In most cases when an installed update causes problems, it is because the user has infected the machines with viruses/spyware, etc. This is particularly true for notebook computers that go home with the employee and spend time off our network.
I wasn't aware that smaller companies still had IT Directors. Seven or eight years ago it appeared to me they were being phased out and HR or finance was taking over the task.
You point to problems that should indeed be addressed. To open the company system to malware is beyond irresponsible.
But, in my experience, few people are responsible when it comes to anything computer. The current system pits employer against employee so, IMO, a whole new approach to telecommunications is needed. Not that I know what that approach should be but I think the need for it is clear.
Fortunately, our policy isn't as harsh as this, otherwise I wouldn't have done it. We support several different OS's, Linux being one of them.
In most cases when an installed update causes problems, it is because the user has infected the machines with viruses/spyware, etc.
Possible, I guess, but I was pretty careful about this. The IT department never told me I was infected with anything.
I kept my old Win2k drive fully patched and up-to-date. This was required for windows computers by the government agency I work for. Recently they changed the requirements to include operating as a regular user, not admin, as our windows computers had been set up to do. Win2k doesn't do this very well (at least not my computer). Also, some sort of defrag utility was set up to run at every startup. These two 'updates' alone (there were others), while maybe the right thing to do for security, were enough to kill my productivity. It was simply easier for me to switch to another (supported) OS. And since I spend half my time on deployment, attached to other networks, I'll bet I'm better off using Linux anyway.