Grr… When VPN breaks…


Sometimes, I really pity the folks that run Microsoft’s internal IT… because they are simultaneously assaulted by the entire spectrum of Microsoft technology users yet are ultimately at the short end of any IT “straw”.


From the “newbie” users to folks like Raymond Chen, they have to maintain a network access infrastructure that both “prevent some of us from harming ourselves and others” while not getting in the Power User’s way. And they have to do it in a way that does not seriously annoy anyone in Windows, Office, etc who has code-change privileges (or are otherwise clever enough) to render any of their IT admin scripts useless. 😉 I admit, it is a tough balancing act, and I do not envy their position.


So, it is with great regret that I have to complain about the network changes that happened sometime in the past 24 hours that made our VPN experience completely useless. You can VPN in from Home, but then you cannot access any internal network resources, nor can you access any external network resources on the Internet. Basically, you VPN to LOSE network access to everything but your local network.


But wait a minute… isn’t the whole POINT of VPN is to gain remote access into the Internal network and resources? How can anyone roll out a change that basically renders VPN useless? It really makes me wonder… is this a joke? Has someone taken security too far? Sure, one way to secure something is to deny everyone access to it, but it also diminishes that item’s utility.


I mean, I already burned yesterday evening not doing work I wanted to do. That is real productivity lost. Oh, yes, I assure you that VPN managed to connect. I heard similar, independent comments from co-workers today, so I know it is not my isolated incident nor isolated productivity loss.


Now, I have a suspicion as to the cause, but I will wait for MS IT to fix it. In the mean time, I already have my work-around in place. I am not going to say what it is, and as usual, MS IT may not like it, but they can take a flying leap! I need to get my work done; I probably know and practice more secure computing than they [they obviously do not run as non-admin; QED]; and I do not hesitate pulling out the MS Employee trump card.


Who said Life is fair? 😉


//David

Comments (4)

  1. Phylyp says:

    Too right!

    I think it’s often easier being in IT services for a non-software company (banks, mfg companies, etc.).

    If you’re IT in a s/w company you’re probably banging heads against power users who generally *hate* anyone else managing their precious (use Gollum’s pronunciation) PC + associated stuff.

    I’m a developer in an IT company that has strict IT policies about installing unapproved s/w. There are times when I need a quick tool written in C#. But, as I’m not a dedicated .NET developer, I cannot get approval for Visual Studio.NET. If I need the Express editions, I need a laundry list of approvals.

    Easy way out? Just install the dang s/w on the quiet 🙂

    Funny to see that (some) MS developers are also as sneaky!

  2. Phylyp says:

    This brings up another interesting difference of mindset.

    Consider any beta/CTP software from MS, and there’s a warning: Don’t install this on a production box.

    Practically, I think this means: don’t install this on a box running your enterprise’s SQL Server, Exchange, etc. instances, YSLE.

    For a developer: their PC is their playground. They’d like to install any and all software that they can get their hands on. Including CTPs and Betas.

    For the IT person supporting the developer’s PC: the PC must be preserved in the pristine, virginal state it was when it was imaged and deployed.

    Good ol’ tug of war.

  3. You might want to think twice about hacking around any aspect of company security, no matter how brain-dead.

    Randal Schwartz got nailed by Intel for something very similar.

    http://www.lightlink.com/spacenka/fors/

    Not that I’m fanatic or anything, but ever since, all my new computers have used AMD chips.

  4. David.Wang says:

    Preston – hehe… personally, if Microsoft’s policies become so draconian and procedural that one loses the ability to "do the right thing", then I have no regrets departing because it would no longer be a company I want to work for.

    In my case, I did not do anything to any company resource. It’s what I *didn’t* do that made the difference… 🙂

    //David