We rushed over and got cracking -- shut down the network fabric, started working on individual PCs. Even then it took us a few minutes to see it because we're all working separate machines: Every user had the same domain password. Every single one. We gathered in the owner's office and ask the big "WTF?!?!" This wasn't how we left it.
It turned out they didn't like the $90 we charged (collectively) for the few folks who forgot their passwords. The owner told his assistant to put together a spreadsheet with everyone's password on it, in case anyone else ever forgot. She decided that was too much trouble, so she issued a memo telling everyone to use the same password -- which she would change every 60 days "to maintain security."
We didn't know whether to laugh or cry.
Fallout: Major security breach, server rebuilt from the ground up, and two customers who left and didn't come back.
Moral: There is, in fact, something more stupid than storing every employee's password in the same encrypted spreadsheet.
Stupid user trick No. 3: Routing trouble tickets through your teenager rather than ITIncident: Executives do the darnedest things -- especially those armed with a screwdriver and help desk advice from their kids, as one IT admin attests.
One evening, we're about to pack up to go home when the fire alarm sounds. We knew it isn't a scheduled drill, so we turned off the lights, grabbed our notebooks, and headed out. In the parking lot, the questions started circulating as to what happened.
We pieced it together: Smoke was coming out of one of the executive's offices, and he had pulled the alarm. The fire department arrived and headed in. The exec talked to the firemen, all the while pointing over at us. When he's done, he steamed over and started berating us for buying "those cheap, piece of s#!t PCs." They were brand-new Dells, so we were confused. But sure enough, the fire department camesout just a few minutes later and said that the PC in this joker's office caught fire -- a little.
They let us back in and we trooped up to the exec's office to check things out. It took us a while, but we noticed that the seal on the back of the PC was broken and some of the case screws were missing. These were new PCs, so we knew none of us have had to service the thing. We gave the exec the stink eye and asked whether he opened the PC. He hemmed and hawed, then got all indignant.
As it happened, his son was a "real computer whiz" and told him to make sure all the "connections were set" or he wouldn't get the best performance. The executive opened the PC and "saw all these wires that weren't attached, just tied off and hanging" and decided to hook them up "to all the right plugs." When he went to turn it on, the PC "couldn't handle a full load" and gave off a bang and a lot of smoke.