Talking to your IT admins

21 June 2008, 16:02 CDT

Looking for thoughts/ideas on how to talk to an IT admin. Started a job a few weeks ago where basically everything outbound except http and https are blocked. This means that ssh tunneling does not work. The traffic is packet inspected by the firewall and the http proxy requires authentication, so just moving ssh to port 443 doesn’t work either. The web traffic is filtered, so many things are blocked including gmail.

I’ve looked into solutions like corkscrew but it looks like it is going to take me a combination of ssh-over-https-proxies to get through it, because some of the tools only support Basic auth and the ISA server only accepts NTLM, Kerberos, and something else. It would be much easier to get to my box at home with its “library of files and tools” if they would just open up port 22.

I’m looking for anyone with ideas on how to talk to the IT admin staff about this. I’ve emailed them several times, and am not getting any response at all. I even included my MAC addresses and suggested they just unblock those. I’ve talked to my supervisor, and so far no luck – they mostly just don’t know what to do about it and the answers provided by the IT team range from the absurd to just dumb. Unfortunately, this is the same IT staff who:

– don’t know that terminal services is running on one of the windows 2003 servers I need access to (or insist that it isn’t running on the system at all)
– apparently when their company bought our company, dismantled the VPN because it was “insecure”
– set up a remote terminal services system exposed to the internet with the entire thing locked down (only one app is available, and the start menu is useless) as a solution for VPN/remote access.
– block gmail because it “has viruses”
– refuse to give the software developers, including those writing drivers, admin rights to their windows box

I don’t know who is responsible for these guys or who made up these “policies” but it seems like they just do whatever they want. My impression is that this team (who work out of the parent company’s office) is led by a guy who only cares that giving local admin rights to anyone would supposedly cause him to have to do more work to fix broken systems. Obviously that means that he is actively interfering with the business process of the org, but since no one seems to know what to do about it I’m throwing it out there to the three readers of this journal 🙂

How would you talk to your IT administrators about opening up port 22? Unblocking gmail? Putting the VPN back up? The only way the developers have admin rights on their own computers is the local VPs have domain admin rights to log in and let us reconfigure our own boxes – but this is not something we discuss with or even talk to the IT people about, which I don’t think is right, but we don’t seem to have much choice because they’re basically uncooperative. The local folks can’t modify the network or add new services like VPN though.

So how would you talk to windows sysadmins and convince them that they’re being unreasonable?

Tags: ,

3 Responses to “Talking to your IT admins”

  1. Anonymous says:

    shouldn’t you be working at work?

    Well, you should be working anyway. Unless you are trying to cover up some questionable activity, you should be okay.

    You could try to volunteer to do a few hours of work they really don’t want to do in exchange for passthrough access to the web or a socks proxy?

    Or, you could find out if they have gmail, email them during the day, get a response and then file an anonymous complaint to their superiors that the network team is abusing their powers.

    Use ntpasswd to reset and enable the default admin account on your local box and then do whatever you want. Why are you running windows?

    If you try to CGI proxy to gmail, realize that the javascript will still have references to the gmail site, so you can only use html mail.

    If they pay enough, just get an iphone as your personal phone and use that for email at work.

    Otherwise, take some good tech books to read while you wait for access to things. Or get an mp3 player to dull the pain, that’s what I do.

  2. rhornsby says:

    Re: shouldn’t you be working at work?

    > Use ntpasswd to reset and enable the default admin account on your
    > local box and then do whatever you want. Why are you running
    > windows?

    Yeah, I used a bootable CD to kill the passwords and access the VMWare images on the computer. I’m running windows because I’m supposed to be developing C# applications. I have local admin only because the two VPs in our office have domain admin privs. They logged in as administrator, and walked away.

    Not trying to cover up anything, just want access to all the username/passwords stored in my gmail for places like sourceforge, as well as my subscriptions to things like colug and svn-users. I want access to my box at home to be able to get at the code I have stored there. I also want to be able to use ssh as a tunneling proxy (IM is also blocked) but I wouldn’t even attempt to explain that to them.

  3. rhornsby says:

    gmail hosting

    Turns out that trying to use gmail for domain mail hosting doesn’t work either – the effect is a redirect to mail.google.com/a/yourdomain.com, with mail.google.com being part of what is blocked.

Leave a Reply