We were going to move a server one evening and we told the head of IT ahead of time we needed to move it at 6. He agrees.
At 5:45 we roll into the server room area and he has gone home for the evening. Server room is locked.
Someone as a Hail Mary asks building security, and they surprise us by saying of course we have keys. So they come in and try the doors (the server room had been expanded to fill several offices, so there were 3 doors). No luck with any of them. Which upset the security person because they were supposed to have keys.
So security wanders off before we start trying to jimmy the locks, and it turns out that the middle door accepts Mastercard. It was never mentioned again and the IT dude never asked (which he should have, really).
I don't know that I'd play it the same today. Back doors are put in or tolerated primarily because of fear of, or the reality that, someone isn't doing their job or some group is making a power grab (or typically, both). It costs political capital to call someone out on that but the alternative is to have people lying (even by omission) about known security issues with the system or facilities.
Personally, I'd rather have a couple people who have credentials or keys they are sworn 'never to use', except in extraordinary circumstances.
At 5:45 we roll into the server room area and he has gone home for the evening. Server room is locked.
Someone as a Hail Mary asks building security, and they surprise us by saying of course we have keys. So they come in and try the doors (the server room had been expanded to fill several offices, so there were 3 doors). No luck with any of them. Which upset the security person because they were supposed to have keys.
So security wanders off before we start trying to jimmy the locks, and it turns out that the middle door accepts Mastercard. It was never mentioned again and the IT dude never asked (which he should have, really).
I don't know that I'd play it the same today. Back doors are put in or tolerated primarily because of fear of, or the reality that, someone isn't doing their job or some group is making a power grab (or typically, both). It costs political capital to call someone out on that but the alternative is to have people lying (even by omission) about known security issues with the system or facilities.
Personally, I'd rather have a couple people who have credentials or keys they are sworn 'never to use', except in extraordinary circumstances.