Certified Mail

Readers chime in on salary surveys; exam-testing skills; licensing; and exerting buying influence.

• By MCP Magazine Readers
• 10/01/2002

Where Can I Get That Salary?
After reading “Income Conundrum” in the August issue’s Editor’s Desk, I have to ask: What about those who have very little experience and the lowest-level certifications, yet make loads of dough? Donald Top has an MCP, three years in IT and is making $60,000; Edward Bailey is an MCSE with 2.5 years in IT and making $56,000. Is this a joke? Are their employers clueless or something else? I’m paid about as much as Brad Blauvelt (under $40,000) but with an MCP, MCSE, CCNA and 10 years in IT.

So, what’s wrong with Brad and me? I’m not severely under compensated, but I just want to know how these guys could earn so much yet have such little experience.
—Edward Diaz, MCP, MCSE, CCNA
Monterey, California

While I wish your salary survey figures were correct, they seem to be quite different than what I am being told here in the greater Los Angeles area. I am a Novell CNE and Microsoft MCP (NT 4.0 workstation) with six years supporting both Novell and Microsoft networks and a variety of Microsoft desktop OSes. I also have an MBA degree. Having been unable to find a job I returned to school to take classes to eventually attain my MCSE. While I had a base salary of $50,000 as a LAN Support Specialist, I am now being told I will do well to find a position in the mid- to upper-$30,000s in Los Angeles. I have sent out resumes and gone to job fairs with no interviews offered thus far. At a job fair sponsored by the Los Angeles Times, I was told by one recruiter that 80 percent of the resumes she received were seeking information technology positions, and they were really only looking for sales personnel. There are too many people looking for too few positions. I have friends in the same position.

If you had sent me a salary survey I wouldn't have responded — how does an unemployed person respond in times like these? A survey of MCPs and CNEs that starts out with the question: "Are you currently working full time?" might get a better response. Those who have continued to work for the same company over the last several years may still make a good salary, but those of us who have been laid off see a much different picture. Hopefully you will take this into account in a follow-up survey and article. Perhaps an article that includes a statistic for how long you have been in your current position, or how long have you been unemployed might show a more accurate picture. I will look forward to reading it.
—Richard Boehle, MCP, CNE

Single Login for Multiple Users
I have a Windows 2000 AD domain with about 15 NT 4.0 workstations that are essentially sound mixing appliances. Our engineering department wants to connect all of them to the network in order to access a file server, but they don’t want the inconvenience of logging in individually with their regular user accounts. I’ve tried to explain the ramifications of using a single account for multiple users, but political forces are overriding my objections. I’ve thought about creating a local “Eng” account on each workstation with a single, synchronized password so that at least the SIDs would be different, but the whole situation is an auditing nightmare that violates the basic tenets of security. What are some options for satisfying the engineers’ demands while minimizing the security risk?
—Jacob E. Balser, MSCE, MCP+I, A+
San Rafael, California

First, you need to ask: What files are the engineers accessing on the server? If the files needed aren’t security risks and you’re willing to lock down that engineer account so all it can do is access these files, then you can minimize the risk. Similar things are done when shop floor workers need simple access like looking up a bin location for a part. You use one account, then lock down the machine and lock the account so it can only perform one function. Or, maybe the answer is to locate a file server on a network only they can access.
   Also, you need to think about the ramifications for their systems on your network. What could someone else do on your network if these machines are connected? Could they damage these machines, steal data, change configurations or shut them down? You now need to lock down these machines. Does this now give the users Internet access? Think: viruses, worms, Trojans and other system misuse.
   Yes, having one account used by more than one person is a security risk because there’s no accountability. But, remember the other tenet: Risk analysis tells you where to concentrate your security efforts. You can still audit the use of that account, but perhaps make an arrangement up front on how the account may be used and the process for removing this privilege and moving to separate accounts should it be abused. It becomes too difficult to secure the rest of your network otherwise.
—Roberta Bragg

Unpopular Moves
When Microsoft testers started writing trick questions because too many people were passing exams, I decided it wasn’t worth the price anymore. All the mumbo-jumbo about “value” was really about “test-taking skills.” Microsoft has changed its software so often that I don’t bother to memorize how-tos anymore; I just meander through the options and find something that looks like it might work. This seems to be an OK way to function, as long as you know what you’re trying to do.

Now it’s a challenge to replace any Microsoft products with a Linux substitute and make it user-friendly enough to be accepted. Why? Because Microsoft became the software police, and I can’t take the chance that my customers might not be in total compliance with the ever-changing licensing programs.

I welcome the attempts MCP Magazine has made to try to frame issues with Microsoft products in a broader context, and I hope you will expand these efforts. Whenever Microsoft twists a standard to their own advantage and blows smoke over the differences, we all suffer.
—Robin McCain, MCP
San Francisco, California

Understand Licensing and Save a Bundle
I helped save my company $48,060 by keeping them informed of an upcoming upgrade release of a product they were already using in production and taking advantage of Microsoft’s new implementation of Licensing 6.0.

I work as an IT consultant doing contract work. One of the projects I’ve been involved with is the implementation of Microsoft Project 2000 in a collaborative environment using SQL Server for storing projects and Project Central as a Web-based interface to view those projects. Microsoft Project 2002 in all its new flavors (Standard, Professional, Server and Web-Access) was recently launched. Knowing that my company will eventually want to take advantage of the new enterprise features, I set out to fully understand how Licensing 6.0 would affect the cost of upgrading our currently installed base of licensed MS Project users.

I couldn’t have done this on my own. I employed the help of reps from both Microsoft and our software vendor.

I finally came up with a presentation that the “check-signers” could easily understand, and a purchase order was made. Now comes the fun part of migrating.
—Robert B. Zane, MCSE+I
Plano, Texas

Too Many Admins Spoil the Soup
I’m an IT security officer responsible for managing my company’s security policy and strategy. We have a Microsoft Competency Center that safeguards our Active Directory environment and have a problem with an overabundance of administrators. How can I regularly run a report that lists the membership of important groups, such as administrators, without having administrator rights myself? We’re losing control with too many admins in the system, and we have service accounts to which the admins may have password access.
—Ravin Jugdav
Cape Town, South Africa

I’d suggest using a tool. A free one is dumpsec, www.somarsoft.com, and it’s useful for security officers, auditors and administrators. All tools require an administrator to run it; you wouldn’t want just anyone to discover this kind of information. However, this should be run periodically as part of an audit. An administrator can run it and place the reports where you, as security officer, can review them. This way, you’ve also kept your separation of duties (security should proscribe and enforce, but not implement) and your ability to review. But what will that review do if you don’t have authority to reduce the number of admins? There must be some overview of the whole picture, including risk analysis.
   As to the admins knowing the service account passwords, someone has to maintain and change them. But they shouldn’t be widely known or used for logon. Sounds like you have an immense chore ahead of you. Good luck.
—Roberta Bragg

Working Under the Influence
Dian Schaffhauser’s July Editor’s Desk, “The Influencer,” got me. Every week, articles are published in the magazines of our trade detailing the exploits of CTOs and CIOs. These articles describe how these people seemingly change their entire operations single-handedly. Being a networking professional for almost 10 years, I know that this isn’t the way the IS world works. There’s a possibility that at some company somewhere, a CIO is doing the work of a full IS staff. He or she is evaluating problems, discerning solutions, proposing options, purchasing and finally deploying the necessary products or services to solve his or her problem. This isn’t likely in the real world. In most companies I’ve seen (including my own), there’s a hierarchy of support staff who provide the information necessary for the CIO/CTO/Director to make informed decisions. Without the research, experience and knowledge of these staff members, good decisions wouldn’t be made. According to your article, manufacturers want to direct their attention to the CTOs. Why? So that when an experienced Microsoft junkie proposes the right products to solve the company’s problem, the CTO can recognize the product from a magazine? What’s the value in that? Hopefully, we’ll someday value the talents at all levels of IS, and manufacturers will correctly identify where the real purchasing power exists—in the trenches.
—Paul Beasley, MCSE
Plymouth, Minnesota

Frankly, I bypass quite a bit of the certification stuff. I've hit it so hard for so long, I feel I need a break. But when I read your magazine, I really look forward to the in-depth technical articles you publish. Your magazine not only helps Microsoft toot their own horn, but holds them accountable for their screw-ups as well. We all know it's a great product line, but just like everything else, it can use improvements; you're not afraid to tell it straight. MCP Magazine is wonderful at exploring new tools and technologies as well as occasionally taking us all back to basics to remind us of the power of the old tools we seem to forget. You're innovative and cutting edge, and any vendor foolish enough to advertise to the Cs instead of to the masses in the trenches is led by fools and shouldn't be in business in the first place.
—Earl Grylls, MCSE, A+
Arvada, Colorado

I'm an MCSE working for a multinational company, and am finishing up a Windows 2000/AD/SMS/Exchange rollout. There isn't a router, server, desktop, laptop or software package that my team doesn't select, test and approve, then roll out. The "C" levels want e-mail, not Exchange; they want virus protection, not McAfee; fast, light laptops, not Toshiba 9100s; color printers, not HP 4500s. We select the equipment, set the standards, get the quotes and purchase. If it's big and we're initiating it, we do the business case and prove that it's needed.
— David Bratton, MCSE
Denver, Colorado

It isn't the "C" leader of the IT staff buying the product in most cases. Rather, it's the IT folks in the trenches running the day-to-day systems and networks, and not tied up in executive meetings during a good portion of the day. These folks troubleshoot the problems, identify the sources, look for solutions and make recommendations to buy or, in fact, do the buying. The Cx's task ought be to support the needs of the staff, whose responsibility is to support the needs of the users, whose tasks are to support the needs of the organization. Seems simple enough. However, it all depends on the management style and effectiveness of the C. I'm a strong supporter of an inverted management style, in contrast to most in use today. Who better understands the problem than the person who dealing with it hands-on?

My perception of a manager is the person who guides, coaches and relies on their staff to do the job; that means supporting those under their responsibility. Whether or not you support participative management, traditional 1950s management or leadership management, the fact is that the real evaluator of solutions is the IT staffer in the field.
—Ron Houle, MCSE, MCT, MCP, CVA, CNA, Net+
Brainerd, Minnesota

You're right on track with the July editorial. Our CTO has so many responsibilities that he doesn't have time to research products and software. He depends on us, the IT department, for this. We do the research, download and test the demos, then write up the POs for him to sign. That's probably how it's done in other companies as well.
—Brad Holloway
Los Angeles, California

There's a disturbing thing I've noticed that may be a factor in limiting the influence of technical professionals. I first noticed this in the owner of a software development company I worked for and, since starting my own software development firm, have seen repeatedly in non-technical people who manage technical staffs.

I've seen an apparent distrust or suspicion of technical people that leads non-technical IT managers to tend to discount the recommendations and opinions of their staff. I first thought it was just one boss I had, but I've seen it among so many clients that I'm suspecting it isn't unusual.

What I think is happening is that technical people enjoy what they do, and unfortunately, they show it. They take delight in applying new technologies and solving problems. The non-technical managers see this, and not understanding exactly what we do, interpret our "solutions" simply as a request for new toys to play with. My cynical side sometimes thinks that people who may not particularly enjoy their work assume anyone who does isn't really working and any recommendations they make are merely to further their enjoyment rather than provide value to the organization. What these non-technical managers often do know are the buzzwords that repeatedly show up in the trade press, and in an attempt to control the process (rather than letting all of those geeks have any more fun), will suggest or request specific technologies to solve problems. As a result, we find ourselves trying to make our solutions "buzzword compliant," rather than putting together the appropriate solutions.
—Steve Sawyer
Detroit, Michigan

You nailed it! We're the ones a company officer finds after a meeting and says he needs in his hip pocket. I am the influencer, and in most cases, buying decisions are left to me as well. I'm not a supervisor but rather a technologist (network architect). Most often, I'm the guy to whom the C-titles go and ask the tough questions about tactical and strategic network issues. I'll leave the politics and high-pressure stuff to the "directors." It's too much fun to evaluate vendors, test proof of concept, and play with the "toys" in the lab (affectionately named the sandbox). Vendors often forget who's really buying their products.
—Kevin A. Lanning, MCSE, CCNA, CCDA, CCSA, CCSE

I, too, have tired of eWeek, InfoWorld and the like. Who needs to know who is doing what with What's-His-Name, the CEO of a forgotten company. I need to know about people like me. I work for an IT outsourcing company, and am the network administrator for 26 smaller companies (5 to 30 users). This is a lot of fun, and no two days are ever the same. Our company has a niche market with Small Business Server. Some clients have multiple sites. Articles about the usefulness of terminal server, VPN appliances (Shiva box), Outlook Web Access and so on really make a difference in the services and level of service we can offer our clients. We've learned to use the software to its full capability. Any new hints tips, setup procedures that can be adapted and used in varying situations are always greatly appreciated.
—Douglas Coulter, A+, MCSE
Ottawa, Ontario

I'm a consultant for a large services organization. My division specializes in architecting Microsoft solutions. I read your column and agree 110 percent-we need to use our experience and education to influence corporate decision makers. However, I'm starting to believe this is impossible. Almost every project I go on is a logistical disaster. Most managers have their own agenda. I've been on projects to do "design reviews," only to find out that the manager wants to fire the local administrator and that's why he doesn't like the design. I've been placed on projects where management doesn't allow time for proper testing and piloting, only to find out that come deployment time, nothing works. My favorite is management wants to cram multiple CPU-intensive services on one server, even though it's argued that the server can't handle the load.

My belief is that Microsoft, through its MCSE program, has "graduated" several thousand MCSEs into the management ranks. Many of these folks don't understand the "hows" and "whys" of Microsoft network design. They simply believe networks can be slapped together like someone that uses duct tape on an old box. The sad truth is that the simplicity of use that Microsoft provides shrouds the details that need to be investigated when one does a Microsoft design. Yet, I am finding all too often that those in charge of these projects have little or no understanding of this, and that having an MCSE doesn't give me the respect I need to command attention to these details.

All in all, I believe my MCSE is no more than a base requirement, similar to a high school diploma. My CCIE counterparts don't have the same troubles when negotiating design strategies. I believe this a direct reflection of a poor certification program that provides the MCSE holder with little more than a card in their wallet stating they have completed a baseline requirement for work as a Microsoft professional. After 4-plus years as an MCSE, I still don't see any elevation of my or my co-workers status as true professionals whose opinions are valued.
—Michael Steinberg, MCSE
Houston, Texas

I've found that at my level, it doesn't pay to offer any insight to management because it won't help me; it may, however, help the manager who steals my ideas and then takes credit for them.

If things actually were made to work properly in the enterprise, it threatens my job as a contractor. We're the first to be laid off, even if our production is superior to the employees. Smoother-running networks mean fewer problems, less call volume and elimination of jobs. If I had it to do over again, I would've gone to law school. There's a service that knows how to get paid.
—Michael Ottinger, MCP
Columbus, Ohio