Neon-komputadór

User, Account and Computer Management

Assuming that a systems administrator has made accurate decisions concerning the purchase, implementation and management of hardware, operating systems and applications, the only major concern of note is computer naming. The Ministry of Foreign Affairs and Cooperation has a detailed naming policy that follows the recommendations of the Internet Network Working Group. One feature includes a differentiation between computers, the persons using the computer and its location. Another is the avoidance of antagonistic names (for obvious reasons) - no one wants to work on a computer called "useless". For technical reasons the use of domain, domain-like names, numerical or names that can be converted into hexadecimal digits (eg., FFHAG) must be avoided. There should be no expectations that upper and lower case will be preserved either and names that are difficult to remember are not recommended.

Computer naming is not as trivial as it initially seems. Network technologies and hardware evolves and changes and it is essential that a system administrator plan computer names in a manner that caters for these changes whilst at the same time allows redundancy and scalability. Whilst system administrators may make reasonably educated guesses at what direction computer technology may take in the future, it is strongly preferable to design a system that works universally rather than implement a system on the basis of what can never be more than an educated guess. After all, ten years ago the most common network protocol was Novell Networking. IBM's Token Ring typology would have probably been a most likely choice. Today the star typology with Ethernet network interface cards and UTP cables under the TCP/IP protocol is the most common.

Some computer names should be named after the service that they provide - the most common probably being "www", which is used on webservers all over the world. In general however, the use of scalable an appropriate themes is highly recommended. Further, users enjoy themes as it allows them some management and personalized input to the computer management process. A scientific organization could name computers after famous scientists (newton, galileo, davinci, copernicus, einstein), or an arts institution after artists (michaelangelo, davinci, picasso). The Ministry of Foreign Affairs has chosen international cities to be its theme (washington, paris, geneva, berlin). The Ministry of Internal Affairs may wish to choose local villages - although care is recommended here as it is not recommended that themes are chosen that can cause reference confusion (e.g., "Senhor Leonardo is using Viqueque" - is that a political or a technical statement?).

In addition to providing a proper naming system for network hosts a system administrator must also manage users, their accounts, email addresses (both internal and external) and groups. In MS-Windows 2000 the Active Directory is used to set new user and group accounts and set privileges for the user and groups. In Linux, the linuxconf tool is used for a GUI system. Discussion about password policy, logon hours and access to dial-in services is reserved for the section on Security. There is some debate of the implementation of users, account and email addresses and there's no universally accepted standard. However there are some universal concerns and general rules that should be implemented by the system administrator.

Firstly, users need to have permissions to access the files, directories and services that they require. It is strongly recommended that these are managed in groups, rather than having to engage in the time-consuming process of individually manipulating permissions every time there is a change. Users can belong to multiple groups simultaneously. Secondly, the use of shared or group accounts and email addresses, however, is emphatically rejected as a serious security risk. If 10 users access the same account or email address there is absolutely no level of accountability. Thirdly, although many system administrators debate this, a differentiation is recommended between users and accounts. The reason for this is that a user may have multiple tasks within the same organization. A system administrator for example, should have two accounts, one for their system administration tasks - which should only be used for such tasks and a general user account for their general use. A single email address can be associated with each account. Finally, email addresses should be designed in a way that is scalable and unlikely to result in antagonistic or otherwise unfortunate results. The simplest method is to use firstname.surname@domain.

Training, technical support and policy implementation is perhaps one of the most difficult tasks for a system administrator. Many users simply ignore and matter relating to computer policy or procedures incorrectly assuming that these are just technical matters when in reality, they are administrative concerns and are critical for financial and productive efficiency of an organization. Training is perhaps the most immediate solution to these problems. The general idea is that by training users in relatively easy tasks they will be able to implement these themselves, thus providing additional time for system administrators to concentrate on the most difficult tasks. To do this training needs to be implemented at a pace that users can understand, it must encourage them to their own research and the experience of training must be an enjoyable experience. Training manuals, orientation guides and person-to-person tutoring are somewhat time-consuming but in the long run effective aids to reducing costs within an organization. When performing technical administrative tasks on a user's computer is it worthwhile explaining what is going on as you are doing it, and provide the user an opportunity to raise questions or assist in the process.

Without getting too deeply into the philosophy of education, there are two general training and education trends and the author here will admit a very strong bias. The first, is what can be termed "corporate professional training". This method of training concentrates on one particular suite of applications or operating system and is orientated towards computer novices. Whilst some of this is undoubtedly useful, the problem is that this methodology ensures that the recipient will remain a novice, albeit a well-trained one. Applications are not complex or difficult programs, although they may be extraordinarily featured with an enormous range of options. It is quite possible to waste extraordinary amounts of time and money teaching every detail of an application, which is rarely used, accessible by the help files anyway and will have to be updated regularly when the next version of the application is released.

The alternative is what can be termed, without any pejorative meaning, "collective hacker education". Rather than concentrate on a single aspect of the computer system this method introduces the student to the whole computer system of integrated parts, as the whole of knowledge will be greater than the sum of its parts. Careful attention is paid to the level of detail to ensure that the student receives sufficient and necessary information to understand how the part fits into the whole and that the training is dominated not towards vendor-specific services, but rather ideas and concepts which encourage further mental development and investigation. This education method tends to be very cost-effective in the long-term with permanent knowledge gained, so rather than a well-trained novice, the student is a beginner hacker.

A Note on Etymology: The Hacker

If you believe the popular press, a hacker is a malicious computer intruder who is only interested in destructive activity, breaking passwords, stealing data or infecting your computer with viruses. Whilst undoubtedly some hackers are like this, the overwhelming majority are not.

Hackers were the original computer users largely based at the Massachusetts Institute of Technology during the 1960s and developed an irreverent, but technologically savvy culture which has had a profound and lasting effect on the entire world. These hackers emphasized the need to "yield on the hands-on-imperative" - whilst book learning and references have their uses doing is the best teacher. Rejecting formal criteria and distrusting authority, these hackers believed in results and the decentralization of power and resources. They sincerely believed that computers could change the world for the better, could create art and beauty and that all information should be free.

It was these hackers that went on to develop, build and distribute the first personal computers - "computers for the people" - away from the iconic centralized mainframe. The Internet was built by hackers, thousands of people donating their time and energy and knowledge through the open committees and working groups of the Internet Engineering Task Force. And it is hackers today who painstakingly build open source and freely distributable computer programs.

The term "hack" gives some understanding of the thinking behind a hacker. "Hack", as a verb, means "to carve roughly" and suggests something that produces what is required but not necessarily according to accepted standards. This application is still used in journalism, literature and politics. However, it has come to mean behaviour, results and persons who are both deep and creative that can produce exacting, elegant applications. The way to understand this is to understand it as part of the evolution of technology. All technology is initially driven by necessity, it is crude and imperfect in its original application is arduous to perform and requires the time-consuming tasks of analyzing and testing the constituent components and finding improvements. It is through such a process that crude, imperfect technologies end up providing functional and precise applications.

If you believe that computers can change the world for the better through decentralization and freedom of information, if you are prepared to learn how the machines work by using the machines and if you are prepared to share what you know with others, then congratulations. You are already a hacker.

Policy development follows a similar procedure. Many organizations rely on the system administrator to initiate and develop policy. In some cases however, these policies are not published or discussed by the users at large, creating an environment where the organization is dependent on the system administrator's knowledge and inevitable whims (even the most logical person has their limits). This is not good strategy - word of mouth policy development may be sufficient for very small organizations but anything larger than a few people needs policies to be published and discussed. A systems administrator should publish initial policy guidelines, including exceptions, distribute them for discussion among users and confirm that the policies are accepted. In the overwhelming majority of cases these will be accepted, as this is an area that the administrator is experienced in, but nonetheless avoiding a sense of fiat creates a healthy working atmosphere.

Perhaps the most important policy that a system administrator can develop is a Network Use Policy (also known as an Acceptable Use Police, or Terms of Service Policy). These are the basic ground rules which all users must abide by. A network use policy should state quite clearly what a computer network is to be used for and what it isn't to be used for, who can make use of the computer resources and who cannot, what is appropriate communication from an organization and what is inappropriate. The general principle that should be used here is to be extremely strict about use of any communications that identify the user as part of the organization (as the organization may be liable for the individual's actions), to be quite strict about resource use during work hours and to be somewhat lenient about resource use outside of work hours. This ensures a more productive workplace and relieves managers from the concerns that staff aren't "just looking up things on the Internet", provides workers with technical resources and most importantly, provides a written statement of rights and responsibilities.

Regardless of all this, there are some users who are simply intransigent, if not downright rude. They will expect the system administrator to cater for their every need, that their needs are more important than others, that policy directives are to be ignored and training offers are rejected. Unfortunately people like this exist all over the world in every organization and exist regardless of culture, color or creed. System administrator culture has developed a term for such people - "lusers" and they commonly wish there was such an implement as a "LART" ("luser adjustment realignment tool" - usually a big stick). In the absence of such carnage causing devices, system administrators simply have to put up with such people. Rather than punishing them, clear procedures need to be established about tasks, priorities and use of technical resources. Such people invariably make inefficient demands on an administrator's or technicians request with trivial requests. Rather than submitting to these requests they simply should be allocated the priority that they deserve. If they become demanding, simply point out that (a) the priority of the task is low as there are more important concerns and (b) training has been provided in the past for such tasks which they had the opportunity to take up and therefore (c) their situation is of the own creation and that they must either do their own research now, or simply wait. As recommended in the previous section, one related point is to ensure that all technical requests are documented as part of a general database for the network.

In other words, provide the minimum assistance to those who refuse to learn and help those who do. Whilst system administrators and technicians are usually the sort of people who want to help others, they shouldn't let themselves be used by arrogant and demanding individuals. The time and skills of administrators and technicians are far too important to be wasted and it is inefficient and costly for them to be wasted. Establishing procedures or having a job description that provides a sense of prioritization and flexibility allows system administrators and technicians to avoid the perils of having their time wasted at the whim of others, which ensures that strategic plans are never met, or being perceived as inaccessible, which causes users (and managers) to blame the administrator or technicians for their failures. At the end of the day, an environment of polite, efficient and self-motivated computer users creates a productive, efficient and effective work environment.