Recently discovered that Infosec has now mandated that all laptops have sleep disabled (the reason given is to be able to do endpoint patching). ¯\_(ツ)_/¯
So I'm faced with having to log out and power off every day or suck up the cost of keeping the laptop on. /r/maliciouscompliance, here I come I suppose.
Yeah, at a previous company, the IT team were complaining about users disabling powernap or shutting down laptops as it meant they wouldn't patch overnight.
But these laptops were in bags, the last thing I wanted was a mac to start a house fire by heating up in a bag, so fuck that.
Probably because with work at home there’s no WOL.
We disabled sleep to improve battery life and address a personal safety issue. There are many failure scenarios between various builds of Windows 10 and shitty drivers. Devices often wake up in bags and spin up fans until dead.
Normal scenario is that the battery is dead in the morning. In one case, it melted the compartment material in a bag and was deemed a safety hazard.
So now instead all devices can keep their fans on and melt compartment material bag as nobody would assume the device is that dumb to not sleep when closed. Much better.
>So I'm faced with having to log out and power off every day
When did this become a chore? I do this as standard and imo all people should. SSD Boot times these days are mostly under a minute and you get a fresh desktop every time.
EDIT: In fact I am one of the sysadmins which so many seem to despise on here. I have hybrid sleep and fast startup disabled by group policy on all my windows domain networks. It reduces so many support tickets by just actually having machines properly rebooted every night. Without this, people contact IT for glitches and bugs in their system, and when you look at the system uptime it is years!
I don't care about boot times but I do care about keeping state.
In addition to the obvious browser I typically have an IDE, a few terminal windows, email, a few communication clients (due to internal and customer choices, not mine), and usually one or two database clients open at most times. Some of those restore their state nicely while others don't. Some of the terminal windows have e.g. a particular set of terminals at certain directories because I need to keep track of and work on multiple source repos at the same time.
Starting all of those from scratch every day would indeed be a chore. Perhaps more importantly, having my desktop be the way I left it also automatically reminds me what I was doing and helps continue from where I was.
A fresh desktop every morning would be a misfeature for me and would annoy and frustrate me immensely if forced on me.
I do of course reboot now and then for system updates etc., and I don't mind that.
There might be a decent rationale for forcing a reboot or disabling sleep on non-tech office devices if the staff are technically unskilled, but this is HN, so it's not much of a surprise if people aren't keen.
Seconded. My working state is crucial and keeps me on track. For someone with ADD, needing to overcome the inertia of setting up all my apps just the way I left them every single day would be catastrophic for my productivity. I refuse to reboot more than once a month, and only then if an OS update requires it.
The year is $CURRENT_YEAR, needing to reboot a system should be regarded as a last resort and a relic of the past. No matter how much effort you dump into making apps remember their state when they're closed, it will always be strictly inferior to just dumping RAM to disk.
Because I have visual studio open, a solution loaded and organized with all the files I need for this sprint, SSMS with the servers all connected that I need, all my tabs open to see my jira board, support tickets, etc, a notepad doc i was using to take notes on a phone call, my ssh key loaded into pageant, and if my computer reboots, i'm going to forget half of that when it starts back up and lose 30+ minutes trying to get set up again the next day.
edit: i would legitimately quit a company that made me reboot every single night.
In our network there are no developers. That would be a different usecase which would require different policies.
All tools required by staff are online and autosave everything.
This in fact is another reason why proper restarts are enforced nightly, as most browsers with multiple tabs of heavy web apps start misbehaving very quickly. Forcing a nightly shutdown of browsers is an added bonus of proper shutdowns.
Be aware I am in a corporate environment, with all non technical users, and all services online.
Ok - that makes sense. Obviously being on the dev side of things, I've never worked for a company that didn't have devs (and admins, devops, etc). Sounds like it definitely works in your case.
> I have hybrid sleep and fast startup disabled by group policy
I guess I'll have to add this to my questions to ask at job interviews. Admins like you these days sure try to make our lives as horrible as possible. Corporate anti-virus, DNS interception and policies like these turn my machine into something I constantly want to throw out the window.
All because you are too lazy to ask a person to reboot if the machine has high uptime.
Youve taken a lot of liberties and assumptions with my post here.
I dont do any of those things you mentioned, only enforce a nightly shutdown.
Nothing to do with laziness. As other people have often mentioned on HN, in the real world of understaffed underbudget corporate IT you need to do what you can to enforce things which make everybodies life easier.
It does not make everybodys lives easier, it makes your life easier by easing the support burden at the cost of making the lives of those who have to live with those policies (marginally?) harder (or more annoying). It is quite a bold claim that those of us who do not shut down our laptops every night have no reason to do so, and you know better than us that it would come with no additional cost to us to do so.
It might very well be that it is preferable to the organization as a whole to sacrifice a bit of productivity everywhere for less burden on IT. But IMHO it should not be a decision which the IT department can make in isolation.
This is the part that people get wrong about all the ITIL metrics nonsense; they’re all designed by people who don’t have a background in science or experimentation and they never account for confounding factors. For instance, companies I’ve worked for in the past actually conducted rigorous studies of improving quality of life (as opposed to “fewer tickets==good”). They discovered that the number one cause of lower ticket volumes is Shadow IT! Because of course it is.
If you are disabling things by policy, it should be after a discourse with your users and a serious attempt at training. Being a GPO dictator is an anti-pattern.
Policies such as yours are tremendously user hostile, and they are a reflection of the company's culture. I would probably not quit such a company, but I would certainly go rouge by either bringing my own equipment, or reinstalling the OS. If reprimanded, then I would quit.
I don't think this means what you think it means. I'm not a dev, but a mechanical engineer, and having to shutdown nightly, and reopen things the next morning, would cost the company at least an hour of my work time every week.
Upthread you can see why. High drama developers will tell you that logging out will cost the company $25k a year because previous snowflake has to open notepad and disrupt their flow as they eat breakfast.
The frontline IT guys aren’t able to deal with shit like that, so a draconian policy comes top down.
I treat each laptop reboot (regardless of reason) as an unexpected crash.
If the laptop crashes more than once a week, I simply won't use it. If I worked at your company, I'd just BYOD, and keep your garbage laptop in a drawer, only booting for compliancy crap (and certainly not leaving it on long enough to download updates).
I've actually done this at a previous job or two. It was fine. Both (large behemoth) companies ended up cratering, at least partially due to chasing away competent employees with boneheaded corporate policies.
I would. If there wasn't the teeny bit of SSO that means I can't access any relevant work software on a non endpoint managed machine.
Office? Gitlab? Jira? Confluence? Any code at all? Adobe Experience Cloud? Any Google Service? Adobe Creative Cloud? Our Time and Expenses Tooling?
All locked behind SSO with EPM enforced. Additionally nearly all internal resources are only accessible via VPN. And guess what - only usable on EPM devices.
When I started I received a device, SDD encrypted me being root. After being acquired by big corp we now are in compliance world. Parts of that would have come regardless of big corp due to client requirements.
Because it's not just system boot time that matters. After you do that you then have to launch half a dozen to a dozen applications that all have varying startup times, that will all randomly draw focus during their startup, and some will require you to do logins during all of that.
So I'm faced with having to log out and power off every day or suck up the cost of keeping the laptop on. /r/maliciouscompliance, here I come I suppose.
Tempted to get one of these: https://us.amazon.com/Vegamax-Button-Ethernet-Internet-Netwo...