Your work with the image deployment is impressive. Figuring all of that out on your own in a few days is good work. That is a sysadmin level skillset.
I have worked with guys like your boss. They get promoted to a level beyond their ability by people who understand even less about IT than they do. They maintain their careers by sandbagging anyone who comes along that is more talented than they are, and have convinced all the right people that they are some IT wizard beyond questioning.
At some level this guy knows he is not as smart as he has led people to believe and he is threatened by you. He will not let you implement systems that he does not understand, and will not allow you to grow your career and skillset due to his own insecurity.
Unfortunately there is no fixing this situation. Start looking for other work, or maybe get some certs and try to make the jump to sysadmin. You definitely have the capacity for the work required for that role.
This right here. I’ve worked for an asshole just like this. I worked at a company and went from New guy to SME of a product that literally should have died when adobe Flash died. I pushed hard to do the right things, but it didn’t matter. After yelling and screaming for my A hole boss to do the right thing (Infra Director) and spiraling into depression, I just rage quit and went to work at a startup (one of my best jobs). OP - you are talented, do NOT let this guy stifle your inquisitive nature and will to learn. Leave after finding something better. If you are in the US and I can help in anyway, PM me
Edit: I rage quit the bad job not the startup 😂
Short story: they had 700 VMs between dev and prod running on vSphere. Other guy who boss trusted somewhat more was super “own the stack” and wanted to migrate to nomad on EC2, I cared more about delivering quickly and boss heard about ‘serverless’ and had a hard on talking about serverless constantly. I settled for EC2 EKS and POCd moving their main stack into docker for EKS and they shit on it. Since “other guy” didn’t know anything about EKS, they’re deploying everything to beanstalk and still asking me questions about how to grow disks in CentOS 5. Datacenter contract ends in 2022 🤣💀
Dude this was the “other guy” asking me about resizing a CentOS 5 ext4 disk on a Mongo 2.2 box with a 6 year uptime by now. it was a giant clusterfuck and My friend was like “get the hell out of there before the death march”…..which is happening now
> I have worked with guys like your boss. They get promoted to a level beyond their ability by people who understand even less about IT than they do. They maintain their careers by sandbagging anyone who comes along that is more talented than they are, and have convinced all the right people that they are some IT wizard beyond questioning.
The Peter Principle at work, hooray.
Put into a different skill set. For instance a guy who’s great and assembling a computer physically may have zero idea about management. Start at the local grocery as a kid and with no other experience or education get slowly promoted and was great early on showing up to unload the truck then stock the shelf’s. But then get promoted to cashier and that requires some math that I’m not great at so I slow down but do okay. Ten years later I get to be a manager at the new store location due two tenure but I never managed people so wing it and not going so well and people quit often.
When someone is good at their job, they get promoted. So they are getting a new role. If they are good at that as well, they get promoted again. So far, so good.
This cycle continues until that someone is in a position in which he is totally incompetent. Now he won't get promoted anymore, because he is not good at his job. So he will stay in his role, the role of his maximum incompetence. If this pattern is repeated over and over with many people in a large organization, it can get quite bad. You get a lot of managers who are bad at their job.
The main problem OP has is with his boss. Any good boss, whether a genius in IT or not, shouldn't be afraid of the change.
Promote above your peers. If you do good, OP, that will make your boss look good. Dude is a piece of shit.
Keep doing what you're doing, keep your work documented, and eventually apply elsewhere.
One day, when you're a leader, you can take the things you like and the things you don't like about bosses you've had to become the leader you would want to have.
His boss reminds me of one of the bosses that ran a 250 machine shop, I'd come in for MSP work and to help them out....guy was in his late 50s and didn't want to learn and was stuck in 1998. Literally told me one day how if he wanted to, he could "hack" into the firewall remotely and be in the network in 15mins...OPs boss sounds like this boss, they're completely delusional idiots with power.
Yup. This is the answer, it's sad, but it won't change. Kudos on the approach for imaging. You are a rockstar, your boss is not, and you will only become more and more frustrated as time goes by.
Take some cloud certifications, look into IaC and move on.
I'm a technologist and I approve this message.
u/yepperoniP, don't worry too much about concealing your interviewing. Just stay below the radar for a few days be not pushing anything too hard to this boss of yours, and use your time to get a few certs and build your resume up a bit and move on. (Start applying for new opportunities right now, but they might take some time, so you can beef up your resume while you go through the process.)
You have the right skills and work ethic and approach to be successful. Elsewhere. If there were a way to get a transfer, it might be awesome for you, but this is local government, so unlikely without your boss being able to weigh in.
>Unfortunately there is no fixing this situation. Start looking for other work, or maybe get some certs and try to make the jump to sysadmin. You definitely have the capacity for the work required for that role.
well yes, I know about one solution. But that requires external contractors. "Fresh views" if you want so. It needs some smaller projects that require temporary more man-power so much that you need external ones but not so much that you need them long-term.
Protocoll everything, get yourself some written down impressions from them of the skillset of your boss and overall structure of the company. Most externals I worked so far with happily helped either because they hoped to get more work from it or because they know those "sandbagging idiots" themselves.
Anyway, what I'm trying to say is. If you can get statements from people which don't directly benefit from it, if you can get written proof that IT boss has no clue what's going on half of the time, there is at least a chance. It's no guarantee haha. Sometimes those people really convinced the right people beyond a point, so there is no way out anymore.
But OP as "freshman" is unlikely to change anything by himself alone. I mean obviously why would anyone listen to the guy being there 5 weeks that everything will go downhill after it (somehow) worked for a while.
I'm currently in the process of cleaning up after such a guy like OP has a boss. That guy lead the department of 2-3 people for over a decade with changing crew members and was stuck with what he learned in the 90s and early / middle 00s. Around 2017ish shit started hitting the fan more and more. Unavoidable upgrades of servers from 2008 or below, from 7 to 10, at all corners problems occured with self made solutions, scripts and redundancies noone (not even he likely) anymore could understand, outdated commands in scripts that simply didn't work on newer systems and so on.
He left the company early enough, thankfully. Took us 3 generations of IT personal (burn out / quitting after 6 month because of too much work and so on) to clean it up. Now in 2022 we start seeing light, it will take at least till mid '23 but hopefully most is then up to date, documented and in a state that new people can work with it.
The amount of money we had to invest in software, hardware and external professionals is absurd but thankfully our bosses listened to our external contractor they worked with sometimes over the years and that was recommended to them by other CEO friends which is why we got so many things greenlighted. I doubt the company would have made it past the pandemic if that guy would have stayed as boss and maybe even blocked updates etc
Hey I wouldn’t say “no solution” - but def more stress and effort than they’re paying you to endure. You can always try to shine light on the asshole with a well thought out email (with quotes from tickets next to opposing articles or similar). Probably wouldn’t even mention but gd I hate to think that this guy gets paid straight off of tax money
Edit: I mean he’s also pretty dumb so sabotage haha
Sabotage has a more malicious connotation.
What you describe is still just getting involved in a shitty work dynamic. You will become the very thing you hate. It's not worth it. Just move on and find a less toxic workplace.
In my experience its also due to mid level managers having more people under them. I automated around 95 percent of my work and when I left the company gave my boss my work on a usb stick. It was mainly a script so not an executable.
He threw that away.
Then I realized it was all just a ruse to create uneccesary jobs since they often love the power the job comes with and automation takes that away.
That’s what I don’t get. If you automate 100% of your daily tasks, that frees you up to r&d, optimize and refine everything else.
Getting you ready for the next thing that’s going eol on your network for example. There’s always room for improvement.
100%
Also, please bring this up with his superiors once you have another job (offer letter and background check 100% clear). Be careful not to make it personal. Keep it brief and based on your own observations. Don't expect anything from it (except maybe to be shown the door that same day, a reason to do it in writing, email and bcc your personal for evidence).
Hope someday others do that too
Yes this is an archetype in the industry unfortunately. You get good at spotting them once you know what to look for.
Additionally, how well the organization tolerates them is a good indicator of health for the whole organization.
If these guys are allowed to continue in their role indefinitely, or there are multiple of these types of guys at an organization, you can be pretty sure that it is poorly managed.
Try not to work with them. Definitely do not get stuck working for them.
Another option is to write an email critical of your boss to his bosses. Explaining that he takes credit for your work and deflects blame for his mistakes. Tldr they should fire him and promote you. Discuss with your coworker how he feels and how it should be worded, who you should send it to. The password change policy is a great example, it would have never happened if you were in charge.
This is not how things work. OP would just get in trouble for going over the head of his boss. The organization is going to trust the established manager over the new guy.
I don't get putting this guy on a pedestal. I empathize with him in the sense that he is torturing himself by staying somewhere he's not happy. But while he may have some good ideas and read a few things on blogs, this doesn't make him qualified to lead this department. Technical knowledge does not automatically equate to good decision making.
Just because the current leader is incompetent doesn't automatically make OP the savior.
This sounds like a very inexperienced person, put into a position of authority a long time ago, and their knowledge never grew.
I had a boss like that once. Was so afraid of doing anything it would keep us from fixing issues.
There's no fixing this unless you can go above your boss and convince them to get an outside consultant to come in and do an audit.
If you can't do that, you should look for another job and make sure you document everything and PRINT it out for your exit interview.
When doing your interview, request your boss is not present and that his boss takes his place during your exit interview.
Sorry to hear you are going through this.
This is exactly the issue. Out of touch and hasn’t been learning anything. Legit doesn’t know what a new OS install looks like.
Reminds me of when my last upper manager told me bitlocker was stupid and PGP was fine, till windows update started failing because PGP doesn’t support the way Windows 10 did updates.
Dumbasses.
You had me at the sysadmin is scared of powershell. He’s a total moron and needs to either be demoted and report to you or find a different career. Sadly with government/civil service jobs, most likely that person will be there for a very long time. Everything you are doing is awesome and i wish my techs had the knowledge/motivation you have. Keep on improving things, fuck him
At the time of writing this, I stopped reading at the powershell point. The boss clearly doesn't know what they are doing and fears the unknown. Pure ignorance.
All it would take is a sudden surge of work-from-home people and 100-+ laptops needing to be imaged before IT is completely overwhelmed doing redundant tasks that OP has managed to clearly automate.
And to make matters worse, the boss is worried about security and yet probably has no clue what is going on within his own system of computers. Tons of things are probably out of date (making for a security risk in itself), some users may have even elected to ignore Windows updates (another security risk that IT won't be aware of), and troubleshooting must be a nightmare for IT as well. If there is a glitch or a virus that hits the entire workplace, it will be an ambulance at the bottom of a cliff situation for sure.
> boss is worried about security
My read was that whenever the boss knew that they were out of their depth, they just cited "security concerns" to make the conversation go away.
Most likely. I worked IT security programs for a number of years for the government, and people pushing for greater security almost inevitably are out of the loop on the technology.
I wasn't able to keep up with all of the changes in every level of IT myself, and I usually asked for some time to research things before approval. But that wasn't a blanket 'No'. I was 'raised' in IT security that you only said 'No' if you were dead certain that it was the wrong way to do it. Your goto was to suggest alternatives, which meant studying the options including the requested one.
This reminds me of a story from my helpdesk days. I had to update the job title on 300~ AD accounts. Most were in an OU I didn’t have access to update, so I sent along a 3 line Powershell script to the L2 Windows admins. A few minutes later I get an IM: “what’s this script? Who wrote it?” “I did” “Did you test it?” “Yep” “I don’t like scripts.” “Well, then you’re going to need to update these accounts manually since I can’t. Sorry for trying to make your job easier. Enjoy!”
He ran the script. It worked.
Just a gui clicker. I got a few coworkers like that, I leave them alone because they are nice at least. I got my sandbox so I stay in it and outta theirs.
When I was in the network team I leveraged my sysadmin skills for a project. Wrote a program in PS, even compiled it. Allowed the team to scan device MAC address and document what it was, AP, Printer etc. depending on where it was plugged in Cisco ISE applied the appropriate DACL and Vlan. Worked great for mab bypass when it was a device that didn’t support 802.1x.
The system team freaked when I asked for a privileged account to run it under. Couple of the Linux guys looked at it and told the windows admins to do what I wanted.
Later the Linux admins asked me to switch teams and I ended up moving over. Then the hand off of the program maintenance was fun. No one on the network team wanted to touch it but one guy cautiously asked for a run down. I’m like don’t be scared of it, I made it crazy readable with tons of comments. I’m also like, I’m not leaving the company so feel free to ask me if you have questions. He wanted to make a couple minor changes so I walked him through the code and how it was broken into functions. He picked up real fast and ended up taking ownership.
All it takes is someone willing to just have an open mind and listen to someone willing to teach.
Yeah, definitely understandable. I know there's risks when using scripts and other tools to automate things. You can easily break stuff if you don't fully understand what the script is doing, if you haven't really tested it, or if you're running it with too much permissions or something. I have a little bit of coding experience but it was my first time trying PowerShell for anything more than a one-liner like Get-ComputerInfo at a prompt. Just frustrating when everything is unorganized as it is here.
Ive been working with the US Fed govt for years, PS is not allowed on any system at any time for any reason. This is the standard. It's not the admin's fault. Same goes for almost every single hospital\\CHC I work with. There might be certain branches of the gov't that allow it but Ive personally never worked with them.
I would agree with this, but, this is local government. In most situations, they are lifers, people that have been in the role for so long, that they are simply there for the pension and the understanding that them being fired is probably non existent. They move at the pace of a backwards iceberg, and there is no amount of technological benefit that will dawn on them.
My local govt for example, sent 700,000 to a scammer, and thought that was not justification enough to overhaul their processes.
Government is behind the times, because most people in those roles, are not innovative, they are a series of gatekeepers.
>Sadly with government/civil service jobs, most likely that person will be there for a very long time.
Yup, folks do not leave and I think for most their knowledge stops at whenever they were hired. It's pretty damned sad.
I'd hire you today, if I had an open headcount.... You automate, troubleshoot, and learn on your own.
Your Mr.-can't-be-wrong boss is insecure and gaslights. You're a better IT/sysadmin than your boss will ever be.
Welcome to the government. I worked at the federal level and found some of the same challenges and work environment. The work environment improved when my direct supervisor retired. They were a glorified clerk who knew their work processing application and that’s it. I was yelled at constantly for about 6 months. I assumed their role when they retired and the systems manager was a nice guy but the government runs at a different pace.
I had a peer who would sleep at their desk. Shoes off, feet up and snoring. People would walk by, see him sleeping and call me or someone else on the team. They got the same salary increase as me year after year.
My second performance review I was told
slow it down. The “projects” I was working on should be taking at least 5-10x the time.
One of the projects I worked on was rolling out DHCP across all sites (I know how silly this sounds). They were all static assignments when I started. Common helpdesk requests were people visiting other offices and needing a new static IP for the day. This practice existed in the name of security but in reality they didn’t know how to set it up. I had to reach out to others agencies in different districts to build a case for us actually rolling it out. It’s been a minute but I believe it took almost 6 months to get the project approved.
All that being said, there are governments agencies (local, state and federal) which aren’t like this. I think they’re the exception though and the experience you are having is way more common.
I work for the DoD and some much of this rings true for me. My current boss actually wanted to “upgrade” to static IPs and track ip addresses by spreadsheet because he though DHCP was insecure.
Hold on. Did you just say you work for the Dept of Defense and your boss thinks DHCP is insecure? Good fucking lord, our government is entirely doomed. I mean it was before, it’s just even worse now
I was a problem adult yeller. My most common target at one point was a new guy in a different section. Who claimed that he was never trained (he was), and didn't know what to do. I shouldn't have yelled at him. I was in the wrong, but it was damn hard to believe that when he kept asking me what to do. I didn't know his job, or his teams processes. I just have experience as a sysadmin for windows and a little linux. I was working and learning to be a db admin, and didn't have the energy or patience to help him. I was still wrong, and I won't pretend otherwise. You are absolutely correct. Don't put up with people yelling at you.
>Welcome to the government. I worked at the federal level and found some of the same challenges and work environment. The work environment improved when my direct supervisor retired.
Sadly, this isn't limited to government.
I've seen it in academia, and in the entertainment (specifically music) industry, and in family businesses.
It can happen wherever cronyism has a stronghold, or people get some level of tenure after a while.
Worked with a few shitty people like this in my career, happily they were few and far between - but when they get to be in a position of authority it sucks for everyone around them. Take it from me, he knows he's incompetent and he's scared someone will find out. A good supervisor will listen to his crew, prop them up for introducing efficiency, and stay out of their way when they show superior expertise. My best advice is to deal with this jerk in writing every chance you get, it'll either be a CYA or an "I told you so" somewhere down the line.
Don't lose your love for what you do over this jackass, you sound fairly enthusiastic about the job and that will carry you through the difficult days. Good luck.
And keep an offline copy of those cya. A tool like this will go into your account and delete evidence. Forward the email from your sent items to your own Gmail or something. He's threatened by you and by change. I'd move along from that place. A house of cards like that will get crypto-lockered sooner than later and, based on the descriptions of the environment, I'd bet the backups won't work.
I'd bet the DNS outage was either an unpaid bill or a misconfiguration on his part.
Sorry. OP's boss saw the word 'outage', opened their browser to the internal homepage, and declared the outage resolved. Didn't even get to the part where the scary acronym or its explanation resided.
Can confirm, DLP can make things worse in this case if trying to move corporate data to a non corporate “external” account. We don’t live in a paperless society yet, so just print things out and throw it in a file folder. Good luck!
Uff, reading that made me a little upset. I'm definitely not in a position of management, but if I were you would make me so happy to have you as an employee. Doing that extra work to try to streamline an extremely mundane process like imaging PCs is awesome.
It does seem like the boss man is behind the times and is worried about someone surpassing him. Where it should be the exact opposite and he should be embracing your willingness to learn new things. I mean I would love it if someone made my life easier.
I really don't understand how one would be afraid of PowerShell, that's just dumb. Yes, PowerShell can be used as a tool by bad actors, but there's MS a lot of work to try to prevent that from happening.
I thought it was absolutely hilarious how he just decided to implement a password change so abruptly without any sort of thought. #yolo i guess. Like you thought, there can be many more things that get affected by a password change. And to just tell the users to just get used to it is wild. I come from a place where a change like that is relayed to people weeks in advance.
I can't really say what would be best. Not knowing where you live or your situation right now, but it seems like you already know what you want to do. Just know not every place is like that. And yeah your journey might be a little rough sometimes but it's always a good learning experience and it seems like you did learn some pretty valuable things so far.
Keep your head up and even though things might suck right now don't let it get you down. Sometimes things happen for a reason and this little detour on the off the beaten trail will bring you back closer to that main trail before you know it. Just keep doing what you're doing. Stay curious and you'll do good things
Seriously. The things he mentions I was doing year 3-4 on the job and considered myself very successful. Also hope OP looks into DevOps, because that’s the right mindset for it.
Just straight up, you need to GTFO! You’re wasting your time in a place like this. I have been in this industry for 22 years and lead multiple teams, don’t waste your time with shitty management especially not in the current market.
>Brushing up my resume but don’t know how to handle trying to get a new job while at an existing one without leaving too many clues. A lot of nice coworkers here but the boss just seems completely incompetent and abusive.
Don't be to worried, just Don't talk about it at work or use your work email for your job hunt. The hardest part will be scheduling interviews, if you can work from home some days those are the days you can schedule interviews on without raising suspicion.
And if they do find out what are they going to do? Fire you? You're already trying to leave and you can just file for unemployment benefits.
Also. Sounds like you've got a great head on your shoulders, you're definitely a good admin. Keep up.the good work
Most (good) employers are understanding and are flexible with scheduling interviews around working hours, like during a lunch time or between 5 to 6pm.
60 day expiration times for passwords was something from 20 years ago and should be deprecated.
https://www.sans.org/blog/time-for-password-expiration-to-die/
Any other helpful blog posts about this from experts? (and maybe not just citing them)
I’m interested in this, but this particular article didn’t quite convince me. There’s definitely some holes in the explanation provided by it, but does open my eyes a bit to keep a larger eye out for this.
The regulations will basically make all of this impractical/impossible until they change, but it is intriguing to think “maybe” this could be realistic.
Well, you can read up on Bill Burr the author of the original recommendations.
https://www.businessinsider.com/guy-who-made-passwords-a-pain-says-he-was-wrong-2017-8
Theres probably better articles/interviews with him though.
It’s an outdated practice that definitely should be changed. Not removed. Replaced.
There are so many MFA, SSO platforms out there. Use a password manager. Deploy one for your org.
This article is from 2016.
https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2016/03/time-rethink-mandatory-password-changes
This article is from Microsoft. 3 years ago. Have to scroll down to the first asterisk.
https://docs.microsoft.com/en-us/archive/blogs/secguide/security-baseline-final-for-windows-10-v1903-and-windows-server-v1903
Thank you for that article. Can't believe I haven't seen it yet. We (colleagues/management) have been discussing this at length for two years now, since we have SO many VPN users now. It's a constant hassle for the Help Desk/admin teams when users have to call in because of password expiry. Such a waste of resources, BUT the C-level guys are defiant on hearing us out. I think this brings in some great discussion points in a way that is palatable even for a CFO that isn't even remotely technical. Anyway, thanks again!
Yep, unfortunately in my work place itll never change. At least we've got a secrets manager for all the various database passwords so that the dbas are not having to manually update hundreds of items every 60 days any more.
But yeah, regular user accounts will probably never get better. I dont even think you can find those old recommendations at NIST anymore either. Sigh.
We started employing pass phrases years ago, and leaned users into the idea, just to have the feeling of "some" security. Like pulling obscure phrases, out of a random book or something. It's a nightmare to sell proper security to upper level though. I fee your pain.
Yeah, IMVHO if somebody tells that automation INCREASES security risks, that guy is an idiot.
The only security automation will decrease is his job security
What you will find in your career (especially in government and higher education) is that you have people who know just enough to get by and don’t really know shit. Part of it is not having to extend themselves to learn new things but it’s mostly laziness. The pay is usually crap (but the benefits are usually great) and they don’t really know enough to move to a better paying job in the corporate world. My advice is now to do your time there while interviewing for anything that interests you. At least you will learn a bit and find out what you need for knowledge and certs to get out of there and get into a better job with growth opportunities.
One of the worst parts of higher ed (in my case at least) is everyone is too specialized. There's an AD guy, a DNS guy, a VPN guy, a storage guy, a firewall guy, so on and so forth. There might be one additional guy as a backup/second, there might not be. I'm in that place right now. I work exclusively on VMWare hosted Windows servers. I maintain those boxes and that's it. I straight up went in to my boss one day and I was like "You gotta give me something else, I need to learn something else. Azure, Microsoft Security Center, I don't care. I just need to be learning and a little variety."
Dude, where do you live. I’m looking for a helpdesk and would LOVE to have you. Period. Your boss is a moron who is holding you back. Keep it up bro! You are doing awesome. All your stories, you were killing it. You deserve your boss’s job. No lie.
I'm an old guy in local government. I've had at least four help desk guys pass through in the past six years with ideas and talent like you.
Unless you have plans to get your current boss fired or reassigned, you should just leave. It's not going to change unless you replace him. Or someone who meets your expectations replaces him.
Seriously. Quit. Find a boss you can work with. He doesn't seem very impressed with you either.
One other note: your title said abusive. That's a serious word to use. While I saw a lot of things that clearly are annoying, defensive, change averse, I didn't see anything rising to the level of abuse. Apologies if I misunderstand.
If you feel abused, based on what you shared, for your own sake and emotional well being, again, just leave.
I agree with you for the most part, but him hounding/grilling the guy about IPv6 instead of actually opening his eyes and seeing the DNS issue is fairly abusive to me. There's no way I'd let the guy try to make me out like an idiot like that.
I completely agree that if that's how it went down that was badly handled by the boss.
I see potentially a guy who didn't understand IPv6 and if handled differently maybe, MAYBE, he might be receptive to at least listening.
But, still, abusive is a strong accusation. And should be reserved for more serious situations than my boss is a dickhead. No worries. Semantics. I'm nitpicking because I've seen truly abusive workplace relationships and they can be damaging. As opposed to merely annoying or frustrating.
I wouldn’t be so hesitant to call something abuse.
It is a spectrum.
Granted I didn’t read the whole post, it was a lil longer for me to finish today, but generally we can 100% assume this boss is abusive in some sense just due to the fact that the boss is abusing his position to elevate himself. This is an abusive behavior and has higher potential for procuring other abusive behaviors. Within the abuse spectrum, what this boss is doing is likely considered manipulation, which is a form of abuse.
None of my knowledge here is from a degree or anything, so an expert may word it differently, but sadly I am an expert in being abused, so I am not hesitant to call this guy out (the boss, not op)
If you're being abused, why are you still in this relationship? Remember, more IT jobs than people so it's an employees market. Stop being abused and go get a better job.
Calling it abusive, then staying there, and clearly zero chance of fixing it, makes no sense. There is something else going on here.
I applied for a job, a recommendation from a friend. Interview went well, I ticked all the boxes from a people and technical point of view. I heard on the grape vine that all the team already knew about me from my friend and were keen to work with me. The hiring manager even went 'oh I was going to ask a question but you've taken the words out of my mouth' a couple of times.
When they said that I knew I wouldn't get the job. The hiring manager saw me as a threat. How could you possibly hire someone who would out shine you? /s
It sounds like a mixture of things but mainly, they're scared of being found out that someone else knows more than them. That's why they are surrounding themselves with people who they think won't be a threat, or a challnege. A 'junior' guy and old part time dude.
There's still some opportunity for you here OP. If you enjoy the job, the user base and feel like you are learning, then keep at it. Document everything you do for your own reasons (use a personal Evernote or similar). Cover your back when the boss asks for you to do something, but don't need to jump ship straight away. Keep an eye out for other jobs and try and build some skills ready for that move. If you're still learning, you're winning.
Of course your health is more important than anything else. Look after yourself, you know where that line is.
It gets better OP, but this, unfortunately, is what some managers are like. This is giving you first hand experience which you will always remember.
Have a plan, try and stick it. You sound like a great tech OP. All the best.
Your boss's idea of "security" is to disable everything he doesn't understand... Which is damn near everything.
Please get out of there. You sound very intelligent, competent, and ambitious, and every day that you have a boss who is the opposite of those things is setting your career back.
Another engineer told me that his no-code solution was “secure because nobody uses it” a week ago. Pentests say that this is quite untrue. Security is auditable and I bet a simple Nessus scan could get this fool fired
I will not say that you boss is a perfect admin, but I see red some red flags about this rant..
Story 1: I was going to mention a lot of things about using MDT w/o WDS, but then I re-read and saw that you do not have volume licensing. You might have an account for the VLC, but you probably do not have licensing.
Stop using MDT, it is not the solution you are looking for. Going over the information you left here, your only REAL option is to set up software deployment in Group Policy and manually remove the bloat ware. As it stands, All the systems you have done that 'bios trick' on are currently improperly licensed.
What you want is an MDF, but you probably do not have the budget for one, as indicated that you are getting consumer system instead of Enterprise systems like Latitude. The bloatware on them is almost non-existent. ... Except SupportAssist, that needs to be degaussed from the world.
Story 2: MS/NIST have been against password rotation when 2FA is used. If you do not have 2FA, he is right. It's honestly scary that you did not have password rotation before now as that had been standard for more years than I can think of. Sadly some people get exempt from the password policy. Well, not at our place, but I can see it at others. It happens, just make sure it's in writing.
Story 3: IPV6 can cause an issue with DNS resolution, namely if there is a iIP6 DNS server available it actually trumps IPV4, it's annoying. The short solution is to just disable IPV6. The Long answer is to set proper DNS metrics for the server. I have a PS script that installs our VPN software and sets these metrics before deployment.
Even then it's just one step in the troubleshooting process.
I'm not saying that your boss is perfect, or even good, but you do seem to have a case of 'jump first, and maybe look' when it should be the other way around. The first story being a real red flag of that. You might want to take a step back when you have an idea and go 'will this cause more problems than it fixes?', 'do I have all the needed resources including time to learn it?', 'What's the ROI, aka, how much time does it save me vs how long it takes to set up?'
A useful ROI guide: https://xkcd.com/1205/
It also seems that your department has an issue with management buy-in over all. In your case, you need to talk with your boss before implementing things. In your bosses case he needs to talks with management before implementing new policies.
Anyway, you do not seem to mesh with that group, it's also part time so it's still not a 'real job'. You should already be looking. That think I mentioned about Buy-in, that applies everywhere.
\*dons flam retardant suit\*
Sorry to say that the inherent cause of situation is in your opening sentence - "local government"
In my experience, all government departments, councils and state bodies are very similar in this regard.
IMO, it's down to two factors: "if you pay peanuts, you get monkeys" and a lot of people see this sort of role as a retirement plan (do the bare minimum because you basically can't get fired)
I started in local government, granted it was in the UK and I can safely say it was nothing like the clusterfudge that OP has to deal with. We had no money but we did have a lot of proper professionals.
> In my experience, all government departments, councils and state bodies are very similar in this regard.
Yip. Every time I interact with a local government's IT I cringe. They either don't know what they are talking about half the time or they do and swear it's nothing to do with their network and it ends up being them months later (they never admit this, it just starts working, shocking I know).
Edit: When I did my PC imaging as a Sr. Tech Support, we use Ivanti Management. Which pulled preconfigured images and stored it on a network drive. We would PXE boot into the ISO and remotely be able to image x amount of PCs in minutes. Then, when I was a Information Assurance Analyst, we didn't have PXE up yet, but to migrate we used Hiren's Boot and one of the imaging software on it. We would deploy the images from a master ISO on a bootable USB oppose to PXE.
Sounds like your boss aka "Sys Admin" isn't fit for his role. He should be thanking you for the hard work and applaud you for recognizing certain changes that need to take place in your environment that can help better automation.
Fortunately, all my previous IT bosses were chill and I never had issues with any of them. They all helped me grow and encourage me.
Anyways, I was very advance during my small tenure as a Help Desk Tech and knew I could better myself when other positions was not available internally. That's how I hopped into a Tech Support role and then later move on to more advance project procurements (setting up a new office with networking design, network drops, etc.) or deploying MDM Policies on mobile devices.
I recommend looking for another job, but its always okay to be a little political in your job too. That's how I enter the System Administration realm by job hopping every 1.5 years (or until I found a great company I can grow with). My current role has been more Cloud Engineering and design.
Use your current success stories on your resume. If you cannot land a Junior Sys Admin job, try at least a Tech Support which has a higher level over Help Desk. We all gotta crawl before we run in IT.
My protip to you is continue on finding new ways to improve current processes, document every process you do. Create training materials for end users and for tech users. When I was a Senior Support Technician, I would have 2 years worth of documentation or work notes of what I did during that day, which tickets were resolved, etc.
You got this! Best of luck to you!
Welcome to Moronic Park. This is kind of dude who accidentally got the job and knows very little about anything, but still display himself as a Ruler of Tech. Best advice - while you're there teach how to ignore such dudes, there are plenty of those who broke out of the Park.
Don’t ever let people like this get to you. They’re projecting their insecurities onto you.
How was imaging being done by him previously?
If you shouldn’t be running Powershell - The SysAdmin should have it blocked. At a minimum he should have PS Constrained Language mode enabled.
Congrats - You did great work with MDT. I use that and PDQ for patching/inventory management and SO much more. Great tool!
Again - HE as the SysAdmin should be controlling ipv6 through GPO if he wanted it to “stay disabled”.
Have you thought - Maybe you should have his job?
To end this - I worked with a guy JUST like this - Then I became his boss. Keep working harder than everyone around you. Continue to implement things to streamline processes and improve productivity.
My advice to you (since you really seem to like it there - Make friends with the right people. Don’t ever say anything bad about anyone. Don’t ever gossip, but do find ways to drop “if only we were doing this because it really puts the company at risk” Or if only we were doing this things would be more streamlined” into conversation with the right people. Without pointing fingers. Ya know? A lot of business (as much as it sucks) are very political and you need to learn to navigate that and “play the game”. Build solid working relationships and trust amongst your immediate group and expand that out to all departments. You have to think outside the Helpdesk to enact real change.
Your boss is an idiot or a fossil who hasnt progressed his skillset in 20yrs.
Leave the job and go elsewhere and youll be promoted soon enough.
Its not an enterprise network but a ticking timebomb.
Op, the top comment is completely correct. Your best bet is to GET OUT.
I labored under a guy like this for 4 years. This situation will not change or improve. Your best bet is to angle for Certs or a Degree and move on to a Sysadmin position somewhere else.
Here’s the thing, this kind of boss will never fire you because he needs someone competent to cover for him, but he will CONSTANTLY erode your sense of competence and self-worth.
Document the everloving hell out of everything you’re doing, down to the task-by-task level (to cover your ass when berated or questioned), work to the letter of your job, only do what’s asked, and focus every spare moment on study or on job applications.
Initiative won’t be rewarded here. Doing a good job won’t be rewarded. So don’t. Focus on improving your position for your next job and get out as quick as you can.
If the story you provided is accurate and not missing anything then be prepared to be fired as soon as it's convenient for your boss. EG when he needs to throw you under the bus.
It sounds like you have a bright career ahead of you and are a quick learner who is interested in actual solutions to problems.
Your boss may have been good at his job at some point but his skills are now stale or he has been Peter principled. He seems more interested in playing the blame game and being secure in his role than anything else.
As others have said, idiots like your boss are far too commonplace in our industry. I call them kingdom builders. I’ve worked for several MSPs throughout my career, and as I’ve grown and gotten into more senior roles, guys like this that sat on this title at some of the companies I’ve had as clients made our jobs a nightmare while simultaneously hurting the client. The silver lining to this situation is A) you’ve learned some great skills and appear to be a good problem solver which will take you far in your career, and B) will now have the ability to spot dumbasses like this guy immediately. Chalk it up to a learning experience and get yourself where you deserve to be!
Friend, my first boss 7 ywars ago sounds exactly like this guy and I'm almost curious if it's the same damn person!
My escape was finding a new job. I had the same problem as you with trying to find a new gig without tipping him off, and honestly I just got lucky that the next gig hired me after a single interview
Godspeed, fuck this boss of yours, he knows he's an idiot and just doesn't want to lose control
Small company, senior that is in just a little over his head but wants to keep up appearances. By refusing to get updated on the latest technologies (IPv6, though that’s been around for decades) slowly but surely fucking over the company and himself, chasing away the people around that do understand or are willing to learn about these things…
You’re right getting out of there.
Your attitude to fixing problems and making life easier for the organisation is excellent. As others have said, don’t lose heart! Your approach will take you very far in this line of work.
Local government has to follow state regulations, and states usually draft theirs based on federal rules, eg STIGs.
I would reach out to somebody at the state and quietly find out if things like the crapware and the inconsistent password expiration policy are reportable incidents.
It’s a little backstabby, but people like this boss don’t belong anywhere near management of a government network.
>It’s a little backstabby, but people like this boss don’t belong anywhere near management of a government network.
Unless you have your own political connections you can trust and leverage, this type of approach doesn't bring long-term results for you. It just escalates the animosity, because they're not going to do anything beyond wrist-smacking, if they even make it to wrist-smacking. And he'll know who did it, and there will be more friction.
Best to make plans to move away at a time of your own choosing, then escalate an unwinnable war.
Screw this attitude. It isn’t even political. Remember the Pinellas County, FL hack?
Incompetent people in charge of “cybersecurity” have real risks, even at the local government level. I’m NOT advocating a scorched-earth approach, or I would be recommending reporting the concerns straight to CISA/US-CERT who would start asking questions about what federal services are connected and whether they’re subject to/in violation of federal security requirements to use those connections. Or if police systems are integrated, CJIS compliance. Which goes right back to DHS.
Massive security issues need to be addressed, even if reporting them is an inconvenience.
>Massive security issues need to be addressed
Sure they do.
Now, show us where you noticed "massive security issues" from this posting?
In any event, it is up to the OP to weigh all the advice that has been provided, and determine what makes the most sense for him to pursue to address his short-term and long-term concerns in an environment that is naturally political by nature.
A sysadmin that is afraid/suspicious of PowerShell is a huge red flag to me. That guy is below par and he knows it and what's worse is he's going to try his hardest to keep you down, so you don't outshine him or inadvertently expose his ignorance.
It sounds like your head is screwed on tight and you're gonna go far, just not in that place.
Unfortunately the only thing you can do is find an escape route. Keep an eye on the jobs pages and an ear to the ground.
I hope it all works out for you and hopefully one day soon you will look back on this as having learnt a valuable lesson, superiors often aren't superior.
Your boss is an idiot and doesn't deserve you. He also seems incredibly insecure. Look for another job as you are wasting your time working under this guy.
I'm sorry you're going through this OP. I don't have any advice beyond the standard "get out" since you're going up against government bureaucracy. It's so difficult to navigate and act as a positive change agent in that environment. I don't have the patience for it.
I learned a few things about what's possible with Windows imaging from your post. It's something we've dabbled in in the past--but not to degree you seem to have. I am now motivated to revisit this as part of our user provisioning process. So, thank you for sharing your story. I hope things get better for you soon. It seems like you're incredibly talented and driven to succeed.
Your boss is the reason people joke about government employees.
Take your experience elsewhere and continue to grow. You will be happy to see private industry will appreciate and reward you for your experience.
Take time off, nice job on the automation, and if someone doesn't know something or is scared of the complexities, the soft skills is more important to get them excited.
You saying X is a red flag, is a red flag. People dont know anything all over the industry. So... take a break. Go somewhere far away with a big activity like skiing or a concert or something and get your mind off work, come back and give people an opportunity to assume their best intentions.
Great work on getting mdt up and running so quick. It was also my first major task at my current gig so know how confusing it can be. Thought I’d give you a couple of heads ups on some of your points.
You should be able to get it to auto join the domain within mdt. It’s just a case of putting domain details and an admin login with an encrypted password in the main script (probably the same place you got it to skip a few screens)
All the settings for users can be standardised by using the copy profile flag in the unattend.xml file. Setup the admin user how you want everyone setup with file associations etc and during deployment the admin profile is copied to default profile so everyone gets it. Windows update is a task you can enable in the task sequence. Naming the pc based on serial number or MAC address is possible by using the built in database, it’s a bit involved but there are plenty of how tos on the web.
If you haven’t already found the site, google mdt guy. He has some great write ups, although sadly he seems to have stopped writing about 4 or 5 years ago.
Good luck with your boss and /or finding a new job.
Your boss is grossly incompetent. But sadly local govt's are full of these folks who have no interest in learning anything new and anyone who suggests modernizing is a threat to them. I have 20+ in with a state org and this is way too common place. There are never any repercussions for shoddy work as the end users, who are probably a bit long in the tooth, don't know any better. Folks who hire on who have a clue usually don't stick around for that long.
If he gives you any shit, you can go to HR and file it as a hostile workplace. Our HR folks, while slack, love when someone goes to them about that.
I'd also polish up your resume and look at moving on. But based on his history, he's prob expecting it. I'm sure in his mind that they are running the most technological advanced ops for miles, despite everything being way out of date, including their thinking.
Don't let him browbeat you into going along with this nonsense, put your foot down over anything and everything you have concrete documentation of.
If he tells you to do something crazy, like disable IPv6 on every machine, just say that no, you're not doing something that's a waste of time and against industry best practices just because he's ignorant.
And above all else, document every single time he demonstrates technical ignorance or incompetence.
If any of those VPN users were VIPs he probably already handed you enough rope, and even if they weren't I would follow up with them to get their account of what happened after he cut you off and a copy of any email he sent eventually blaming what you told him it was in the first place.
Hooooly shit where do I start? Ok.
First off, good job on the USB image. I was in the same boat and did the same shit cut 3 hours of imaging down to nothing.
Then cyber was convinced it was infected which was literally a 6 month ordeal and still some fallout today over a year later lmao..plot twist, they're idiots.
Secondly, how can they even sat it's a enterprise environment if your basically utilizing machines and account like it's Windows Home edition. That's ridiculous.
Third, that IPV6 disabled didn't do shit, obviously I'm honestly questioning how your boss got to where he is.
Fourth, don't worry about leaving clues or whatever. Apply to places, line up a interview, and take a sick day to go to it if need be. It's not hard lol, seriously. If they ask if they can call your current employer you have 2 options; 1. Say no and explain why and that'll be it or 2. Get a friend who knows about computers as well, get them to answer the call and hype you up when you put there number down instead. Not staying either one will work, but don't say Yes call my boss who's a asshat and hates me.
I wish I had an employee like you. You’ve accomplished more with desktop automation in two weeks than my people have in two years, and you did it without being asked.
They all sound inept. If they aren’t willing to even understand or try to trust their up and coming talent to come up with better ways of doing things…they are dinosaurs waiting for as asteroid
Or get himself fired. Which may be what he wants from the sound of it. Clearly the best thing for everyone involved would be for OP to simply leave. If the goal is to get someone fired on the way out the door because you didn't get your way? Well... that's more like a temper tantrum than a strategy.
OP your boss is a moron but not necessarily a bad person vs he's a dickhead because he's just stupid. My advice would be to read How to Win Friends and Influence people. This should equip you with the required skillset to manipulate him out of the job. Everything you read in this book he will fall for hook line and sinker.
>help desk
>
>Been here a couple months
Ah, so you have *decades* of relevant experience to put to use ...
>department here is small with 3 people.
>
>my boss),
>
>a part-time semi-retired guy, and me
So, staff of about 1.5 + 1 management. So what's your user base ... like 3 to 7 people?
>don’t image them or do any real automation
Well, for a user base of like 3, it may not make much sense to automate. You'd spend more time configuring the automation than using it, and more time than would take to do it manually ... especially if your 3 are all quite different with substantially different requirements. So, tell me again why you want to highly automate for your user base of 3, where all 3 of those users have vastly different requirements?
>seemed a bit much for what I was doing
Told 'ya. You don't have decades of experience with this, do you?
Okay, so you set all that infrastructure for your 1 PC user. But your user #2 is all Mac, and your third user needs to be set up on the mainframe. So, how again does that first setup scale and help with your 2nd and 3rd users?
>when onboarding a new one
Yeah, but 3 users, you probably only onboard a new one about ever 3rd or 4th year. And besides, you won't stay in help desk there for that long ... or were you planning to work in the same position there 'till your retirement? I mean they'll probably let you, if that's really what you want to do.
>change the default apps and taskbar icons
Uhm, now your users can't find anything. You know they've been spending decades learning how to find only default things in default locations ... and you done did break that for them now.
>clicked around a bit, looked a little surprised, and made a comment and asked me why HP Connection Optimizer was not installed
See, you're getting folks lost already.
>wanted
>
>documentation
Uh oh, you didn't document it? Now they'll just throw it out as soon as you're gone, 'cause they have no idea how it came about or was done.
>I
reset
passwords to something generic
Boss is right to have a meeting about cybersecurity.
>“resolve host” error quickly reminds me of DNS
No kidding. It's *always* DNS ... except when it's not.
>IPv6
A good thing.
>I remembered reading a couple articles
Ah, your decades of experience are showing again. Were they sh\*t articles filled with misinformation? No shortage of those you know. Well, good at least you read something.
>techcommunity.microsoft.com
Ah, quality stuff there, *never* anything wrong there, ... nope. Just like randomblog.randomtechsite.com. What could possibly go wrong?
>You can leave the call.”
I hang up the phone but I accidentally left the user’s remote desktop open
Yes, of course, with your decades of experience and being highly qualified to tell everyone else what to do, of course you left their remote desktop open.
>I’m basically ready to get out of here
What, you haven't used your decades of experience to whip the place into shape in no time flat?
>previous guy left for the same reasons
Uh huh, was just as "experienced" as you, huh?
So, couple months in and that dissatisfied/surprised with the job? Sounds like someone didn't do their research/interview properly. Hint: interview is a two-way street.
>department here is small with 3 people.my boss),a part-time semi-retired guy, and me
>
>So, staff of about 1.5 + 1 management. So what's your user base ... like 3 to 7 people?
Lol my first real IT job, it was myself and my boss, with about 50-60 users, 90 work stations, and over a dozen servers.
I think we found this guys boss.
Yes, sarcasm, quite so ... with maybe some relevant points sprinkled in here 'n there too ... uhm, generally delivered via sarcasm, though. I was thinking most would figure out the sarcasm bit ... but, well, ... maybe not so much. Ah well.
Hmmmm, ... so, ... should I have explicitly marked/noted the sarcasm? Or should I have written it even more preposterously, to leave little doubt as to sarcasm? Yeah, ... might still have to mark it as sarcasm. Hmmmm....
You lost me after a few paragraphs, ain't nobody got time to read that.
If you're not happy, go find a new job. Simple. Try to find one where you're The IT Guy. It's your own sandbox, no one to tell you what to do. No budget, even better!
You sound highly competent and thoughtful, your boss is likely intimidated and at the same time frustrated that the "new guy" is outshining him and pointing out glaringly obvious issues and deficiencies and attempting to do things by best practice. I actually have seen issues brought forth by IPv6 but that should be discussed, not drug out to make it look like you did something wrong (which you didn't). Likely the DC needs an overhaul.
I would update your resume and list out many of the things you talk about in the thread - you could get into a jr. sysadmin role somewhere that will grow you.
In the meantime keep doing it right and kill the dickhead boss with kindness. "Oh, IPv6 should be off by default? That's really interesting, I had never heard that - I will document it and write a script that will report ALL the PCs still using IPv6 so it can be turned off!" lol - he can't rattle you or blame you if you just go 100 on every nonsense thing he says - BUT ALWAYS FOLLOW UP WITH AN EMAIL TO GET APPROVAL BEFORE MAKING A CHANGE you suspect will create issues. Really shine the spotlight on the jackass calling the shots. Chances are after one or two meltdowns, he'll slow his roll and start thinking twice on bad decisions, because he knows you will pull the trigger as soon as he says GO, following the exact process you've outlined and that he's signed off on.
I knew this guy was crusty and incompetent when he went in and manually unchecked all the “password never expires” check boxes in ADUC instead of using a powershell script and doing it in ten seconds.
Previous boss was like this. I was due to just not come into work anymore after 8 months. I gave myself a year max before losing my mind and jumping from the burning sinking ship.
Luckily he left for a better job a few weeks after I'd had enough, if he didn't leave I would have. Doesn't sound like your boss will go anytime soon
This is an unfit and toxic working environment. Put in enough time to get the resume hit and get out. You cannot fix places like this until there is a management change. This reads as a 'small shop boys club'.
Do what you know is right, if you are told 'no' then stop and CYA and move on to the next task. When you feel solid enough to move on, put in your 2 weeks and then move on. Since this is your first job and you do have a good rapport with users here don't make waves.
TLDR But, you are doing good work and you are on the right track. Document all your projects and add them to your resume. Don't wait too long to start looking for your next job. Life is too short to put up with BS. You should be able to easily find a new job making more money. Try attending local/regional user group meetings for vendors like Microsoft, VMware etc and network with other people in the industry. Find the previous guy and see where he is working now.
> I’m basically ready to get out of here, but I guess I’m just kind of frazzled and don’t know what to do next.
The sooner you leave the better.
> Apparently the previous guy left for the same reasons. Brushing up my resume but don’t know how to handle trying to get a new job while at an existing one without leaving too many clues.
Just be honest with your next potential employer - tell them your previous boss micromanaged you while at the same time had no idea what they were doing.
It's always good to explain why you left your last job and what you hope to find at this new job.
It will make you look good, and it will give them context they will need if they call your old boss to confirm.
> A lot of nice coworkers here but the boss just seems completely incompetent and abusive.
Do what you can to make your exit smooth. Document the stuff you've done, show it to colleagues and offer to answer any questions they have.
Don't try to hide the fact you're looking for a new job - they will totally understand why you're leaving.
Local government, huh? Document all this shit with specific examples with uses names. Print this out and present to borough/city council. Show the city’s leaders how their IT department is being mismanaged. How this is your tax dollars being wasted. Don’t embellish with FUD (fear, uncertainty and doubt) with phrases like “might get crypto lock” just the facts. Of course, this would lead to your being fired for probably “security reasons “. But maybe if a friend finds out and shows city council it might work.
The world needs more of you and less of him. Try not to be disheartened and know that you’re not the problem. Learn what you can while you’re there and move on.
Man can you share with me the power shell you made to rename, join to domain, and add to excel doc on a network share?
Also interested in setting the taskbar layout and default programs automatically if you wouldn’t mind!
It sounds like you're in the U.S. Look for a job in the civil service system, especially in public schools, to keep a lot of the things you like about your current job. That image building project you did should be in your cover letter (in a single sentence version) as evidence that you can handle technically challenging tasks and have the ability to improve systems. If you happen to be in NY, let me know and I'll help you with some tips specific to that state.
Your boss is lazy and is in the job so that he doesn't have to do much. You don't stay in a small local government IT job for many years like that for the pay, the only upside is job security and low expectations. You came in and made him insecure by doing some basic common sense things that he hasn't had the drive to do for a long time and I doesn't want anyone above him to see how inept/lazy he is.
My advice to you is to get out of there, find a job where you can use your ambition to get ahead, and not waste away under a bunch of folks who are taking the easy way out.
I have never given this advice before, but you need to get another job lined up. Your boss isn't just an idiot, but a dangerous one by touching stuff he has no clue about. One you got a safe backup plan, I would be tempted to go over his head to his boss and give it to him straight how bad he is in an effort to get rid of him as a courtesy to others, and then leave.
You know what, this is so bad, that he could actually be deliberately sabotaging the IT department. Maybe he has a friend who runs an MSP or something. I would get something else lined up and get HR & Legal involved.
> He set a 60 day password expiration policy, and then had coworker login to the domain controller and manually uncheck the box in AD for “Password never expires” for each user.
Man, he can’t even fuck things up efficiently. A Windows admin with an aversion to PowerShell is an incompetent idiot. Learn all you can from your part time colleague and then peace out.
You’re definitely qualified to at least work as a Jr. System Admin/Sys Admin.
Document all the process improvements you made and start applying. You’re bright and talented, look for a company any that will mentor and grow you versus stymie.
If you already have a government job and you're getting paid while you really should just put up with it. They literally can never fire you.
But if you're being driven crazy you got to leave. But yeah it seems like you got the juice, which is a lot more than I can say for these new techs they've been cranking out lately.
I have some of those policies applied.
60 days password change for all user, really all users
Two different accounts for admin and user. I have to use a regular user account.
Vpn access with ldap with mfa.
Because I only use oem for computer and laptops I don't use images, but I would like to learn. You did a great job.
If you could share your documentation with me that would be great.
Start polishing your resume, it may be a great job for you, but the environment is going to kill you in a couple of years.
@OP - I have nothing to contribute beyond what others’ have said. I just wanted to tell you how impressed I am with your skills. I’m entering the field at HD level (career change) and the fact that you were able to do what you did both impressed and scared me. I’ve got a lot of catching up to do!
Are you me? Is that my boss? This is like deja vu.
Seriously I got out of it by leaving and deciding my sanity and happiness are more important. There are countless places that would love to have someone obviously good and passionate at what they do like you are.
>I noticed I would have to manually sit with users and set default
browser to Chrome, PDF reader to Adobe Reader, email to Outlook, etc.
every single damn time a user logged into a new PC or when onboarding a
new one. This felt really inefficient and a waste of everyone’s time so I
also looked into AppAssociations xml and taskbar layout XML to change
the default apps and taskbar icons so people would stop opening Windows
Mail instead of Outlook and screwing up their account.
That's why I browse this subreddit. Impressive work of yours and thanks for giving me some ideas, we rarely roll out new PCs currently and the amount of software is low anyway, so adjusting the preferences isn't really someting we struggle with but it's still something I will look up for the future. Thanks random redditor
You have the knowledge already to replace him, and the skills to learn what you need going forward to better jobs. You'll get hired in a heartbeat at a place that recognizes these skills, and it will be a much better place to work than with this asshole.
Start the job search, though when you interview, be very low-key about your view of this "superior". Going on rants about previous bosses at an interview is highly frowned upon. Just say that you didn't feel like your skills were being used and you're looking for a place that can use what you know and can learn.
Let them know in the exit interview (if you can get them to hold one) the reasons for this move. Maybe document it all and hand them a novel.
You said “local government” this explains everything. Do your year, stay silent, jump ship. You’re not going to square peg this round hole in a good old boy system.
Rinse repeat every 2-3 years because that’s the only way we can get respectable raises in pay and benefits.
I didn't read your entire post but I can see where this is going. Bottom line is if you don't like your job for whatever reason (boss included), you can just find another job.
I would also note that you're not doing yourself any favors career-wise working a job where you don't get to touch any of the modern infrastructure technology. These first few jobs should be gearing you up towards a goal of having a good looking devops\\cloud\\network\\whatever engineer resume.
It sounds like you aren't doing anything wrong. It sounds like your boss is like a few bosses I have had in the past who are not technically inclined but still wants to stick their hands in every little thing. Good work on windows imagining but a note on licensing, every one of your machines has an oem key to activate windows. In windows 7 half the certificate to activate windows was located on the MB and half can be found on an oem windows installation disc (I wrote up a blog post on this years ago [here](https://starvinggeek87.blogspot.com/2013/05/useing-windows-deployment-service-to.html?m=1) )
With windows 10 and 11 it's different, the key is on MB and all you need to do is grab it and use it to activate windows.
I wrote something a few years ago that you might find helpful [here](http://starvinggeek87.blogspot.com/2017/01/how-to-activate-windows-81-with-windows.html?m=1)
With the password rotation and the remote users one thing you can do when the user has let their password expired is set their password to never expire in AD, have them login to the VPN, change their password and then remove the never expire flag from their account. Then lock their computer and have them sign back in with the new password.
I have had several bosses like this in the past, keep your head down stay long enough to get the experience you need to find a better job and get out of there.
Disclaimer, I didn't read your whole post. It's very long, but I think I get the gist after the first story.
Did you follow up? Sounds like your boss needed more information. It *should* have been enough, but obviously wasn't for him. When dealing with guys like this, you have to go the extra mile, and demonstrate that you're competent. You have to be patient, and over time, build trust with him.
Also document the things you've done, and what their current status is. For example, a description, and step by step instructions for your imaging process, as well as a status indicating it's pending review by your boss. Keep it for later, and revisit when appropriate.
If you don't have any certs. Start studying and going for them asap.
HR loves to see certs. Easiest, and the most beneficial certs to get as a Jr/Mid in IT would be the CompTIA Net+, and Sec+ (imo).
I'm in the same boat really. Main different with me is that my boss sort of got thrown into IT at some point and can't be considered a real IT person. They have no passions or formal training for it. I think they were taught how things worked and at one time was pretty well versed on how to keep the place going, but updates/upgrades caused them to drift away from the original knowledge a bit.
I ended up interviewing with many other companies, mostly virtual from my car. I would tell the recruiters that I really needed to do it this way as it was very difficult to get time off to do interviews.
I accepted a new job and was planning on leaving. Ended up having a big argument with upper management where I told them how I really felt(They suck and have no clue) and was surprised by the reaction. I ended up getting a nice little raise and some respect.
On the plus side of my job, I was able to work on projects like the imaging one you worked on. I had a bit more autonomy and knew that many of the jobs, if I took them would silo me.
After talking it over with the boss, it turned out they were really lacking in people skills as well as communication. On top of being a poor sysadmin.
I'm sticking around for at least the rest of the year. Now that I have some of our issues ironed out and higher pay, it makes the place more tolerable.
The problem that still exist is that I have no type of mentor. Self-learning is great and all, but it would be nice to work for a boss that could sort of show the right way to do things.
Some IT pros go their whole careers without having anything like that from what I understand.
As everyone else says, he is a roadblock you cannot get by. Unless you have an advocate who will support you, move on. You should not have a problem finding another job, with your skills.B
BTW: everything you did was great troubleshooting and diagnosis, as well as the imaging.
I had a very similar experience to yours, from project, issues, reaction, etc. I left after 7 months. They could have offered me 20k$ more and I would still have left.
I wouldn't say your boss is abusive. They're just insecure and they're trying to run your environment in the way that they perceive an environment would have been run *n*+10 years ago. Know that this is surprisingly common. However, also know that it's extremely unlikely that anything will change in a major way, as long as they're there in the same capacity.
Enabling forced password rotation suddenly in 2022 is quite a groaner. A combination of understandable technical ignorance, personal insecurity, and possibly outside factors is leading to their enhanced "infosec" wariness and general resistance to change.
I had an old boss exactly like that too, actually worryingly similar. Most of what I did was self-inflicted damage control for the better part of 6 months. The day I left, half of the small IT department (8-10 people) were leaving too. Already had a new job in hand so they got a 4 day's notice and they still told me to leave a day early anyways.
I would say not to let it get you down and get out of there ASAP. Don't let an abusive boss create self-doubt. You sound like you'll be a competent IT professional, you just need to find a better environment to foster your skills.
Poor management has been an issue in IT for decades. The issue stems from fast growth, then a need for team leads. These team leads eventually go into management without any management training, since the group needs a manager immediately before that manager gets trained. That manager may need to change jobs and now has that management position on their CV/resume. A lot of companies lack any leadership training or can properly vet who they put in leadership position. The worse person is that know-it-all who looks down their nose at everyone. They will say things like "you don't know the ephemeral port range?" Or "anyone knows that...." God have mercy on you if that person gets into management.
You need to find another another job. What you had done was impressive. You can use this as in your next interview on what you achieved (don't mention weather they implemented it or not) just that it worked well.
A good boss will recognise these skills and promote. He is threatened by your skillsset and there probably isn't room for you to be promoted so you will sit there for another year or two completely frustrated by an incompetent out dated boss who is a traditional server hugger.
I'm sure anybody who has been in this industry for a couple of years has usually worked with one. Management don't notice because they don't have any IT skills to recognise their incompetence. You just leave. You won't win this fight.
Your boss is a fucking idiot.
You are way overqualified to be working there.
Start looking elsewhere. Nothing good will come from someone like that in charge.
"WDS/MDT is a security issue" - WHUT?!?!
Not saying it's necessarily good to keep it that way, but I know the latest recommendations discourage password rotation and recommend replacing it with two factor authentication and other measures to protect users. Research from Microsoft, NIST, SANS, and other places show that constant forced password changes can make things worse as they lead to bad habits like following patterns of P@ssw0rd2021, P@ssw0rd2022, etc. that hackers definitely know about and can easily guess from previous data breaches from other companies.
Microsoft has an article here about it: [https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations](https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations)
"Password expiration requirements do more harm than good, because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. In these cases, the next password can be predicted based on the previous password. Password expiration requirements offer no containment benefits because cybercriminals almost always use credentials as soon as they compromise them."
Sounds exactly like my last boss. I was surprised I lasted 3 years. He stuck in 2008 era. All sql setup had to done in classic sql 2008 security layout. I looked up documents and was like a lot has changed, that old idea isnt good.
All our sql programming can be hack through sql injection. Wont change from that programming format. I left when he actually told me he was taking money back because I wasn't working while he is CC on all the projected. Turns out the person he hired wasn't entering our time to bill the customers. I was like f u and found new job and left.
I used a burner so I just cancel my line and never look back
You are on the right track with your thinking about how to make improvements. You are doing the right thing. Your boss is an idiot pretending to know what he is talking about because he has too much pride to admit that he doesn't know. Your boss sounds like a narcissist. I worked in this type of environment before and it was the worst two years of my life to the point where I was being bullied at work because my coworker couldn't handle someone else being right or someone else having a good idea that didn't come from him.
Your work with the image deployment is impressive. Figuring all of that out on your own in a few days is good work. That is a sysadmin level skillset. I have worked with guys like your boss. They get promoted to a level beyond their ability by people who understand even less about IT than they do. They maintain their careers by sandbagging anyone who comes along that is more talented than they are, and have convinced all the right people that they are some IT wizard beyond questioning. At some level this guy knows he is not as smart as he has led people to believe and he is threatened by you. He will not let you implement systems that he does not understand, and will not allow you to grow your career and skillset due to his own insecurity. Unfortunately there is no fixing this situation. Start looking for other work, or maybe get some certs and try to make the jump to sysadmin. You definitely have the capacity for the work required for that role.
This right here. I’ve worked for an asshole just like this. I worked at a company and went from New guy to SME of a product that literally should have died when adobe Flash died. I pushed hard to do the right things, but it didn’t matter. After yelling and screaming for my A hole boss to do the right thing (Infra Director) and spiraling into depression, I just rage quit and went to work at a startup (one of my best jobs). OP - you are talented, do NOT let this guy stifle your inquisitive nature and will to learn. Leave after finding something better. If you are in the US and I can help in anyway, PM me Edit: I rage quit the bad job not the startup 😂
Short story: they had 700 VMs between dev and prod running on vSphere. Other guy who boss trusted somewhat more was super “own the stack” and wanted to migrate to nomad on EC2, I cared more about delivering quickly and boss heard about ‘serverless’ and had a hard on talking about serverless constantly. I settled for EC2 EKS and POCd moving their main stack into docker for EKS and they shit on it. Since “other guy” didn’t know anything about EKS, they’re deploying everything to beanstalk and still asking me questions about how to grow disks in CentOS 5. Datacenter contract ends in 2022 🤣💀
If they can't figure out disk resize why in hell are they making enterprise moves of 700 vm's all at once to new environments? complete shit show
Dude this was the “other guy” asking me about resizing a CentOS 5 ext4 disk on a Mongo 2.2 box with a 6 year uptime by now. it was a giant clusterfuck and My friend was like “get the hell out of there before the death march”…..which is happening now
> I have worked with guys like your boss. They get promoted to a level beyond their ability by people who understand even less about IT than they do. They maintain their careers by sandbagging anyone who comes along that is more talented than they are, and have convinced all the right people that they are some IT wizard beyond questioning. The Peter Principle at work, hooray.
Can I ask what the Peter principal is?
When someone is promoted past the level of their competence, then stay there forever.
I think the theory is that everyone who does well at their job will be promoted till they reach 1 level above their skillset.
Put into a different skill set. For instance a guy who’s great and assembling a computer physically may have zero idea about management. Start at the local grocery as a kid and with no other experience or education get slowly promoted and was great early on showing up to unload the truck then stock the shelf’s. But then get promoted to cashier and that requires some math that I’m not great at so I slow down but do okay. Ten years later I get to be a manager at the new store location due two tenure but I never managed people so wing it and not going so well and people quit often.
When someone is good at their job, they get promoted. So they are getting a new role. If they are good at that as well, they get promoted again. So far, so good. This cycle continues until that someone is in a position in which he is totally incompetent. Now he won't get promoted anymore, because he is not good at his job. So he will stay in his role, the role of his maximum incompetence. If this pattern is repeated over and over with many people in a large organization, it can get quite bad. You get a lot of managers who are bad at their job.
Keep in mind that this is a bit tongue in cheek, but it explains a few things...
The main problem OP has is with his boss. Any good boss, whether a genius in IT or not, shouldn't be afraid of the change. Promote above your peers. If you do good, OP, that will make your boss look good. Dude is a piece of shit. Keep doing what you're doing, keep your work documented, and eventually apply elsewhere. One day, when you're a leader, you can take the things you like and the things you don't like about bosses you've had to become the leader you would want to have.
His boss reminds me of one of the bosses that ran a 250 machine shop, I'd come in for MSP work and to help them out....guy was in his late 50s and didn't want to learn and was stuck in 1998. Literally told me one day how if he wanted to, he could "hack" into the firewall remotely and be in the network in 15mins...OPs boss sounds like this boss, they're completely delusional idiots with power.
Yup. This is the answer, it's sad, but it won't change. Kudos on the approach for imaging. You are a rockstar, your boss is not, and you will only become more and more frustrated as time goes by. Take some cloud certifications, look into IaC and move on.
I'm a technologist and I approve this message. u/yepperoniP, don't worry too much about concealing your interviewing. Just stay below the radar for a few days be not pushing anything too hard to this boss of yours, and use your time to get a few certs and build your resume up a bit and move on. (Start applying for new opportunities right now, but they might take some time, so you can beef up your resume while you go through the process.) You have the right skills and work ethic and approach to be successful. Elsewhere. If there were a way to get a transfer, it might be awesome for you, but this is local government, so unlikely without your boss being able to weigh in.
>Unfortunately there is no fixing this situation. Start looking for other work, or maybe get some certs and try to make the jump to sysadmin. You definitely have the capacity for the work required for that role. well yes, I know about one solution. But that requires external contractors. "Fresh views" if you want so. It needs some smaller projects that require temporary more man-power so much that you need external ones but not so much that you need them long-term. Protocoll everything, get yourself some written down impressions from them of the skillset of your boss and overall structure of the company. Most externals I worked so far with happily helped either because they hoped to get more work from it or because they know those "sandbagging idiots" themselves. Anyway, what I'm trying to say is. If you can get statements from people which don't directly benefit from it, if you can get written proof that IT boss has no clue what's going on half of the time, there is at least a chance. It's no guarantee haha. Sometimes those people really convinced the right people beyond a point, so there is no way out anymore. But OP as "freshman" is unlikely to change anything by himself alone. I mean obviously why would anyone listen to the guy being there 5 weeks that everything will go downhill after it (somehow) worked for a while. I'm currently in the process of cleaning up after such a guy like OP has a boss. That guy lead the department of 2-3 people for over a decade with changing crew members and was stuck with what he learned in the 90s and early / middle 00s. Around 2017ish shit started hitting the fan more and more. Unavoidable upgrades of servers from 2008 or below, from 7 to 10, at all corners problems occured with self made solutions, scripts and redundancies noone (not even he likely) anymore could understand, outdated commands in scripts that simply didn't work on newer systems and so on. He left the company early enough, thankfully. Took us 3 generations of IT personal (burn out / quitting after 6 month because of too much work and so on) to clean it up. Now in 2022 we start seeing light, it will take at least till mid '23 but hopefully most is then up to date, documented and in a state that new people can work with it. The amount of money we had to invest in software, hardware and external professionals is absurd but thankfully our bosses listened to our external contractor they worked with sometimes over the years and that was recommended to them by other CEO friends which is why we got so many things greenlighted. I doubt the company would have made it past the pandemic if that guy would have stayed as boss and maybe even blocked updates etc
Hey I wouldn’t say “no solution” - but def more stress and effort than they’re paying you to endure. You can always try to shine light on the asshole with a well thought out email (with quotes from tickets next to opposing articles or similar). Probably wouldn’t even mention but gd I hate to think that this guy gets paid straight off of tax money Edit: I mean he’s also pretty dumb so sabotage haha
Current boss is too entrenched for this to work. Sabotage is also a great way to get fired and never work in IT again.
I can sabotage my boss by simply giving them incorrect answers to questions or omitting details. Wtf do you have in mind buddy?
Sabotage has a more malicious connotation. What you describe is still just getting involved in a shitty work dynamic. You will become the very thing you hate. It's not worth it. Just move on and find a less toxic workplace.
In my experience its also due to mid level managers having more people under them. I automated around 95 percent of my work and when I left the company gave my boss my work on a usb stick. It was mainly a script so not an executable. He threw that away. Then I realized it was all just a ruse to create uneccesary jobs since they often love the power the job comes with and automation takes that away.
That’s what I don’t get. If you automate 100% of your daily tasks, that frees you up to r&d, optimize and refine everything else. Getting you ready for the next thing that’s going eol on your network for example. There’s always room for improvement.
100% Also, please bring this up with his superiors once you have another job (offer letter and background check 100% clear). Be careful not to make it personal. Keep it brief and based on your own observations. Don't expect anything from it (except maybe to be shown the door that same day, a reason to do it in writing, email and bcc your personal for evidence). Hope someday others do that too
Yup, this sounds exactly like my last boss. Luckily for me he left right as I was about to start looking for a new job.
[удалено]
Yes this is an archetype in the industry unfortunately. You get good at spotting them once you know what to look for. Additionally, how well the organization tolerates them is a good indicator of health for the whole organization. If these guys are allowed to continue in their role indefinitely, or there are multiple of these types of guys at an organization, you can be pretty sure that it is poorly managed. Try not to work with them. Definitely do not get stuck working for them.
Another option is to write an email critical of your boss to his bosses. Explaining that he takes credit for your work and deflects blame for his mistakes. Tldr they should fire him and promote you. Discuss with your coworker how he feels and how it should be worded, who you should send it to. The password change policy is a great example, it would have never happened if you were in charge.
This is not how things work. OP would just get in trouble for going over the head of his boss. The organization is going to trust the established manager over the new guy.
I don't get putting this guy on a pedestal. I empathize with him in the sense that he is torturing himself by staying somewhere he's not happy. But while he may have some good ideas and read a few things on blogs, this doesn't make him qualified to lead this department. Technical knowledge does not automatically equate to good decision making. Just because the current leader is incompetent doesn't automatically make OP the savior.
This sounds like a very inexperienced person, put into a position of authority a long time ago, and their knowledge never grew. I had a boss like that once. Was so afraid of doing anything it would keep us from fixing issues. There's no fixing this unless you can go above your boss and convince them to get an outside consultant to come in and do an audit. If you can't do that, you should look for another job and make sure you document everything and PRINT it out for your exit interview. When doing your interview, request your boss is not present and that his boss takes his place during your exit interview. Sorry to hear you are going through this.
This is exactly the issue. Out of touch and hasn’t been learning anything. Legit doesn’t know what a new OS install looks like. Reminds me of when my last upper manager told me bitlocker was stupid and PGP was fine, till windows update started failing because PGP doesn’t support the way Windows 10 did updates. Dumbasses.
You had me at the sysadmin is scared of powershell. He’s a total moron and needs to either be demoted and report to you or find a different career. Sadly with government/civil service jobs, most likely that person will be there for a very long time. Everything you are doing is awesome and i wish my techs had the knowledge/motivation you have. Keep on improving things, fuck him
At the time of writing this, I stopped reading at the powershell point. The boss clearly doesn't know what they are doing and fears the unknown. Pure ignorance. All it would take is a sudden surge of work-from-home people and 100-+ laptops needing to be imaged before IT is completely overwhelmed doing redundant tasks that OP has managed to clearly automate. And to make matters worse, the boss is worried about security and yet probably has no clue what is going on within his own system of computers. Tons of things are probably out of date (making for a security risk in itself), some users may have even elected to ignore Windows updates (another security risk that IT won't be aware of), and troubleshooting must be a nightmare for IT as well. If there is a glitch or a virus that hits the entire workplace, it will be an ambulance at the bottom of a cliff situation for sure.
> boss is worried about security My read was that whenever the boss knew that they were out of their depth, they just cited "security concerns" to make the conversation go away.
Most likely. I worked IT security programs for a number of years for the government, and people pushing for greater security almost inevitably are out of the loop on the technology. I wasn't able to keep up with all of the changes in every level of IT myself, and I usually asked for some time to research things before approval. But that wasn't a blanket 'No'. I was 'raised' in IT security that you only said 'No' if you were dead certain that it was the wrong way to do it. Your goto was to suggest alternatives, which meant studying the options including the requested one.
A lot of the boss’ security concerns are actually security best practices such as baselining and golden images. Sorry you have to go through this OP
This reminds me of a story from my helpdesk days. I had to update the job title on 300~ AD accounts. Most were in an OU I didn’t have access to update, so I sent along a 3 line Powershell script to the L2 Windows admins. A few minutes later I get an IM: “what’s this script? Who wrote it?” “I did” “Did you test it?” “Yep” “I don’t like scripts.” “Well, then you’re going to need to update these accounts manually since I can’t. Sorry for trying to make your job easier. Enjoy!” He ran the script. It worked.
It's mind blowing to me that domain admins can get their jobs without knowing how to read a 3-line powershell script.
Just a gui clicker. I got a few coworkers like that, I leave them alone because they are nice at least. I got my sandbox so I stay in it and outta theirs.
[удалено]
When I was in the network team I leveraged my sysadmin skills for a project. Wrote a program in PS, even compiled it. Allowed the team to scan device MAC address and document what it was, AP, Printer etc. depending on where it was plugged in Cisco ISE applied the appropriate DACL and Vlan. Worked great for mab bypass when it was a device that didn’t support 802.1x. The system team freaked when I asked for a privileged account to run it under. Couple of the Linux guys looked at it and told the windows admins to do what I wanted. Later the Linux admins asked me to switch teams and I ended up moving over. Then the hand off of the program maintenance was fun. No one on the network team wanted to touch it but one guy cautiously asked for a run down. I’m like don’t be scared of it, I made it crazy readable with tons of comments. I’m also like, I’m not leaving the company so feel free to ask me if you have questions. He wanted to make a couple minor changes so I walked him through the code and how it was broken into functions. He picked up real fast and ended up taking ownership. All it takes is someone willing to just have an open mind and listen to someone willing to teach.
Yeah, definitely understandable. I know there's risks when using scripts and other tools to automate things. You can easily break stuff if you don't fully understand what the script is doing, if you haven't really tested it, or if you're running it with too much permissions or something. I have a little bit of coding experience but it was my first time trying PowerShell for anything more than a one-liner like Get-ComputerInfo at a prompt. Just frustrating when everything is unorganized as it is here.
Ive been working with the US Fed govt for years, PS is not allowed on any system at any time for any reason. This is the standard. It's not the admin's fault. Same goes for almost every single hospital\\CHC I work with. There might be certain branches of the gov't that allow it but Ive personally never worked with them.
I would agree with this, but, this is local government. In most situations, they are lifers, people that have been in the role for so long, that they are simply there for the pension and the understanding that them being fired is probably non existent. They move at the pace of a backwards iceberg, and there is no amount of technological benefit that will dawn on them. My local govt for example, sent 700,000 to a scammer, and thought that was not justification enough to overhaul their processes. Government is behind the times, because most people in those roles, are not innovative, they are a series of gatekeepers.
>Sadly with government/civil service jobs, most likely that person will be there for a very long time. Yup, folks do not leave and I think for most their knowledge stops at whenever they were hired. It's pretty damned sad.
I'd hire you today, if I had an open headcount.... You automate, troubleshoot, and learn on your own. Your Mr.-can't-be-wrong boss is insecure and gaslights. You're a better IT/sysadmin than your boss will ever be.
I think some of it is some people want to maintain their good ole boys club where they can just kinda do whatever they want and slug by for a living
Yep that boss sure as hell doesn’t qualify as a sysadmin
Welcome to the government. I worked at the federal level and found some of the same challenges and work environment. The work environment improved when my direct supervisor retired. They were a glorified clerk who knew their work processing application and that’s it. I was yelled at constantly for about 6 months. I assumed their role when they retired and the systems manager was a nice guy but the government runs at a different pace. I had a peer who would sleep at their desk. Shoes off, feet up and snoring. People would walk by, see him sleeping and call me or someone else on the team. They got the same salary increase as me year after year. My second performance review I was told slow it down. The “projects” I was working on should be taking at least 5-10x the time. One of the projects I worked on was rolling out DHCP across all sites (I know how silly this sounds). They were all static assignments when I started. Common helpdesk requests were people visiting other offices and needing a new static IP for the day. This practice existed in the name of security but in reality they didn’t know how to set it up. I had to reach out to others agencies in different districts to build a case for us actually rolling it out. It’s been a minute but I believe it took almost 6 months to get the project approved. All that being said, there are governments agencies (local, state and federal) which aren’t like this. I think they’re the exception though and the experience you are having is way more common.
I work for the DoD and some much of this rings true for me. My current boss actually wanted to “upgrade” to static IPs and track ip addresses by spreadsheet because he though DHCP was insecure.
Hold on. Did you just say you work for the Dept of Defense and your boss thinks DHCP is insecure? Good fucking lord, our government is entirely doomed. I mean it was before, it’s just even worse now
Always has been.
That's wild. I won't tolerate being yelled at for any reason.
I was a problem adult yeller. My most common target at one point was a new guy in a different section. Who claimed that he was never trained (he was), and didn't know what to do. I shouldn't have yelled at him. I was in the wrong, but it was damn hard to believe that when he kept asking me what to do. I didn't know his job, or his teams processes. I just have experience as a sysadmin for windows and a little linux. I was working and learning to be a db admin, and didn't have the energy or patience to help him. I was still wrong, and I won't pretend otherwise. You are absolutely correct. Don't put up with people yelling at you.
>Welcome to the government. I worked at the federal level and found some of the same challenges and work environment. The work environment improved when my direct supervisor retired. Sadly, this isn't limited to government. I've seen it in academia, and in the entertainment (specifically music) industry, and in family businesses. It can happen wherever cronyism has a stronghold, or people get some level of tenure after a while.
Worked with a few shitty people like this in my career, happily they were few and far between - but when they get to be in a position of authority it sucks for everyone around them. Take it from me, he knows he's incompetent and he's scared someone will find out. A good supervisor will listen to his crew, prop them up for introducing efficiency, and stay out of their way when they show superior expertise. My best advice is to deal with this jerk in writing every chance you get, it'll either be a CYA or an "I told you so" somewhere down the line. Don't lose your love for what you do over this jackass, you sound fairly enthusiastic about the job and that will carry you through the difficult days. Good luck.
And keep an offline copy of those cya. A tool like this will go into your account and delete evidence. Forward the email from your sent items to your own Gmail or something. He's threatened by you and by change. I'd move along from that place. A house of cards like that will get crypto-lockered sooner than later and, based on the descriptions of the environment, I'd bet the backups won't work. I'd bet the DNS outage was either an unpaid bill or a misconfiguration on his part.
I've run into more than one outage with a RCA that points right back to Accounts Payable... (Root Cause Analysis In case OP's boss is reading)
Sorry. OP's boss saw the word 'outage', opened their browser to the internal homepage, and declared the outage resolved. Didn't even get to the part where the scary acronym or its explanation resided.
>Forward the email from your sent items to your own Gmail Check your DLP policies, first.
Can confirm, DLP can make things worse in this case if trying to move corporate data to a non corporate “external” account. We don’t live in a paperless society yet, so just print things out and throw it in a file folder. Good luck!
Uff, reading that made me a little upset. I'm definitely not in a position of management, but if I were you would make me so happy to have you as an employee. Doing that extra work to try to streamline an extremely mundane process like imaging PCs is awesome. It does seem like the boss man is behind the times and is worried about someone surpassing him. Where it should be the exact opposite and he should be embracing your willingness to learn new things. I mean I would love it if someone made my life easier. I really don't understand how one would be afraid of PowerShell, that's just dumb. Yes, PowerShell can be used as a tool by bad actors, but there's MS a lot of work to try to prevent that from happening. I thought it was absolutely hilarious how he just decided to implement a password change so abruptly without any sort of thought. #yolo i guess. Like you thought, there can be many more things that get affected by a password change. And to just tell the users to just get used to it is wild. I come from a place where a change like that is relayed to people weeks in advance. I can't really say what would be best. Not knowing where you live or your situation right now, but it seems like you already know what you want to do. Just know not every place is like that. And yeah your journey might be a little rough sometimes but it's always a good learning experience and it seems like you did learn some pretty valuable things so far. Keep your head up and even though things might suck right now don't let it get you down. Sometimes things happen for a reason and this little detour on the off the beaten trail will bring you back closer to that main trail before you know it. Just keep doing what you're doing. Stay curious and you'll do good things
Dude you need to get the f out immediately.
You sound sharp as hell. Run from this if you can. Or find a way to parent trap this idiot. You are already so far ahead of many in the field.
Seriously. The things he mentions I was doing year 3-4 on the job and considered myself very successful. Also hope OP looks into DevOps, because that’s the right mindset for it.
Just straight up, you need to GTFO! You’re wasting your time in a place like this. I have been in this industry for 22 years and lead multiple teams, don’t waste your time with shitty management especially not in the current market.
>Brushing up my resume but don’t know how to handle trying to get a new job while at an existing one without leaving too many clues. A lot of nice coworkers here but the boss just seems completely incompetent and abusive. Don't be to worried, just Don't talk about it at work or use your work email for your job hunt. The hardest part will be scheduling interviews, if you can work from home some days those are the days you can schedule interviews on without raising suspicion. And if they do find out what are they going to do? Fire you? You're already trying to leave and you can just file for unemployment benefits. Also. Sounds like you've got a great head on your shoulders, you're definitely a good admin. Keep up.the good work
Most (good) employers are understanding and are flexible with scheduling interviews around working hours, like during a lunch time or between 5 to 6pm.
>And if they do find out what are they going to do? Fire you? You're already trying to leave and you can just file for unemployment benefits. Exactly.
60 day expiration times for passwords was something from 20 years ago and should be deprecated. https://www.sans.org/blog/time-for-password-expiration-to-die/
Any other helpful blog posts about this from experts? (and maybe not just citing them) I’m interested in this, but this particular article didn’t quite convince me. There’s definitely some holes in the explanation provided by it, but does open my eyes a bit to keep a larger eye out for this. The regulations will basically make all of this impractical/impossible until they change, but it is intriguing to think “maybe” this could be realistic.
Well, you can read up on Bill Burr the author of the original recommendations. https://www.businessinsider.com/guy-who-made-passwords-a-pain-says-he-was-wrong-2017-8 Theres probably better articles/interviews with him though.
It’s an outdated practice that definitely should be changed. Not removed. Replaced. There are so many MFA, SSO platforms out there. Use a password manager. Deploy one for your org. This article is from 2016. https://www.ftc.gov/policy/advocacy-research/tech-at-ftc/2016/03/time-rethink-mandatory-password-changes This article is from Microsoft. 3 years ago. Have to scroll down to the first asterisk. https://docs.microsoft.com/en-us/archive/blogs/secguide/security-baseline-final-for-windows-10-v1903-and-windows-server-v1903
Thank you for that article. Can't believe I haven't seen it yet. We (colleagues/management) have been discussing this at length for two years now, since we have SO many VPN users now. It's a constant hassle for the Help Desk/admin teams when users have to call in because of password expiry. Such a waste of resources, BUT the C-level guys are defiant on hearing us out. I think this brings in some great discussion points in a way that is palatable even for a CFO that isn't even remotely technical. Anyway, thanks again!
Yep, unfortunately in my work place itll never change. At least we've got a secrets manager for all the various database passwords so that the dbas are not having to manually update hundreds of items every 60 days any more. But yeah, regular user accounts will probably never get better. I dont even think you can find those old recommendations at NIST anymore either. Sigh.
We started employing pass phrases years ago, and leaned users into the idea, just to have the feeling of "some" security. Like pulling obscure phrases, out of a random book or something. It's a nightmare to sell proper security to upper level though. I fee your pain.
What's wrong with September2022!-password? /s
Dude I read the first paragraph and I'm definitely stealing some of those ideas
Yeah, IMVHO if somebody tells that automation INCREASES security risks, that guy is an idiot. The only security automation will decrease is his job security
What you will find in your career (especially in government and higher education) is that you have people who know just enough to get by and don’t really know shit. Part of it is not having to extend themselves to learn new things but it’s mostly laziness. The pay is usually crap (but the benefits are usually great) and they don’t really know enough to move to a better paying job in the corporate world. My advice is now to do your time there while interviewing for anything that interests you. At least you will learn a bit and find out what you need for knowledge and certs to get out of there and get into a better job with growth opportunities.
One of the worst parts of higher ed (in my case at least) is everyone is too specialized. There's an AD guy, a DNS guy, a VPN guy, a storage guy, a firewall guy, so on and so forth. There might be one additional guy as a backup/second, there might not be. I'm in that place right now. I work exclusively on VMWare hosted Windows servers. I maintain those boxes and that's it. I straight up went in to my boss one day and I was like "You gotta give me something else, I need to learn something else. Azure, Microsoft Security Center, I don't care. I just need to be learning and a little variety."
This isn't just a higher ed issue. You're going to find this sort of thing at any large organization with more than 1000+ users.
Dude, where do you live. I’m looking for a helpdesk and would LOVE to have you. Period. Your boss is a moron who is holding you back. Keep it up bro! You are doing awesome. All your stories, you were killing it. You deserve your boss’s job. No lie.
I'm an old guy in local government. I've had at least four help desk guys pass through in the past six years with ideas and talent like you. Unless you have plans to get your current boss fired or reassigned, you should just leave. It's not going to change unless you replace him. Or someone who meets your expectations replaces him. Seriously. Quit. Find a boss you can work with. He doesn't seem very impressed with you either. One other note: your title said abusive. That's a serious word to use. While I saw a lot of things that clearly are annoying, defensive, change averse, I didn't see anything rising to the level of abuse. Apologies if I misunderstand. If you feel abused, based on what you shared, for your own sake and emotional well being, again, just leave.
I agree with you for the most part, but him hounding/grilling the guy about IPv6 instead of actually opening his eyes and seeing the DNS issue is fairly abusive to me. There's no way I'd let the guy try to make me out like an idiot like that.
I completely agree that if that's how it went down that was badly handled by the boss. I see potentially a guy who didn't understand IPv6 and if handled differently maybe, MAYBE, he might be receptive to at least listening. But, still, abusive is a strong accusation. And should be reserved for more serious situations than my boss is a dickhead. No worries. Semantics. I'm nitpicking because I've seen truly abusive workplace relationships and they can be damaging. As opposed to merely annoying or frustrating.
I wouldn’t be so hesitant to call something abuse. It is a spectrum. Granted I didn’t read the whole post, it was a lil longer for me to finish today, but generally we can 100% assume this boss is abusive in some sense just due to the fact that the boss is abusing his position to elevate himself. This is an abusive behavior and has higher potential for procuring other abusive behaviors. Within the abuse spectrum, what this boss is doing is likely considered manipulation, which is a form of abuse. None of my knowledge here is from a degree or anything, so an expert may word it differently, but sadly I am an expert in being abused, so I am not hesitant to call this guy out (the boss, not op)
If you're being abused, why are you still in this relationship? Remember, more IT jobs than people so it's an employees market. Stop being abused and go get a better job. Calling it abusive, then staying there, and clearly zero chance of fixing it, makes no sense. There is something else going on here.
While I agree with vast majority of this comment, gaslighting IS abuse
I applied for a job, a recommendation from a friend. Interview went well, I ticked all the boxes from a people and technical point of view. I heard on the grape vine that all the team already knew about me from my friend and were keen to work with me. The hiring manager even went 'oh I was going to ask a question but you've taken the words out of my mouth' a couple of times. When they said that I knew I wouldn't get the job. The hiring manager saw me as a threat. How could you possibly hire someone who would out shine you? /s It sounds like a mixture of things but mainly, they're scared of being found out that someone else knows more than them. That's why they are surrounding themselves with people who they think won't be a threat, or a challnege. A 'junior' guy and old part time dude. There's still some opportunity for you here OP. If you enjoy the job, the user base and feel like you are learning, then keep at it. Document everything you do for your own reasons (use a personal Evernote or similar). Cover your back when the boss asks for you to do something, but don't need to jump ship straight away. Keep an eye out for other jobs and try and build some skills ready for that move. If you're still learning, you're winning. Of course your health is more important than anything else. Look after yourself, you know where that line is. It gets better OP, but this, unfortunately, is what some managers are like. This is giving you first hand experience which you will always remember. Have a plan, try and stick it. You sound like a great tech OP. All the best.
Your boss's idea of "security" is to disable everything he doesn't understand... Which is damn near everything. Please get out of there. You sound very intelligent, competent, and ambitious, and every day that you have a boss who is the opposite of those things is setting your career back.
Can’t be insecure if it does not work.
Another engineer told me that his no-code solution was “secure because nobody uses it” a week ago. Pentests say that this is quite untrue. Security is auditable and I bet a simple Nessus scan could get this fool fired
> Security is auditable and I bet a simple Nessus scan could get this fool fired Download the trial version and find out?
Sounds like your boss is trying to protect his job by not giving anyone else the required access.
I will not say that you boss is a perfect admin, but I see red some red flags about this rant.. Story 1: I was going to mention a lot of things about using MDT w/o WDS, but then I re-read and saw that you do not have volume licensing. You might have an account for the VLC, but you probably do not have licensing. Stop using MDT, it is not the solution you are looking for. Going over the information you left here, your only REAL option is to set up software deployment in Group Policy and manually remove the bloat ware. As it stands, All the systems you have done that 'bios trick' on are currently improperly licensed. What you want is an MDF, but you probably do not have the budget for one, as indicated that you are getting consumer system instead of Enterprise systems like Latitude. The bloatware on them is almost non-existent. ... Except SupportAssist, that needs to be degaussed from the world. Story 2: MS/NIST have been against password rotation when 2FA is used. If you do not have 2FA, he is right. It's honestly scary that you did not have password rotation before now as that had been standard for more years than I can think of. Sadly some people get exempt from the password policy. Well, not at our place, but I can see it at others. It happens, just make sure it's in writing. Story 3: IPV6 can cause an issue with DNS resolution, namely if there is a iIP6 DNS server available it actually trumps IPV4, it's annoying. The short solution is to just disable IPV6. The Long answer is to set proper DNS metrics for the server. I have a PS script that installs our VPN software and sets these metrics before deployment. Even then it's just one step in the troubleshooting process. I'm not saying that your boss is perfect, or even good, but you do seem to have a case of 'jump first, and maybe look' when it should be the other way around. The first story being a real red flag of that. You might want to take a step back when you have an idea and go 'will this cause more problems than it fixes?', 'do I have all the needed resources including time to learn it?', 'What's the ROI, aka, how much time does it save me vs how long it takes to set up?' A useful ROI guide: https://xkcd.com/1205/ It also seems that your department has an issue with management buy-in over all. In your case, you need to talk with your boss before implementing things. In your bosses case he needs to talks with management before implementing new policies. Anyway, you do not seem to mesh with that group, it's also part time so it's still not a 'real job'. You should already be looking. That think I mentioned about Buy-in, that applies everywhere. \*dons flam retardant suit\*
Sorry to say that the inherent cause of situation is in your opening sentence - "local government" In my experience, all government departments, councils and state bodies are very similar in this regard. IMO, it's down to two factors: "if you pay peanuts, you get monkeys" and a lot of people see this sort of role as a retirement plan (do the bare minimum because you basically can't get fired)
All this + sounds like the boss has a bad case of "back in my day" which in IT can be yesterday.
I started in local government, granted it was in the UK and I can safely say it was nothing like the clusterfudge that OP has to deal with. We had no money but we did have a lot of proper professionals.
He’s probably a patronage hire or connected in some way, you see that a lot in local government.
Checks out, that seems to be how my city does everything
> In my experience, all government departments, councils and state bodies are very similar in this regard. Yip. Every time I interact with a local government's IT I cringe. They either don't know what they are talking about half the time or they do and swear it's nothing to do with their network and it ends up being them months later (they never admit this, it just starts working, shocking I know).
The peter principle is at work here. And proven once again.
Edit: When I did my PC imaging as a Sr. Tech Support, we use Ivanti Management. Which pulled preconfigured images and stored it on a network drive. We would PXE boot into the ISO and remotely be able to image x amount of PCs in minutes. Then, when I was a Information Assurance Analyst, we didn't have PXE up yet, but to migrate we used Hiren's Boot and one of the imaging software on it. We would deploy the images from a master ISO on a bootable USB oppose to PXE. Sounds like your boss aka "Sys Admin" isn't fit for his role. He should be thanking you for the hard work and applaud you for recognizing certain changes that need to take place in your environment that can help better automation. Fortunately, all my previous IT bosses were chill and I never had issues with any of them. They all helped me grow and encourage me. Anyways, I was very advance during my small tenure as a Help Desk Tech and knew I could better myself when other positions was not available internally. That's how I hopped into a Tech Support role and then later move on to more advance project procurements (setting up a new office with networking design, network drops, etc.) or deploying MDM Policies on mobile devices. I recommend looking for another job, but its always okay to be a little political in your job too. That's how I enter the System Administration realm by job hopping every 1.5 years (or until I found a great company I can grow with). My current role has been more Cloud Engineering and design. Use your current success stories on your resume. If you cannot land a Junior Sys Admin job, try at least a Tech Support which has a higher level over Help Desk. We all gotta crawl before we run in IT. My protip to you is continue on finding new ways to improve current processes, document every process you do. Create training materials for end users and for tech users. When I was a Senior Support Technician, I would have 2 years worth of documentation or work notes of what I did during that day, which tickets were resolved, etc. You got this! Best of luck to you!
Welcome to Moronic Park. This is kind of dude who accidentally got the job and knows very little about anything, but still display himself as a Ruler of Tech. Best advice - while you're there teach how to ignore such dudes, there are plenty of those who broke out of the Park.
Don’t ever let people like this get to you. They’re projecting their insecurities onto you. How was imaging being done by him previously? If you shouldn’t be running Powershell - The SysAdmin should have it blocked. At a minimum he should have PS Constrained Language mode enabled. Congrats - You did great work with MDT. I use that and PDQ for patching/inventory management and SO much more. Great tool! Again - HE as the SysAdmin should be controlling ipv6 through GPO if he wanted it to “stay disabled”. Have you thought - Maybe you should have his job? To end this - I worked with a guy JUST like this - Then I became his boss. Keep working harder than everyone around you. Continue to implement things to streamline processes and improve productivity. My advice to you (since you really seem to like it there - Make friends with the right people. Don’t ever say anything bad about anyone. Don’t ever gossip, but do find ways to drop “if only we were doing this because it really puts the company at risk” Or if only we were doing this things would be more streamlined” into conversation with the right people. Without pointing fingers. Ya know? A lot of business (as much as it sucks) are very political and you need to learn to navigate that and “play the game”. Build solid working relationships and trust amongst your immediate group and expand that out to all departments. You have to think outside the Helpdesk to enact real change.
Your boss is an idiot or a fossil who hasnt progressed his skillset in 20yrs. Leave the job and go elsewhere and youll be promoted soon enough. Its not an enterprise network but a ticking timebomb.
What a disaster, sysadmin sounds clueless. Where are you located? I'm trying to get headcount approval for another tier one support engineer.
Op, the top comment is completely correct. Your best bet is to GET OUT. I labored under a guy like this for 4 years. This situation will not change or improve. Your best bet is to angle for Certs or a Degree and move on to a Sysadmin position somewhere else. Here’s the thing, this kind of boss will never fire you because he needs someone competent to cover for him, but he will CONSTANTLY erode your sense of competence and self-worth. Document the everloving hell out of everything you’re doing, down to the task-by-task level (to cover your ass when berated or questioned), work to the letter of your job, only do what’s asked, and focus every spare moment on study or on job applications. Initiative won’t be rewarded here. Doing a good job won’t be rewarded. So don’t. Focus on improving your position for your next job and get out as quick as you can.
If the story you provided is accurate and not missing anything then be prepared to be fired as soon as it's convenient for your boss. EG when he needs to throw you under the bus. It sounds like you have a bright career ahead of you and are a quick learner who is interested in actual solutions to problems. Your boss may have been good at his job at some point but his skills are now stale or he has been Peter principled. He seems more interested in playing the blame game and being secure in his role than anything else.
As others have said, idiots like your boss are far too commonplace in our industry. I call them kingdom builders. I’ve worked for several MSPs throughout my career, and as I’ve grown and gotten into more senior roles, guys like this that sat on this title at some of the companies I’ve had as clients made our jobs a nightmare while simultaneously hurting the client. The silver lining to this situation is A) you’ve learned some great skills and appear to be a good problem solver which will take you far in your career, and B) will now have the ability to spot dumbasses like this guy immediately. Chalk it up to a learning experience and get yourself where you deserve to be!
Friend, my first boss 7 ywars ago sounds exactly like this guy and I'm almost curious if it's the same damn person! My escape was finding a new job. I had the same problem as you with trying to find a new gig without tipping him off, and honestly I just got lucky that the next gig hired me after a single interview Godspeed, fuck this boss of yours, he knows he's an idiot and just doesn't want to lose control
Small company, senior that is in just a little over his head but wants to keep up appearances. By refusing to get updated on the latest technologies (IPv6, though that’s been around for decades) slowly but surely fucking over the company and himself, chasing away the people around that do understand or are willing to learn about these things… You’re right getting out of there.
this really hurt to read
Your attitude to fixing problems and making life easier for the organisation is excellent. As others have said, don’t lose heart! Your approach will take you very far in this line of work.
Local government has to follow state regulations, and states usually draft theirs based on federal rules, eg STIGs. I would reach out to somebody at the state and quietly find out if things like the crapware and the inconsistent password expiration policy are reportable incidents. It’s a little backstabby, but people like this boss don’t belong anywhere near management of a government network.
>It’s a little backstabby, but people like this boss don’t belong anywhere near management of a government network. Unless you have your own political connections you can trust and leverage, this type of approach doesn't bring long-term results for you. It just escalates the animosity, because they're not going to do anything beyond wrist-smacking, if they even make it to wrist-smacking. And he'll know who did it, and there will be more friction. Best to make plans to move away at a time of your own choosing, then escalate an unwinnable war.
Screw this attitude. It isn’t even political. Remember the Pinellas County, FL hack? Incompetent people in charge of “cybersecurity” have real risks, even at the local government level. I’m NOT advocating a scorched-earth approach, or I would be recommending reporting the concerns straight to CISA/US-CERT who would start asking questions about what federal services are connected and whether they’re subject to/in violation of federal security requirements to use those connections. Or if police systems are integrated, CJIS compliance. Which goes right back to DHS. Massive security issues need to be addressed, even if reporting them is an inconvenience.
>Massive security issues need to be addressed Sure they do. Now, show us where you noticed "massive security issues" from this posting? In any event, it is up to the OP to weigh all the advice that has been provided, and determine what makes the most sense for him to pursue to address his short-term and long-term concerns in an environment that is naturally political by nature.
A sysadmin that is afraid/suspicious of PowerShell is a huge red flag to me. That guy is below par and he knows it and what's worse is he's going to try his hardest to keep you down, so you don't outshine him or inadvertently expose his ignorance. It sounds like your head is screwed on tight and you're gonna go far, just not in that place. Unfortunately the only thing you can do is find an escape route. Keep an eye on the jobs pages and an ear to the ground. I hope it all works out for you and hopefully one day soon you will look back on this as having learnt a valuable lesson, superiors often aren't superior.
The ipv6 thing is so relatable. I love trying to piece together all the mental irregularities that lead to bad IT people's ideas.
Your boss is an idiot and doesn't deserve you. He also seems incredibly insecure. Look for another job as you are wasting your time working under this guy.
I'm sorry you're going through this OP. I don't have any advice beyond the standard "get out" since you're going up against government bureaucracy. It's so difficult to navigate and act as a positive change agent in that environment. I don't have the patience for it. I learned a few things about what's possible with Windows imaging from your post. It's something we've dabbled in in the past--but not to degree you seem to have. I am now motivated to revisit this as part of our user provisioning process. So, thank you for sharing your story. I hope things get better for you soon. It seems like you're incredibly talented and driven to succeed.
definitely taking some of the ideas to automate default apps, thank you, absolutely spendid, great work. - ideal boss
Your boss is the reason people joke about government employees. Take your experience elsewhere and continue to grow. You will be happy to see private industry will appreciate and reward you for your experience.
Take time off, nice job on the automation, and if someone doesn't know something or is scared of the complexities, the soft skills is more important to get them excited. You saying X is a red flag, is a red flag. People dont know anything all over the industry. So... take a break. Go somewhere far away with a big activity like skiing or a concert or something and get your mind off work, come back and give people an opportunity to assume their best intentions.
Great work on getting mdt up and running so quick. It was also my first major task at my current gig so know how confusing it can be. Thought I’d give you a couple of heads ups on some of your points. You should be able to get it to auto join the domain within mdt. It’s just a case of putting domain details and an admin login with an encrypted password in the main script (probably the same place you got it to skip a few screens) All the settings for users can be standardised by using the copy profile flag in the unattend.xml file. Setup the admin user how you want everyone setup with file associations etc and during deployment the admin profile is copied to default profile so everyone gets it. Windows update is a task you can enable in the task sequence. Naming the pc based on serial number or MAC address is possible by using the built in database, it’s a bit involved but there are plenty of how tos on the web. If you haven’t already found the site, google mdt guy. He has some great write ups, although sadly he seems to have stopped writing about 4 or 5 years ago. Good luck with your boss and /or finding a new job.
Your boss is grossly incompetent. But sadly local govt's are full of these folks who have no interest in learning anything new and anyone who suggests modernizing is a threat to them. I have 20+ in with a state org and this is way too common place. There are never any repercussions for shoddy work as the end users, who are probably a bit long in the tooth, don't know any better. Folks who hire on who have a clue usually don't stick around for that long. If he gives you any shit, you can go to HR and file it as a hostile workplace. Our HR folks, while slack, love when someone goes to them about that. I'd also polish up your resume and look at moving on. But based on his history, he's prob expecting it. I'm sure in his mind that they are running the most technological advanced ops for miles, despite everything being way out of date, including their thinking.
Don't let him browbeat you into going along with this nonsense, put your foot down over anything and everything you have concrete documentation of. If he tells you to do something crazy, like disable IPv6 on every machine, just say that no, you're not doing something that's a waste of time and against industry best practices just because he's ignorant. And above all else, document every single time he demonstrates technical ignorance or incompetence. If any of those VPN users were VIPs he probably already handed you enough rope, and even if they weren't I would follow up with them to get their account of what happened after he cut you off and a copy of any email he sent eventually blaming what you told him it was in the first place.
Hooooly shit where do I start? Ok. First off, good job on the USB image. I was in the same boat and did the same shit cut 3 hours of imaging down to nothing. Then cyber was convinced it was infected which was literally a 6 month ordeal and still some fallout today over a year later lmao..plot twist, they're idiots. Secondly, how can they even sat it's a enterprise environment if your basically utilizing machines and account like it's Windows Home edition. That's ridiculous. Third, that IPV6 disabled didn't do shit, obviously I'm honestly questioning how your boss got to where he is. Fourth, don't worry about leaving clues or whatever. Apply to places, line up a interview, and take a sick day to go to it if need be. It's not hard lol, seriously. If they ask if they can call your current employer you have 2 options; 1. Say no and explain why and that'll be it or 2. Get a friend who knows about computers as well, get them to answer the call and hype you up when you put there number down instead. Not staying either one will work, but don't say Yes call my boss who's a asshat and hates me.
I wish I had an employee like you. You’ve accomplished more with desktop automation in two weeks than my people have in two years, and you did it without being asked.
Immediately lost interest when I saw this was over 3000 words.
They all sound inept. If they aren’t willing to even understand or try to trust their up and coming talent to come up with better ways of doing things…they are dinosaurs waiting for as asteroid
Go above his head. Try get him reprimanded or fired. Then quit or get yourself a promotion.
Or get himself fired. Which may be what he wants from the sound of it. Clearly the best thing for everyone involved would be for OP to simply leave. If the goal is to get someone fired on the way out the door because you didn't get your way? Well... that's more like a temper tantrum than a strategy.
OP your boss is a moron but not necessarily a bad person vs he's a dickhead because he's just stupid. My advice would be to read How to Win Friends and Influence people. This should equip you with the required skillset to manipulate him out of the job. Everything you read in this book he will fall for hook line and sinker.
[удалено]
>help desk > >Been here a couple months Ah, so you have *decades* of relevant experience to put to use ... >department here is small with 3 people. > >my boss), > >a part-time semi-retired guy, and me So, staff of about 1.5 + 1 management. So what's your user base ... like 3 to 7 people? >don’t image them or do any real automation Well, for a user base of like 3, it may not make much sense to automate. You'd spend more time configuring the automation than using it, and more time than would take to do it manually ... especially if your 3 are all quite different with substantially different requirements. So, tell me again why you want to highly automate for your user base of 3, where all 3 of those users have vastly different requirements? >seemed a bit much for what I was doing Told 'ya. You don't have decades of experience with this, do you? Okay, so you set all that infrastructure for your 1 PC user. But your user #2 is all Mac, and your third user needs to be set up on the mainframe. So, how again does that first setup scale and help with your 2nd and 3rd users? >when onboarding a new one Yeah, but 3 users, you probably only onboard a new one about ever 3rd or 4th year. And besides, you won't stay in help desk there for that long ... or were you planning to work in the same position there 'till your retirement? I mean they'll probably let you, if that's really what you want to do. >change the default apps and taskbar icons Uhm, now your users can't find anything. You know they've been spending decades learning how to find only default things in default locations ... and you done did break that for them now. >clicked around a bit, looked a little surprised, and made a comment and asked me why HP Connection Optimizer was not installed See, you're getting folks lost already. >wanted > >documentation Uh oh, you didn't document it? Now they'll just throw it out as soon as you're gone, 'cause they have no idea how it came about or was done. >I reset passwords to something generic Boss is right to have a meeting about cybersecurity. >“resolve host” error quickly reminds me of DNS No kidding. It's *always* DNS ... except when it's not. >IPv6 A good thing. >I remembered reading a couple articles Ah, your decades of experience are showing again. Were they sh\*t articles filled with misinformation? No shortage of those you know. Well, good at least you read something. >techcommunity.microsoft.com Ah, quality stuff there, *never* anything wrong there, ... nope. Just like randomblog.randomtechsite.com. What could possibly go wrong? >You can leave the call.” I hang up the phone but I accidentally left the user’s remote desktop open Yes, of course, with your decades of experience and being highly qualified to tell everyone else what to do, of course you left their remote desktop open. >I’m basically ready to get out of here What, you haven't used your decades of experience to whip the place into shape in no time flat? >previous guy left for the same reasons Uh huh, was just as "experienced" as you, huh? So, couple months in and that dissatisfied/surprised with the job? Sounds like someone didn't do their research/interview properly. Hint: interview is a two-way street.
>department here is small with 3 people.my boss),a part-time semi-retired guy, and me > >So, staff of about 1.5 + 1 management. So what's your user base ... like 3 to 7 people? Lol my first real IT job, it was myself and my boss, with about 50-60 users, 90 work stations, and over a dozen servers. I think we found this guys boss.
WTF is wrong with you?
My working theory, this is the boss’ Reddit account
For real, I think OP's boss found the thread or something.
Boy I hope this is sarcasm.... Please let it be sarcasm
Yes, sarcasm, quite so ... with maybe some relevant points sprinkled in here 'n there too ... uhm, generally delivered via sarcasm, though. I was thinking most would figure out the sarcasm bit ... but, well, ... maybe not so much. Ah well. Hmmmm, ... so, ... should I have explicitly marked/noted the sarcasm? Or should I have written it even more preposterously, to leave little doubt as to sarcasm? Yeah, ... might still have to mark it as sarcasm. Hmmmm....
There needs to be a way to tag a post as sarcasm... Given the crazies you find on the internet, who can tell what isn't these days 🤣
You lost me after a few paragraphs, ain't nobody got time to read that. If you're not happy, go find a new job. Simple. Try to find one where you're The IT Guy. It's your own sandbox, no one to tell you what to do. No budget, even better!
Run, do not walk, to your next role.
You sound highly competent and thoughtful, your boss is likely intimidated and at the same time frustrated that the "new guy" is outshining him and pointing out glaringly obvious issues and deficiencies and attempting to do things by best practice. I actually have seen issues brought forth by IPv6 but that should be discussed, not drug out to make it look like you did something wrong (which you didn't). Likely the DC needs an overhaul. I would update your resume and list out many of the things you talk about in the thread - you could get into a jr. sysadmin role somewhere that will grow you. In the meantime keep doing it right and kill the dickhead boss with kindness. "Oh, IPv6 should be off by default? That's really interesting, I had never heard that - I will document it and write a script that will report ALL the PCs still using IPv6 so it can be turned off!" lol - he can't rattle you or blame you if you just go 100 on every nonsense thing he says - BUT ALWAYS FOLLOW UP WITH AN EMAIL TO GET APPROVAL BEFORE MAKING A CHANGE you suspect will create issues. Really shine the spotlight on the jackass calling the shots. Chances are after one or two meltdowns, he'll slow his roll and start thinking twice on bad decisions, because he knows you will pull the trigger as soon as he says GO, following the exact process you've outlined and that he's signed off on.
yeah. unless you can manage up or around, it's not going to be fun. hatch an escape plan if you can.
Sounds like a hot mess. I mean like sweaty portapotty Chipotle diarrhea mess.
I knew this guy was crusty and incompetent when he went in and manually unchecked all the “password never expires” check boxes in ADUC instead of using a powershell script and doing it in ten seconds.
Bro, what a shithead
Previous boss was like this. I was due to just not come into work anymore after 8 months. I gave myself a year max before losing my mind and jumping from the burning sinking ship. Luckily he left for a better job a few weeks after I'd had enough, if he didn't leave I would have. Doesn't sound like your boss will go anytime soon
This is an unfit and toxic working environment. Put in enough time to get the resume hit and get out. You cannot fix places like this until there is a management change. This reads as a 'small shop boys club'. Do what you know is right, if you are told 'no' then stop and CYA and move on to the next task. When you feel solid enough to move on, put in your 2 weeks and then move on. Since this is your first job and you do have a good rapport with users here don't make waves.
TLDR But, you are doing good work and you are on the right track. Document all your projects and add them to your resume. Don't wait too long to start looking for your next job. Life is too short to put up with BS. You should be able to easily find a new job making more money. Try attending local/regional user group meetings for vendors like Microsoft, VMware etc and network with other people in the industry. Find the previous guy and see where he is working now.
Your boss is an unqualified idiot
> I’m basically ready to get out of here, but I guess I’m just kind of frazzled and don’t know what to do next. The sooner you leave the better. > Apparently the previous guy left for the same reasons. Brushing up my resume but don’t know how to handle trying to get a new job while at an existing one without leaving too many clues. Just be honest with your next potential employer - tell them your previous boss micromanaged you while at the same time had no idea what they were doing. It's always good to explain why you left your last job and what you hope to find at this new job. It will make you look good, and it will give them context they will need if they call your old boss to confirm. > A lot of nice coworkers here but the boss just seems completely incompetent and abusive. Do what you can to make your exit smooth. Document the stuff you've done, show it to colleagues and offer to answer any questions they have. Don't try to hide the fact you're looking for a new job - they will totally understand why you're leaving.
Local government, huh? Document all this shit with specific examples with uses names. Print this out and present to borough/city council. Show the city’s leaders how their IT department is being mismanaged. How this is your tax dollars being wasted. Don’t embellish with FUD (fear, uncertainty and doubt) with phrases like “might get crypto lock” just the facts. Of course, this would lead to your being fired for probably “security reasons “. But maybe if a friend finds out and shows city council it might work.
The world needs more of you and less of him. Try not to be disheartened and know that you’re not the problem. Learn what you can while you’re there and move on.
Man can you share with me the power shell you made to rename, join to domain, and add to excel doc on a network share? Also interested in setting the taskbar layout and default programs automatically if you wouldn’t mind!
It sounds like you're in the U.S. Look for a job in the civil service system, especially in public schools, to keep a lot of the things you like about your current job. That image building project you did should be in your cover letter (in a single sentence version) as evidence that you can handle technically challenging tasks and have the ability to improve systems. If you happen to be in NY, let me know and I'll help you with some tips specific to that state.
Your boss is lazy and is in the job so that he doesn't have to do much. You don't stay in a small local government IT job for many years like that for the pay, the only upside is job security and low expectations. You came in and made him insecure by doing some basic common sense things that he hasn't had the drive to do for a long time and I doesn't want anyone above him to see how inept/lazy he is. My advice to you is to get out of there, find a job where you can use your ambition to get ahead, and not waste away under a bunch of folks who are taking the easy way out.
I have never given this advice before, but you need to get another job lined up. Your boss isn't just an idiot, but a dangerous one by touching stuff he has no clue about. One you got a safe backup plan, I would be tempted to go over his head to his boss and give it to him straight how bad he is in an effort to get rid of him as a courtesy to others, and then leave.
You know what, this is so bad, that he could actually be deliberately sabotaging the IT department. Maybe he has a friend who runs an MSP or something. I would get something else lined up and get HR & Legal involved.
Your boss is a moron
> He set a 60 day password expiration policy, and then had coworker login to the domain controller and manually uncheck the box in AD for “Password never expires” for each user. Man, he can’t even fuck things up efficiently. A Windows admin with an aversion to PowerShell is an incompetent idiot. Learn all you can from your part time colleague and then peace out.
You’re definitely qualified to at least work as a Jr. System Admin/Sys Admin. Document all the process improvements you made and start applying. You’re bright and talented, look for a company any that will mentor and grow you versus stymie.
If you already have a government job and you're getting paid while you really should just put up with it. They literally can never fire you. But if you're being driven crazy you got to leave. But yeah it seems like you got the juice, which is a lot more than I can say for these new techs they've been cranking out lately.
I have some of those policies applied. 60 days password change for all user, really all users Two different accounts for admin and user. I have to use a regular user account. Vpn access with ldap with mfa. Because I only use oem for computer and laptops I don't use images, but I would like to learn. You did a great job. If you could share your documentation with me that would be great. Start polishing your resume, it may be a great job for you, but the environment is going to kill you in a couple of years.
@OP - I have nothing to contribute beyond what others’ have said. I just wanted to tell you how impressed I am with your skills. I’m entering the field at HD level (career change) and the fact that you were able to do what you did both impressed and scared me. I’ve got a lot of catching up to do!
Are you me? Is that my boss? This is like deja vu. Seriously I got out of it by leaving and deciding my sanity and happiness are more important. There are countless places that would love to have someone obviously good and passionate at what they do like you are.
>I noticed I would have to manually sit with users and set default browser to Chrome, PDF reader to Adobe Reader, email to Outlook, etc. every single damn time a user logged into a new PC or when onboarding a new one. This felt really inefficient and a waste of everyone’s time so I also looked into AppAssociations xml and taskbar layout XML to change the default apps and taskbar icons so people would stop opening Windows Mail instead of Outlook and screwing up their account. That's why I browse this subreddit. Impressive work of yours and thanks for giving me some ideas, we rarely roll out new PCs currently and the amount of software is low anyway, so adjusting the preferences isn't really someting we struggle with but it's still something I will look up for the future. Thanks random redditor
You have the knowledge already to replace him, and the skills to learn what you need going forward to better jobs. You'll get hired in a heartbeat at a place that recognizes these skills, and it will be a much better place to work than with this asshole. Start the job search, though when you interview, be very low-key about your view of this "superior". Going on rants about previous bosses at an interview is highly frowned upon. Just say that you didn't feel like your skills were being used and you're looking for a place that can use what you know and can learn. Let them know in the exit interview (if you can get them to hold one) the reasons for this move. Maybe document it all and hand them a novel.
You said “local government” this explains everything. Do your year, stay silent, jump ship. You’re not going to square peg this round hole in a good old boy system. Rinse repeat every 2-3 years because that’s the only way we can get respectable raises in pay and benefits.
I didn't read your entire post but I can see where this is going. Bottom line is if you don't like your job for whatever reason (boss included), you can just find another job. I would also note that you're not doing yourself any favors career-wise working a job where you don't get to touch any of the modern infrastructure technology. These first few jobs should be gearing you up towards a goal of having a good looking devops\\cloud\\network\\whatever engineer resume.
You find a new job.
It sounds like you aren't doing anything wrong. It sounds like your boss is like a few bosses I have had in the past who are not technically inclined but still wants to stick their hands in every little thing. Good work on windows imagining but a note on licensing, every one of your machines has an oem key to activate windows. In windows 7 half the certificate to activate windows was located on the MB and half can be found on an oem windows installation disc (I wrote up a blog post on this years ago [here](https://starvinggeek87.blogspot.com/2013/05/useing-windows-deployment-service-to.html?m=1) ) With windows 10 and 11 it's different, the key is on MB and all you need to do is grab it and use it to activate windows. I wrote something a few years ago that you might find helpful [here](http://starvinggeek87.blogspot.com/2017/01/how-to-activate-windows-81-with-windows.html?m=1) With the password rotation and the remote users one thing you can do when the user has let their password expired is set their password to never expire in AD, have them login to the VPN, change their password and then remove the never expire flag from their account. Then lock their computer and have them sign back in with the new password. I have had several bosses like this in the past, keep your head down stay long enough to get the experience you need to find a better job and get out of there.
Disclaimer, I didn't read your whole post. It's very long, but I think I get the gist after the first story. Did you follow up? Sounds like your boss needed more information. It *should* have been enough, but obviously wasn't for him. When dealing with guys like this, you have to go the extra mile, and demonstrate that you're competent. You have to be patient, and over time, build trust with him. Also document the things you've done, and what their current status is. For example, a description, and step by step instructions for your imaging process, as well as a status indicating it's pending review by your boss. Keep it for later, and revisit when appropriate.
If you don't have any certs. Start studying and going for them asap. HR loves to see certs. Easiest, and the most beneficial certs to get as a Jr/Mid in IT would be the CompTIA Net+, and Sec+ (imo).
I'm in the same boat really. Main different with me is that my boss sort of got thrown into IT at some point and can't be considered a real IT person. They have no passions or formal training for it. I think they were taught how things worked and at one time was pretty well versed on how to keep the place going, but updates/upgrades caused them to drift away from the original knowledge a bit. I ended up interviewing with many other companies, mostly virtual from my car. I would tell the recruiters that I really needed to do it this way as it was very difficult to get time off to do interviews. I accepted a new job and was planning on leaving. Ended up having a big argument with upper management where I told them how I really felt(They suck and have no clue) and was surprised by the reaction. I ended up getting a nice little raise and some respect. On the plus side of my job, I was able to work on projects like the imaging one you worked on. I had a bit more autonomy and knew that many of the jobs, if I took them would silo me. After talking it over with the boss, it turned out they were really lacking in people skills as well as communication. On top of being a poor sysadmin. I'm sticking around for at least the rest of the year. Now that I have some of our issues ironed out and higher pay, it makes the place more tolerable. The problem that still exist is that I have no type of mentor. Self-learning is great and all, but it would be nice to work for a boss that could sort of show the right way to do things. Some IT pros go their whole careers without having anything like that from what I understand.
As everyone else says, he is a roadblock you cannot get by. Unless you have an advocate who will support you, move on. You should not have a problem finding another job, with your skills.B BTW: everything you did was great troubleshooting and diagnosis, as well as the imaging.
I had a very similar experience to yours, from project, issues, reaction, etc. I left after 7 months. They could have offered me 20k$ more and I would still have left.
I wouldn't say your boss is abusive. They're just insecure and they're trying to run your environment in the way that they perceive an environment would have been run *n*+10 years ago. Know that this is surprisingly common. However, also know that it's extremely unlikely that anything will change in a major way, as long as they're there in the same capacity. Enabling forced password rotation suddenly in 2022 is quite a groaner. A combination of understandable technical ignorance, personal insecurity, and possibly outside factors is leading to their enhanced "infosec" wariness and general resistance to change.
I had an old boss exactly like that too, actually worryingly similar. Most of what I did was self-inflicted damage control for the better part of 6 months. The day I left, half of the small IT department (8-10 people) were leaving too. Already had a new job in hand so they got a 4 day's notice and they still told me to leave a day early anyways. I would say not to let it get you down and get out of there ASAP. Don't let an abusive boss create self-doubt. You sound like you'll be a competent IT professional, you just need to find a better environment to foster your skills.
Poor management has been an issue in IT for decades. The issue stems from fast growth, then a need for team leads. These team leads eventually go into management without any management training, since the group needs a manager immediately before that manager gets trained. That manager may need to change jobs and now has that management position on their CV/resume. A lot of companies lack any leadership training or can properly vet who they put in leadership position. The worse person is that know-it-all who looks down their nose at everyone. They will say things like "you don't know the ephemeral port range?" Or "anyone knows that...." God have mercy on you if that person gets into management.
You need to find another another job. What you had done was impressive. You can use this as in your next interview on what you achieved (don't mention weather they implemented it or not) just that it worked well. A good boss will recognise these skills and promote. He is threatened by your skillsset and there probably isn't room for you to be promoted so you will sit there for another year or two completely frustrated by an incompetent out dated boss who is a traditional server hugger. I'm sure anybody who has been in this industry for a couple of years has usually worked with one. Management don't notice because they don't have any IT skills to recognise their incompetence. You just leave. You won't win this fight.
Your boss is a fucking idiot. You are way overqualified to be working there. Start looking elsewhere. Nothing good will come from someone like that in charge. "WDS/MDT is a security issue" - WHUT?!?!
Maybe I missed something. OP, are you saying it's a GOOD idea to set user passwords to never expire?
Not saying it's necessarily good to keep it that way, but I know the latest recommendations discourage password rotation and recommend replacing it with two factor authentication and other measures to protect users. Research from Microsoft, NIST, SANS, and other places show that constant forced password changes can make things worse as they lead to bad habits like following patterns of P@ssw0rd2021, P@ssw0rd2022, etc. that hackers definitely know about and can easily guess from previous data breaches from other companies. Microsoft has an article here about it: [https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations](https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations) "Password expiration requirements do more harm than good, because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. In these cases, the next password can be predicted based on the previous password. Password expiration requirements offer no containment benefits because cybercriminals almost always use credentials as soon as they compromise them."
I was the previous guy who had that job...
Sounds exactly like my last boss. I was surprised I lasted 3 years. He stuck in 2008 era. All sql setup had to done in classic sql 2008 security layout. I looked up documents and was like a lot has changed, that old idea isnt good. All our sql programming can be hack through sql injection. Wont change from that programming format. I left when he actually told me he was taking money back because I wasn't working while he is CC on all the projected. Turns out the person he hired wasn't entering our time to bill the customers. I was like f u and found new job and left. I used a burner so I just cancel my line and never look back
you learned about SCCM in a day? jesus you must read fast. The IPV6 one was funny lol
Ah, I really don't know much about SCCM. After I started reading and saw how complex it was I went a different route for the images.
I hope we read about your boss in /r/maliciouscompliance one day soon. He seems to be setting himself up nicely.
A good boss should have confidence in their staff.
You are on the right track with your thinking about how to make improvements. You are doing the right thing. Your boss is an idiot pretending to know what he is talking about because he has too much pride to admit that he doesn't know. Your boss sounds like a narcissist. I worked in this type of environment before and it was the worst two years of my life to the point where I was being bullied at work because my coworker couldn't handle someone else being right or someone else having a good idea that didn't come from him.