A recent popular post on /r/sysadmin about storing important files in the Recycle Bin got me thinking about a fairly heated discussion I had with a coworker once, and an opinion I hold that I’ve found to be fairly unpopular among people who work in IT.
To summarize my point of view:
If you configure something on behalf of users without telling them and it breaks their workflow, you are the problem.
I’ve seen this issue crop up a few times and it usually winds up with someone losing data and someone in IT pointing the finger at the user and saying “Well you should’ve known better, not my problem”. While I’m not saying that the user isn’t at fault in every case, there are definitely cases where these situations are a failure of IT to do their due diligence.
Let’s say you work in an office that has a clean desk policy due to some strict compliance requirements. Every night at 6pm the cleaning crew comes around, collects any discarded papers off of everyone’s desk, and shreds them. This is non-default behavior for most people. Any reasonable employee onboarding procedure would include training the new employee on this policy, and you’d probably even make them sign something that says they understand.
Now let’s think about a parallel in the IT world. The default behavior of Microsoft Outlook is to only remove items from Deleted Items when the user asks it to. If you set a global company policy that removes items after 7 days, you’ve broken the assumption of users who are familiar with the default behavior. Maybe this user’s preferred workflow is to dump emails from their deleted items into a PST file once a month. Maybe they like to keep Deleted Items around forever because it’s excluded from search by default, but know they can search it explicitly if they need to.
If you fail to train users on “the way we do things here” when they are onboarded, you have zero right to point the finger at them when your policies cause them to have problems. People love to blame companies like Microsoft for pushing out new changes that break their existing automation or configuration policies, but immediately blame the user when they do the same thing to them.
The part where this really starts to get into a grey area is when you have to decide “how much notice is enough notice” for a particular policy or change. People tend to get information overload very easily, so you don’t want to drown out your important updates with random unimportant information.
On the other hand, even simple policies that no one even thinks about like the default calendar sharing in Exchange can become disastrous once somebody finds out their department is getting dissolved because more than free/busy was shared by default.
This post was shamelessly stolen from my reddit post of the same name.