"Large" tech companies locking their customers in?

T

Thedog

Active Member
Reaction score
56
Hello,

I mostly do resedential / small business work. I have stumbled acrosss this two times:

Client 1: Had a typical home network setup, ie adsl modem, router and a wireless access point.They had bought a NAS and wanted help installing it. I plug it in and I cant find it on the network etc. The problem was that I could not access their router to see for example attached devices, because the other firm had password protected it. Anyway to make a long story short it was configured to ONLY give 7 ip's (they had 7 devices total before the nas). They didnt want me to reset it and I didnt either because I didnt know their configuration, for example if ports was open for exchange and so on.

Next time they call their daughter got a new computer and I say that they have to call the other firm. Just extendnig the DHCP range would be such a simple fix but that company did not give out the password they had configured and they had to come on-site for a large fee.


Client 2: He only had one laptop which he used both at his office and at home. It was restored to factory defaults by another company and put into a domain. This time it was the same issue with the router they had set up at home but I could reset this one and just set it up myself. However, I needed to install a printer but guess what? His account didnt have permission, this was his own computer. Basically it could not run any installers and so on, I have no idea why it would have been set up like this since it was mostly used at home. Maybe that company wanted him to pay everytime he bought some new device?

This guy is involved with a lot of different companies and want us to take over all support, I haven't said yes yet because I don't know how diffuse it would be to deal with all domains, different exchange servers and so on. Gonna have a meeting with him and one of his colleauges to see how things are structured today.


But anyway, have you guys experiences similiar issues? Personally I never change admin passwords on routers because I know the frustration when you cant access them and I see no point in protecting them since the network itself is protected. And I would never put any restrictions on someones personal computer.

SO how do you guys do and how do you deal with this issues? I think it's very bad manner to lock customers in like these firms have done.
 
Locking down a business PC is standard procedure. They may have thought that is was only for business use and so they did all that work to it to lock it down.

In all honesty, it sounds like they are running it as if it were an enterprise network. There is no more than X devices, then there is no need to issue more than X amount of IP addresses. Pretty much all corporate IT departments lockdown the computers on the network. However, the passwords and such information is the property of the client and they should only just have to call them up and ask for it without a fee. On the other hand, if I was managing a customer's network and they start asking me for passwords to change settings on their own or to have another tech do it, that limits my knowledge of the network. I can't walk in one day and see they added 5 computers as it compromises the other computers on the network that I am being paid to manage. Their company may get paid for managing 7 computers and do not want extra computers or devices added without them knowing. Which, again, is standard practice in the enterprise world and also can be part of a managed services contract.

As for passwords on routers, you should definately set them to something secure. No network is as secure as you think. Nevermind that you don't want random users changing the settings.
 
Last edited:
This was not an enterprise network... They had a home office, but they used their personal computers on it as well. For example they had a sonos system installed to it. So you mean that as a tech you should limit the DHCP range to the amount of computers on the network, not thinking that they might get another device that uses an ip address in the future? That sounds very strange.

If they should hack the admin interface on the router they would have to hack the network first and then if they changed settings in there wouldnt be the first thing to worry about if you see what I mean. Since the router can always be reseted and reconfigured, much worse if someone would steal files etc.

As to the other laptop that didnt have administrator account I could see the reason to lock it down if he was an employee and the computer wasn't owned by him. This was his own laptop and he paid them for support, for example configuring his exchange mail. He isn't an employee, rather he is the owner of several businesses. Maybe it's just that simple that they didn't know the use of this computer because it's kind of ironic if he buys a 50$ printer and has to pay 150$ for the installation of it just because he can't run the installer. It was off-site techs that locked it down no IT-department at a company so to speak.
 
Sounds like they are under a contract. I don't know that I would limit IP addresses ona client's machine, but I might lock down the router if it was my client. If I'm being paid to maintain it, I don't want anyone else messing around with the settings so that I know what the settings are without a doubt. If he is going to be done with that other company and their contract is over, there should be no problem with him getting ahold of that company and getting the password. He just needs to let them know that he is not renewing the contract, or is terminating it.
 
Yeah, I agree if its a contract thing. But the question is if they are under contract why would they call me instead? Cause they have to pay me by the hour... Maybe I was just way out on conspiracy theories and most techs are actually nice indeed :D
 
They might be not be under contract now. It might have ended and are still being supported by that company, but just haven't renewed the contract. So the network settings are the same as they were when they were under contract.

Also, you might be right about your conspiracy theory :D . I've seen tech's do this just so they have to call them back out.
 
I can very well see this from the supporting company's point of view if they are a large firm. If I am a tech for that company then I will have certain guidelines for for setting up laptops and desktops.

If he brings me a new laptop and says "Hey I just bought this can you set it up for me?" I dont dont really care if he owns it or the business owns ... I just know that to meet the SLAs I have a specific way that I'm going to set this up especially if he is going to be plugging this box up to the WAN/LAN at any time to access exchange email. I probably wouldnt even think to ask him if it was primarily for home use or not.

This just sounds like standard procedure for security purposes.
 
This was not an enterprise network... They had a home office, but they used their personal computers on it as well. For example they had a sonos system installed to it.
Click to expand...

Doesn't matter the type of network or how large. The company they hired may have decided to run it that way because that is the "normal" way to manage a network.

So you mean that as a tech you should limit the DHCP range to the amount of computers on the network, not thinking that they might get another device that uses an ip address in the future? That sounds very strange.
Click to expand...

I would never do it and agree it is very strange. But, it lines up with controlling what is on the network and limiting unknown changes. Which is what I would want to do with my clients.

If they should hack the admin interface on the router they would have to hack the network first and then if they changed settings in there wouldnt be the first thing to worry about if you see what I mean. Since the router can always be reseted and reconfigured, much worse if someone would steal files etc.
Click to expand...

A hacked router will facilitate this even further. What if I got on your network and hacked the router to not show my IP address as being connected. Don't think it isn't possible either or not something to worry about. Not setting a password on a router is a very very bad administrative and security decision, no matter you reasons for not setting one. Many many destructive changes can be done without alerting anyone. Such as changing the DNS servers.

Lets say I change your DNS servers to point to one of my computers that does a man-in-the-middle attack on you and logs everything you do online? you would never notice a problem except every website has the same IP address, and I doubt you or anyone really pays attention to that.

As to the other laptop that didnt have administrator account I could see the reason to lock it down if he was an employee and the computer wasn't owned by him. This was his own laptop and he paid them for support, for example configuring his exchange mail. He isn't an employee, rather he is the owner of several businesses. Maybe it's just that simple that they didn't know the use of this computer because it's kind of ironic if he buys a 50$ printer and has to pay 150$ for the installation of it just because he can't run the installer. It was off-site techs that locked it down no IT-department at a company so to speak.
Click to expand...

As said above, this may have been mis-communication. They may have thought it was to be for business use and set it up as such.

Or, the company they hired were a bunch of idiots. It has happened before. It is even possible you are correct that they are trying to lock them in, I was just trying to tell you these problems you ran into could be considered standard practice.
 
I am constantly having to chase down old router passwords.

They almost always have to be reset. Its to bad that router company's don't have a procedure for just reseting the password.
 
When we ratioanlize CRAP like the OP found with these 2 companies under the "security" mantra, we're not helping anyone.

This is nothing but a money grab and there's no reason to help them. The owner of the systems should demand all passwords and configuration info. It's his - he paid for it.
 
stevenamills said:
When we ratioanlize CRAP like the OP found with these 2 companies under the "security" mantra, we're not helping anyone.

This is nothing but a money grab and there's no reason to help them. The owner of the systems should demand all passwords and configuration info. It's his - he paid for it.
Click to expand...

what?

I never said the company that did it should hold onto the passwords and configuration, they belong to the client. But how they configure it is up to them as it is what they are being paid to do.

But you tell me, seeing how you apparently know better, how would you secure a business network that is constantly changing without your knowledge? EVERYTHING he mentioned is done every single day in corporate America to protect the systems on the network. Yes, I understand it was a small company, but most managed companies treat every client as a large one. That's the point of managed IT, big business IT support without the price.

I don't think you ever worked somewhere with internal IT that locked down the systems. I have, and they did the same stuff. Users can not install anything or even update the software that is already on the computer. Bring in your own laptop and want to get online with it? Connecting it to the network would issue an IP address, but you never had access to anything and could not get on the internet. You would also have them investigating a new device that appeared on the network and they knew exactly where it connected. Bring in a USB flash drive? Oh hell no. Getting caught using one that was not specifically approved would get you in serious trouble. Call it stupid all you want, but it is fairly standard.
 
The question is whether there is a service agreement in place or not. If there is then that might be the reason the service company is holding onto the passwords, rather than the business owner. They are being paid to manage the network & while they don't own the logins, passwords, etc they hold on to them to ensure nothing is changed or compromised.

If there is no agreement, then the owner should demand that all copies of passwords, logins, changes, etc are given to him AND that he be notified any time settings, passwords, logins, etc are added/deleted/modified.

While this is the way I ran my IT departments and locked down sites, it is different, since the service company IS NOT a part of the company they are managed. A 3rd-party service company DOES NOT OWN the passwords, logins, etc. and they should be available to the owner.

While this might make us worried that changes could be made it doesn't matter. The owner should demand the information AND not be extorted to pay for the information.
 
You must log in or register to reply here.

Similar threads

britechguy
How do you advise executors (or those under their direction) with regard to computers of decedents?
Replies
3
Views
228
Blues
Blues
Sky-Knight
Politics... oy
Replies
9
Views
384
ThatPlace928
ThatPlace928
thecomputerguy
It's been a week.
Replies
11
Views
453
brandonkick
B
thecomputerguy
Client keeps contacting me over his identity theft...
Replies
11
Views
846
britechguy
britechguy
thecomputerguy
AutoCAD LT .... Egnyte, Vault, or in-house?
Replies
8
Views
361
Sky-Knight
Sky-Knight
Back
Top