Lil Miss Clackamas fucked around with this message at 14:54 on Sep 10, 2014

• Despite being a "senior sysadmin", I have almost no sysadmin access to much of anything. I don't even have read-only access to critical things like MECM logs, so I have no way to troubleshoot deployment issues.
  
• Admin passwords used by IT staff are stored in plaintext in an Excel spreadsheet on the on-prem file server.
  
• Until I fixed this after I started, they had no way to deploy computers remotely to people (in a god drat loving work from home pandemic no less). Every new hire was required to come on site to the office and made to stand outside the front doors while a cart with a computer connected via ethernet was rolled out to them so they could login and generate their profile for the first time. They were completely and utterly unprepared for the pandemic, and then made no attempts to do so during.
  
• AD is a complete and utter disaster. Everything is still on-prem. There isn't even a standardized naming convention - it's all across the board (managers can even dictate what the username will be). They think going to Okta will fix all of their problems (it won't).
  
• They use a custom database that was built-in house 20 years ago that mimics what AD does (storing user info fields), but 100x worse. The database sits between AD and apps that should normally just connect directly to AD, and then overwrites AD and/or the app.
  
• Making a change in this database, such as activating MFA, involves clicking a button to activate MFA. This then sends a ticket to a separate team that manages MFA, who then manually creates the user in the MFA app. When I ask why we don't just plug directly into AD instead, I'm ignored. This is how it works for basically every other app/system in use.
  
• AAD has sat unused for years and years. There's apparently a team "working on it", but I'm not allowed to even look at it.
  
• A separate team manages everything. There is a separate team for the domain, a team for Google Workspace, a team for MECM, a team for the firewalls, a team for the WiFi, a team for phones, and so forth. Making any changes to these systems requires asking these teams "pretty please" over email and hoping they follow through within the week - assuming the change isn't denied.
  
• Speaking of, "decisions" are made via "committees". These committees include a small subset of actual IT staff who are apparently appointed for life, because when I asked to be on one of these committees, I was told that a slot would open up when someone retires.
  
• A manager in charge of the infrastructure told me flat out in a meeting that "we don't follow best practices here because they don't serve the unique needs of our users".
  
• Despite a staff of only a few hundred people, about 10% of them are sysadmins. This is not a tech company.
  
• They still use .bat files for everything. I handed a more senior sysadmin above me a very simple PowerShell script I threw together. They had no idea how to use it.
  
• EAP-TLS is used for wifi security, which means 90% of my job is manually generating supplicant certificates and then having to deploy them manually on each computer. When I asked 6 months ago that we switch over to something sensible so I didn't have to do this, like PEAP-MSCHAPv2, I was told 6 months later that "we're still discussing a plan".
  
• The network security on the ethernet is just MAC whitelisting, which also requires me to manually add each and every single device (computers, docks, phones, etc) into the system.
  
• No "real" ticketing system - Jira is used for everything, using system defaults, and it's a nightmare. Not as bad as using Saleseforce though. Half of the users still call into a phone line, leave a voicemail, and then we have to manually generate a ticket for the voicemail.