“It’s a guy browsing the internet a bit” can be game over from a security perspective. Some machines should never execute code from public web pages, full stop.

So it is a philosophical question of why the restrictions were in place in this scenario. If it was “employee productivity”, then sure, who cares. If it was an IRS computer with thousands of people’s tax returns on disk and access to millions more, then reporting was the right move.

If he was the most senior sysadmin it's already his responsibility to keep things safe anyway, so if you trust him for all the rest of the infra you can trust him for a proxy.

The reason you report is to make the call if he should have had that level of trust in the first place.

I'm not so sure.

I can imagine trusting someone to set up (and even enforce) eg an alcohol policy, but still be prone to alcohol abuse themselves.

Weak wills are a thing. Or people thinking they are smarter than the protocols that apply to the masses.

All I mean is he is the person paid to do this already so it's not extra dangerous. It's like a policeman doing a citizens arrest if they spot a crime on the off hours. It's frowned upon but you know it's the same thing they do in their job.

Our HN user, mr-wendel, worked at the company, but I'm not sure they said what their job was. It might have been sysadmin, but since mr-wendel talks about snitching on a senior sysadmin directly to the CEO, it's save to say that the sysadmin did not report to mr-wendel; and I presume that mr-wendel was a lot lower an the pecking order.

I don't think the senior sysadmin was paid to hide browsing from the oversight?

I'm not defending running rogue workloads on your employers infrastructure, that's obviously wrong. I'm just saying from the description, and the role of who did it, it probably wasn't super problematic in terms of security.

I think this thread highlights nicely that context is everything.

In this case, I think vasco's take is correct: the sysadmin was indeed trustworthy enough to exercise this discretion in response to overzealous employee productivity rules without at all undermining his primary responsibilities.

The proxy was definitely in a place to essentially trivialize it's impact. I'm pretty sure thats why it was placed where it was, as opposed to make it harder to find. If that was the chief concern, disabling logging would have obviously been the first thing to happen.

You never know... I've seen an instance where it turns out an employee was watching pr0n at work and downloading the materials to their shared profile directory. Discovered when the IT Admin was requesting a new NAS server because the current shares were full.

edit: to be clear, it wasn't the admin downloading the content.