Ask Slashdot: Best Practices For Maintaining IT Policy In K-12 Public Education? 208
First time accepted submitter El Fantasmo writes "I work in public education, K-12, for a small, economically shaky, low performing school district. What are some good or effective tactics for getting budget controllers to stop bypassing the IT boss/department? We sometimes we end up with LOW end MS Win 7 Home laptops, that basically can't get on our network (internet only) or be managed. The purchaser refuses to return them for proper setups. Unfortunately, IT is currently under the 'asst. superintendent of curriculum and instruction,' who has no useful understanding of maintaining and acquiring IT resources and lets others make poor IT purchasing decisions, by bypassing the IT department, and dips into IT funds when their pet project budgets run low. How can this be reversed when you get commands like 'make it work' and the budget is effectively $0?"
Re:Use fear. (Score:5, Interesting)
Well, somewhat along those lines you could legitimately argue that the "windows 7 dust bowl edition" does not meet the organization's security standards (because it won't join a domain).
Speaking of which, how can these low end winders laptops use school resources if they can't log into the company domain? You *are* using active directory, aren't you? Please tell me you aren't just leaving everything open.
Do you have a service-quality issue? (Score:5, Interesting)
There is a reason people are bypassing you. From my experience, it is because you either are not performing well, or they think that you are not performing well. If it is the latter, you should raise awareness with regard to backups, security, etc. You may also want at look at prices. For example, recently I have seen ridiculous internal prices for a few GBs of file-server storage accessible to a complete department.
Of course, if it is the former, then you are screwed and people are bypassing you so that they can get their jobs done. In that case you should think about abandoning the current IT department and building up a new one with people that understand that they are service providers.
Techsoup (Score:4, Interesting)
Fiscal policy? (Score:5, Interesting)
dips into IT funds when their pet project budgets run low
Given the fact that you work in the public sector, you may wish to consider obtaining anything and everything available on budgetary policy for your school district, county, state, etc. It may turn out that what you're observing on the fiscal side of things actually represents clear misappropriation of funds. If that's the case, bringing it to the attention of people three or four levels up in the chain of command may have an interesting effect, and perhaps a detailed letter to a state representative would bring uncomfortable attention to those mismanaging the funds.
Re:Within your domain (Score:2, Interesting)
Content filtering etc. is done at the firewall/router/proxy level, so that's not an issue. If the hardware supports it (switches, access points, etc), then I'd set everything up so that clients get assigned round-robin into a number of VLANs -- as large a number as the network hardware will support. Each client would then only see the outside internet (via a proxy), a domain server, and a small number of cohabitants on the same VLAN. I've set it up that way at work, and it helped prevent spread of worms and viruses that would try and attack every machine on a given subnet. Since we have about 20 permanently attached machines plus up to 10 coming-and-going ones, everyone is always on their own VLAN as we have configured 64 VLANs. Equipment is also segregated into VLANs: IP phones on one VLAN, printers on another, network switch and access point management interfaces on yet another. Access to internet, and routing between VLANs, it configured per VLAN, so for example printers are invisible for anything but the server machine, as are the phones. Client machines are not mutually visible either, and guest clients only see a SMB print service (via a separately running instance of samba). Only clients that register on an internal webpage (using a valid username/password) get switched over to the full gamut of services (SMB file/domain/print server, AD server, etc).
Re:You don't. (Score:4, Interesting)
If it's literally as bad as you describe, your intended function is to fail as spectacularly as possible in order to be the fall guy.
I found this epic tale [thedailywtf.com] as an example of this situation. Knowing the indicators to look for based on others' hard-won experience can keep you from repeating their mistakes.
Re:You don't. (Score:4, Interesting)
This story has a lot of valuable lessons to be learned. The first lesson, I think, that you can take from your experience is that you are wholly unqualified to deal with the political and management issues involved. Therefore, do not involve yourself in management or politics. The (non-technical) suggestions given have all involved either an upward appeal to authority, or coercive measures. These will only make matters worse for you. If you want to keep your job, and think that you actually have a chance to make things work, ingratiate yourself to some people who can support you if things go south. I doubt very much that you are being deliberately set up as a fall guy. The school, after all, has a need to stay somewhat technologically relevant, but they're doing it on increasingly less money.
I'm guessing you went into education because you want to make a difference. Some people I know did as well, and they all tell the same story. Long, hard hours with very little acknowledgement. I would guess that's a reality of education these days. With a budget that's always short on funds, management will squeeze every last drop of effort from every employee. So, work under the assumption that the people who hold the purse strings are under at least as much pressure as you are. Maybe it's not true, but there's nothing you can do about it except quit.
Off the top of my head, the best people to get on your side are teachers and students. While you can't solve everything all at once, perhaps there are some small problems you can solve for specific people. And, while someone joked about making network maintenance an elective, there's probably some truth to it. I volunteered to help out the sole network admin when I was in high school. Perhaps some bright students would be willing to help out in exchange for some tutoring. The important thing is that some people know who you are and what you do, and can commiserate since your job is just as difficult as theirs. If it's important to you, hang in there. If it's not, then it's probably time to look for something less stressful.