For ten years (up until I changed jobs last fall) I served as a “Domain Administrator” at work. Among other things, having Domain Admin access gave me administrator access to every server (hundreds) and workstation (thousands) in our domain. Administrator access gave me the technical ability to (again, among other things) connect to any machine that was a member of our domain to examine its logs and browse its hard drive(s).
The key word there is “technical” — it didn’t give me the authority to do so, at least not without cause. In most operating environments, user actions are logged. By default, Windows machines log all incoming connections, which means any time I connected to a user’s machine there was a record of it. Trust me on that one; I once received a call from an angry Computer Specialist demanding to know what I was doing trying to connect to his server all night long. Turns out, I had a scheduled nightly backup process that was attempting to connect to a share that no longer existed on that server. It was an honest and harmless mistake, but that didn’t stop me from having to explain it to ten different people ten different times.
When you have that level of access, users become paranoid that you’re pilfering through their computer, looking at their “stuff”. My “official” answer was always that, well, it wasn’t *their* computer — it was the government’s. Even today, every time I log on to my computer, a big banner pops up and reminds me of that fact. It also states that anything I do can be logged or monitored. People have a sense of personal ownership and privacy when it comes to the computer that they use on a daily basis, but it’s not so.
The “unofficial” answer, however, might surprise you. Unofficially, none of us had time to look at people’s data. At my old job, three of us managed a domain for 6,500 users. None of us had the time (nor the incentive) to randomly select someone’s workstation and browse the contents of their hard drive. People would get so bent out of shape over the fact that I had the ability to peek into their My Documents folder or their network home drive and thumb through their documents, but the reality was we were way too busy to be doing that. And when we did have moments of down time, the last thing I wanted to do was look at someone else’s vacation photos or search the network for small pools of mp3s.
One thing I learned while serving as a domain admin is that there are two answers to every question — the technical answer and the (for lack of a better word) the political answer. For example, this question came up a lot: “Can you reboot Server_X?” If Server_X was not one of mine but existed in our domain, then the technical answer was “Yes” and the political answer was “No”. It took me a long time to learn where that line was and I’m not sure I ever mastered it. Every network administrator has been in the position where they had the technical ability to fix a problem that politically they probably shouldn’t be dealing. What do you do when a server has locked up, users are yelling at you because (A) they can’t work and (B) no one can get ahold of the program manager, technically you have the ability to reboot it, and politically it’s not your problem? There was always a technical and a political side to everything. Technically, yes, I could have looked at people’s hard drives. Politically, um, no. Not a good idea.
Changing from “specifics” to “generalizations” here (I made that distinction because I am no longer talking specifically about where I work), there probably are people or at least scripts that look at your data. All large and most medium-sized companies at this point monitor the network traffic that flows through their firewall — and by traffic I mean both what comes in and what goes out. E-mail, instant messaging, and web surfing, unless you take the necessary precautions, flows in plain text across the ether. That means it can be read by anyone between Point A (you) and Point B (the destination). Don’t get too paranoid though — those guys are busier than I was, and typically only have time to deal with the squeakiest of wheels. Depending on the size and layout of your network, there are other people that have access to your data as well. Chances are the SMS and Antivirus admins of your company know more about what’s on your hard drive than you do. And, if those guys are anything like I was, I suspect they too stay busy enough that going through your old Excel files is the last thing in the world they have time for.
I’m with you on this. I’ve done the same job with the same number of people (in the same place no less). Data is boring and its time consuming to look at peoples stuff.
I have access to many billions of bits of financial information, but I have no desire at all either to look at it, or understand it. I just want the database to stay up..
I agree on all counts as well. For part of my career my main responsibility was backups and restores, so sometimes I had no choice but to look at people’s data (well, the filenames). I suppose I could have opened the file after the restore to make sure it wasn’t corrupt, but it was easier just to call the user and have him or her open it.
I can only think of two situations when I opened a file without the user knowing about it. If a backup repeatedly failed on a particular file, I might open it as a troubleshooting measure. And, in one case, I had to comb through an employee’s hard drive to gather information for a pending lawsuit. A lawyer was telling me what to look for. I guess I did a good job, because they won.
When it came to actually connecting to other people’s machines, I did that a fair amount, but I was pushing data out to them, not snooping. I got to be pretty good at that.
But I started a new job in October. Now I have no rights whatsoever outside of C:Documents and Settingsdavid.farquhar. It’s a little weird.
I don’t remember where I read it, but it said something to the effect of, “Yes, I can read your email. No, I won’t, I have better things to do.”