Path of YeahManager

clip_image002One of the main drivers for my professional life was my passion to do my job well (luckily, I’m quite lazy, or I would dominate the world by the time Winking smile )

While being an IT Pro I hadn’t any problem with it. The path is clear: MCP – MCSA – MCSE – one more MCSE – MVP – you’re toast. Since I became a manager the world turned to be a bit more complex. what do you do to make your job better? How to stay on top? what are the general principles? What are the criteria? It seems absolutely clear what you have to do to be SharePoint infrastructure Guru: TechNet, MSDN, hands-on labs, several years of doing stuff, somewhat good knowledge of nearing fields (IIS, .NET, networking, HA clastering, NLB/HLB, AD, PKI, you name it). You can do it? Your services get several 99.99% of uptime? Well, let’s go speak about it on TechEd or just get your respect and other money.

The list to study for a manager is large too, still (I believe so) is finite. However, what will tell you if you are a good one? What principles one have to set for himself so that not to turn into stinker?

I’m not a Guru, who comprehended everything, I’m not able to answer all the questions. But I know the way! found some high-level description what should be a good manager from my point of view. In 2010 some Harvard MBA students apparently were concerned with the same question I am, solved the problem when created MBA Oath. That’s the set of high-level high-level principles I think I have to share and follow. Some of them aren’t realizable on my current level just because I don’t have powers over them as a first line manager, but others can and will be part of my motto, backbone for my life and studies including this blog. As I find it tedious and boring to mention the Oath every time, I made up a fictional character: Yeah Manager. It’s such a guy, who is anxious about everything around, who tries and helps his organization to move forward, while coping with converting introversive IT Pros into the people who are loved and valued by this organization.

Here he is:

final 24.05.2014

I’m, obviously, no artist, but the picture will du for the time being (Yeah Manager isn’t always a perfectionist Winking smile). Probably, I’ll have it remade later.

Hello, new blog, that is =)

Junk and not so junk tasks

clip_image002One of the dev teams in my company used in their job so called junk tasks (well, they actually called them “doo-doo tasks” (the first picture was used to represent the tasks), but let it be junks ;) ). They were such small tasks one could do quickly. What is the result of a task quickly done? Right: increased happiness and motivation. Well, the task is done quickly too. The tasks queue was filled by a team lead, who regulated quantity of the junks in it, basing on some set of rules, from which we are now interested in one particular:

clip_image004

That is we have to limit such tasks. То есть количество таких задач должно быть ограничено. Moreover, developers have various stuff like agile and other waterfalls, which with the help of sprints help restrict tasks per minute. So, like it or not, you’ll have to do all of them. As a result you maintain focus, because the queue is finite (this itself is very important) and motivation doesn’t drop just because you don’t have a choice what to do right now.

Overall, in the world of developers there is if not happiness, then at least appearance of it. And what do we have in the world of IT Pro (system administrators and so on)? It’s easier to say what we don’t have:

1) There is no spoon SCRUM for sysadmins

2) There is an opinion that the task which can be done in 30 minutes NET time shouldn’t be done in 2 weeks. The only ground for the thought is “well… it is only half an hour, after all!!!”

3) The chart showing for how long your tasks are in your backlog looks as following:

clip_image006

Easy to understand that some tasks have no chance to be completed at all. BTW, a short quiz: what are the best candidates for this? ;)

As a result, while hard and not interesting tasks get themselves into “more than month” category, quantity of such small and pleasant tasks potentially infinite. And sure as hell, some of the projects are way behind the schedule.

Are there any ways to save chance to pick up a small and easy task between hard ones without postponing the latter forever? Here is what I found out yet:

1) To put some restriction on tasks. Alternatives:

a. Rely on the worker ability to follow this path.

b. Real restriction: quantity of small tasks not more than X% from the overall quantity.

c. Another real restriction: we accept only some amount of tasks. As for other tasks… Come to us in a week =)

2) Don’t get it into your head. After all, tasks are being done, reports are written. As for the not-done-in-time projects… Well, look how much work we have: we just don’t have enough resources.

3) Do everything in the order it came into your backlog (FIFO, if you know what I mean). Don’t allow priority change in some time window (say, a week) no matter what. Of course, we don’t speak about incidents.

4) Consider some types of tasks of more priority than others. That is if we have such a task in the backlog, we don’t do others. It’s actually a variation of 1b, but with floating percentage.

I believe I haven’t found all the variants. Do you have any?

Later we’ll speak about pros and cons of the above.

Books which changed my life

clip_image002Not only mine, actually. I read many different books. Sometimes it’s real junk, sometimes it’s something very clever. It happens that the book changes my opinion on the book itself (Don Quixote turned out to be quite sad book and Moomintrolls can be source of citation for many life occurrences) or changes/throws doubts upon some particular aspect of my life.

For the last several years I’ve read only two books which influenced my life and behavior. I won’t recommend reading them, so that you don’t think I’m advertising anything ;) I’ll just tell you what they mean for me and some other people.

The first book is David Allen’s “Getting Things Done”. I started reading it when I just had started managing my group and besides my usual mail flow I was hit with nine more. Time zipped away, the head was about to blow because of information flow, tasks and necessity to control all of it. The situation was quite dire: I had to change or just give up and return to system administration. That was when I invented and adopted several tricks which slightly improved the situation and… someone suddenly gave out the book. It turned out that I already got about 30% of the tools mentioned in it (It’s, BTW, my definition of a good book: it’s good, if you had had to invent considerable part of the tools described in the book). From the remaining 70% I implemented about half, using the book as guide and about 10% picked up after one of the recent trainings. As a result, empty Inbox, couple of my own know-hows and Allen’s system gives me everything I need now to be cool and as productive as my laziness allows me ;)

My coach advised me to read the second book, which led to changes in my approach to the management of my team. Well, changes were brewing and I, again, had “invented” some of them, but hadn’t implemented them, because I was too hesitant: everything inside me screamed “It won’t work!!!” The book triggered the chain of changes: I shrugged off all doubts and decided to experiment. The result was rated high both by me and my team. I have now much more time and stopped wasting my time. My guys achieved greater freedom and space for creativity. I’m talking, of course, about Daniel Pink’s “Drive”.

As I told you previously, I don’t recommend read them. But if you are a fan to implement some counterproductive process for your employees or you have gazillion started tasks and 1500 emails in your inbox… Well, what you lose? =)

MVP: No more

MVP_Horizontal_BlackOnlyAlas, everything has its end. 2013 didn’t host TechEd Russia, I didn’t participate in MCP Club activities and even my own blog has been neglected. the result is obvious: I’m not an MVP anymore. 

Nevertheless, that were terrific 7 years. I hope I’ve helped many people. I am absolutely sure I came to know many great people and even hired some of them Winking smile 

But… As I’ve been a manager for a brilliant team of IT Pros, it’s plain contra-indicative for me to make something with my hands (my experience prove this), but it’s positively good for me to think and learn about management.

That is the blog will lean more to the management side with the lapse of time. Technical posts will appear from time to time (with tag, say, Technical), but they probably won’t make the most of the blog. So, you can leave if you want, but… Well… Stay, what if I say something clever? =)

Anyway, thanks for your support during all these years.

Myths #3: Give without giving

no giftOne more mystery for me: how give everything without giving everything. This is exactly the question I see very often in various forums and other places. This is the question I hear personally from time to time. It can be in asked in several forms, the most frequent forms are:

1) How can I give a user local admin rights and be sure that they cannot do <put your own stuff here>?

2) How can I restrict my domain admin from accessing the <your very valuable information>?

Naturally, at this point I start boiling and all that stuff, but let’s look at it again.

Well, granting the user administrative rights in a system is going to give them administrative rights: that’s the point. And any administrative access means that the user can do everything. What it cannot do right now, they can grant themselves rights to do. Period.

In first case you can only audit the user’s actions, that’s all, you can do. Moreover, the audit collection and processing must be done on a remote system, which is not accessible (let alone administered) by the user in question. Any other variant, like granting local admin rights, but denying access to some aspects of the system… It just won’t work.

The second case is a bit more complicated, because system we are discussing are usually more distributed. However, even in such occurrence, you can do not much more then in previous one. Again: strict audit with no chances for the admin to tamper with it. The only exclusion for that rule is if you build the system, which, say, encrypts the data and which is not governed by the domain admin. But this is tricky, especially, considering the fact, that the admin can get the data from the computer of the user which decipher the data to work with it (pass-the-hash, or any other attack is possible if he has administrative access to any part of the “secure system”).

Therefore, really, only audit for critical data, including audit of access to backup and restore system.

Any other ideas?

#RutechEd: Answering the questions, part II

imageAt last, two remaining questions to be answered.

1) One of the attendees of the hands-on lab on Dynamic Access Control had read that a normal user (without administrative permissions) can classify files and folders. However, he hadn’t succeeded in achieving it. Here is what I tried and understood:

i. Any user cannot change classification via explorer remotely (or at least I failed to achieve this).

ii. Any user, which has full permissions on files can edit classification locally, e.g. from TS session.

As far as I can understand, the “non-administrative user can edit it” part was related to automated toolkits, which don’t need now to be run under administrative account.

2) And the last question was: can we use Orchestrator to manage classifications?

I’ve asked one of my friends, who specializes in Orchestrator, and here is what he answered me:

“i. Orchestrator can do everything that you can do in any other fashion with, say, PoSh.

ii. I bet there is more standard way to do it.

iii. It’s definitely better to use Data Classification Toolkit: Orchestrator will be a bottleneck if we have many files.”

So, the answer is “yes, but definitely not the best tool”