New Rules From IT Dept.

As luck would have it, our IT department now issues laptops to everyone with a corporate imaged hard drive. I am a "user" but have no administrator rights. The maintenance department buys all the programming software out of our budget, so we don't get IT support for installing software. When you run AB software like Logix 500, 5000 and Logix5, does the software write to any Windows system files? Only administrators can change system files now. I can't even load any software not approved by our IT department. I know why they do it but they aren't here in the middle of the night when the plant is shut down from a faulted processor.I could go on and on about IT but they are here to stay.

we have corp issued thinkpads at work and i have had no issues instaling or using any AB software or wonderware on it with user rites in the year + i have been working here.

☯

Thanks fellow Hawkeye fan. We have a huge project coming up and we are still being assimilated by our larger parent company. We split off from them years ago and now they bought us back. I requested that they leave my laptop until the very last conversion until our project is over. Fear of the unknown I guess.

one of my customers had the same problem and here's how he handled it ...

the next time the machines went down, he tried all of the steps he could think of to get online with the PLC ... at each step of the way, he would grab a screen shot of each of the error messages that popped up telling him: "You can't do that because you're not privileged enough." ... then he attached all of those screen shots to an email explaining why there had been no plant production all weekend – and sent it up the totem pole – with carbon copies to the IT guys ... he had no problems from then on ...

my old Sergeant Lawson in the Air Force used to say: "Life is like a giant clipboard full of little problems. The primary objective of life is to transfer problems out of your column – into somebody else's column."

my customer's well-documented "here's-what-I'm-running-into" email effectively transferred the computer access problem out of his column – and into the IT department's ...

final tip: once you get the software up and running, do NOT (I repeat: do NOT) fail to check each and every driver that you're ever going to need ... accessing the computer's communication ports is often "locked up" separately ... getting the software to "run" is just one step ... actually communicating with the PLC is another (and usually a BIG step at that) ... that's not the type of problem that you want to encounter at 3:00 o'clock in the morning ...

good luck with your problem ... you are NOT alone ...

Thanks Ron, that is a great idea. Like you said, communicating is half the battle. Each new laptop and OS has been a steep learning curve with AB software. We have old AB fixed I/O "bricks" that sometimes communicates and sometimes don't. I have come up with different tactics for using AB drivers and cables. Just like adjusting your old tv set rabbit ears. Stand on one foot and squeeze the tinfoil around it. I get nervous since our IT dept. is difficult to reach and slow to react.

spice_miner said:

.....I get nervous since our IT dept. is difficult to reach and slow to react.

Click to expand...

How familiar that sounds....

Ron's solution generally works well, shifting the blame, and often serves as a reminder to management that IT departments, even if they are contracted out, are just a cog in the machine, NOT the motive power.

Thanks Ron, that is a great idea.

Click to expand...

you're welcome – but (as I said) the idea wasn't originally mine ... I'm just passing it along for what it's worth ...

here's another highly effective approach that I've actually seen work firsthand ... even so, I doubt that it will work in many situations ...

several years ago I worked as "inside tech support" for a local Allen-Bradley distributor ... one of our customers bought copies of RSLogix5 and RSLogix500 for his IT-issued laptop ... this guy was a "seasoned" engineer extremely well-versed in computers – and with all of their good-and-evil manifestations ... he tried unsuccessfully for almost a full eight-hour workday to load the $%!#%#@ software (his words, not mine) ... and then he called me up raising Cain because the disks "must be defective" ... I invited him to bring in his gear the next morning and I'd load the software from our distributor disks if necessary ...

naturally it turned out that the problem wasn't with the disks at all ... the engineer had been awarded some type of "Power User" status on the computer – but not the super-secret privileges reserved only for the high priests of the IT department ... needless to say, I couldn't get the software loaded either ...

now to the solution ...

he brought all of the gear back in the next morning – but this time he had one of the IT department guys in tow ... this was a barely-twenty-something kid with an obvious attitude problem ... the engineer and I politely averted our gaze while the kid typed his Administrator password into the laptop ... even so, I noticed from the corner of my eye that he pointedly angled his body between us and the keyboard – just to make doubly-sure that we (the unworthy) would have absolutely no chance of divining the coveted shibboleth of his exalted office ...

of course once he had unlocked the sanctum-sanctorum for us, we had the software up and running in just a few minutes ... then I proceeded to test out all of the drivers and the communications ports with various PLCs in my lab ... all was working perfectly ...

then we had the kid sign himself out – and let the engineer sign in using his "very-high-yet-still-less-than-administrator" password ... naturally nothing worked correctly anymore - particularly in the "changing communications drivers" area where we never even got NEAR first base ...

the engineer called me up a few days later and apologized for his earlier behavior ... he had gotten everything straightened out by going directly back to the plant and conducting a lively little "show and tell" demonstration right on his supervisor's desk – with the young IT guy standing right there ...

anyway ... I know firsthand that this solution can indeed work – but as I said earlier I doubt that it will work in many situations ... the key was that this senior engineer had enough "pull" back at the plant to force the issue – and to go head-to-head with the "powers that be" ... most maintenance technicians don't have that type of horsepower ...

our IT dept. is difficult to reach and slow to react.

Click to expand...

in my opinion, THAT is a "management" problem – and not something for the frontline troops to be tackling while the production machinery is shut down ... the issue is making the managers aware of the problem – and aware of its potential for negatively impacting the company's bottom-line ... once the inevitable dust settles, you don't want to get caught with the managers asking: "If you KNEW this was going on, why didn't you tell us about it so that we could fix it?" ...

so communicate – and document ... you (probably) don't have to be adversarial about it – but you need to let someone upstairs know what's going on ...

I requested that they leave my laptop until the very last conversion until our project is over. Fear of the unknown I guess.

Click to expand...

I consider your "fear" to be a well-placed reaction - brought on by the basic instinct to survive in a hostile environment ...

I agree that the best solution is to work with the IT department, but when they're too bullheaded to recognize that regular users have legitimate needs to administrative privileges there is another way. You need to get approval to purchase a "PLC Programmer" instead of a computer. The fact that the "PLC Programmer" carries the same part number as your favorite model laptop is strictly coincidence.

Unlike computers which must be vetted by the IT department, a PLC Programmer is simply another tool, similar to a new Fluke meter.

ah! ... the old "plain brown wrapper" trick ...

Greetings Steve ...

your suggestion to "purchase a PLC Programmer" instead of a computer is (or at least it was) a great idea – and one that I myself used to propose – as shown in this link from days gone by ...

http://www.plctalk.net/qanda/showthread.php?p=42158&postcount=11

I've since quit recommending it – because recently it seems that every plant large enough to have IT concerns has started keeping their PLC project files on the corporate file server ... this (in theory at least) makes the latest file versions "available to everybody" ... in practice it makes them available only to computers with "permissions" to access the corporate network ...

case in point: I've been called in once or twice to help troubleshoot a PLC problem – but was unable to bring up the program's documentation ...

me: "I'll need your project file." ...
them: "That's stored on our file server." ...

guess what ... my non-corporate laptop can't access the company network ...

me: "OK, let's use your laptop instead." ...
them: "Sorry. We dropped ours yesterday. That's one of the main reasons we called you for help." ...

been there – done that ...

so the old "call it a PLC Programmer" trick used to be a good one (in fact, it was one of my personal favorites) – but I'm afraid that it has very limited chance of working in most sizable plants nowadays ... since it's probably going to need access to the company network, it's not likely you'll be able to bypass the IT department the way we used to back in the good old "program-on-a-floppy-disk" days ...

Unlike computers which must be vetted by the IT department, a PLC Programmer is simply another tool, similar to a new Fluke meter.

Click to expand...

now that is a PERFECTLY VALID point – and one that should be (respectfully) made clear to the "higher ups" ... specifically:

the company has invested about $2,000 for a computer - PLUS
about $8,000 worth of RSLogix5, 500, and 5000 software - PLUS
maybe $1,500 for assorted communications cables – PLUS
quite probably around $4,000 worth of PLC training and related travel expenses ...

all of this money has been invested in a "tool" which is now totally unusable – simply because the corporate policies allow the "tool" to be "locked up" by the IT department's rules and regulations ... if the corporate management is "OK" with this arrangement, then so be it ... chances are that they've just never had it laid out in stark terms this way for their diligent consideration ...

and so we're right back to "communication" again ... personally I keep coming back to that "grab a screen shot" idea ... it's hard for anyone to argue with actual pictures of all of those various error messages ...



and to daba's comment:

Ron's solution generally works well, shifting the blame,

Click to expand...

apparently you've misunderstood – so I apologize that I didn't make my point more clear ... my suggestion wasn't to "shift the blame" – but rather to "transfer the problem" - to where it rightfully belongs ...

(1) I'm sure that we all agree that there IS a "problem" here ... and

(2) I'm sure that we all agree that the problem is NOT with the maintenance technicians who are trying to make proper use of the computer ...

so if we can stipulate to those two points, then the solution to the problem becomes bringing the problem to the attention of those who are in a position to correct it ... that would be either:

(1) the IT department (if they are reasonable) – or

(2) the corporate management (if the IT department is unreasonable) ...

that was my point, and again, I'm sorry if my earlier post didn't make that point clearly enough ...

I also want to add that not all IT departments are adversarial and hard to deal with ... many (most?) of them are more than willing to work out a solution to keep things going smoothly ... anyone who works in such a situation should rejoice and be truly thankful ...

then again, ideal situations like that don't usually end up being discussed on the forums ... usually the only ones that we hear about are the horror stories – with requests for advice on how to deal with the relatively few individuals who give IT departments in general a bad reputation ...

spice_miner said:

As luck would have it, our IT department now issues laptops to everyone with a corporate imaged hard drive. I am a "user" but have no administrator rights. The maintenance department buys all the programming software out of our budget, so we don't get IT support for installing software. When you run AB software like Logix 500, 5000 and Logix5, does the software write to any Windows system files? Only administrators can change system files now. I can't even load any software not approved by our IT department. I know why they do it but they aren't here in the middle of the night when the plant is shut down from a faulted processor.I could go on and on about IT but they are here to stay.

Click to expand...

Yep... test everything thoroughly, and make sure that both management and IT are aware of any problems you might find.... I would even highlight that there may be other problems, that may arise that are impossible to find in testing. If the machine goes down, and you have to wait on IT to come and unlock the computer, then make sure you or your supervisor document that as well... You won't have this problem for long.

-Brian

The company I work for has a means of assigning an administrator account to those who need it. This is the way I manage around the issues of needing to load software not supported by IT.

In addition, we have strict policies on what we can and cannot load onto our computers - and they do check. And please, pay attention to licensing.

I really shouldn't have started reading this thread, it makes my blood boil, IT departments taking useful tools and turning them into bricks.

Speaking of bricks, here is an example, a local brick making company wanted to log the temperature of bricks during testing. Getting the logger was no problem but they weren't allowed to install the software that retrieves the data and IT only visited site once a year. They ended up paying me to go to site to get the data. Of course once I got the data I couldn't email it to them because it violated their email policy, so I had to go back to site with my laptop so they could view the data. This was a tool to help them make better bricks, but IT stopped them from using it effectively.

A multinational chemical company I deal with, occasionally ask for software updates which I am happy to do, except that I can't email the files to them, and even if I could email them to them they can't have the software to install them on a machine. The engineers have ended up with their own laptops that they actually do the work on and the company laptop that the use to access the company intranet. They have personal email addresses to talk to most people and their work email addresses that they use to talk to their bosses. For one urgent upgrade I telephoned the IT department to see If I could get it to an engineer, you could hear his head spinning around when I said I wanted to email a 'Program', "emailing of programs is prohibited", he couldn't understand that the 'program' in question had nothing to do with 'computer programs'. And finally we have no way for them to store PLC and HMI programs that I write for their machines on their local PCs or central server, so I am their only record of work done, if I 'pop my clogs' prematurely they are totally screwed.

There really does have to be a better way for IT to work, to allow the rest of us to work effectively. At the moment they are killing the thing that gives them a job.

Rant over.

Bryan

I feel your woes I had some head butting with our IT dept a few years back in some of the software I needed. I changed their tune by repeatably saying "Well yes I can fix it get IT to allow me to install my software without hassle (administrative rights) and I can have that fixed in 15 minutes. " After losing 2 weeks worth or production they finally allowed me to install my own software upon need provided its licensed by the company.

^ Oakley - We have the same policy in place. My dept head just fills out a sheet once a year that allows my dept to be local admins.

And having come from the IT side, The reason this started in large part is something else Oakley mentioned.

Software Licensing.
We are the WORST offenders(We being IT/Process Control/Engineers/Tech Types) in this. I know because for my sins I handle our Software Licensing compliance for the machines here.

Check the licenses on everything you want to install. A LOT of 'freeware' isn't free in a corporate enviroment. Demo software shouldn't be lefton your machine past the demo point.. Don't use WinRAR for 3 years w/out buying it eh?

Be proactive...

My plan of attack has always been:

Have a rationale talk with IT and explain the fallout that WILL occur if you do not have administrator rights (you should only need local administrator to the PC, not the overall network's administrator password, you do not want to be a fall guy if the network crashes). Make sure they know they will be getting the 2:00 AM call to fix the machine because you will be powerless. If they don't want to be team players, it's time to play hard ball:

Talk with who will feel the most pain when production shuts down (Plant Manager?). Explain the situation with IT's policy and what it will mean to the bottom line WHEN you can not fix the machine.

Either way, document this with appropriate CYA emails and you will get access or at least be able to say "I told you so" when the inquisition occurs after the "incident".