• (cs)
    ...back to good ol’ 127.0.0.1
    This piece should have been titled: There's no place like HOME
  • Mike (unregistered)
    things that couldn’t be centralized
    (Looking over shoulder) shhh! Be careful how and where you say that! The only reason it hasn't been centralized yet is because it isn't big enough for the centralists to notice. Drawing attention to it like this is akin to speaking the forbidden incantation.
  • Jack (unregistered)
    LOGON.EXE and all of its DLLs were deployed directly into SYSTEM32. Each time a user logged on, the DLLs were replaced.
    So a user login script had permission to overwrite executable code in system space? Sounds like this place is ripe for mass pwnage.

    But at least their security policies are well enforced.

    (Hint to security people: computers don't execute policy. They execute code. When you're done perfecting your policy, you might want to spare a minute to look at what the code is doing.)

  • Fred (unregistered)
    If the user clicked “Reject”, the program also quit- after sending a shutdown /r /t 0 to the command line, forcing the computer to reboot.
    ... aaaaand after rebooting, what then? Why, another login and another appearance of the same dialog. In other words, an infinite loop. Why not simplify things a bit by ignoring the clicks on Reject?
  • Ho Miscreant! (unregistered)

    It almost sounds like a self-inflicted virus.

  • LazerFX (unregistered)

    Correct response - "I quit..."

    Headaches like that aren't worth the hassle. Sooner or later, that company will have to start changing policies properly.

    (Captcha: "Causa", yep, this is the causa lotta problems.)

  • Smug Unix User (unregistered)

    Oops did the network cable get unplugged? Let me plug it back in after the script finishes. Great now I can replace LOGON.EXE with notepad.exe problem solved.

  • (cs) in reply to Fred

    On the upside, if a user rejects the agreement, they can't download any porn if the machine keeps rebooting.

    Just curious: what if they're trying to login to a machine that is also running some control software on the production line? You know, the way support folks sometimes do? So not only is the login refused, but the entire machine cycles?

    I can just hear it now: Hey, why TF did the whole production line just shut down? Sorry, I mis-clicked and it rebooted.

  • Matthijs (unregistered) in reply to Fred
    Fred:
    Why not simplify things a bit by ignoring the clicks on Reject?
    Presumably, the idea is that logged in users have a choice to accept the policy upon logging in. It makes (some) sense to log out a user who rejects the IT policy. Rebooting tends to have that effect. Of course, a simple "shutdown.exe -t 0 -l" would just force a logout instead of a reboot, but presumable there are Reasons.
  • WC (unregistered)

    A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

    Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.

  • LonesomeProgrammer (unregistered)

    The real problem is the rediculous attitude of the CFO and the company buying his crap.

    Because CFO had no way of rejecting a policy that is even against the law (sexual harrassment), he seems to be under the assumption that he has the right to violate it.

    Interesting. I have never explicitly accepted the fact that it is against the law to murder anyone, therefore the next time I will murder anyone the Police ought to give me a sheet with "No more murdering. Accept/Reject?" and set me free in case I Accept or keep me in jail if I decide to Reject.

    America: the place where the rule book reigns over common sense at all times.

  • (cs)

    errm.... is there some law requirement i don't understand or why do they display that policy every time you log in?

    here in the company where I work (Switzerland) every employee signs an agreement (PAPER!) when hired and that's it...

  • (cs) in reply to snoofle
    snoofle:
    machine that is also running some control software on the production line

    Well, if that kind of machine is plugged to the whole network and is also under the same AD domain (or whatever is called) you've got a bigger WTF in your hands.

  • (cs) in reply to WC
    WC:
    A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

    Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.

    Had a similar incident where bad code got released and the person that released it never made a rollback copy. The fix was trivial (just a missing file), but no one that had proper access was able to be reached. Month end, bills had to go out... so I made a local copy that could point to production and gave it to my colleague running the billing software to use instead. He was able to get everything out on time.

    Come Monday, my boss wrote me an official reprimand for violating policies. When I asked him what the "correct" solution was in that scenario, he admitted there was none other than what I did.

    Before I left the company, the issue came up again. I followed policy this time and we lost $10,000+ in interest alone until my boss was available.

    When you live in a world of black and white, you will lose when the roulette ball hits green.

  • Nite (unregistered) in reply to betlit

    We do it here because it's on the list of things that the auditors (federal and state) want to see when they check us annually, and if it's not there we get dinged in the report and have to explain to the board of directors why we don't have it.

    "It's a pointless waste of time" < "The Feds say do it"

  • 50% Opacity (unregistered) in reply to ParkinT
    ParkinT:
    ...back to good ol’ 127.0.0.1
    This piece should have been titled: There's no place like HOME

    localhost, sweet localhost

  • Anoldhacker (unregistered) in reply to WC
    WC:
    A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

    Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.

    I take it you never working in validation / test? Happened repeatedly at IBM.

  • (cs) in reply to 50% Opacity
    50% Opacity:
    ParkinT:
    ...back to good ol’ 127.0.0.1
    This piece should have been titled: There's no place like HOME

    localhost, sweet localhost

    Sweet localhost Alabama?

    (Not an American of any sort...)

  • Ben Jammin (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    50% Opacity:
    ParkinT:
    ...back to good ol’ 127.0.0.1
    This piece should have been titled: There's no place like HOME

    localhost, sweet localhost

    Sweet localhost Alabama?

    (Not an American of any sort...)

    Localhost, localhost on the range.

  • RockyMountainCoder (unregistered)
    errm.... is there some law requirement i don't understand or why do they display that policy every time you log in?

    Here in America, stupidity and ignorance are commonly-accepted mitigating factors for people to escape responsibility, and it's flat-out the law in Georgia.

    ... or haven't you been watching our Presidential elections the last 12 years or so?

  • (cs) in reply to betlit
    betlit:
    errm.... is there some law requirement i don't understand or why do they display that policy every time you log in?

    here in the company where I work (Switzerland) every employee signs an agreement (PAPER!) when hired and that's it...

    This reminds me of when I was a younger man than I am today, back in 1989, ffs. My wife and I were renting an apartment in a small complex in the southern-most parts of New Hampshire, and the complex's administrator asked us to separately initial certain parts of the agreement (especially those related to not being allowed to keep pets). She had the good grace to look slightly embarrassed about the whole thing, and explained that some people, given the chance, would try it on, saying that they hadn't really read the agreement (should be no defence in law, I know, but people are stupid about that sort of thing), and to avoid arguments, they would get people to initial those sections to show that their attention had been drawn to them.

    This repeated showing of the agreement is made of the same stuff. It's not exactly about stupidity as such, but more about trying to plug any wiggle-room for the sort of bloody-minded individual who was working as CFO for this company.

    And no, it isn't any harder to fire a CFO for gross misconduct than any other employee, especially in the country between Mexico and Canada. (It's more embarrassing, perhaps, but not more difficult.)

  • Paul (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    separately initial certain parts of the agreement ... some people, given the chance, would try it on, saying that they hadn't really read the agreement
    But you didn't make me initial the part about late fees, so I shouldn't have to pay them! I should be able to have my payments as late as I want. Even months late. Hell, why should I have to pay at all?

    {Boom}

    Another whining liberal socialist cheater goodfornothing marxist thief gone to his just reward...

  • shepd (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    This reminds me of when I was a younger man than I am today, back in 1989, ffs. My wife and I were renting an apartment in a small complex in the southern-most parts of New Hampshire, and the complex's administrator asked us to separately initial certain parts of the agreement (especially those related to not being allowed to keep pets). She had the good grace to look slightly embarrassed about the whole thing, and explained that some people, given the chance, would try it on, saying that they hadn't really read the agreement (should be no defence in law, I know, but people are stupid about that sort of thing), and to avoid arguments, they would get people to initial those sections to show that their attention had been drawn to them.

    This repeated showing of the agreement is made of the same stuff. It's not exactly about stupidity as such, but more about trying to plug any wiggle-room for the sort of bloody-minded individual who was working as CFO for this company.

    And no, it isn't any harder to fire a CFO for gross misconduct than any other employee, especially in the country between Mexico and Canada. (It's more embarrassing, perhaps, but not more difficult.)

    Actually, she is smart. In some circumstances, especially if it is managed to be defined as a contract of adhesion or something similar, having proven that the person indeed did provably inform themselves of every section and had the opportunity to comment on or change them could be a defense to it. Did you know in Canada anti-drunk driving clauses in rental car contracts have been considered unenforceable for similar reasons?

  • LOGON.EXE (unregistered)

    By reading this comment, you agree to abide by our IT policies (123.6, 216.2, and 551.A).

    Of course, TRWTF is using Windows to manage mission-critical hardware. Windows servers are bad enough, but locked-down corporate workstations?

    It's enough to make you feel illum (captcha)

  • skington (unregistered) in reply to ParkinT
    ParkinT:
    ...back to good ol’ 127.0.0.1
    This piece should have been titled: There's no place like HOME

    To be fair, exactly that phrase was in a comment immediately afterwards.

  • foo (unregistered) in reply to Ben Jammin
    Ben Jammin:
    Steve The Cynic:
    50% Opacity:
    ParkinT:
    ...back to good ol’ 127.0.0.1
    This piece should have been titled: There's no place like HOME

    localhost, sweet localhost

    Sweet localhost Alabama?

    (Not an American of any sort...)

    Localhost, localhost on the range.
    My localhost is my localdomain!

  • (cs)

    There's no place like ROOT# because I am the king of my castle!

  • PleegWat (unregistered) in reply to Steve The Cynic

    Haven't seen initialling sections, but it's common here on certain types of contracts to require the bottom of each page to be initialled.

    I assume this proves you read that page, and the other party cannot replace the sheet by a different version later on.

  • Gaza Rullz (unregistered) in reply to Ho Miscreant!
    Ho Miscreant!:
    It almost sounds like a self-inflicted virus.

    It virus like self like almost sounds-inflicted a.

  • Manadar (unregistered)

    As a rule of thumb:

    Never deploy new software on Friday if you value your weekend.

  • ahhhh (unregistered)

    Not that an errant login script randomly replacing files in system32 is a good thing, but the correct way to fix this is to deploy your dependencies along side your executable... that is not in system32 but into the application directory. Alternatively, letting the IT folks shut down prod for a weekend might be a better way to make them play nice with their customers.

  • (cs)

    You put cornify on "sexual"?

    Remy is a dirty clopper.

  • Steve (unregistered)

    This didn't happen to me. But damn if it doesn't sound like most of the companies I have worked for.

  • (cs)

    Why did they wait until friday at 6:00 pm then go home? If I were to deploy something that might potentially bring down the entire network (or render all the computers on the network inoperable, same thing) I'd do it Monday morning, and plan on being at work late into the night.

  • (cs)

    Remy still doesn't grok em dashes. Either that or the posting interface is turning them into single hyphens and he's too busy embedding stupid hidden crap to FIX THEM.

  • Squire (unregistered)

    What I like is the problem caused by the CFO could have been resolved without technology at all.

    Re-word the logon policy to say something like:

    "Clicking 'OK' and continuing to use corporate systems constitutes agreement with this policy. If you do not agree with this policy, click 'OK' then log off immediately."

    Problem solved.

  • (cs) in reply to Manadar
    Manadar:
    As a rule of thumb:

    Never deploy new software on Friday if you value your weekend.

    So that's why they call it "Patch Tuesday". Always wondered about that!

  • Lerch (unregistered) in reply to Paul
    Paul:
    Steve The Cynic:
    separately initial certain parts of the agreement ... some people, given the chance, would try it on, saying that they hadn't really read the agreement
    But you didn't make me initial the part about late fees, so I shouldn't have to pay them! I should be able to have my payments as late as I want. Even months late. Hell, why should I have to pay at all?

    {Boom}

    Another whining liberal socialist cheater goodfornothing marxist thief gone to his just reward...

    Excellent. Problem(s) solved.

    captcha: quibis; They quibis'd about the problem...We solved it.

  • jay (unregistered) in reply to WC
    WC:
    A company gets to tell me just one time that my saving their arse was the wrong move. After that, I follow policy, even if it destroys the company.

    Luckily, most companies aren't stupid enough to berate someone that saved them tons of money. And shutting the plant down for the weekend? That's expensive.

    I had a prof in college who had previously worked for British Rail. He said that the union there -- and I don't know if this was that particular union's idea or something many of them do, I've never heard of it elsewhere, whatever -- he said the union there had a negotiating tactic they used when things got nasty that they called "to rule". When the company wouldn't agree to the union's demands, the union would retaliate by following ALL company policies to the letter. They would assign someone to go through the company's policy book looking for the dumbest, most counter-productive rules, and then they would insist on following them. Until management gave in.

  • jay (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    This reminds me of when I was a younger man than I am today, back in 1989, ffs. My wife and I were renting an apartment in a small complex in the southern-most parts of New Hampshire, and the complex's administrator asked us to separately initial certain parts of the agreement (especially those related to not being allowed to keep pets). She had the good grace to look slightly embarrassed about the whole thing, and explained that some people, given the chance, would try it on, saying that they hadn't really read the agreement (should be no defence in law, I know, but people are stupid about that sort of thing), and to avoid arguments, they would get people to initial those sections to show that their attention had been drawn to them.

    This repeated showing of the agreement is made of the same stuff. It's not exactly about stupidity as such, but more about trying to plug any wiggle-room for the sort of bloody-minded individual who was working as CFO for this company.

    And no, it isn't any harder to fire a CFO for gross misconduct than any other employee, especially in the country between Mexico and Canada. (It's more embarrassing, perhaps, but not more difficult.)

    A couple of years ago I refinanced my house, and of course I had to sign this huge stack of papers. The loan officer was surprised that I actually read all the papers before signing them. She said most people just buzz through and sign them all. Like, wow. The biggest contract most people will ever sign in their lives, involving hundreds of thousands of dollars, and they'll sign it without even reading it?

  • (cs) in reply to Manadar
    Manadar:
    As a rule of thumb:

    Never deploy new software on Friday if you value your weekend.

    Amen brother!

    I explicitly only allow the servers I'm responsible for to auto update Monday through Wednesday, that way I have Thursday to clean up any mess and hopefully still be able to leave on time Friday....

    So far I have been able to awoid fan + excrement on a Thursday, but you never know. ducks and looks for the sandbag falling

    Yours Yazeran

    Plan: To go to Mars one day with a hammer

  • (cs) in reply to jay
    jay:
    They would assign someone to go through the company's policy book looking for the dumbest, most counter-productive rules, and then they would insist on following them. Until management gave in.

    Work-to-rule or "restrictive practices." See it here: http://www.youtube.com/watch?v=_RUYn8adavM

  • (cs) in reply to Manadar

    this.

    Manadar:
    As a rule of thumb:

    Never deploy new software on Friday if you value your weekend.

    the guys who did that should have been taken out back and beaten with a keyboard.

  • neminem (unregistered) in reply to jay
    jay:
    They would assign someone to go through the company's policy book looking for the dumbest, most counter-productive rules, and then they would insist on following them. Until management gave in.
    TvTropes calls this Bothering by the Book, and gives many examples (notably, a "real life" section at the bottom.)
  • Oh THAT Brian (unregistered)

    At the large multi-national company that I used to work for, we had a piece of software that was installed on every corporate PC we owned. Not only was it used to push patches, but also software upgrades.

    One weekend, the architect made a few changes and tested them locally. Of course, no documentation - that could wait!

    He promptly went on a 2 week vacation in the wilderness - no phone, no cell phone, no CB radio - NOTHING! We had PCs dropping like flies the next Monday.

    Fortunately, one of the other senior programmers was able to figure out what he had done and backed it out. We only lost about half the day.

    We were waiting for the show when he got back - absolutely nothing happened! Not even a "Sorry about that" email.

    He must have had some REALLY GOOD compromising pictures of someone!!

  • Calli Arcale (unregistered) in reply to betlit

    There is no law requiring this sort of banner. This is born out of idiocy and concentrating primarily on satisfying the audit without thinking about what the purpose of the audit is. The audit becomes the end to quality, not the means.

    Having a screen that people have to click on is fairly standard in America, not because of any law or because it makes sense but because it produces an artifact you can put into an audit to prove that yes, absolutely you told the employee that. It really has no more value than that, and honestly, they totally could've (and should've) fired the CFO for what was going on. Policies are totally enforceable without this kind of crap. It's just you can't pass your security audit without being able to prove you've done something to inform the users.

  • urza9814 (unregistered) in reply to Calli Arcale
    Calli Arcale:
    There is no law requiring this sort of banner. This is born out of idiocy and concentrating primarily on satisfying the audit without thinking about what the purpose of the audit is. The audit becomes the end to quality, not the means.

    Having a screen that people have to click on is fairly standard in America, not because of any law or because it makes sense but because it produces an artifact you can put into an audit to prove that yes, absolutely you told the employee that. It really has no more value than that, and honestly, they totally could've (and should've) fired the CFO for what was going on. Policies are totally enforceable without this kind of crap. It's just you can't pass your security audit without being able to prove you've done something to inform the users.

    Of course they could and should have fired him anyway; and had he been any other worker, they most certainly would have. But he's CFO, so instead they made the real workers waste a few hours and nearly halt production for the entire weekend in order to protect his reputation.

  • BlueBearr (unregistered)

    TRWTF is that the solution should have been to update the standard warning message to contain this sentence at the end:

    By clicking OK and logging into this system, you indicate that you agree to and will abide by these policies. If you do not agree, do not log onto this system.
  • d (unregistered)

    Search the source code of this page for

    click me

    it's an interesting script!

  • CTO Idiot (unregistered)

    Al should have left it and let them stew in their own juices and explain that the idiotic CTO told them he couldn't change anything. How do these morons get these jobs?

Leave a comment on “LOGON.EXE”

Log In or post as a guest

Replying to comment #:

« Return to Article