I think the real problem is managers wanting technology to do their jobs for them. They don't want to personally hold their people accountable for what they do and/or install, so they want the IT department to get that responsibility. But, as the article mentions, then everyone hates IT for the restrictions. Voila! The managers have successfully avoided doing their jobs and avoided the heat as well.
My solution is this: Every user who has a workstation for which they are the exclusive (or nearly so) user should be made an administrator for that machine and be held responsible for everything they install. Any machines that are "community use" should have no administrator accounts except for IT.
The "zero-tolerance" idea of IT-only administration is what we live under at the moment. It's a disaster, as the article so ably describes. Restoring personal accountability would go a long way toward solving the issue.
IT departments are just too understaffed to test each and every application an organization needs before installing. The ethernet paradigm is more appropriate. "Get it out there fast and if it breaks, fix it." Just make sure your virus scanner is kept up to date. :-)
Gasp! You're talking about...personal accountability!
Well, I agree wholeheartedly. Sign an acceptable use policy and don't dick around with your system.
Basically, here's the only alternative offered around the office these days:
If you FUBAR your system, it's a 30-minute Ghost reload of a baseline system...complete with Winders XP, Orifice, Visi-slow, and FileBreaker Pro 8.
Sorry about your pictures, sorry about your favorites, sorry about that Palm-pilot software, and sorry about your shortcuts.
Suppose the user unleashes a virus that compromises company data. What does "held responsible" really mean? [Fix it themselves? Demotion? Termination?] How does this relieve the burden for the IT administrator when something goes wrong and the user cannot fix it? Most users are not as technically adept as they think they are and cannot see the "big picture" of a total computer and network environment, as well as the administrator can. I say drive the car but leave the mechanics to us!