These choices seem haphazard and not well thought out.
These choices seem haphazard and not well thought out.
Hi everyone! I’m trying to make some well-considered choices and convince certain team members in our manufacturing firm. I’ll share this on Reddit later to gather more perspectives. In short, we’re a small American metal fabrication company with about 20-30 staff. Our aim is to grow while staying scalable. For simplicity, traditionally an office employee would handle the entire sales process—preparing proposals, handling engineering tasks, and handing off documentation to production so parts could be made. But as we’ve expanded, CNC equipment now demands technical expertise, and our product line has become more complex. Collaboration is essential, yet there’s no clear standard workflow. Each person stores their critical files in whatever way they prefer within an open Windows system—files often get moved, renamed, renamed again, or lost entirely. To address this, we’re exploring SolidWorks PDM to secure our engineering processes and documentation rules. Still, much of this depends on network access since some roles require viewing or printing documents they shouldn’t be allowed to touch. This includes senior leadership, who view their admin rights as a natural authority to modify files, install software, etc. (In reality, they likely lack the technical skills for network management or handling CNC machine data, but as owners they seem capable of making drastic changes.) We currently have roughly two full-time engineers plus 2-3 seasonal or part-time CNC programmers and five more network users in the office or management. Please consider the links below:
- “Should the owner have full Admin privileges on the company network?”
- “Should departments be separate or intertwined?”
Your thoughts and suggestions are welcome. Thanks for your time and support—it really means a lot. Thanks!
For a team of 20-30 people it makes sense to organize tasks by responsibilities, yet the owner must retain complete access even if he doesn’t use all the tools—since he’s the sole guaranteed staff member. Implementing such changes in a company that already follows one method can be challenging and may require extra costs upfront (software and time). However, it will become advantageous over time, so you should advocate for some structure or guidelines. At a minimum, set up a single file server with Shadow Copy on shared folders, allowing employees to recover lost or modified files. Then progress to role-based permissions to secure access.
If it were me, I’d quickly leave and look for a better place to work. A company run this way won’t grow rapidly. You might discover a role similar to yours but with higher pay and better standards. Your question is right—this setup isn’t ideal. It’s true that even smaller firms often resist change, which creates challenges.
Everyone has limited access. No installation permissions. IT manages everything with clear authority. Software stays in a local repository (Kace K1000 works perfectly) and is well-documented. Important details like licenses are tracked for compliance. Data resides on a NAS with tape backups. User logins grant access to necessary folders while restricting others. This improves daily operations, simplifies IT tasks, ensures reliable backups, reduces malware risks, and creates a central knowledge base for the organization.
It seems like you're trying to convey a clear message about aligning IT solutions with business needs. The key points are that processes should be defined collaboratively with management, not imposed through technology alone. Our company has a dedicated CBPM team, but we focus on guiding the business rather than dictating workflows. Defining interactions and standards upfront can save costs in the long run by reducing customer complaints and improving efficiency.
On my network, only genuine IT administrators possess admin privileges. Although you're under management and they may request this role, it's your responsibility to provide them with all necessary details about the risks and why non-IT personnel shouldn't hold admin access. Offer the most helpful guidance possible. Their response is up to them. If you decline, they can seek alternatives. It's a challenging situation, but I've witnessed similar cases before.
I believe the most effective approach is to keep the owner in admin control while assigning others to a restricted user role. Let the owner know he retains full authority, but these elevated permissions should serve as a backup only for exceptional cases. This ensures he can access critical resources without relying on individual IT support. Even if someone leaves, he can still provide necessary tools to the replacement. Outside those rare scenarios, limiting full privileges helps maintain efficiency. I think the COO could oversee a departmental review to reinforce clear roles—keeping management, sales, engineering, and production focused on their areas. This promotes better performance: business leaders concentrate on strategy, engineers prioritize production tasks, and managers handle operations more effectively.