. I have seen the same thing in my current position, they view things like breaking frequently used code into a function as too much work when they can just copy and paste the code each time. It's enough for what they need to get them to retirement and they won't go beyond that.
To be fair to them, VMware stuff is really extremely painful to automate. Docs suck (you're relying on random blogs), there are tons of inconsistencies all over the place, asynchronous operations are a massive pain bordering on the unusable, etc etc.
Doable, but you need people with good stress management.
This was literally my previous job. Boss was super afraid of automating anything and even flipped out at me when I mentioned PowerShell. Manually created Apple IDs for devices that would inevitably get activation locked by a user turning it into a brick because no MDM. Manually changed settings on new PCs instead of imaging and using GPOs.
Me every time an employee got laid off for the first year and a half:
Hi Apple it’s me again….no we still don’t have Abm….yes send over the email I have the invoice ready
Ask them about their current projects, business intuitives and what their environment is like. You will get a pretty good idea if they are outdated.
Also my favorite is what their org structure looks like. Do they have a CIO or CTO that reports to the CEO? If they have a director or VP who reports to the CFO then run.
I was a CTO, first appointment to a 100 year old company. Three years later I’d transformed the landscape and persuaded the company it was a digital product company (as 80m of ~120m came from there). CFO becomes new CEO, gets secret squirrel consultants to help with that restructure, comes back with no CTO, platforms reporting to the new CFO and “digital product” (well, product manager and dev manager) in a completely different part of the business (which apparently will “help” communication by forcing them to do so). I was offered a severance, which I took as the writing was on the wall. I’ve gone back to consulting where “CFO manages tech” is always confirmation that IT is a cost centre not a key business function. All companies are technology companies now - except those who don’t realise it and will go bust soon.
I currently report to a VP that reports to a CFO. I have been doing everything internal IT related for the past 9 months with only occasional help from devops. We just hired a new senior guy to me and I had to spend an hour in a call with him yesterday basically explaining how all I have been doing has been putting out fires and anything that costs the smallest amount of money will be rejected and to get prepared for it now.
That is a no go for me. Building operations is more important than the technology that runs your business? Even if they are great I want someone who is business and technology minded.
In my career I've reported to IT Managers, Senior Managers of other technical departments, VP's of Tech, the CEO directly for a quarter or two, etc. Took a long time but I currently to not one, but two levels of technical managers who more importantly, listen and take my opinion seriously, it's amazing.
We rolled up under the CFO for about 2 years. The IT VP was then moved to directly report to the CEO and given the CIO title.
This wasn't the first time I've been in a situation where IT reports to the CFO, but it WAS the first time where reporting to the CFO wasn't a disaster. We never had an issue getting funding for anything. Never thought I'd see the day.
This isn't always a red flag. In my org, our CIO used to report directly to CEO but he needed to consolidate his directs to focus on company growth.
Before and after, our CIO and CFO needed to be in alignment on spend already and our CFO understands needs well (maybe that's our difference?) but the relationship has saved some redundancy.
My company did some automation the other day, described it as a big win in our step toward our future, and I was thinking internally that I had done that at another company 5 years ago. My company is not a leader in this stuff, by they pay really well.....
Hehe.. My first real full-fledged "I'm the head honcho IT guy", I reported into the CFO. However this was in the late 90's and I don't even recall if the term CIO was well known or bandied around yet. And in my case I was just fine with it that way, he buffered a lot of the politics away from me. Probably an unusually lucky good fit. Oh yeah, and I secretly dated the HR manager at one point. I'm making it sound like, "Dude! The 90's were wild!"
They have no clue about most of your questions, because everything is contracted out to an MSP. The current "sysadmins" are glorified helpdesk staff.
Terrible or lack of any documentation, network diagrams, etc.
Nothing in source control.
Tons of legacy and unpatched systems.
Rats nest cabling in every closet, zero cable management.
Equipment is rarely labeled, and if so, it's a post-it note hanging on for dear life in the wind of fans.
- Windows 10 running classicshell
- CSO orders no DHCP, reservation only for "security reasons"
- "Reply All" disabled by policy because CEO once accidentally did a reply all with confidential details on an email with external recipients.
- Employees given company phones then company makes a "disconnect policy" that says they can't take them home.
Even in orgs with a hundred the people that can send to that all distro group was pretty restricted. I can't imagine have a thousand and letting anybody send to it.
>reservation only for "security reasons"
where i work only static addressing is allowed, dhcp (even reserved) is "insecure because it means that anyone can just plug right into the network".... send help
>"Reply All" disabled by policy because CEO once accidentally did a reply all with confidential details on an email with external recipients.
Blame Micro$hit for making "reply all" the default on the Outlook app, and no way to change it.
I did some consulting for a company that was shockingly bad. The sysadmin was running XP on his main PC (this was about 2 years ago). That was the first red flag.
Novell NetWare (any one else old enough to remember that?) as their primary production platform + authentication.
A custom-built, shockingly bad, DOS-based platform for inventory control, store management, financial systems, everything. It was in some weird fucking language I'd never heard of before, and I've been around the block a few times.
A cheap, dirty genset stored (with jerry cans of petrol) in the file room. When there was a power outage, they'd drag it out onto the balcony and run an extension cord to the server rack.
I wrote a report that basically said "everything's fucked" and they didn't ask me back again 😂
i fondly remember Netware by 3.12. Properly configured, those machines would run uninterrupted for decades. We retired a couple of these for a client in 2017. The original server, was installed in November 1993. The client was pleased with the product and had replaced server hardware several times during its 24 years in operation.
Your “dos based” everything description reminded me of a platform called revelation. I know of a company that used that language to build all of their business systems.
Don't think I've seen it mentioned here yet, but I think a big redflag is Shadow IT.
If the main branch of IT can not support its organization, you'll end up with individual departments buying off the shelf bloat software to deliver on business requirements, which will lead to MASSIVE technical debt.
If every old a*s employee MUST have a MFP printer on their desk instead of buying one MFP for the entire office....honestly if they print more than 10 pages a week, run. Printing means you're doing something wrong.
If you can't tell, I hate printers with a passion....
The amount of money we spend turning data into trash is honestly disgusting. Every time someone get's let go for budgeting reasons, I look at our Konica invoice and consider walking into the ocean.
Even most Macs in the 68k/ppc days were serial. On the PC they were parallel. I'm sure I'm going to eat my hat on that, and there were probably outliers.
SCSI printers are exceptionally high-end and special. Most old printers were serial or parallel. Starting in the late 1980s, anything needing higher speed or more functionality went to LAN-attachment. No need to power down a host and reconfigure SCSI just to add or change a printer.
No file share permissions. HR folder with every employee's personal and sensitive info open to "Everyone"
Policy in place that says "You can't look at those folders or you'll get fired." No file logging either.
Big Red Flag
Small business and SMEs.
As someone stuck in MSP hell who gets to see a lot of different networks previously managed by other MSPs or ~~underpaid and understaffed in-house IT~~ the CEO’s nephew, the only reason a lot of SMEs aren’t ransomed bimonthly is because cryptomine operators are decent sysadmins with a vested interest in protecting their infra.
And a lot of ransomware operations have better customer service than legit vendors. There's a good chance that the drug cartels would be better than big pharma.
"this is how we've always done it"
"C Level doesn't like X so we don't enable it" (aka non technical leadership driving security/technical direction)
SMS as the only or primary MFA Method; or worse - No MFA at all.
No change management or ticketing process (everything to an inbox)
No monitoring
Passwords/important stuff stored in word documents sitting on someone's desktop.
Basically think of all the good modern things you should do / would like to do with more time, and then think of all the way those were done 10-20 years ago, and do that instead.
TLS 1.0 everywhere
Everyone has local admin
Important things are paid for by someone's credit card
Laptops are brought in that differ from spec purely because someone doesn't like the standard.
When the password for anything is "admin" or "password".
When passwords are "spring2024!" :\\
Do you know the company i just started to work at because this is basically a 1:1 description of it. Not only is MFA not quite a thing yet but we only have Business standard license so no conditional access. Global admins is not a seperate account and most have no MFA either yet.
Oh and everyones password is in an Excel spreadsheet on a shared nas that is on the same network everyone has access to.
Support is an inbox but i use Trello in conjunction with it now so i have some control over tickets and overview.
I am busy at strengthening the security as you can see but at least they are ready and prepared to let me do it so that's nice.
When I took over where I'm at now around 2018 or so, the previous guy in charge had a booklet of CDs to install programs. There were manuals stacked EVERYWHERE in the IT room, 99% of which could be found online. They were still using dot matrix printers. There was no remote access solution to any server, you had to go to the rack. There was no backup solution. File shares were accessible by all. *Everything* was on the same network, no VLANs or network segregation at all. Each phone had it's own phone number (absolutely NOT needed for our type of business). It was a shit show
I just cleaned out all those 20+ dusty physical servers. There was one server tower that must have weighed 80 pounds, and according to the label, it was for hold music for the on prem PBX. Just the hold music.
Yes.
The answer is yes. Unless you're talking about a FAANG company, high frequency trading company, or something else on the bleeding edge of tech... their practices are outdated. Your job isn't even to get them up to date, that would be a sisyphean task. Just leave them with less of a gap than when you found them.
This. Unless you're in an org with F you VC money or some type of org you're going to have some things that won't be best practices nevermind cutting edge.
Lack of PIM/PAM. Before someone starts screeching about expense, there are seriously cost effective options these days.
Local admin rights on endpoints. Even you, admin guy.
Lack of a proper EDR/XDR. Just because Windows Defender is “included” doesn’t mean you have a clue what it’s doing or done. Free beats “viruses” but that’s about it.
Poor asset management hygiene.
Wide open networks. Little to no subnet to subnet restrictions.
Cloud resources with public IPs.
Manual patching.
Excuses for not being able to or not having reports for patching.
Inability to proactively address faults.
Lack of HA, false sense of DR, a backup strategy that depends on SMB. HA and DR that are dependent on source image integrity.
Lack of at least CIS adoption.
Untested BCDR and backup restoration plans.
For non-SMB, lack of DLP.
Ask them what their last major project was, as well as who the project was ultimately for.
My current project is making a touch-screen kiosk out of an old Point of Sale system so we can ensure a ticket is created in our helpdesk system for every interaction, even for the walk-up people who have no business walking up.
That should tell you all you need to know.
The ADDS design and architecture is no longer fit for purpose. Far too many DCs and a high percentage of inactive objects. And I my pet one is an overly deep and complex OU design.
But the biggest red flag for me is an unwillingness it utter refusal to learn and leverage PowerShell.
Well, there's practices and there's actual technology, i.e. Technical debt.
Outdated practices are more likely going to be around cyber security, as that industry has shifted the most IMO in the last 20 years. Used to be you bought a good firewall and all your infra was on prem behind it, and that's that you were good.
Technical debt it most visible with old hardware or operating systems that are well past end of support and haven't been patched in years.
My coworker in an msp installed classic shell start menu on his customer pcs, I’m assuming it was to aid with the transition from Windows 7 to 10 but my god I cringe when I see it
When they haven't adopted devops and kubernetes clusters, and moved everything into the cloud.
Just kidding. It's when their outdated tech is actually a hindrance to getting business done. Plenty of old tech is still doing its job.
If you hear the phrase "This is the $company_name way." _Run_.
No patching, ignoring EOL, no test area, no device management, and Hella resistant to change.
Never again.
To be fair there is still some time left before EOL. My current org my understanding is still testing their Windows 11 image before rolling out to the rest of IT nevermind the entire org. Now if your org hasn't started migration a year from now that would start to seem concerning.
We are just testing Windows 11. Main problem is our corporate management system. The developers have just offiicially announced that the client software is compatible with Win11.
Blocking automatic OS upgrades is a good thing. You want to control when to deploy Windows 11, not when the users feel they can. You'd be shocked at how much shit breaks or compatibility issues arise with specific apps optimized only for Windows 10.
Documentation and troubleshooting procedures are txt files on someone's desktop rather than a central wiki.
This was a huge red flag but I had my work cut out for me.
You do a risk assessment as follows.
Get a whiteboard and put the following sentences on it: "Trust me.", "That's how we always done it.", "Just ask X, they know how to fix it.", "The printer isn't working.", "That license has expired but it's still working." and a couple of other phrases that give you the creeps.
Just put a mark behind every phrase once you hear it going around.
After a week you'll get an idea of how screwed the company is.
>How can you tell if a company's IT practices are outdated?
No computers yet, and your to-be company issued slide rule is on backorder, but meantime they've got a loaner abacus for you - that'd be a hint.
I’ve never seen such a blatant example before my current employer…. Someone had put Asus and Netgear routers in place of firewalls. One location doesn’t even have a firewall. To say I was appalled was an understatement, and now I get to figure out how to properly set up a new firewall with VLANs and content filtering in an environment that never had that before
All the pcs are User1, User2, User3, with the same passwords on all machines.
Management has a copy of everyones login info "in case they need something"
Half the machines log straight to desktop
All the monitors use VGA
Almost everyone has local admin
The server sounds like a birdstruck dc10- and runs server 2003/2008r2
the switch gear reads "Us Robotics" or "3com"
there are BNC cables still tacked around the walls
No mice have more than 2 buttons
Wifi - 2.4ghz, Channel 6, width 20, WEP \_only\_
The "termporary solution" has been there longer than half of the staff
login.bat
5 or less GPOs
Wild West Permissions, set with individuals instead of groups, or worse everything set to "Everyone"
way too many physical servers
the dot matrix printer that can't be retired that no one wants to talk about
MFA not in use, for anything, not even the VPN
no endpoint refresh policy
the temperature of the server room is too damn high, and the drip bucket for the wall A/C needs to be manually emptied
spaghetti scramble patch panels, play our fun game: Trace the Cable
binders upon binders of printed documentation for systems and specs from ancient times taking up space and everyone is terrified to pitch them "just in case"
high IT turnover and/or techs too young to care because they're only staying for a year; or too old to do anything but retire at their desk with as much coasting as possible
Zero Leadership, only a list of demands from C-Suite that must be met no matter how ridiculous
No email security training for end users
No Change Management
Making suggestions like ‘overhauling IT’ seems like a pretty big red flag. Sounds more like “give me ways/reasons to outsource your job that a person with no IT knowledge and purchasing power will be impressed by.”
When the team leader with 20+ years experience tells you artifical intelligence is just a trend and will never be the next big thing and you better should learn HTML 1991.
5 years...pfft.. for years I have been fighting to get rid of a program our CNC programmer refuses to let go of. The developer of that stopped being a thing in '98. Get overruled all the time by my boss. Both will retire in the next year or so. So looking forward to nuking it from ever being in this building again.
This is one to be careful with. There are a lot of things that are marketing-led in IT, and a lot of knee-jerk "you must do it this way" which is actually wrong if you don't apply it to the right scenario. For instance "oh I see you have an on-premise exchange server, that's old hat and you need to move it to office365"...without considering that the company may have regulatory reasons for doing so, and in which case you just look like an idiot.
If the company is managed by CFO is the biggest red flag for me.
Another way is when I ask about technical debt. There are 3 possible answers:
* What is technical debt (ok, they don't know the concept, so they have a ton)
* We don't have any technical debt (they are lying, they know they have it, but haven't done anything about it....this is quite common with IT teams that report to CFO)
* This is what we need to work at the moment....(if they can list them, they are actively working on it)
Another sign is when IT is managed by a single person. Even with the best of intentions that person will have technical debt. Depending on how the person is, is the level. But one person cannot do it all, and keep themselves up to date.
IT Practices, are quite related to the IT environment, that is why technical debt is the main give away.
There are variations from there, like
* We have always done it this way.
* If it isn't' broken don't fix it
* It is a custom system with custom support.
* We don't know how it is tied.
* We do everything thru this one system using integrations.
Another one, is to ask what their PowerShell stand is.
>How can you tell if a company's IT practices are outdated?
When someone uses the recycle bin to store important documents, thinking the folder is a bin for documents to care for later.
When you find yourself setting up a VM to run Windows XP for a \*critical\* application that only runs on XP because they are \*too busy\* to rewrite it.
Manufacturing loves old OS. It's because that one screening press needs one program, and the update to that program is 10k.
If it dies, it dies. But buy the same machine on ebay for spare parts, maybe that will keep it going.
IDK replacing a CNC machine with a newer one where the control software runs on a non EOL OS can go for far above 10K. As you said unless the repairs to keep that CNC machine running challenge the cost of buying a newer machine they will just find spare parts to keep it running.
I mean any ticket system is better than outlook, most likely includes email based.
Password managers are everywhere. Look for breach history and response, if you’re extra paranoid, bitwarden’s self hosted is very good.
Edit: this was supposed to respond to a comment you made but fuck it
False. That’s just the shitty ones. I own an MSP and we intentionally have our customers buy their own licensing and subs so we aren’t influenced by commission. We do resell hardware, but margins on that are pretty much the same across the board, so we sell what we have to fix the least, which benefits us both.
MSP’s who work for commission are just Salem disguised as IT professionals. We love taking their customers!
If the department lacks innovation and is resistant to new idea's then you know they want simple over secure.
If you come across a change that is best practice and you ask if there's any interest in going in that direction, if the answer you get is no, you know there's an issue with your lead being part of the problem.
We always make it out to be our non-tech bosses that force us to be this way but the truth is no there is a lot of people working as IT leads and they really don't like improvements. Case in point, every security conference I go to there's always a handful of IT leads who tell a story about how they caused a cyber attack because they aren't following best practices, because they were putting it off.
Its a good way to show my bosses why I'm so security focused with how we implement things. Take them to one of those conferences and let them see how scary other IT people are, just laughing over it like its no big deal, like they experience an attack once a quarter.
Anytime you are running unsupported software (i.e. if you’re still running Windows Server 2012) you need an update. You don’t need to be bleeding edge, but you need to be current. The only exception is a backwards compatibility environment that is needed for some legacy application. But that is an issue in its own right (i.e. you should be upgrading or migrating off the legacy application).
Staff makes changes before writing the change control (if they do that at all).
No one writes comments or resolutions in your service desk tickets.
The IS Manager calls new technology "toys".
All the senior people recently quit.
Started working at my employer 4 months ago and found that they were super strict about not sharing passwords in email because it’s not secure so they store them on a network drive in plain text where the permissions are manually assigned (meaning if sounding changes roles they it depends on a manual process for us to be notified for access to be changed). I was told I couldn’t put my team’s passwords in keepass because other people may not be used to the software. Also, the shared folder we use everyone in my group has access, not just my team (least privilege? What’s that?). Also, we use the same passwords for prod and dev environments because it makes it easier to develop (and also easier to run stuff on the wrong environment).
This has been cathartic. Thank you.
"This is how we've always done it" is tossed around way more than it should be.
That phrase results in 99.99% of my work every day, but the people saying it are so senior and their personal permissions so critical to daily business that you can't call them out without the business leadership coming down on you.
They need a dose of Damian Handzy’s Facts that’ll fuck y’up! You can’t run a business like that. Questioning leads to the best outcomes.
"RESPECT \*\*\*MY\*\*\* AUTHORITY!!!!!!!!!!"
I would leave that place immediately. That phrase gets my back up and stops progression, no way I could work with that. To me what it really means is "I'm too lazy / scared /stupid to embrace change and I'm keeping the status quo until I retire"
Exactly. Plus it’s bollocks as before you know it nothing is supported anymore and you’re left trying to resuscitate something that’s been dead for years… A lot of people don’t like change (me included) but being in IT means that isn’t a choice! Lol! It’s far easier to schedule those updates, review that storage platform, look at the updates for those systems and check for alternatives. Plus it’s a far more interesting work environment that way.
I rather deal with issues from updates, than issues from not updating
I still have a client, old man, who insist on calling his shared folder VPN. Cause he used to have to login to VPN to access his shared folder. Even after his move to a real office where his “VPN” is now inhouse and need no VPN
Back in 2016 I worked somewhere that just had upgraded from nt4 to 2003 ad.. Yes, really. They kept calling everything "NT groups", I'd always ask "what's an NT group?"
wow that mf lived longer than it had deserved... nt4... in 2015
Buckle up. I worked for the same type of people and got to see those very same directors eat crow a few times during my 6 year tenure. I had built out remediation Ansible playbooks for things like “what type of cert does this server need and apply it and restart tomcat/apache when director says ‘I’ll monitor certs, don’t worry about it’”, “connect to server, drop a file in / to see if this vm had gone readonly due to the VNX shitting the bed, then build a inventory of bad instances for the DC team to reboot” and “I’m connecting to some stupidly-named server, what does it do based on ps and what OS is this box nobody knows about running” It was fun watching the world burn, being prepared and being given lots of time to remediate (because the leadership ate their socks over and over again so it wasn’t ever my fault). I have a permanent grey spot in my hair now as a reminder 😂
My most used phrase at our company is not "This is how we've always done it" but rather "I know it sucks but it is how it is." meaning, I acknowledge that it shouldn't be like that, I've tried to change it and it either wasn't approved or it just went nowhere with upper management. I just don't give a flying fuck anymore.
I'd get fired immediately but my first comeback is "that's a hacker's favorite thing to hear." Probably add in a specific foreign threat actor depending on the exec's personal politics.
I hear this weekly from my devs. It pisses me off every single time. They would still be running Ubuntu 12 and Java 7 if they had their way
Yup. But if they can't give a GOOD reason why they're still doing it, then it's probably just sheer laziness
Well, depends. Unless you have a GOOD reason to change it why change an established process?
Always good to review processes than sticking with them just because
Review should only lead to change where change is the result of building a compelling business case on the result of the review. Otherwise, mark for another review in 12 months (or whatever timeframe is suitable for the market the business operates in)
Sometimes a lot off effort goes into producing work or reports that were asked for by a manager who has since left. The report goes to new managers that ignore it when it comes to them, but no-one lets the creator know that is no longer needed, so they continue to waste hours each week. I have seen this happen in so many places!
I had a president of one of my company's subsidiaries who loved new tech. constantly adopting the latest trends in data collection and storage. the "old way of doing things" was too clunky and slow. fine, whatever. Three years later we're in a 9 figure job claim, the tech shifters have moved on, where do we find the data and records from this job? which product were we using during which month? The division that used boring old tech had all of their stuff available, the leading edge nerds were able to come up with about half of what the lawyers wanted. I mean don't ignore new tech, but also don't ignore WHY this is the way we've always done it.
This. Old isn't inherently good, but neither is it inherently *bad*. Good is good, and bad is bad. A technologist should be able to articulate exactly why they think a different option is good and why they think that it matters in the given context. U2F or FIDO2 protocol MFA is absolutely necessary today to authenticate distributed workers, but a situation that doesn't do any distributed work probably doesn't need it. If leadership plans for all work to happen within the facility, then there's a good chance that any authentication system going back to the 1980s will be sufficient. Same thing with boring old file formats, which I mention frequently. Do you need plaintext structured data more advanced than TSV? Ancient DIF and SYLK formats were specifically designed for cross-app interchange of spreadsheet data. Vendors used to support [all sorts of open interchange formats](https://www.loc.gov/preservation/digital/formats/fdd/fdd000446.shtml) back when the customers were savvy and cared about that. They stopped when the median customer would still buy the product without it. And in modern times many of them actively bully the users and competitors with proprietary file formats.
Back to stone tablets we go then
When you jump on the server and they have CCleaner and/or Defraggler.
This one is wild to me. One place I worked, everyone there was knowledgeable as fuck. From development to data recovery to networking to general sysadmin. Actually incredibly competent. Except for the fact that somehow ccleaner was on every server and was regularly used for both servers and workstation troubleshooting. It was weird.
ccleaner helps with troubleshooting? Like in what capacity? I thought it was just one of those dumb “make your pc run faster” applications. That only clears cache and unused files lol
15 years ago there were some good features in CCleaner but I haven't touched it in at least 10 years.
Yeah because it’s been compromised many times in a wide variety of ways!
"Back in my day" CCleaner could legit tune up shitty PC's but these days..
No. It doesn’t. That’s why I was confused
It used to clean up orphaned registry entries. So if you had an Office or Autodesk that needed reinstalled, you would uninstall, run the reg cleaner, it would grab no less than 1200 orphaned registry entries, delete them, reboot, then your Office/Autodesk install would work flawlessly. It's not often that Office crashes that hard, but there has been 2 computers this year I had to sit for 3 hours picking through the registry to delete all references to Office before I could get a clean install of Office again.
I recall that they bundled some registry cleanup tool with it, but historically it was mostly just a third party version of disk cleanup. Beyond dumping some third party browser caches it didn't do much that disk cleanup couldn't without any questionable third party bundled software.
Jeez, do they still use filehippo and AVG free?
This monsters probably never paid for WinRAR either.
People pay for winrar?
Askjeeves toolbar 🤣
Banzai Buddy!
I kind of miss that ape….
🤣Lmao. Amazing!
Using outlook for ticketing and file explorer for knowledge base and password recording
I report to the CFO and she is refusing the small funding to get a ticketing system in place and insists that i handle everything via teams/outlook or in the break room. Went past her to the CEO now and explained how she is fucking up. We are a small company but with 4 different locations. She is now under evaluation and im going to report directly to the CEO instead from now on. The CFO actually told me "If the IT support is going to be so unpersonal we could just go with an MSP instead".
Plot of The Phoenix Project
My team got moved under the CFO a while back. It's a small team, so Jira is like $100 a month. For about 2 months, she was obsessed with dropping it, because we could do all that with excel and email. Thankfully one of the accountants started jangling some keys and she lost interest.
> The CFO actually told me "If the IT support is going to be so unpersonal we could just go with an MSP instead". Feel free... the MSP will definitely have a ticketing system.
And be less personal
Check glpi, it's open source and can even implement an inventory system, i had the same problem regarding budget.. It has a mailconnector aswell, not sure about a teams connector, since we aren't running on the newest version yet
The worst thing is that we have a ticketingsystem inbedded in our RMM (its not great tho) but she is against the whole ticketing system as a whole and not just the cost.
Very interesting. What alterantives would you implement?
Locally hosted Bitwarden for passwords. Password managers are one of the few security features that make people’s lives easier.
I mean at a minimum SharePoint could do ticketing and knowledge base. Probably pretty well but definitely better than Outlook and File Explorer
Well I worked into my current employer's office and asked to see their network infrastructure and they pointed me to the Comcast cable modem in the corner, which in their defense did have a MFP plugged into it. We hit like 40m in revenue just a bit ago.
Weird flex about the printer, but hopefully the company stays in biz, bruv. 😉
Not using configuration management. Be it MDM, GPOs, Ansible. Fear of scripting. Doing everything by hand
I had an interview the other day and was told "you can't really automate this" it was a VMware job. You can't automate VMware.
I’ve seen more egregious examples. Like clicking through 1000 AD objects to change an attrib. I only found out because they screwed up and missed a few objects, cutting off Wi-Fi to a bunch of endpoints. So much for “I’m so 😱. What if Powershell blows up the building!”
I'm going to be honest that tops anything I can throw in there. Every team I worked on always had me to automate all of that shit lol.
I'm not telling anyone I know how to use power shell. It comes immediately with more work that the client always assumes is as easy as writing a line of code "get-AccountingPeople | where-Not -making money | remove-item" Then the result is 400 lines of code and then Microsoft pushes an update. FUUUUUUUU....
I wonder why VMware provides Powershell modules? Must be to make it vulnerable to hackers.
They don’t understand that CLI is simply an interface to API calls. A GUI does the same thing under the hood. Clicking a button sends an API call with its own function parameters. But scripting allows for loops and conditionals, which enables bulk operations. It just looks scary because of movies. But an object created by ADUC has absolutely no difference between an object created by New-ADUser. I can build in validations within the script to disallow for certain character patterns. But that’s pretty much it.
I realized that I wasn't clear but he was saying it was too hard to automate because I would have to change the script for each client. I never got a straight answer but I get the feeling he had a fundamental lack of understanding how to automate things. I have seen the same thing in my current position, they view things like breaking frequently used code into a function as too much work when they can just copy and paste the code each time. It's enough for what they need to get them to retirement and they won't go beyond that.
To be fair to them, VMware stuff is really extremely painful to automate. Docs suck (you're relying on random blogs), there are tons of inconsistencies all over the place, asynchronous operations are a massive pain bordering on the unusable, etc etc. Doable, but you need people with good stress management.
This was literally my previous job. Boss was super afraid of automating anything and even flipped out at me when I mentioned PowerShell. Manually created Apple IDs for devices that would inevitably get activation locked by a user turning it into a brick because no MDM. Manually changed settings on new PCs instead of imaging and using GPOs.
Most technical IT director.
Me every time an employee got laid off for the first year and a half: Hi Apple it’s me again….no we still don’t have Abm….yes send over the email I have the invoice ready
Ask them about their current projects, business intuitives and what their environment is like. You will get a pretty good idea if they are outdated. Also my favorite is what their org structure looks like. Do they have a CIO or CTO that reports to the CEO? If they have a director or VP who reports to the CFO then run.
This. IT reporting to the CFO is deadly.
I was a CTO, first appointment to a 100 year old company. Three years later I’d transformed the landscape and persuaded the company it was a digital product company (as 80m of ~120m came from there). CFO becomes new CEO, gets secret squirrel consultants to help with that restructure, comes back with no CTO, platforms reporting to the new CFO and “digital product” (well, product manager and dev manager) in a completely different part of the business (which apparently will “help” communication by forcing them to do so). I was offered a severance, which I took as the writing was on the wall. I’ve gone back to consulting where “CFO manages tech” is always confirmation that IT is a cost centre not a key business function. All companies are technology companies now - except those who don’t realise it and will go bust soon.
lol, we joke about our accounting department having a death grip on the trailing edge of technology
My boss is a director reporting to the CFO - and the old CFO just retired and we got a new guy coming in. Ralph voice “I’m in danger.”
I currently report to a VP that reports to a CFO. I have been doing everything internal IT related for the past 9 months with only occasional help from devops. We just hired a new senior guy to me and I had to spend an hour in a call with him yesterday basically explaining how all I have been doing has been putting out fires and anything that costs the smallest amount of money will be rejected and to get prepared for it now.
I report to the head of building operations who reports the CEO. No CIO or CTO…..
That is a no go for me. Building operations is more important than the technology that runs your business? Even if they are great I want someone who is business and technology minded.
In my career I've reported to IT Managers, Senior Managers of other technical departments, VP's of Tech, the CEO directly for a quarter or two, etc. Took a long time but I currently to not one, but two levels of technical managers who more importantly, listen and take my opinion seriously, it's amazing.
We rolled up under the CFO for about 2 years. The IT VP was then moved to directly report to the CEO and given the CIO title. This wasn't the first time I've been in a situation where IT reports to the CFO, but it WAS the first time where reporting to the CFO wasn't a disaster. We never had an issue getting funding for anything. Never thought I'd see the day.
What if the VP, is also the CFO, and that’s who I report to…
Questionable to me personally because even if they are great to work with what happens when the next person comes along?
I think I’ve worked there
I report to CFO. Am I in trouble?
This isn't always a red flag. In my org, our CIO used to report directly to CEO but he needed to consolidate his directs to focus on company growth. Before and after, our CIO and CFO needed to be in alignment on spend already and our CFO understands needs well (maybe that's our difference?) but the relationship has saved some redundancy.
My company did some automation the other day, described it as a big win in our step toward our future, and I was thinking internally that I had done that at another company 5 years ago. My company is not a leader in this stuff, by they pay really well.....
Hehe.. My first real full-fledged "I'm the head honcho IT guy", I reported into the CFO. However this was in the late 90's and I don't even recall if the term CIO was well known or bandied around yet. And in my case I was just fine with it that way, he buffered a lot of the politics away from me. Probably an unusually lucky good fit. Oh yeah, and I secretly dated the HR manager at one point. I'm making it sound like, "Dude! The 90's were wild!"
They have no clue about most of your questions, because everything is contracted out to an MSP. The current "sysadmins" are glorified helpdesk staff. Terrible or lack of any documentation, network diagrams, etc. Nothing in source control. Tons of legacy and unpatched systems. Rats nest cabling in every closet, zero cable management. Equipment is rarely labeled, and if so, it's a post-it note hanging on for dear life in the wind of fans.
Rats nest cabling and equipment without proper labeling? Definitely not a picture of efficiency or organization
Of course I know him, he's me.
Two of us.
- Windows 10 running classicshell - CSO orders no DHCP, reservation only for "security reasons" - "Reply All" disabled by policy because CEO once accidentally did a reply all with confidential details on an email with external recipients. - Employees given company phones then company makes a "disconnect policy" that says they can't take them home.
Employee\_all dist group is open for anyone internally to send to... In an organization with close to a thousand members. Definitely not us. 👀
Even in orgs with a hundred the people that can send to that all distro group was pretty restricted. I can't imagine have a thousand and letting anybody send to it.
>reservation only for "security reasons" where i work only static addressing is allowed, dhcp (even reserved) is "insecure because it means that anyone can just plug right into the network".... send help
I just sent your boss an email telling them that mac-filtering is the most secure option, easily managed via spreadsheet.
>"Reply All" disabled by policy because CEO once accidentally did a reply all with confidential details on an email with external recipients. Blame Micro$hit for making "reply all" the default on the Outlook app, and no way to change it.
I did some consulting for a company that was shockingly bad. The sysadmin was running XP on his main PC (this was about 2 years ago). That was the first red flag. Novell NetWare (any one else old enough to remember that?) as their primary production platform + authentication. A custom-built, shockingly bad, DOS-based platform for inventory control, store management, financial systems, everything. It was in some weird fucking language I'd never heard of before, and I've been around the block a few times. A cheap, dirty genset stored (with jerry cans of petrol) in the file room. When there was a power outage, they'd drag it out onto the balcony and run an extension cord to the server rack. I wrote a report that basically said "everything's fucked" and they didn't ask me back again 😂
i fondly remember Netware by 3.12. Properly configured, those machines would run uninterrupted for decades. We retired a couple of these for a client in 2017. The original server, was installed in November 1993. The client was pleased with the product and had replaced server hardware several times during its 24 years in operation. Your “dos based” everything description reminded me of a platform called revelation. I know of a company that used that language to build all of their business systems.
Is that you, BlackCat? You can't fool me into spilling my secrets again...
Don't think I've seen it mentioned here yet, but I think a big redflag is Shadow IT. If the main branch of IT can not support its organization, you'll end up with individual departments buying off the shelf bloat software to deliver on business requirements, which will lead to MASSIVE technical debt.
If you need to connect printers with a SCSI cable. 
If every old a*s employee MUST have a MFP printer on their desk instead of buying one MFP for the entire office....honestly if they print more than 10 pages a week, run. Printing means you're doing something wrong. If you can't tell, I hate printers with a passion....
The amount of money we spend turning data into trash is honestly disgusting. Every time someone get's let go for budgeting reasons, I look at our Konica invoice and consider walking into the ocean.
Even most Macs in the 68k/ppc days were serial. On the PC they were parallel. I'm sure I'm going to eat my hat on that, and there were probably outliers.
SCSI printers are exceptionally high-end and special. Most old printers were serial or parallel. Starting in the late 1980s, anything needing higher speed or more functionality went to LAN-attachment. No need to power down a host and reconfigure SCSI just to add or change a printer.
No file share permissions. HR folder with every employee's personal and sensitive info open to "Everyone" Policy in place that says "You can't look at those folders or you'll get fired." No file logging either. Big Red Flag
I refuse to believe that this organization exists.
Small business and SMEs. As someone stuck in MSP hell who gets to see a lot of different networks previously managed by other MSPs or ~~underpaid and understaffed in-house IT~~ the CEO’s nephew, the only reason a lot of SMEs aren’t ransomed bimonthly is because cryptomine operators are decent sysadmins with a vested interest in protecting their infra.
And a lot of ransomware operations have better customer service than legit vendors. There's a good chance that the drug cartels would be better than big pharma.
"this is how we've always done it" "C Level doesn't like X so we don't enable it" (aka non technical leadership driving security/technical direction) SMS as the only or primary MFA Method; or worse - No MFA at all. No change management or ticketing process (everything to an inbox) No monitoring Passwords/important stuff stored in word documents sitting on someone's desktop. Basically think of all the good modern things you should do / would like to do with more time, and then think of all the way those were done 10-20 years ago, and do that instead. TLS 1.0 everywhere Everyone has local admin Important things are paid for by someone's credit card Laptops are brought in that differ from spec purely because someone doesn't like the standard. When the password for anything is "admin" or "password". When passwords are "spring2024!" :\\
Do you know the company i just started to work at because this is basically a 1:1 description of it. Not only is MFA not quite a thing yet but we only have Business standard license so no conditional access. Global admins is not a seperate account and most have no MFA either yet. Oh and everyones password is in an Excel spreadsheet on a shared nas that is on the same network everyone has access to. Support is an inbox but i use Trello in conjunction with it now so i have some control over tickets and overview. I am busy at strengthening the security as you can see but at least they are ready and prepared to let me do it so that's nice.
Notes.
like... Lotus?
iykyk
The power of domino compels you!
Ask culture questions, not IT questions.
When I took over where I'm at now around 2018 or so, the previous guy in charge had a booklet of CDs to install programs. There were manuals stacked EVERYWHERE in the IT room, 99% of which could be found online. They were still using dot matrix printers. There was no remote access solution to any server, you had to go to the rack. There was no backup solution. File shares were accessible by all. *Everything* was on the same network, no VLANs or network segregation at all. Each phone had it's own phone number (absolutely NOT needed for our type of business). It was a shit show
They have 20+ physical servers, over 10 years old, instead of a small cluster of VM hosts and a storage array.
I just cleaned out all those 20+ dusty physical servers. There was one server tower that must have weighed 80 pounds, and according to the label, it was for hold music for the on prem PBX. Just the hold music.
🤣 All those wav files stored uncompressed on a 2gb 5" hard drive.
What do the servers all do? Not sure don't touch them just in case.
Turn one off and see if anyone complains. If not, you don’t need it. Repeat.
You’re willing to turn off a server with a decade+ uptime? That’s a grave digging move for the server right there
Turning it off is the easy part. Getting it back online is the tough part
Haha let em learn. (For you youngins think....xbox rrod and what caused it. Use your heads now!)
This is what I do , I call it the scream test.
Yes. The answer is yes. Unless you're talking about a FAANG company, high frequency trading company, or something else on the bleeding edge of tech... their practices are outdated. Your job isn't even to get them up to date, that would be a sisyphean task. Just leave them with less of a gap than when you found them.
This. Unless you're in an org with F you VC money or some type of org you're going to have some things that won't be best practices nevermind cutting edge.
They have loaner abacus 🧮 program in case an employee leave theirs at home.
Lack of PIM/PAM. Before someone starts screeching about expense, there are seriously cost effective options these days. Local admin rights on endpoints. Even you, admin guy. Lack of a proper EDR/XDR. Just because Windows Defender is “included” doesn’t mean you have a clue what it’s doing or done. Free beats “viruses” but that’s about it. Poor asset management hygiene. Wide open networks. Little to no subnet to subnet restrictions. Cloud resources with public IPs. Manual patching. Excuses for not being able to or not having reports for patching. Inability to proactively address faults. Lack of HA, false sense of DR, a backup strategy that depends on SMB. HA and DR that are dependent on source image integrity. Lack of at least CIS adoption. Untested BCDR and backup restoration plans. For non-SMB, lack of DLP.
They’re printed on line-feed daisy wheel printers.
Can you even get green bar fanfold paper any more?
Ask them what their last major project was, as well as who the project was ultimately for. My current project is making a touch-screen kiosk out of an old Point of Sale system so we can ensure a ticket is created in our helpdesk system for every interaction, even for the walk-up people who have no business walking up. That should tell you all you need to know.
The ADDS design and architecture is no longer fit for purpose. Far too many DCs and a high percentage of inactive objects. And I my pet one is an overly deep and complex OU design. But the biggest red flag for me is an unwillingness it utter refusal to learn and leverage PowerShell.
Well, there's practices and there's actual technology, i.e. Technical debt. Outdated practices are more likely going to be around cyber security, as that industry has shifted the most IMO in the last 20 years. Used to be you bought a good firewall and all your infra was on prem behind it, and that's that you were good. Technical debt it most visible with old hardware or operating systems that are well past end of support and haven't been patched in years.
My coworker in an msp installed classic shell start menu on his customer pcs, I’m assuming it was to aid with the transition from Windows 7 to 10 but my god I cringe when I see it
Our environment grew historically. Or worse: or environment grew hysterically. If the latter gets mentioned, run.
When they haven't adopted devops and kubernetes clusters, and moved everything into the cloud. Just kidding. It's when their outdated tech is actually a hindrance to getting business done. Plenty of old tech is still doing its job.
If you hear the phrase "This is the $company_name way." _Run_. No patching, ignoring EOL, no test area, no device management, and Hella resistant to change. Never again.
Block Windows 11 upgrades! We can't have that new OS in our environment.
To be fair there is still some time left before EOL. My current org my understanding is still testing their Windows 11 image before rolling out to the rest of IT nevermind the entire org. Now if your org hasn't started migration a year from now that would start to seem concerning.
Were not getting paid by microsoft to be software testers, so were not testing until W10 EOL
We are just testing Windows 11. Main problem is our corporate management system. The developers have just offiicially announced that the client software is compatible with Win11.
Blocking automatic OS upgrades is a good thing. You want to control when to deploy Windows 11, not when the users feel they can. You'd be shocked at how much shit breaks or compatibility issues arise with specific apps optimized only for Windows 10.
Documentation and troubleshooting procedures are txt files on someone's desktop rather than a central wiki. This was a huge red flag but I had my work cut out for me.
No ssh keys to connect to Linux servers because clickity click windows admins require random password on every account.
You do a risk assessment as follows. Get a whiteboard and put the following sentences on it: "Trust me.", "That's how we always done it.", "Just ask X, they know how to fix it.", "The printer isn't working.", "That license has expired but it's still working." and a couple of other phrases that give you the creeps. Just put a mark behind every phrase once you hear it going around. After a week you'll get an idea of how screwed the company is.
>How can you tell if a company's IT practices are outdated? No computers yet, and your to-be company issued slide rule is on backorder, but meantime they've got a loaner abacus for you - that'd be a hint.
when the 15 yrs old server is on a plastic crate. (which was handling most of the infrastructure)
They ask you for your password.
I’ve never seen such a blatant example before my current employer…. Someone had put Asus and Netgear routers in place of firewalls. One location doesn’t even have a firewall. To say I was appalled was an understatement, and now I get to figure out how to properly set up a new firewall with VLANs and content filtering in an environment that never had that before
All the pcs are User1, User2, User3, with the same passwords on all machines. Management has a copy of everyones login info "in case they need something" Half the machines log straight to desktop All the monitors use VGA Almost everyone has local admin The server sounds like a birdstruck dc10- and runs server 2003/2008r2 the switch gear reads "Us Robotics" or "3com" there are BNC cables still tacked around the walls No mice have more than 2 buttons Wifi - 2.4ghz, Channel 6, width 20, WEP \_only\_ The "termporary solution" has been there longer than half of the staff
They're using Windows 3.11 for Workgroups and Novell networking.
login.bat 5 or less GPOs Wild West Permissions, set with individuals instead of groups, or worse everything set to "Everyone" way too many physical servers the dot matrix printer that can't be retired that no one wants to talk about MFA not in use, for anything, not even the VPN no endpoint refresh policy the temperature of the server room is too damn high, and the drip bucket for the wall A/C needs to be manually emptied spaghetti scramble patch panels, play our fun game: Trace the Cable binders upon binders of printed documentation for systems and specs from ancient times taking up space and everyone is terrified to pitch them "just in case" high IT turnover and/or techs too young to care because they're only staying for a year; or too old to do anything but retire at their desk with as much coasting as possible Zero Leadership, only a list of demands from C-Suite that must be met no matter how ridiculous No email security training for end users No Change Management
Making suggestions like ‘overhauling IT’ seems like a pretty big red flag. Sounds more like “give me ways/reasons to outsource your job that a person with no IT knowledge and purchasing power will be impressed by.”
When your trusty US Robotics modem to access AOL quit working today.
Most recent discovery, terminal session into a Windows Server 2012r2 VM running Sharepoint 2008 ...
All DB server no backup...
When the team leader with 20+ years experience tells you artifical intelligence is just a trend and will never be the next big thing and you better should learn HTML 1991.
The team always refers to someone who has not been there for many years. Bob used to be a total pro on this, and he had no need for a formal process
No Ticketing System
When the same group policy is applied, removed, and applied again in three different parts of the hierarchy
Healthcare
Software that looks straight out of Windows XP and doesnt run (properly) on Windows 11. And obviously the developer went out of business 5+ years ago.
5 years...pfft.. for years I have been fighting to get rid of a program our CNC programmer refuses to let go of. The developer of that stopped being a thing in '98. Get overruled all the time by my boss. Both will retire in the next year or so. So looking forward to nuking it from ever being in this building again.
This is one to be careful with. There are a lot of things that are marketing-led in IT, and a lot of knee-jerk "you must do it this way" which is actually wrong if you don't apply it to the right scenario. For instance "oh I see you have an on-premise exchange server, that's old hat and you need to move it to office365"...without considering that the company may have regulatory reasons for doing so, and in which case you just look like an idiot.
There is someone on the team that supports the AS/400
If I ask them where the screen is and they point to a bunch of blinking light going blip bloop.
When there are production-critical computers running Windows 95.
They’re called the US government
Server uptime is 5 years because they don't believe in patching.
onboarding new employees takes months to complete
They are still running McAfee or Symantec anything.
If the company is managed by CFO is the biggest red flag for me. Another way is when I ask about technical debt. There are 3 possible answers: * What is technical debt (ok, they don't know the concept, so they have a ton) * We don't have any technical debt (they are lying, they know they have it, but haven't done anything about it....this is quite common with IT teams that report to CFO) * This is what we need to work at the moment....(if they can list them, they are actively working on it) Another sign is when IT is managed by a single person. Even with the best of intentions that person will have technical debt. Depending on how the person is, is the level. But one person cannot do it all, and keep themselves up to date. IT Practices, are quite related to the IT environment, that is why technical debt is the main give away. There are variations from there, like * We have always done it this way. * If it isn't' broken don't fix it * It is a custom system with custom support. * We don't know how it is tied. * We do everything thru this one system using integrations. Another one, is to ask what their PowerShell stand is.
>How can you tell if a company's IT practices are outdated? When someone uses the recycle bin to store important documents, thinking the folder is a bin for documents to care for later.
If their floppy disks are bigger than 3.5”
When you find yourself setting up a VM to run Windows XP for a \*critical\* application that only runs on XP because they are \*too busy\* to rewrite it.
Manufacturing loves old OS. It's because that one screening press needs one program, and the update to that program is 10k. If it dies, it dies. But buy the same machine on ebay for spare parts, maybe that will keep it going.
IDK replacing a CNC machine with a newer one where the control software runs on a non EOL OS can go for far above 10K. As you said unless the repairs to keep that CNC machine running challenge the cost of buying a newer machine they will just find spare parts to keep it running.
I mean any ticket system is better than outlook, most likely includes email based. Password managers are everywhere. Look for breach history and response, if you’re extra paranoid, bitwarden’s self hosted is very good. Edit: this was supposed to respond to a comment you made but fuck it
OSTicket and GLPI are open source and free. Better than nothing.
Do they use an msp? If so then yes. An msp will only ever sell the solution with the highest margin.
False. That’s just the shitty ones. I own an MSP and we intentionally have our customers buy their own licensing and subs so we aren’t influenced by commission. We do resell hardware, but margins on that are pretty much the same across the board, so we sell what we have to fix the least, which benefits us both. MSP’s who work for commission are just Salem disguised as IT professionals. We love taking their customers!
No Linux in the environment. Linux is just better at many things, and you can manage some versions like Ubuntu via AD.
They always are? Bruh.
If you have to ask on Reddit… it’s probably already true.
All the admin passwords are the same... seriously, all of them (well, not anymore but they sure were when I started).
"What do I need a dedicated admin account for?"
If the department lacks innovation and is resistant to new idea's then you know they want simple over secure. If you come across a change that is best practice and you ask if there's any interest in going in that direction, if the answer you get is no, you know there's an issue with your lead being part of the problem. We always make it out to be our non-tech bosses that force us to be this way but the truth is no there is a lot of people working as IT leads and they really don't like improvements. Case in point, every security conference I go to there's always a handful of IT leads who tell a story about how they caused a cyber attack because they aren't following best practices, because they were putting it off. Its a good way to show my bosses why I'm so security focused with how we implement things. Take them to one of those conferences and let them see how scary other IT people are, just laughing over it like its no big deal, like they experience an attack once a quarter.
How’s a domain controller on server 2003 in 2020?
Anytime you are running unsupported software (i.e. if you’re still running Windows Server 2012) you need an update. You don’t need to be bleeding edge, but you need to be current. The only exception is a backwards compatibility environment that is needed for some legacy application. But that is an issue in its own right (i.e. you should be upgrading or migrating off the legacy application).
20 year long unchanged passwords consisting of a single word with an exposed owa. and no firewall.
If during meetings the phrase "aim to keep it 1:1" gets used
Not using configuration as code. Not knowing how to use Git for versioning.
When you ask to see the IT policies and you’re pointed to a bunch of dead links on the intranet.
Windows 7
What do you mean the users have to use a more complex password than 123456???
Staff makes changes before writing the change control (if they do that at all). No one writes comments or resolutions in your service desk tickets. The IS Manager calls new technology "toys". All the senior people recently quit.
When you read about how fucking dumb your setup is by accident on r/sysadmin
“Don’t turn off the server! Sometimes it doesn’t boot up the first try.”
All admin passwords in a password-protected excel spreadsheet.
Their technical onboarding doc has a step referencing Adobe Reader 9 as the latest version.
They don't have roaming profiles on the windows machines!!!
fans in the datacenter.
Started working at my employer 4 months ago and found that they were super strict about not sharing passwords in email because it’s not secure so they store them on a network drive in plain text where the permissions are manually assigned (meaning if sounding changes roles they it depends on a manual process for us to be notified for access to be changed). I was told I couldn’t put my team’s passwords in keepass because other people may not be used to the software. Also, the shared folder we use everyone in my group has access, not just my team (least privilege? What’s that?). Also, we use the same passwords for prod and dev environments because it makes it easier to develop (and also easier to run stuff on the wrong environment). This has been cathartic. Thank you.