Replies

We cannot install software on the computers at work. Only those with admin privilige can do so. This seems to be a very sensible solution. It is their computer and their choice about what software to install.

I know some think that it is harsh for the employer to restrict their computers but it is thier computer.

However, you would be amazed what you can run from a thumbdrive installation.

There are two interesting anecdotes from where I work. It's a materials R&D facility. We needed access to SciFinder, the largest on-line database of peer reviewed science journals in the world. But our IT guys didn;t like the fact that it had to write to a specific port that they wanted closed on our firewall (I'm not an IT guy so please forgive any mis-diescriptions on my part). So for 2 years, over 100 researchers had to use a dial up modem on a PC separate from the network. All because some IT guy in corporate HQ on the other side of the country knew how to do R&D.

The second story comes from dealing with the same IT masterminds. We have a lot of scientific instruments that are computer driven. Our IT guys installed all kinds of management software that disrupted the operation of the instruments. We were told that if the instrument could not run with the management software, then the computer couldn't be used. Moreover, in order to avoid conflicts with the management software, IT would review our instrument requirements and specify what scientific instruments we could use based strictly on their conformity to network policy. So somoe IT guy is going to make descisions that only a qualified PhD researcher should be making!

Well, when our international HQ, where our R&D results go, hear about the stuff the IT department was pulling on us with the blessing of the U.S. HQ, the matter was resolved. The IT guy was told off and all of his restrictions lifted, management software pulled, aside from anti-virus standardization, and we could actually do research.

THey didn't care if it would cost us almost $1 million to upgrade electron microscope lab from Windows NT to XP just for the sake of U.S. software standardization. At least they didn't care until they were told they would have to pay for it out of their budget.

I worked at a company that restricted internet access by controlling IE settings from the domain. I was required to research new controls for use by the programmers. Google, and just about any site I wanted to visit was “Off Limits” I wrote my own browser (it took 15 min to a half an hour depending on how complex I wanted to make it (I couldn’t save it and use it later as they had rules about that too.) I was researching a control one day and my boss walked in. He took a look at my screen and said, WOW, how’d you get to that site, so I told him, He walked away shaking his head.

Later, at another company, I was doing a lot of “Time intensive work” (Things that had to run overnight). They had tightened security down so no one could access their machine from home, but we had to be able to use Net meeting to support our customers, and we had to have email. I wrote a program that would check an e-mail address and respond to specific emails by doing things for me. One email would open up net meeting and place a call to my Static IP at home, then hand me the desktop. I was very productive. My boss called me on night and apologized for asking me to drive 45 minutes just to give him a file he needed, while we were on the phone, I had my work computer contact me and emailed him the file from my work computer. He hounded me for a week before I told him how I did it. IT wanted to talk to me (Great). At the end of our little chat, the IT director said well, that is pretty secure (since it could only access my static IP, and only responded to emails containing a daily cipher.) He said “I don’t think there is a way I can stop you without killing our business” Can I have a copy? And how do I get the cipher, and set the email address?” A new “Approved” product was born…

Moral? You can’t stop and employee with technology they understand better than you do.

My employer has a very simple policy on this sort of thing. All users have User rights, but not admin rights. The machines are otherwise open.

Once a week an automated process pulls the user data from the Documents & Settings folder plus one predesignated user data folder, wipes the disk, and reloads the "approved" image. The process can also be activated at random intervals if worms or other security threats are detected and IT wants to ensure that the network is "clean". Also, if you call the helpdesk for support the FIRST thing they usually do is a remote reload of your computer to ensure that it's not a corruption or unauthorized software issue (takes about 15 minutes).

New employees often sit down on their computers and start customizing right away, but that usually comes to an end after the second or third week when they get tired of loading the same software over and over. If it's needed for their job, we have a simple process where IT reviews the program and will begin including it if it is "safe". We don't have IT Nazi's here, and they'll approve pretty much anything as long as the requester can show that it's work related, properly licensed, and that it will not negatively affect the computer or network.

It's not a bad system. Users have the flexibility to customize their computer if needed for a specific project, and IT has managed to get our desktops fairly well standardized. It did require an investment in gigabit ethernet to the desktop to acquire the bandwidth needed to make the system work reasonably quickly, but the time savings for them has already paid for it.