Developers and sys admins

Devs often have a hot and cold relationship with their sys admins. On the one hand sys admins love nothing more than to prevent us from doing our job (“need admin rights on your local pc? – sorry its against policy”, “need access to the command line? – sorry its against policy”…).

On the other hand we are having to be nicer and nicer to them as they hold the keys to the .net security policy can of worms. And more and more we need to know more and more about systems policies, office admin policies, and group policies.

Absolutely THE biggest thing (by a mile) I love about Excel/VBA projects is the utterly trivial deployment. Its so completely trivial most of us don’t even consider it as a separate phase in the development cycle. Its passed UAT (User Acceptance Testing) , its live. Thats it, no separate package and deployment phase, no dependencies worries (unless you used non Office components). This means as a business developer I concentrate solely on solving the business issues, I don’t get bogged down in system stuff, and admin fluff.

I accept there is a management and security trade off to this ease of deployment, but personally I’m happy to take that trade. One other big benefit is I rarely have to deal with those sys admin jobsworths. (If you are a nice sys admin, or you know one – sorry for the stereotype).

I wonder if the .net way is a step too far in the direction of Administrivia, and away from solving business problems. (Or maybe I shouldn’t be so dismissive of the security aspect?)

What do you think?



3 Responses to “Developers and sys admins”

  1. Ross Says:

    Well I became good friends with rainbow tables a long time ago. I’ve not had that much bother with system admins, but i do get pi##ed off with group polices. I tend to do what I want and not tell them, they tend not to ask. I have on this work laptop a programme that reports back what SW I have installed, I would guess that I have a lot of stuff that is not of the list, but no-one has ever complained.

    As for deployment, yeah, I tend too think that it’s not a issue until it does not work for some one. I used to only ever use forms controls and vba controls, now I just use any components I have on my PC, when it does not work, I send a file to register the missing library – but that’s very rare. If it cant be installed, then that’s harder…

    I’ve never had a problem with any VB.exes not running, all PC seem to have the VB run times these days – didn’t it ship with IE 5 or something? It was certainly in XP.

  2. Harlan Grove Says:

    Prevent access to the command line? That’s foolishness, especially if there are no restrictions on running batch files. ‘Cause if you can run any batch file, and you can run Notepad, you can do anything in a 2-step process that you could have done from the command line. And removing the Run entry from the Start menu doesn’t seem to prevent displaying the Run dialog by holding down the Windows logo key and pressing R.

    Where I work the IT/IS geniuses have us use something called P-Synch to synchronize all our passwords. Yes, that means one password for everything. So if some cracker figures out one password for a given account ID, s/he’s got the password for all systems that account ID could access. This is an example of the IT/IS experts really showing the ignorant non-IT/IS masses just what security means: minimizing the number of support calls. Rebel that I am, I use a different password for my local copy of my mailbox file. I accept any consequences that could arise from such blatant noncompliance.

    From my perspective, group policies serve the same purpose as P-Synch: minimize support calls. Security, at least how non-IT/IS types would conceive of it, is a secondary consideration at best.

  3. Simon Says:

    does your IT dept also provide a little book (perhaps with ‘Passwords’ on the cover?) people can write their passwords in before putting it in the top right hand desk drawer?
    I think those single sign on things are pretty popular.
    At one place we could not get a dos prompt from Windows but could from VBA, at another they had blocked the VBA route too.
    At one place they locked people out of the VBAIDE, except if some code errored, they would be dumped into it.
    Ross I don’t use forms much so I rarely get deployment issues. I’ve seen code that used common dialogs cause big hassles too – so I avoid them if possible – anything for an easy life

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: