Ask Slashdot: System Administrator Vs Change Advisory Board

thundergeek (808819) writes "I am the sole sysadmin for nearly 50 servers (win/linux) across several contracts. Now a Change Advisory Board (CAB) is wanting to manage every patch that will be installed on the OS and approve/disapprove for testing on the development network. Once tested and verified, all changes will then need to be approved for production. Windows servers aren't always the best for informing admin exactly what is being 'patched' on the OS, and the frequency of updates will make my efficiency take a nose dive. Now I'll have to track each KB, RHSA, directives and any other 3rd party updates, submit a lengthy report outlining each patch being applied, and then sit back and wait for approval. What should I use/do to track what I will be installing? Is there already a product out there that will make my life a little less stressful on the admin side? Does anyone else have to go toe-to-toe with a CAB? How do you handle your patch approval process?"

What helps...

[ProfessionalCookie]

ethanol.

micromanager jerk

[Anonymous Coward]

I bet your CEO or upper level boss is the typical dimwit/jerk, knows nothing about the business, microcontroller type of guy, stupid games of power, calls you on purpose once his secretary tells him you are out of the door. Small guy, stupid looking, may beard of a goatee, cheap-looking suit. Tell him to sod off and change jobs...

System Administrator Vs Change Advisory Board

[wonkey_monkey]

System Administrator Vs Change Advisory Board

50 quatloos on the newcomer!

Re:Nonsense

[sg_oneill]

Back when I worked as a web administrator at my local university back in the early 2000s, the admin make-work types decided to bash out a web policy , mostly to keep standards up and guard against legal liability (Admittedly we had students setting up websites on chemistry lab pcs turned webserver with novel meth recipes and all sorts of shenanigans before that). All good and fine, I asked to be on the committee as an advisor, and so I was.

Then the whole thing went off the rails, every page needed to be approved by a department head, 10,000+ pages of previously existing data had to be retrofitted with full dublin core metadata descriptions, and so on and so on for about 400 pages of rules and policy that despite my best efforts I could not stop. These people had no fucking idea.

The crown was an insane rule that every new hyperlink had to be aproved not just by a department head but by the vice chancellor himself.

And so thats what I did, and I made sure it was done good and proper. I wrote a perl script that took all new pages on the webserver network (about 50-100 new pages a day) and then whenever a hyperlink appeared it spat out a 1 page document for approval *per link* requiring the vice chancellor and a lawyer to co-sign off on. All with witnesses. All in all about 400 pages a day of paperwork for the vice chancellor and a lawyer.

The policy lasted 3 days before I was dragged into the admin building to be ordered to stop producing the reports. I went in with my union rep. I said "Sorry , no , thats the official policy as passed by the university senate and the website will need to be shut down if this isn't done.". Since the next senate meeting was two weeks away, I made sure every god damn day that stack of paperwork was done by the vice chancellor for a glorious fortnight before the senate could revoke the whole damn policy.

It was a magical and golden time to be a union protected government (Universities are mostly run by the state in australia) employee.

For some reason later that year I was passed over for a promotion though. I wonder why, lol.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Must have missed the TLA

[Kahn_au]

Where I come from CAB stands for "Change Acceptance Board", they don't get to make dumb decisions...

Re:Nonsense

[Anon-Admin]

I have worked for those companies. lol

27 page CAB form and full CAM meeting. Just to edit the /etc/login.defs and change PASS_MIN_DAYS from a 0 to a 7.

I still laugh about it to this day. A single character change and 27 pages of paperwork.

Re:SCCM

[afidel]

Why write anything? Include the full expanded content from the MS KB article for the update, they generally run 1-5 pages each if printed on 8.5x11/A4

Re:SCCM

[dowens81625]

I would suggest writing a php look up page where all you need to do is copy and paste the requisite KB Patch number, and it have it scrub the http://support.microsoft.com/k... [microsoft.com] article for related information and paste it into Re canned Letter.

Patch Request for KB

This patch is critical to maintain a stable and update to systems environment. Failure to approve and install this patch will leave your systems vulnerable to

Please note that after applying this patch

Please sign off as approved or rejected

Approved by

Printed name
Signature:
Date:

Rejected by

Printed name
Signature:
Date:

Sincerely your system admin,

Copy & Paste your KBs then proof read each letter make small adjustments where needed. Must most KB description articles are close enough with proper php scripting you should have no trouble pulling the relevant info from the page in the variables. and customizing a script with the info they want to see.

Print and repeat. Hand them hard copies, drink beer,

After they sign off on about 30 of them they will get tired and just say just do what you think is best and go back to doing your job.