A long time ago, in a company far far away, I ran a Novell network (2.15 !). The other administrator and I checked had Supervisor powers on this network and we found that it was nearly everybody. So we removed all of them. Our director threw a fit – so I told him I’d log his machine in as supervisor and he could give his account rights again. If he couldn’t do it in 5 minutes, he probably shouldn’t be one…
On the roadshow we’ve been doing I’ve started saying something similar about User Account Control in Windows Vista. Although I think I first used the word Numpty when talking to a meeting of the BCS in Aberdeen. Fitting as the definition in Urban dictionary says its a Scots term for someone who “demonstrates a lack of knowledge or misconception of a particular subject or situation”. What I said in Aberdeen went something like this
Most people who dislike UAC prompts, have a reaction of “I’m a power user, not a numpty, you don’t need to tell me”.
but the “numpties” who need to be protected are also the people who wouldn’t be able to turn off the warnings…
Now saying “Numpty implies can’t turn off UAC” isn’t the same as saying “Can’t turn off UAC implies Numpty”. But I think a few people thought that’s what I was saying (hey, if the cap fits …) but I think there’s also a fallacy in saying “I don’t want a warning”. Do the same people argue they’re such good drivers they don’t need to wear seatbelts ? A racing driver would use a more complicated seat belt than you find in most cars. But where there’s a legal requirement to wear a seat belt, UAC can be turned off. Type “User Account Control” into Windows help and it offers you information about how to do it in control panel (you can do it group policy too, or re-enable the account named “administrator” and use that to set the machine up and not get the prompt). But most complainers haven’t even checked the help, and what would you call someone who can’t even use help ? Perhaps A “right Numpty”
I’m not sure how else to get this point over, but security people like Steve, and OS people like me see UAC as a Good Thing. (Wonder why I capitalize Good Thing and Bad Thing ?). I know when programs I run should be doing something potentially dangerous. What I want to know is that one time in thousands where it was something I didn’t know I was running. Security is a nuisance, but turning off the warnings is like saying it’s too much bother to lock and unlock my front door a couple of times per day.
I’m on the verge of insulting a lot of IT departments too. There was a lot of fuss in our blogger’s group when Information week carried a story that part of the US Government had banned Windows Vista. Now you don’t have to ban anything that people don’t want, so my take on this was that some of their users wanted to deploy Vista (even if only by bringing in new PCs which had it pre-installed) and they weren’t ready. Now I said in a previous post.
In 6 years in Microsoft Consulting I met IT departments whose agility was a business enabler or a strategic asset. And I met others so risk averse they would do nothing before their competitors. The latter think they are prudent and their departments are well run; what I saw was often people too busy fire fighting to understand what was coming next. When I first came across our Infrastructure optimization model , this struck a chord. Those who are at the “dynamic” end of the spectrum don’t always deploy new technology, but they can, they’re the ones who tell me that forthcoming feature X will make the product compelling for their business. Those at the “Basic” end of the spectrum find all changes harder, they’re the ones who just wait for SP1 without knowing what’s in it.
There’s a tough message in that. It boils down to If you’re in a position where you can’t deploy new technologies, even if you wanted to, and your not sufficiently abreast of them that you don’t know why you’d want to (or not) then your IT department isn’t up to the job. (c.f. If you can’t turn UAC off, and don’t know why you’d want it on, then you’re a Numpty). Again you can’t automatically blame the people who work in it. A department, might have enough good people (or not) it might have the right funding (or not), it might have good leadership (or not), but it certainly hasn’t got all 3.
Talking to a colleague recently we were on the subject of what people learn about computing in universities. Computing is tied into technology – but universities don’t like to follow the latest technology fashions. I think there 3 themes which people need to learn. Technology and change are tied together – Cheap computing at the desktop changed how offices worked. E-mail has changed how we communicate. The internet has changed how we do business. So theme 1 is how to you spot the opportunities and threats in technological change. The next is that making sense of the information we have is a constant challenge. When I had my first job in School holidays I was keying information from mainframe reports into a visicalc spreadsheet to allow an Actuary to make sense of the information we had. Today I used the data-bars feature of Excel 2007 so I could see and make sense of the scores from our roadshow: some of the biggest advances in Vista and Office 2007 are around “finding stuff”, bringing it to us and helping it to make sense. That theme hasn’t changed in over 20 years. And the final theme is managing complexity. Managing an estate of thousands of PCs or managing a large datacenter aren’t trivial tasks. One Mechanism for coping is to freeze everything; say no to everything either on security grounds or support grounds, in the guise of a complex set of “Policies”
The only people who read policy manuals are goldbricks and martinets. The goldbricks memorize them so they can say: (1 ) “That’s not in this department,” or (2) “It’s against company policy.” The martinets use policy manuals to confine, frustrate, punish, and eventually drive out of the organization every imaginative, creative, adventuresome woman and man.
(Robert Townsend, again)
I was hearing today that people think that increasing numbers people are quitting IT, the evidence isn’t conclusive. To me there is a connection, Companies whose IT departments which can’t manage complexity, don’t get the tools to make senses of information, they lack the agility to respond to opportunities and threats. If their IT people came into the industry with ideals about delivering technologies to help people do more, now they are disillusioned that they confine and frustrate the imaginative, creative people in their enterprise, and weary from constant firefighting.
It’s not something where Microsoft can just produce a product and put everything right; there isn’t any “magic bullet”. There are plenty of bright spots in the industry but if we want a generally healthy IT sector in the future it is something we’re going to have to do something about.