Comment On LOGON.EXE

Companies beyond a certain size all follow the same basic pattern. Where possible, everything gets centralized in the global office- email, web servers, Active Directory, etc. They dictate policy and then leave it to the extremeties to solve their own problems within the corporate boundaries. Al worked at a factory, supporting their production management and chemicals management software- things that couldn’t be centralized. [expand full text]
« PrevPage 1 | Page 2Next »

Re: LOGON.EXE

2012-11-27 06:32 • by ParkinT
...back to good ol’ 127.0.0.1

This piece should have been titled: There's no place like HOME

Re: LOGON.EXE

2012-11-27 08:05 • by Mike (unregistered)
things that couldn’t be centralized
(Looking over shoulder) shhh! Be careful how and where you say that! The only reason it hasn't been centralized yet is because it isn't big enough for the centralists to notice. Drawing attention to it like this is akin to speaking the forbidden incantation.

Re: LOGON.EXE

2012-11-27 08:11 • by Jack (unregistered)
LOGON.EXE and all of its DLLs were deployed directly into SYSTEM32. Each time a user logged on, the DLLs were replaced.
So a user login script had permission to overwrite executable code in system space? Sounds like this place is ripe for mass pwnage.

But at least their security policies are well enforced.

(Hint to security people: computers don't execute policy. They execute code. When you're done perfecting your policy, you might want to spare a minute to look at what the code is doing.)

Re: LOGON.EXE

2012-11-27 08:15 • by Fred (unregistered)
If the user clicked “Reject”, the program also quit- after sending a shutdown /r /t 0 to the command line, forcing the computer to reboot.
... aaaaand after rebooting, what then? Why, another login and another appearance of the same dialog. In other words, an infinite loop. Why not simplify things a bit by ignoring the clicks on Reject?

Re: LOGON.EXE

2012-11-27 08:15 • by Ho Miscreant! (unregistered)
It almost sounds like a self-inflicted virus.

Re: LOGON.EXE

2012-11-27 08:22 • by LazerFX (unregistered)
Correct response - "I quit..."

Headaches like that aren't worth the hassle. Sooner or later, that company will have to start changing policies properly.

(Captcha: "Causa", yep, this is the causa lotta problems.)

Re: LOGON.EXE

2012-11-27 08:28 • by Smug Unix User (unregistered)
Oops did the network cable get unplugged? Let me plug it back in after the script finishes. Great now I can replace LOGON.EXE with notepad.exe problem solved.

Re: LOGON.EXE

2012-11-27 08:29 • by snoofle
395576 in reply to 395572
On the upside, if a user rejects the agreement, they can't download any porn if the machine keeps rebooting.

Just curious: what if they're trying to login to a machine that is also running some control software on the production line? You know, the way support folks sometimes do? So not only is the login refused, but the entire machine cycles?

I can just hear it now: Hey, why TF did the whole production line just shut down? Sorry, I mis-clicked and it rebooted.

Re: LOGON.EXE

2012-11-27 08:42 • by Matthijs (unregistered)
395577 in reply to 395572
Fred:
Why not simplify things a bit by ignoring the clicks on Reject?

Presumably, the idea is that logged in users have a choice to accept the policy upon logging in. It makes (some) sense to log out a user who rejects the IT policy. Rebooting tends to have that effect. Of course, a simple "shutdown.exe -t 0 -l" would just force a logout instead of a reboot, but presumable there are Reasons.

Re: LOGON.EXE

2012-11-27 08:43 • by WC (unregistered)
A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.

Re: LOGON.EXE

2012-11-27 08:49 • by LonesomeProgrammer (unregistered)
The real problem is the rediculous attitude of the CFO and the company buying his crap.

Because CFO had no way of rejecting a policy that is even against the law (sexual harrassment), he seems to be under the assumption that he has the right to violate it.

Interesting. I have never explicitly accepted the fact that it is against the law to murder anyone, therefore the next time I will murder anyone the Police ought to give me a sheet with "No more murdering. Accept/Reject?" and set me free in case I Accept or keep me in jail if I decide to Reject.

America: the place where the rule book reigns over common sense at all times.

Re: LOGON.EXE

2012-11-27 08:50 • by betlit
errm.... is there some law requirement i don't understand or why do they display that policy every time you log in?

here in the company where I work (Switzerland) every employee signs an agreement (PAPER!) when hired and that's it...

Re: LOGON.EXE

2012-11-27 08:58 • by ubersoldat
395582 in reply to 395576
snoofle:
machine that is also running some control software on the production line


Well, if that kind of machine is plugged to the whole network and is also under the same AD domain (or whatever is called) you've got a bigger WTF in your hands.

Re: LOGON.EXE

2012-11-27 09:02 • by matthewr81
395583 in reply to 395579
WC:
A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.


Had a similar incident where bad code got released and the person that released it never made a rollback copy. The fix was trivial (just a missing file), but no one that had proper access was able to be reached. Month end, bills had to go out... so I made a local copy that could point to production and gave it to my colleague running the billing software to use instead. He was able to get everything out on time.

Come Monday, my boss wrote me an official reprimand for violating policies. When I asked him what the "correct" solution was in that scenario, he admitted there was none other than what I did.

Before I left the company, the issue came up again. I followed policy this time and we lost $10,000+ in interest alone until my boss was available.

When you live in a world of black and white, you will lose when the roulette ball hits green.

Re: LOGON.EXE

2012-11-27 09:04 • by Nite (unregistered)
395584 in reply to 395581
We do it here because it's on the list of things that the auditors (federal and state) want to see when they check us annually, and if it's not there we get dinged in the report and have to explain to the board of directors why we don't have it.

"It's a pointless waste of time" < "The Feds say do it"

Re: LOGON.EXE

2012-11-27 09:11 • by 50% Opacity (unregistered)
395585 in reply to 395569
ParkinT:
...back to good ol’ 127.0.0.1

This piece should have been titled: There's no place like HOME


localhost, sweet localhost

Re: LOGON.EXE

2012-11-27 09:31 • by Anoldhacker (unregistered)
395586 in reply to 395579
WC:
A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.


I take it you never working in validation / test? Happened repeatedly at IBM.

Re: LOGON.EXE

2012-11-27 09:34 • by Steve The Cynic
395587 in reply to 395585
50% Opacity:
ParkinT:
...back to good ol’ 127.0.0.1

This piece should have been titled: There's no place like HOME


localhost, sweet localhost

Sweet localhost Alabama?

(Not an American of any sort...)

Re: LOGON.EXE

2012-11-27 09:43 • by Ben Jammin (unregistered)
395588 in reply to 395587
Steve The Cynic:
50% Opacity:
ParkinT:
...back to good ol’ 127.0.0.1

This piece should have been titled: There's no place like HOME


localhost, sweet localhost

Sweet localhost Alabama?

(Not an American of any sort...)

Localhost, localhost on the range.

Re: LOGON.EXE

2012-11-27 09:46 • by RockyMountainCoder (unregistered)
errm.... is there some law requirement i don't understand or why do they display that policy every time you log in?


Here in America, stupidity and ignorance are commonly-accepted mitigating factors for people to escape responsibility, and it's flat-out the law in Georgia.

... or haven't you been watching our Presidential elections the last 12 years or so?

Re: LOGON.EXE

2012-11-27 10:01 • by Steve The Cynic
395591 in reply to 395581
betlit:
errm.... is there some law requirement i don't understand or why do they display that policy every time you log in?

here in the company where I work (Switzerland) every employee signs an agreement (PAPER!) when hired and that's it...

This reminds me of when I was a younger man than I am today, back in 1989, ffs. My wife and I were renting an apartment in a small complex in the southern-most parts of New Hampshire, and the complex's administrator asked us to separately initial certain parts of the agreement (especially those related to not being allowed to keep pets). She had the good grace to look slightly embarrassed about the whole thing, and explained that some people, given the chance, would try it on, saying that they hadn't really read the agreement (should be no defence in law, I know, but people are stupid about that sort of thing), and to avoid arguments, they would get people to initial those sections to show that their attention had been drawn to them.

This repeated showing of the agreement is made of the same stuff. It's not exactly about stupidity as such, but more about trying to plug any wiggle-room for the sort of bloody-minded individual who was working as CFO for this company.

And no, it isn't any harder to fire a CFO for gross misconduct than any other employee, especially in the country between Mexico and Canada. (It's more embarrassing, perhaps, but not more difficult.)

Re: LOGON.EXE

2012-11-27 10:17 • by Paul (unregistered)
395592 in reply to 395591
Steve The Cynic:
separately initial certain parts of the agreement ... some people, given the chance, would try it on, saying that they hadn't really read the agreement
But you didn't make me initial the part about late fees, so I shouldn't have to pay them! I should be able to have my payments as late as I want. Even months late. Hell, why should I have to pay at all?

{Boom}

Another whining liberal socialist cheater goodfornothing marxist thief gone to his just reward...

Re: LOGON.EXE

2012-11-27 10:20 • by shepd (unregistered)
395594 in reply to 395591
Steve The Cynic:
This reminds me of when I was a younger man than I am today, back in 1989, ffs. My wife and I were renting an apartment in a small complex in the southern-most parts of New Hampshire, and the complex's administrator asked us to separately initial certain parts of the agreement (especially those related to not being allowed to keep pets). She had the good grace to look slightly embarrassed about the whole thing, and explained that some people, given the chance, would try it on, saying that they hadn't really read the agreement (should be no defence in law, I know, but people are stupid about that sort of thing), and to avoid arguments, they would get people to initial those sections to show that their attention had been drawn to them.

This repeated showing of the agreement is made of the same stuff. It's not exactly about stupidity as such, but more about trying to plug any wiggle-room for the sort of bloody-minded individual who was working as CFO for this company.

And no, it isn't any harder to fire a CFO for gross misconduct than any other employee, especially in the country between Mexico and Canada. (It's more embarrassing, perhaps, but not more difficult.)


Actually, she is smart. In some circumstances, especially if it is managed to be defined as a contract of adhesion or something similar, having proven that the person indeed did provably inform themselves of every section and had the opportunity to comment on or change them could be a defense to it. Did you know in Canada anti-drunk driving clauses in rental car contracts have been considered unenforceable for similar reasons?

Re: LOGON.EXE

2012-11-27 10:26 • by LOGON.EXE (unregistered)
By reading this comment, you agree to abide by our IT policies (123.6, 216.2, and 551.A).

Of course, TRWTF is using Windows to manage mission-critical hardware. Windows servers are bad enough, but locked-down corporate workstations?

It's enough to make you feel illum (captcha)

Re: LOGON.EXE

2012-11-27 10:27 • by skington (unregistered)
395596 in reply to 395569
ParkinT:
...back to good ol’ 127.0.0.1

This piece should have been titled: There's no place like HOME


To be fair, exactly that phrase was in a comment immediately afterwards.

Re: LOGON.EXE

2012-11-27 10:44 • by foo (unregistered)
395597 in reply to 395588
Ben Jammin:
Steve The Cynic:
50% Opacity:
ParkinT:
...back to good ol’ 127.0.0.1

This piece should have been titled: There's no place like HOME


localhost, sweet localhost

Sweet localhost Alabama?

(Not an American of any sort...)

Localhost, localhost on the range.
My localhost is my localdomain!

Re: LOGON.EXE

2012-11-27 11:01 • by PiisAWheeL
There's no place like ROOT# because I am the king of my castle!

Re: LOGON.EXE

2012-11-27 11:14 • by PleegWat (unregistered)
395600 in reply to 395591
Haven't seen initialling sections, but it's common here on certain types of contracts to require the bottom of each page to be initialled.

I assume this proves you read that page, and the other party cannot replace the sheet by a different version later on.

Re: LOGON.EXE

2012-11-27 11:16 • by Gaza Rullz (unregistered)
395601 in reply to 395573
Ho Miscreant!:
It almost sounds like a self-inflicted virus.



It virus like self like almost sounds-inflicted a.

Re: LOGON.EXE

2012-11-27 11:30 • by Manadar (unregistered)
As a rule of thumb:

Never deploy new software on Friday if you value your weekend.

Re: LOGON.EXE

2012-11-27 11:34 • by ahhhh (unregistered)
Not that an errant login script randomly replacing files in system32 is a good thing, but the correct way to fix this is to deploy your dependencies along side your executable... that is not in system32 but into the application directory. Alternatively, letting the IT folks shut down prod for a weekend might be a better way to make them play nice with their customers.

Re: LOGON.EXE

2012-11-27 11:35 • by Lockwood
You put cornify on "sexual"?

Remy is a dirty clopper.

Re: LOGON.EXE

2012-11-27 11:58 • by Steve (unregistered)
This didn't happen to me. But damn if it doesn't sound like most of the companies I have worked for.

Re: LOGON.EXE

2012-11-27 12:00 • by DrPepper
Why did they wait until friday at 6:00 pm then go home? If I were to deploy something that might potentially bring down the entire network (or render all the computers on the network inoperable, same thing) I'd do it Monday morning, and plan on being at work late into the night.

Re: LOGON.EXE

2012-11-27 12:03 • by Zylon
Remy still doesn't grok em dashes. Either that or the posting interface is turning them into single hyphens and he's too busy embedding stupid hidden crap to FIX THEM.

Re: LOGON.EXE

2012-11-27 12:20 • by Squire (unregistered)
What I like is the problem caused by the CFO could have been resolved without technology at all.

Re-word the logon policy to say something like:

"Clicking 'OK' and continuing to use corporate systems constitutes agreement with this policy. If you do not agree with this policy, click 'OK' then log off immediately."

Problem solved.

Re: LOGON.EXE

2012-11-27 12:21 • by herby
395610 in reply to 395602
Manadar:
As a rule of thumb:

Never deploy new software on Friday if you value your weekend.

So that's why they call it "Patch Tuesday". Always wondered about that!

Re: LOGON.EXE

2012-11-27 12:38 • by Lerch (unregistered)
395611 in reply to 395592
Paul:
Steve The Cynic:
separately initial certain parts of the agreement ... some people, given the chance, would try it on, saying that they hadn't really read the agreement
But you didn't make me initial the part about late fees, so I shouldn't have to pay them! I should be able to have my payments as late as I want. Even months late. Hell, why should I have to pay at all?

{Boom}

Another whining liberal socialist cheater goodfornothing marxist thief gone to his just reward...


Excellent. Problem(s) solved.

captcha: quibis; They quibis'd about the problem...We solved it.

Re: LOGON.EXE

2012-11-27 12:41 • by jay (unregistered)
395612 in reply to 395579
WC:
A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.


I had a prof in college who had previously worked for British Rail. He said that the union there -- and I don't know if this was that particular union's idea or something many of them do, I've never heard of it elsewhere, whatever -- he said the union there had a negotiating tactic they used when things got nasty that they called "to rule". When the company wouldn't agree to the union's demands, the union would retaliate by following ALL company policies to the letter. They would assign someone to go through the company's policy book looking for the dumbest, most counter-productive rules, and then they would insist on following them. Until management gave in.

Re: LOGON.EXE

2012-11-27 12:49 • by jay (unregistered)
395613 in reply to 395591
Steve The Cynic:
This reminds me of when I was a younger man than I am today, back in 1989, ffs. My wife and I were renting an apartment in a small complex in the southern-most parts of New Hampshire, and the complex's administrator asked us to separately initial certain parts of the agreement (especially those related to not being allowed to keep pets). She had the good grace to look slightly embarrassed about the whole thing, and explained that some people, given the chance, would try it on, saying that they hadn't really read the agreement (should be no defence in law, I know, but people are stupid about that sort of thing), and to avoid arguments, they would get people to initial those sections to show that their attention had been drawn to them.

This repeated showing of the agreement is made of the same stuff. It's not exactly about stupidity as such, but more about trying to plug any wiggle-room for the sort of bloody-minded individual who was working as CFO for this company.

And no, it isn't any harder to fire a CFO for gross misconduct than any other employee, especially in the country between Mexico and Canada. (It's more embarrassing, perhaps, but not more difficult.)


A couple of years ago I refinanced my house, and of course I had to sign this huge stack of papers. The loan officer was surprised that I actually read all the papers before signing them. She said most people just buzz through and sign them all. Like, wow. The biggest contract most people will ever sign in their lives, involving hundreds of thousands of dollars, and they'll sign it without even reading it?

Re: LOGON.EXE

2012-11-27 12:58 • by Yazeran
395614 in reply to 395602
Manadar:
As a rule of thumb:

Never deploy new software on Friday if you value your weekend.


Amen brother!

I explicitly only allow the servers I'm responsible for to auto update Monday through Wednesday, that way I have Thursday to clean up any mess and hopefully still be able to leave on time Friday....

So far I have been able to awoid fan + excrement on a Thursday, but you never know. *ducks and looks for the sandbag falling*

Yours Yazeran

Plan: To go to Mars one day with a hammer

Re: LOGON.EXE

2012-11-27 13:07 • by Flash
395615 in reply to 395612
jay:
They would assign someone to go through the company's policy book looking for the dumbest, most counter-productive rules, and then they would insist on following them. Until management gave in.


Work-to-rule or "restrictive practices." See it here:
http://www.youtube.com/watch?v=_RUYn8adavM

Re: LOGON.EXE

2012-11-27 13:19 • by chubertdev
395616 in reply to 395602
this.

Manadar:
As a rule of thumb:

Never deploy new software on Friday if you value your weekend.


the guys who did that should have been taken out back and beaten with a keyboard.

Re: LOGON.EXE

2012-11-27 13:22 • by neminem (unregistered)
395617 in reply to 395612
jay:
They would assign someone to go through the company's policy book looking for the dumbest, most counter-productive rules, and then they would insist on following them. Until management gave in.

TvTropes calls this Bothering by the Book, and gives many examples (notably, a "real life" section at the bottom.)

Re: LOGON.EXE

2012-11-27 13:36 • by Oh THAT Brian (unregistered)
At the large multi-national company that I used to work for, we had a piece of software that was installed on every corporate PC we owned. Not only was it used to push patches, but also software upgrades.

One weekend, the architect made a few changes and tested them locally. Of course, no documentation - that could wait!

He promptly went on a 2 week vacation in the wilderness - no phone, no cell phone, no CB radio - NOTHING! We had PCs dropping like flies the next Monday.

Fortunately, one of the other senior programmers was able to figure out what he had done and backed it out. We only lost about half the day.

We were waiting for the show when he got back - absolutely nothing happened! Not even a "Sorry about that" email.

He must have had some REALLY GOOD compromising pictures of someone!!

Re: LOGON.EXE

2012-11-27 13:38 • by Calli Arcale (unregistered)
395619 in reply to 395581
There is no law requiring this sort of banner. This is born out of idiocy and concentrating primarily on satisfying the audit without thinking about what the purpose of the audit is. The audit becomes the end to quality, not the means.

Having a screen that people have to click on is fairly standard in America, not because of any law or because it makes sense but because it produces an artifact you can put into an audit to prove that yes, absolutely you told the employee that. It really has no more value than that, and honestly, they totally could've (and should've) fired the CFO for what was going on. Policies are totally enforceable without this kind of crap. It's just you can't pass your security audit without being able to prove you've done something to inform the users.

Re: LOGON.EXE

2012-11-27 13:46 • by urza9814 (unregistered)
395620 in reply to 395619
Calli Arcale:
There is no law requiring this sort of banner. This is born out of idiocy and concentrating primarily on satisfying the audit without thinking about what the purpose of the audit is. The audit becomes the end to quality, not the means.

Having a screen that people have to click on is fairly standard in America, not because of any law or because it makes sense but because it produces an artifact you can put into an audit to prove that yes, absolutely you told the employee that. It really has no more value than that, and honestly, they totally could've (and should've) fired the CFO for what was going on. Policies are totally enforceable without this kind of crap. It's just you can't pass your security audit without being able to prove you've done something to inform the users.


Of course they could and should have fired him anyway; and had he been any other worker, they most certainly would have. But he's CFO, so instead they made the real workers waste a few hours and nearly halt production for the entire weekend in order to protect his reputation.

Re: LOGON.EXE

2012-11-27 13:52 • by BlueBearr (unregistered)
TRWTF is that the solution should have been to update the standard warning message to contain this sentence at the end:

By clicking OK and logging into this system, you indicate that you agree to and will abide by these policies. If you do not agree, do not log onto this system.

Re: LOGON.EXE

2012-11-27 14:19 • by d (unregistered)
Search the source code of this page for

click me

it's an interesting script!

Re: LOGON.EXE

2012-11-27 14:25 • by CTO Idiot (unregistered)
Al should have left it and let them stew in their own juices and explain that the idiotic CTO told them he couldn't change anything.
How do these morons get these jobs?
« PrevPage 1 | Page 2Next »

Add Comment