> If Thomas is found to have acted with authorization, every company will wonder if that gives their sysadmins carte blanche to ruin their systems with no legal comeback. That's not going to sit very well in boardrooms.
Both are very good points. Not that I think that a sysadmin has the right to screw up everything on purpose, far from that. But the other way round: when a sysadmin screw up something, will he be obliged to prove that was a mistake? What constitutes a mistake? Not all companies have the right touch when dealing with the IT personal, so all sysadmins will have to contract some insurance against his company?
Employees are not authorized to access any company computer resources unless the following conditions are met:
1. Toilet seats must be in the down position following restroom use, as requested by HR.
2. Coffee area must be clean, with all spills and sugar wiped from the counter.
3. Refrigerator must be clean and free from week-old goods.
Any attempt to access the network while the above conditions are not met will be considered an unauthorized access of the network.
If I'm the only one left on a sinking ship, you better believe that before I quit, I'm taking myself out of the "on-call" rotation on the pager system. You're going to prosecute me for "causing chaos by leaving?" It took them all day Monday to sort it out! Surprise, after a power outage and a denial of service attack that the sysadmin spent all weekend fixing, it's quite lucky that's all it took!
Taking myself off the pager system when nobody else is on-call, is that the same as turning off the pager system altogether? I'm sure not obligated to hire and train my own replacement before I can leave (not without a contract anyway, and most certainly not when you just terminated MY boss and only backup without notice.)
If your backup systems' daily transfer has a tendency to overload the fileserver that's running your company's internal shared drives and primary DNS? (for example only, wink -- but this is definitely a real thing that I personally dealt with) If this fault causes everything else to go down all at once some whole-number percent of the days that it runs... and the only way to fix it is for someone to walk into the server room and reset the right machine... is it better to leave that time-bomb ticking with nobody on-call, or should you leave a note for the next guy "ask for a bigger budget and a new backup server" and disarm the bomb? Personally, I'd disable the nightly backups in that case too.
Suppose you've tried training a resource to answer that page and nobody will pick up the task? I understand there's such a thing as malicious action, and deleting Wiki pages with important documentation on them might fall into that category. There's also such a thing as negligent inaction I suppose, but the more I read into this article, the more it sounds like a very familiar situation, and maybe the truth is closer to this employer would just like to hold their "key man" junior IT guy hostage, on-call 24/7 until the sale of the company goes through, when the new owners can cut his benefits.
