In recent years, ITIL has become a buzzword and many companies have rightly moved toward managing releases and changes more effectively by utilizing its principles. Since IT tends to be able to control it's own activities, the implementation of at least a semblance of these principles and rules can be fairly easy to accomplish. However, the user community, customers and developers that work closely with them are another matter entirely. And this poses a threat to the integrity of the ITIL process.
When the administrators of servers have to follow rules for releases and changes, it's a good thing. How many problems have resulted in your organization over the years due to finger pointing and no one in IT willing to "fess up" for what was done? Probably too many to count. With the onset of ITIL however, all this was supposed to end or at least be greatly reduced right? Certainly. But what about the users and the developers that may find their bread buttered by those same users? Do we make them follow the rules? I hope the answer is yes but consider this.
If a client/customer/user/developer has admin privileges on a server, are they also bound to follow ITIL rules? I think they should. But has anyone bothered to speak to them about it? I'm guessing the answer to these two questions is no. Does IT management even think about these things? In my view, anyone whose primary function is not server administrative in nature is what I would call a non-qualified admin and has no business being in the local admins group or a 'sysadmin' in SQL Server. Yes I know that dev/test boxes may require exceptions but not every developer needs to be a sysadmin even in Development environments.
But even leaving dev/test environments aside, there are still too many non-qualified admins in production and we all know why this happens. The dreaded "squeaky wheel" gets the grease and there are always exceptions made. Shame on us! IT pros should be the only ones having administrative access to a server. Last time I checked, if a non-qualified admin screws up a server, the qualified admins are still the ones called in to fix it. That's why we should be trying to eliminate, if not greatly reduce the number of these scenarios. I shudder when I walk into a new company and the first thing I see in the local admins group is a list so long that I have to use the scroll bar to see it all. (That might be a good thing to ask to see as part of the hiring process, but fat chance at that right?!!!) It should be no surprise then that my eyes tend to roll quite distinctly when in that same company we are nitpicking about change management tickets needing to be created for restores from production to development environments. Talk about penny-wise and pound foolish!!!
In summary, I think it is foolhardy to insist on proper ITIL procedures for IT people without accounting for the non-qualified admins that exist on servers in the enterprise. If they must have admin access, they also must follow the rules. It's unconscionable for the company to suffer loss not to mention making IT pros work extra hours due to issues that can be traced to one of these individuals making unauthorized changes.
