Thursday, March 10, 2005

Technology as Management

I work for a company that proudly bills itself as a lean manufacturing company. That's a euphemism for "a company with too few managers because we're too cheap to hire more." So at every opportunity, they manage with technology.

One example is how they decided to limit Internet access and game playing among the hardworking, hourly workers who assemble and test our products, and upon whom our livelihood depends. The big boss doesn't want them to fritter away valuable time. Time is money, and all that. He also prefers to sit in his office rather than walk among them.

At the time, I was a "sort of" member of the IT team. The first thing we did was install Microsoft's System Management Server (SMS). We did this not to address the time frittering issue, but because SMS was really cool. We loved playing with SMS.

My favorite aspect of SMS was the way it would run programs at certain times on remote computers. I used it to deploy virus updates, before we switched to an enterprise virus tool.

SMS could also restrict certain users from running certain programs at certain times of the day. So we used it to restrict Internet Explorer, Solitaire, Freecell, Minesweeper, and so forth.

Of course, it was easy to circumvent SMS restrictions simply by renaming the restricted file names. One could rename IEXPLORE.EXE to MSACCESS.EXE, for example. I knew this at the very beginning. I'm not sure whether the other IT guys did. I didn't bother to mention it. I felt that anyone smart enough to figure this out should be rewarded. I knew that the big boss didn't know this. He seemed satisfied that we had an answer to his issue, a technological answer in fact.

So we went on like this for a good while. And I'm proud to say that we had only one case of virus infection (Melissa), and I shut the email server's service before it spread to other computers.

But SMS was a resource hog. If the network was busy or the server was slow, we'd experience a frown-inducing delay before running any application because the computer needed to wait for SMS to say, "Yes, you can run the program this time (but don't make a habit of it.)" So when we hired the full time IT guy, he brought in an enterprise virus tool and eradicated SMS.

The new guy approached this issue differently than we did. He took the request seriously. He was determined to make his solution work. What he did was this. He renamed IEXPLORE.EXE to something else, and set its folder's local permissions to deny access. He omitted the standard games from the installation. And he set peoples' local accounts as user accounts as opposed to administrator accounts. That's to prevent them from installing games or other web browsers.

By then, programs had evolved to offer HTML-based help, which required IE. Restrict IE, and you restrict access to help. Although I mentioned this to him, it wasn't until I told him I needed everybody to use IE that he came up with a new idea. He set the IP address of the default gateway on certain computers to a bogus value. The default gateway is the address of the computer or router that traffic needs to go to in order to get on the Internet. If that address is not known, a computer cannot access the Internet.

This is the current method of limiting Internet access. IE is free to open local files or network-based files. Yet no programs can access the Internet. So it has the added benefit of preventing "malware" from "phoning home."

As nice as this seems, there's still a problem. Suppose someone who's allowed to access the Internet needs to use one of the restricted computer? No dice.

Anyway, this "locking the cookie jar" technique of barring Internet access really does ensure people won't waste time on the Internet. That's because they'll be wasting time figuring out how to gain access! As well, it sends the message, "We don't trust you to do your job. We'd rather micromanage your job rather than support your growth." It's how you treat children.

Why not be smart about this? If people are so bored (or addicted or lazy) that they'd rather fool around on the computer and risk losing their jobs, treat the boredom (or addiction or laziness.) Have a merit-based reward system in place. Make sure they always have work to do (but not too much).


Anonymous said...

Mmm, yes, Government Internship = playing "The Realm" all day. It was a crappy job anyways, and taught me one valuable lesson: I didn't want to work in an environment like that again. The funny thing was, the other two guys who worked in the same room as me would play a strategy game over the network after hours, with the speakers blaring. Ze irony. Or something.


Luddite Geek said...

I had a similar type of summer job at one of the National Laboratories. I had so much "free" time on my hands, I taught myself C++.

Anonymous said...

Yeah I did a lot of bogus HTML projects just to fill the time and practice coding. And I got to play with Cold Fushion but I wouldn't be able to do squat with it now if my life depended on it. I barely touched the surface at that job... and of course I don't have the program myself.

C++ eh? I learned a bit of that in my doomed attempt at a CS major. I still have the book from the first class that I liked, but I haven't touched it since. Maybe someday... hmm, thing number 13,428 on the back burner! LOL


Luddite Geek said...

"I got to play with Cold Fushion but I wouldn't be able to do squat with it now if my life depended on it."

Same with me and C++. But it did come in handy for a computer emulator project I had to write for school a few months later.