Quis custodiet ipsos custodes?
June 5, 2007 4:29 PM   Subscribe

IT is taking my work computer for an hour tomorrow for something called "Domain Migration". Is there a way to find out exactly what they're doing?

and are being fully combined as - so it's entirely understandable that they want some more consistency with the networking stuff. They say they need my computer "in order to connect to the new domain from the network", and I believe them (mostly), but I'm still a little paranoid that they're going to start looking over my shoulder.

Is there any way to tell, or anything I should do in anticipation?
posted by puddleglum to Computers & Internet (20 answers total) 1 user marked this as a favorite
It really doesn't take an hour to move a pc from a workgroup to a domain, or even domain to domain. I'd be paranoid also...

Now, if they're giving you a new pc or possibly moving your My Documents to a shared network drive or something, then I can see the data transfer time taking about an hour or so.
posted by starscream at 4:32 PM on June 5, 2007

Well, changing from a local user profile to a domain user profile might take some time to duplicate (depending on the size of the profile) but I'm not sure why they would want to go to the trouble of moving the machine.

Are there more machines in your area? Are they taking them all? I'd be suspicious if you were the only one in the area.
posted by purephase at 4:36 PM on June 5, 2007

You better hope you don't work for the same company as tdreyer1.
posted by The World Famous at 4:40 PM on June 5, 2007 [1 favorite]

Is there a way to find out exactly what they're doing?

You could ask them. Not to be snarky, but there are a number of reasons why they might want the machine on a bench to do the migration. Knowing what I know now, I could contrive reasons until the cows came home.

But honestly, the easiest way to find out is to ask, I can't imagine that they wouldn't tell you whats up.
posted by Pogo_Fuzzybutt at 4:57 PM on June 5, 2007

I had my PC "domain migrated" a few months ago. And it took an hour and a half, because in my case it involved a fair bit of manual configuration of things...permissions, site-wide software, moving over my user profile. However, I also had a fairly incompetent IT guy. And they did it at my desk, they didn't take the computer away.
posted by Jimbob at 4:57 PM on June 5, 2007

Survey Reveals Scandal of Snooping IT Staff
"IT staff routinely snoop on users, riffling through their e-mails and personal files, a newly released survey has found.

One IT administrator laughingly said: 'Why does it surprise you that so many of us snoop around your files, wouldn't you, if you had secret access to anything you can get your hands on?'

Few ordinary users realize that one in three of their IT work colleagues are snooping through company systems, peeking at confidential information such as your private files, wage data, personal e-mails, and HR background, using admin privileges.

These are the findings of a survey released today by digital vaulting specialist Cyber-Ark Software..."
posted by ericb at 4:58 PM on June 5, 2007

I have budgeted more time for jobs than I actually needed. Domain migration is not impossible but not trivial, either.
posted by Blazecock Pileon at 4:59 PM on June 5, 2007

I've had to do this with 50-60 computers where I am the sole admin. I don't think you have much to worry about especially if this is for a number of computers, that's usually how migrations occur. What strikes me from users is when they get all paranoid about me touching their machine. What are you worried about? Anyway, we have a job to do just as you do.

Reasons you don't have to worry:
1. We are pretty busy getting this migration done
2. I don't have time to poke through your files
3. Transferring your files, if they are scattered all over, can be a time consuming process
4. Computer techs often build in 25%-50% more time than they need in case of some huge problem. Be they from your machine or the person behind or next in line.
posted by ronmexico at 5:00 PM on June 5, 2007 [1 favorite]

I doubt you have any reason to worry. They may even be re-imaging the machine if this is going on company wide, and if this is the case, they the hour window to do so and move your profile over.
posted by B(oYo)BIES at 5:07 PM on June 5, 2007

they're probably going to use the files and settings transfer wizard to migrate your settings to a new domain.

Be happy that they're upgrading the back end and make them a cup of tea.

It'd also be nice if you said thanks.
posted by chuckdarwin at 5:19 PM on June 5, 2007 [2 favorites]

It's all about managing expectations. If I tell you an hour and finish in 15 minutes, you'll think I did a fast job. But if I tell you I can do it in 15 minutes and end up spending an hour because your machine has a messed-up network setting, then you'll be pissed I'm taking so long. It also lets the IT staff work undisturbed for batches of time instead of having to be bothered every few minutes to pick up and hand off machines.

I think that article is a bit misleading. IT staff are usually poking around the network because they're bored so they entertain themselves by seeing what others have on their machines. I know that's not very reassuring but it's all rather harmless.
posted by junesix at 5:26 PM on June 5, 2007

Listen to ronmexico. He is on the money with this. It doesn't usually take a whole hour, but it does take a bit to make sure you've got everything, and you have to allow time for surprises and interruptions.

When you've got a pantload of migrations to get accomplished, the last thing an admin is going to waste time on is peeking at your downloaded porn and MP3s. And if they were installing snoopware, they would not be doing it in such an overt way.
posted by briank at 5:32 PM on June 5, 2007

I do this stuff every day. It sounds pretty reasonable to me. Like others have said, when you move to a new domain using XP, your profile needs to be moved. Sometimes new apps need to be installed. And if they're competent, they'll test it when they're done. An hour seems fair to me.
posted by ninjew at 5:53 PM on June 5, 2007

If I'm poking through somebody else's emails, I'm doing it to train a spam filter or make sure some other aspect of a new email client has been exercised and Just Works for the poor bunny who's going to end up using it. Within extremely wide limits, I don't give a rat's arse for individual users' kinks and quirks. Sysadmins are like doctors in that respect: we've seen everything, and not much raises an eyebrow.

If you've clearly been using the company network to download Dog-and-Pony Porn Extra Hott, I'd be coming to have a quiet word with you to tell you it's gone, and suggest that perhaps in future you want to keep that stuff where nobody else is going to stumble across it (do you remember the X-ray guy in Jackass 1? That kind of feel). You'd probably be embarrassed as hell, but all I'd really be concerned about is saving two and a half gigs worth of backup space.

If you've left a clearly non-fictional direct confession to murder in your local email client's Deleted folder, or filled up My Pictures with kiddy-fiddler images, I'd be doing essentially the same thing, but bringing my manager with me to assure my own personal safety.

Anything short of that would be mentally filed under Other People's Private Life Drama, and left alone.

What you should do in anticipation of using a work computer, regardless of how it ends up managed, is give up any expectation that anything personal you leave on it will remain indefinitely undiscovered, or even remain indefinitely available. You can expect and demand security and high availability for work-related stuff, but sysadmins are not paid to safeguard your personal privacy.
posted by flabdablet at 6:04 PM on June 5, 2007

starscream writes "It really doesn't take an hour to move a pc from a workgroup to a domain, or even domain to domain. I'd be paranoid also..."

Having done this for an organization twice; an hour is quite a reasonable time estimate. You need to allow some time for time conflicts, possible computer name changes, and they may be upgrading some other software at the same time. Both times I did this (Old domain -> new domain and new domain -> Active directory) we changed antivirus providers at the same time. The first time we also had to reset user profiles because of some configuration change with Exchange that was rolled out concurrent with the domain name change. 20-30 minutes is a good average time if everything goes right.

Besides as IT if you have a job that you think will take 15 and you say "It'll take and hour" and deliver in 30 minutes everyone thinks you are a hero. Say "It'll take 15 minutes" and deliver in 30 and everyone thinks you are incompetent.

Or on preview what everyone else said.
posted by Mitheral at 6:28 PM on June 5, 2007

Most PC techs really don't care what you're up to. Until about the ninth time your porn-surfing gets your machine infested with a Trojan and someone takes over the network because you have too many rights on the domain, anyway. Then ... then they will slaughter you.
posted by adipocere at 6:43 PM on June 5, 2007

I think they only specified an hour so you could plan to be doing something else doing that time, and wouldn't start calling at the 15 minute mark asking, "You guys done yet?"

As for them looking over your shoulder, it's a work PC - don't entertain any notions of privacy. We don't care what you're up to, but we will make fun (amongst ourselves) of your downloaded porn and e-book romance novels (yes, I actually found a huge stash of these). If an administrator asks us to monitor your internet use etc..., we can and will.

Along the lines of what flabdabet said, "I'd be coming to have a quiet word with you to tell you it's gone, and suggest that perhaps in future you want to keep that stuff where nobody else is going to stumble across..." - I used to be nice like that, but got burned, so now it's either ignore/delete/accidentally forward.
posted by Liosliath at 7:02 PM on June 5, 2007

I administrate a good number of Windows servers, and let me tell you, I never allot the amount of time I think it'll take to get something done. I usually say it'll take double, and this is for two reasons. 1) If something goes wrong 2) When I get done far earlier, I look like a miracle worker. I learned #2 from Scotty.
posted by cellphone at 7:42 PM on June 5, 2007

Thanks, everyone. You've helped put my mind at ease (mostly). The hour is scheduled for my whole team (there are 8 of us), so I'm not worried about them snooping around in that time (there's nothing to worry about on the computer, anyway).

Along with the domain migration, they mentioned something about "enhanced security measures" - something about not being able to turn off the firewall (which I don't know anything about anyway), and installing a password-protected screen saver (I've made a good habit of locking my computer when I'm away from it, so no real change there either).

I guess I was just worried that they'd install some Orwellian snoopware while they were in there (something along the lines of what tdreyer1's up to) - although again, I haven't been doing anything illegal or unethical.
posted by puddleglum at 10:40 PM on June 5, 2007

I guess I was just worried that they'd install some Orwellian snoopware while they were in there

You should be. They own the machine. If they didn't install a keylogger, they can at any time. A domain admin can get access to every file on the PC.

Seriously. This is a work PC.

1) They own the machine.

2) They own *every* bit of data you put on it.

The right answer -- the only answer, given the US legal climate. Do *not* put ANY personal information on a work computer. Period. Do *not* use a work computer for ANY activity that even smells inappropriate. Assume that every bit of data is logged and read by reporters eager to publish your actions on CNN.

I'm not into the "if you're surfing the net, you're not working" BS -- you are hired to do a job, if you do it well, that's what you're paid to do. But if you want a computer with an expectation of privacy, buy one.

I deliberately correct people when they talk about "my PC" at the office, because I want them thinking correctly. The work PC is a damn useful tool, but it's not your tool, and it's not your friend, and in an age of zero tolerance, one file in the wrong place means you've just lost your job -- at best.

It sucks -- but this is the way that it is.

So: Assume they are reading every file. Assume they are reading your email. Assume they're logging every keystroke.
posted by eriko at 5:05 AM on June 6, 2007

« Older AIM buddy statistics   |   How do you deal with workplaces that don't work? Newer »
This thread is closed to new comments.