Slashdot Mirror

← Back to Stories (view on slashdot.org)

Should IT Shops Let Users Manage Their Own PCs?

Posted by Zonk on from the hairy-question dept.

An anonymous reader writes "Is letting users manage their own PCs an IT time-saver or time bomb waiting to happen? 'In this Web 2.0 self-service approach, IT knights employees with the responsibility for their own PC's life cycle. That's right: Workers select, configure, manage, and ultimately support their own systems, choosing the hardware and software they need to best perform their jobs.'" Do any of you do something similar to this in your workplace? Anyone think this is a spectacularly bad idea?

73 of 559 comments (clear)

  1. in the perfect world... by AdamReyher · · Score: 5, Insightful

    In a perfect world this would actually work. But then we'd run into pirating like crazy and companies being sued all of the the place. I certainly support a more liberal approach to what employees are allowed to use on their machines, but restrictions certainly need to be in place.

    --
    The Computations of AdamR
    http://www.adamreyher.com
    1. Re:in the perfect world... by MooseMuffin · · Score: 4, Interesting

      We already run this way at where I work. We're a small place and there's no in-house IT department. If one of us in development needs more ram or a new harddrive, the procedure is to go buy it and install it yourself and give management the bill. Nearly everyone is savvy enough to handle this on their own, and if you aren't its easy enough to ask someone to help you.

    2. Re:in the perfect world... by fm6 · · Score: 5, Insightful

      There are better ways to deal with piracy than locking down computers. Nowadays, companies face all kinds of legal issues: discrimination suits, corruption investigations, export control laws... The standard solution is to force your employees to attend a bunch of brief classes covering these issues. I had to work through a half-dozen online lessons when I got my current job.

      Piracy has nothing to do with the fondness of IT departments for locking down user computers. Really, it's a response to nitwits who fancy themselves experts and know just enough to get them into trouble. Of course, it's pretty frustrating for those of us who really do know what they're doing, but face it, we're a tiny minority.

    3. Re:in the perfect world... by Captain+Splendid · · Score: 2, Insightful

      But then we'd run into pirating like crazy

      How silly. TFS said the users got to manage their own PCs, not the routers or switches ;)

      --
      Linux, you magnificent bastard, I read the fucking manual!
    4. Re:in the perfect world... by homer_ca · · Score: 4, Insightful

      For a microcosm of this problem just look at users with local admin on their computers. Some people do fine. Other are always getting infected with crapware or calling with stupid questions, e.g. when they wanted to install printer drivers, but installed 300MB of printer crapware with 3 tray icons they don't understand.

    5. Re:in the perfect world... by ushering05401 · · Score: 5, Insightful

      Hardware is one thing. Software, and the BSA, is another.

      Your shop may be small enough to avoid attention, but allowing users to install their own software could put a company in hot water fast.

    6. Re:in the perfect world... by Phil_At_NHS · · Score: 2, Insightful
      Depends on the user. If a user wants to do something on their own, I determine if:

      1) They REALLY need it to do their job.

      2) It has potential to really screw things up for more then just themselves.

      3) They have the brains to deal with typical issues themselves,

      4) They have the brains to know when they are really about to screw the pooch, and stop before that happens.

      Then, as long as I am comfortable with the answer to question (2), I make my suggestions, and inform them that if they wish to install something, they can, but I am not supporting it, if it screws up their system, fixing it will be a low priority for me.

      I generally find that few people who are not really up to the task of self support decide to install, and the few that go on are generally not much of a problem.

      Of course some things, like P2P, are a "Flat No Way in Hell," period.

      This is coming from someone responsible for about 70 workstations, 20 of them laptops.

      Letting everyonee do it "free for all" style? Only if I am not supporting them, and I would feel truly sorry for those that are...

    7. Re:in the perfect world... by KillerCow · · Score: 5, Funny

      "I'm trying to make an Internet on my desktop but I can't get the file to program."

      Can those people really manage their own machines?

    8. Re:in the perfect world... by rikkards · · Score: 2, Insightful

      I think it would work, user can do whatever they want... as long as the IT Admin can audit and dole out punishments like the angry fist of god. What's that? you installed utorrent and are sucking up all our intertubes bandwidth? Well I guess we will be unplugging you from the network since you can't act like a grownup and do your job.

      Works for me.

    9. Re:in the perfect world... by COMON$ · · Score: 3, Insightful

      It is already widely done, check out college campuses and any college student.

      --
      CS: It is all sink or swim...oh and did I mention there are sharks in that water?
    10. Re:in the perfect world... by mapsjanhere · · Score: 5, Interesting

      People in my shop can tell me what they want hardware wise, but most don't get more than user privileges. For a while I told people they can put anything on their machines as long as they drop off a license, but it just didn't work. Too many people bringing in "free but for commercial use" programs and running them in total disregard of the real licenses. Even worse, one guy brings it in after buying a registration, but 10 people copy it assuming "if he has it, it must be ok". Plus, my time needed for TLC due to user error has gone from 10h/week to 2h/month since all machines are locked down. Selfish bastard of IT guy!

      --
      I'm aging rapidly, I bought a new game and had no idea if my machine was good for it.
    11. Re:in the perfect world... by pvera · · Score: 4, Insightful

      Absolutely not.

      The easiest way is to break your users into four groups:

      1. The hopeless. The nice ones are actually thrilled when you can take some of your very busy time to deal with their problem.

      2. The middle of the road. Many of these people are more than capable to turn into power users, they simply are too busy or just not interested. They are usually good about cooperating with IT because they see these problems as a distraction from whatever their job happens to be.

      3. The ones that think that they are power users. These are more dangerous than a real computer illiterate moron. They know everything and will not hesitate to wipe their asses with your IT procedures under general principles. They also work behind your back, giving your users contradicting advice that creates confusion and resentment later. You'll spend an afternoon carefully crafting your business case for buying four brand new whatevers, for example, Mac Book Pros. At the same time, these idiots go behind your back and whisper into the right ear that Mac Book Pros are overpriced, that Mac Books will do fine. The purchase goes for the cheaper item, and when bad things happen, they will blame you regardless, while the weasela keep a low profile.

      4. The real power users. These are the only ones that you can trust to do most of the management, more because not only they display the knowledge and experience, but also a healthy level of restraint. This is the kind of guy that knows what he is doing but won't mess with the equipment simply because he is bored. After all, he is busy enough doing his own job, no time to do yours unless he understands it to be a honest emergency.

      The best combination I have seen so far was at a previous job during the dot com years. They didn't trust anyone, but once they figured out if you were not dangerous, they would yield control little by little. I was running all of the programmers in the company, and from early programmers and IT got along like thieves. As each new programmer got hired, we pretty much threatened to kick their asses if they did anything to antagonize the IT folks. It worked, as a norm my team's IT requests were handled faster and with less hassle than some other group full of prima donnas that treated the IT folks as if they were scum.

      --
      Pedro
      ----
      The Insomniac Coder
    12. Re:in the perfect world... by profplump · · Score: 2, Interesting

      But it's storing music on behalf of the license holder, in a folder for the private use of the license holder. If it automatically copied music onto some public share you might have a problem, but the situation you describe is not any different than putting my CD collection into off-site storage that I don't own while keeping a copy on my computer.

    13. Re:in the perfect world... by penguin_dance · · Score: 3, Interesting

      What happens if your employee copies a bunch of MP3's to the PC, since they like to listen to music.

      Most employees can probably do that unless it's locked down so tight they don't have access to windows media. Most companies don't do that because they may have their own company programs and training videos they want the employees to view. And then, if the employee has a USB drive you'd better remove the sound card because there are certainly portable apps that can just run it from there.

      It's called personal responsiblity. I don't think most people are saying let the users go wild and install any software they want. But if they're dumb enough to install something illegal (MP3s, last time I looked, are not inherently illegal) they should be held responsible. When companies are proscuted is when BSA comes in and finds MS Office on EVERYONE's computer and they can only produce a license for one. (I don't think the RIAA would even bother with this as most companies DO restrict usage of P2P applications so no sharing would be available.)

      But it does remind me of an BOFH (true story) that had the computers so locked down (Win95 days) you could not access Windows Explorer (aka File Explorer then) to try and keep users from installing or using rogue programs. (In fact I seem to remember, Win95 was actually on a server and his users had to log in to it.) Thank goodness I wasn't under his section. But my section taught department computer classes to get employees up to speed which is how we heard about what he was doing. Of course it made the computers unstable as hell....

      --
      If you've never been modded as "flamebait" or "troll," you've never tried to argue a minority viewpoint here!
    14. Re:in the perfect world... by Delkster · · Score: 2, Interesting

      Of course, it's pretty frustrating for those of us who really do know what they're doing, but face it, we're a tiny minority.

      Even in IT shops? I'd hope that, say, software engineers actually understood a thing or two about computers.

      On the other hand, even among software engineering staff I've seen people have pretty much no idea about software licenses or even the thought that they should be given some attention. I have to agree that piracy may be a problem at times, although the way I see it, licensing is something that technical stuff should be aware of, and if they aren't, they should be educated.

      For the record, I'm the admin of my own work computer, and it would certainly seem a pain to me to have it any other way. We're talking about IT shops here, and generally the programmers I know like to have their tools set up the way they see fit for their work. Especially for debugging you may sometimes need tools that an IT department might not have thought of, or which would be semi-useless without admin privileges on the local machine anyway. Think about packet sniffers, for instance, which may actually be helpful when debugging networking applications.

      Maybe you still wouldn't want to allow everyone in the company to manage their own computers. Accountants probably don't need such a diverse set of tools as technical staff. Where to draw the line and how to give the rationale for that is another thing.

    15. Re:in the perfect world... by Architect_sasyr · · Score: 2, Interesting

      I was sort of thinking something along these lines when I caught the GPs post.

      I work in an 'IT shop' (what the hell does that mean anyway) in so far as most of my lusers are savvy, and the remote ones..... anyhow, giving my users the chance to have free reign of what they install would be LETHAL to the business. As it is they can install almost any software they want. Two things apply here: first, if I catch them with pirated software nothing short of 4 chocolate doughnuts will stop me from exacting my retribution. Secondly, if they wish to buy software it has to come through the IT department with the usual justifications required (same applies to hardware).

      This method works quite well because the users can't just go and buy the latest (Mac) hardware for their job, but still have admin control over their machines. I control the perimeter as well as the file servers, email systems and backups, users have free control of their machines.

      That all seems to be early, but it's disjointed and I haven't had my coffee yet. My point is that letting the users have free reign is fine so long as you have control between you and the money. And yes my users sometimes bring their own personal hardware in, but the company isn't liable for it and they know so.

      --
      Me failed English...
      FreeBSD over Linux. If my comments seem odd, this may explain...
    16. Re:in the perfect world... by turkeydance · · Score: 2, Interesting

      i'm "that guy". i make a great living in sales...dealing with real people...but Tech terrifies me. me? manage my own PC? if i had my way, i would manage it into the dumpster. the IT guys throw darts at my picture (or worse). here's the bottom line: i have been told So Many Lies by the various divisions of IT that i no longer trust or respect them. examples: 1. "don't be scared...you cannot push the wrong button." oh yeah? how about these? 2. "this will help you increase sales." NO it Never Has. it helps to record sales (i guess) but the PC/laptop has never ever MADE a sale or Increased my sales. back in the day...i could make/record/verify a sale in 8 seconds (signature required). now, it's boot up, password, 18 clicks, print, revise, print again, signature (35 minutes). so i pay my son to record my activity in my laptop, and he provides me with the old-style blank hard copies for my customers, then he gets gas money and iTunes downloads. so? what am i doing on /.? my nephew was here and asked me to type something.

    17. Re:in the perfect world... by wireloose · · Score: 2, Insightful

      Agreed. As a CIO in two past careers, I can attest to this readily. I've personally dealt with some of the worst things you can imagine when "users" are involved in their own support. However, there are usually a few in an organization that really are aware. Those, I co-opt. I've created groups of "super-users" that have more capabilities, the ability to do more with their own computers, and who are involved in setting the computing standards for the organization as a whole. I want their expertise, their involvement, and their support. I've changed many policies because of their input, and many practices.

      With all that said, there are downsides of which the CIO should be aware. I had one self-proclaimed networking expert that brought up a DHCP server with a 16-address range on a 3,500 computer network. For those of you that don't know the technology, what that means is the next morning, 3,484 computers were denied network connections by his (idle) server because it was out of available addresses. His VP and I did not agree on his skill set, and the result was her entire network was down. She and I managed to reach an accord, in which his 12-node office became isolated from the rest of the network, and firewalled. His later disruptions impacted far fewer of her people.

      Generally, though, getting groups of super-users together with the IT staff can, after initial shock, result in strong alliances, reduced friction, and some really positive and healthy changes in support.

    18. Re:in the perfect world... by rikkards · · Score: 2, Interesting

      Except, now that you've unplugged them from their network, they presumably can no longer do their job effectively either. I mean, they are provided network access because they, presumably, have some legitimate business need to communicate with others

      That would be something that they would need to explain to their bosses of why they no longer have a network connection. Chances are it wouldn't be permanent, just long enough to make sure the person's superior is made well aware of it and why he was disconnected. You make someone responsible for something, you also have to make them accountable and there should be some kind of punishment.

      The other thing it brings up is not only the fact that the person installed unauthorized software on their machine, but this brings up the point of how effective was the person doing their job before if they had the time to dick around with installing said software. Granted some people do put in more hours and take little surfing/smoking breaks during the day. When you get down to it, as long as the work gets done isn't that the point? True, however ponder this, just providing a workstation to someone with the apps does not a good environment make. You need to ensure to do proper risk analysis and decide where you are willing to sit with risk, what do you transfer (i.e. colocating services) and what do you mitigate. You have to assume that network security is not Joe User's forte thus he probably doesn't have that as his topmost priority (otherwise why is he just a user?) so the ramifications of what he does may impact the rest of the users will not naturally be forefront in his mind. You want to take that risk that your job may be forfeit?

      In the real world what your suggestion would be the ideal although potentially more work to keep on top of.

      Where I work (military) a virus will get your machine disconnected from the network to get a full disk scan and report of what caused said infraction (I had it a couple of weeks ago when I went to a website that kicked the AV to do a false positive), that is standard procedure. This SOP would probably be considered extreme in the private sector but for us it is part and parcel of the job.

    19. Re:in the perfect world... by canuck57 · · Score: 2, Insightful

      We already run this way at where I work. We're a small place and there's no in-house IT department. If one of us in development needs more ram or a new harddrive, the procedure is to go buy it and install it yourself and give management the bill. Nearly everyone is savvy enough to handle this on their own, and if you aren't its easy enough to ask someone to help you.

      You my friend are working for an enlightened organization. If more companies adopted this they would save trillions. I/T today now has become butt kissers to the inept and dysfunctional of an organization. They load spyware, bots and crap on their PC and blame I/T in fits of irrational rage. They treat their PCs worse than their dogs, often ignored and abused, I/T treatment is worse. They watch porn during the day, while managing other people and bitch because bandwidth isn't enough. Managers ignore the pleas from I/T, cut the crap and do business. Managers fail to deal with the issues on their own employees are doing and keep on pissing on I/T for bad employees. Maybe they too are just too stupid to know?

      Time to cut the employees on their own. Like car mechanics, give them a $1000/year to buy their own tools and maintain them. Thus they may take care of them and realize the CD/DVD player is not a coffee cup holder. At the network switch, when they get puss infected with the Trojan of the day, cut their MAC address of and cite, "You are endangering the company and are cut off until you fix your PC. We suggest you reinstall and add AV and good practices as well as patch up. This will help us in enabling your PC to again communicate. A report has been sent to you manager, and their manager on your activities abuse in the system. It has also been added to your personnel file for the annual review".

      Oh if management only knew the crap that specific people do...I/T systems have the dope. Management has their head stuck up their asses for not using it. Yet beat people up on the production floor for 10 cents an hour while the boss watches porn.

      If you are a CEO, and you want to know who to lay off that isn't adding value, look at you companies firewall logs and proxy servers. They have nice lists of the people that have too much time and mischief on their minds to be valued employees. Warning though, you many find the CFO or the CIO watching the competitors stock more than your own.

      I work for a dysfunctional company, just waiting for the severance, perhaps 2 months away from asking my best friend and my boss to lay me off. I hope to do better next time.

    20. Re:in the perfect world... by spisska · · Score: 2, Interesting

      Hardware is one thing. Software, and the BSA, is another.

      Then someone should immediately report me to the BSA. Quite contrary to company policy, and without the express written consent of the IT department, I've installed a whole host of questionable software with no auditable license paper trail.

      Unfortunately, I'd have a much harder time doing my job without Vim, Firefox, GIMP, OpenOffice.org, MySQL, and Scribus. I also run a very questionable program called VLC, but that's more of a time waster than a productivity tool.

      I sure hope the BSA don't come after me.

    21. Re:in the perfect world... by Eivind · · Score: 2, Insightful

      So ?

      You have a written policy against that kind of thing. You tell employees to remove suchlike should you ever become aware of it, and the responsibility lies with whomever actually did the illegal thing. What a concept !

      You're inventing problems that simply don't exist. It's not as if there's any technical barrier to a employee speeding in a company car, calling in bomb-threats from company-phones, hitting someone over the head with a company-owned chair etc etc etc.

      Yet in all these cases, the company as such has precisely -zero- responsibility aslong as they did not encourage or assist the crime, or at the very least could be shown to have a policy of silently accepting. (it would, for example, perhaps be different in the case of the speeding if one could show that the company had encouraged employees to speed in order to manage more in a day)

    22. Re:in the perfect world... by j-pimp · · Score: 2, Insightful

      with that in mind, it might be good to by PC speakers with line-in! Then people can bring ipods all they want... but they'll never touch the work machines.

      Why not let them use their own headphones? They probably sound better than $20 speakers. Also, they can turn the volume up louder. Unless all your employees have offices?

      --
      --- Justin Dearing http://www.justaprogrammer.net/ We're just programmers.
    23. Re:in the perfect world... by jwo7777777 · · Score: 5, Funny

      In my business, I force my users to submit all requests in triplicate and reject any that aren't perfect in spelling and I allow no smudges, tears, or other obvious defects on the submission. I provide the forms in the building basement and keep the inbox on the second floor.

      Users are required to change their password every login. Only approved software is allowed on the machines and access to our intranet is strictly controlled by a hypervisor proxy installed on each and every machine.

      Our one and only security breach was when my wife slapped me and choked the common network and local admin password out of me after she demoted me to assistant adjutant information technician.

      She will pay for her insolence. I have already connected together the velcro-like fasteners on several of the baby's size 5 disposable diapers, creating a low cost darknet to create a denial-of-diaper attack on the server I used to control.

      She will pay ... oh yes ... she will pay.......

  2. mixed feelings by the4thdimension · · Score: 4, Interesting

    Bad idea for those that run shops with people who are clueless to computers. These types of people are walking disasters for the entire IT dept. Good idea for those young-ins that know what they are doing with computers. These types of people not only already save the IT dept. a lot of hassle(I personally help numerous people in my area with computer problems that might otherwise get relegated to IT), but they will know how to work and manage all the software and tools that they opt to install.

    --
    Crackin' Wise - Blogging about whatever we want
    1. Re:mixed feelings by JJNess · · Score: 2, Interesting

      I went from administering a community college to an engineering firm's branch office... big difference in user trustworthiness. As it is now, we only make sure that licensing is respected, but users are Power Users and are still pretty wary about their machines, calling me or my supe up before doing anything major. To not have to hold hands anymore, like the math instructor who didn't know how to copy/paste in Word back at that college... that's a blessing!

  3. Sure by Dan+East · · Score: 5, Funny

    Sure. I'm getting them to write their own software too, but the learning curve is a little steep. We would like to have them fabricating their own chipsets by 2010. Of course we'll have them start with FPGAs first before actual silicon, because that only makes sense.

    --
    Better known as 318230.
    1. Re:Sure by moderatorrater · · Score: 2, Funny

      Of course we'll have them start with FPGAs first before actual silicon, because that only makes sense. Good idea. And while you're at it why not give them a mint, tuck them in at night and make sure that they have all their stuffed animals. Do you want employees or pussies?
  4. Tagging? by fuocoZERO · · Score: 5, Funny

    Any idea why this article hasn't been tagged "whatcouldpossiblygowrong" yet?

  5. One Size Cannot Fit All by dhavleak · · Score: 4, Insightful

    So the answer is basically, "it depends".

    For security reasons its always important to manage the AV, updates, etc. on the machine.

    If you have important IP on laptops, it becomes even more important to have a good policy to manage machine health, rather than leaving it to individual discretion.

    And finally, if you have well-defined and relatively narrow roles for which machines are required, again it makes sense to lock them down.

    So depending on how much of the above is true, the answer will vary, but in general IT shops should not trust users to manage their own machines especially because users really don't know much when it comes to keeping a machine secure.

  6. I should be so lucky by elrous0 · · Score: 5, Insightful
    If I tried to go through my IT department to get anything done, I would never have time for work. Basically, I have to work from my home computer to get anything done. My work computer is absolutely worthless (can't install any software on it, most of the internet is blocked with Websense blocking software, takes months to get any software approved for it). Basically, I just finally told my boss that I would buy my own personal equipment and software and set that up at home. It serves me well, as I do freelance work at homne anyway.

    If I went through IT at work, I would still be using Photoshop 5.0 and some ancient version of Pagemaker. They're so slow (and this is a true story, honest to God) that the last time they approved any work software for me, the company had stopped making the version they approved before they finally approved it.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:I should be so lucky by couchslug · · Score: 4, Insightful

      "Basically, I just finally told my boss that I would buy my own personal equipment and software and set that up at home. It serves me well, as I do freelance work at homne anyway."

      The vast majority of auto mechanics are expected to provide their own hand tools, and a well-stocked toolbox can run tens of thousands of dollars. Why not have users provide their own computer (cheap by comparison) if they support it?

      I'd be happy to provide my own PC anywhere I worked if it were permitted. I bring my own peripherals anyway.

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    2. Re:I should be so lucky by syousef · · Score: 3, Insightful

      So your first reaction, not knowing the other side of the story is to call an end user a liar, then rant about how most users are crooks out to scam there bosses. Yeah I'd just love to have you in charge of my work machine. What exactly are you trying to do here anyway? Stick up for the admin guy at the expense of the user? That whole us vs them mentality is inanely stupid. You're suppose to be helping these people get their work done first and foremost. Since looking up random sites that aren't work related may or may not be a sign that the user is not doing their job. The way I see it there's very little difference between browsing sites like myspace and reading a newspaper. (Parezhilton might be a bit much but the reason for that is that it immediately exposes the employer to law suits). It's their manager's job to keep them doing their work. If you've resorted to babysitting your employees you've got bigger issues. In any case I wonder how many non-work-related sites you visit and how many you justify as being work related when the situation is marginal. Did you post this from work?

      I also wonder how well your "big boss" knows the work required and whether or not micro-managing his staff's PC configuration might be a bad use of his time. It certainly speaks volumes of what your company thinks of its employees.

      --
      These posts express my own personal views, not those of my employer
    3. Re:I should be so lucky by couchslug · · Score: 3, Interesting

      "Is this even true? Source?"

      It certainly is. Toolkits have historically been provided by the mechanic (I've been a mechanic for many years), as the selection reflects personal preference. I found the link below by Googling the common phrase in want ads for mechanics "Must have own tools". The reason it is used is that only extreme newbs (or screwups who pawned their gear!) DON'T have their own tools. Mechanics often start their careers by buying tools as students (hence the vendor student discounts on basic sets) and will buy tools throughout their careers. Tool vendors visit shops and sell toolkits to mechanics on payment plans. It is common for tools to be insured because they are so expensive.

      http://www.careeroverview.com/auto-mechanic-careers.html

      "The most important instruments a technician or mechanic uses are hand tools. Typically workers will use their own tools, and a lot of experienced technicians and mechanics own tool sets worth thousands of dollars."

      http://www.calmis.ca.gov/file/occguide/MECHAUTO.HTM (note the date, the price figures are low)

      "Most mechanics have to buy their own tools. As an apprentice, the mechanic
      may have to spend up to $500 or more on tools. By the time they reach journey-
      level, a mechanic may have spent up to $10,000 on tools. Mechanics with a
      specialty like those who work on foreign cars may spend even more on tools
      because foreign cars need metric tools."

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  7. Fuck no by Nimey · · Score: 4, Informative

    Some of my users would and can do a fine job of that, but they're outnumbered by the ones who aren't trained and/or bright enough to be trusted administering their own box. Click on shiny! free tool to clean spyware that it just detected when you visited this website, oh yes. Install all kinds of crap and wonder why the computer's crawling & BSODing. Get us audited by the BSA, etc.

    Maybe for the better sort of user, but gods no for the unwashed masses.

    --
    Hail Eris, full of mischief...

    E pluribus sanguinem
  8. Middle ground is a good place for me by erroneus · · Score: 2, Insightful

    You can do all the hand-holding you can and they will STILL find a way to mess the machines up. And as long as management sees it as YOUR responsibility to clean up and correct the messes that uses create, you're nothing more than a janitor.

    I have expressed the philosophy to various departmental management people that it doesn't matter whose 'responsibility' it is to get things fixed. It matters that things get broken. The amount of down time suffered happens regardless of who owns the responsibility, but can be avoided with more responsible behavior by the users.

    I express that "these are your work tools. you mess them up and you're losing money until I can fix it again. There is nothing more I can offer."

    I think that hits home with a lot of intelligent leaders.

    So yes, give users control over their machines... but make sure they know that even though you're there to clean up the mess, the mess's fall-out is still on them. They will then take better care of their tool... their source of productivity and income.

    1. Re:Middle ground is a good place for me by Mr.+Underbridge · · Score: 2, Insightful

      As far as I'm concerned, IT is a glorified janitorial service... at least where PC systems service is concerned

      Well, it should be better than *that*. A good IT guy, to me, is a critical team member who helps us keep running smoothly and gets us out of jams. To go with your analogy, the good IT guy isn't like the janitor who routinely sweeps the floor, he's like the good plumber who fixes your overflowing toilet before you're swimming in crap. Can't put a price on that. Unfortunately, most of our IT guys are like the plumber who gets to your house and tells you he doesn't do toilets.

      But IT can only do so much.

      True. Which is why I'll go out of my way to point out to the higher ups how chronically overworked our good IT people are. I'll also get a read on how busy our good IT guy is and understand if he can't get to my stuff immediately. He's got enough jackasses who claim everything they need is "critical". Funny thing is though, he usually gets to my stuff before theirs. Treating people well usually gets you farther, funny how that works.

      And my people seem to appreciate my loose grip on their machines. Most of them are mature enough not to screw things up too badly.

      I certainly would appreciate it! We need more guys like that. 95% of our IT guys are assholes who quote policy as if it were written by Moses, and can't be bothered to go out of their way to help you do anything unless you get a VP on their ass. Oh, and they're generally incompetent to boot.

      If you're ever looking for work, we gots offices all over the place!

  9. The answer is yes by Overzeetop · · Score: 4, Insightful

    Is letting users manage their own PCs an IT time-saver or time bomb waiting to happen? It is both. I'm not sure about the new kids coming out of school, but us old-school computer guys are just as literate as most of the IT folks. The problem is that when we screw something up, it's screwed up pretty badly. I would venture to say that 95% of those who want to manage their computers can do so far more efficiently than the corporate IT staff. The other 5% will likely cause major grief.

    For those in IT who think this is not the case, consider your power users. Many really can function - even if not to corporate standards of security or conformity - with very little help. They probably will spend an extra $200-$400 per machine for stuff that has marginal use, but they'll feel better about it and be productive. The problem is that there's that one guy - and everyone in IT know who he is - that is way out of his depth and just doesn't know it. You spend a lot of time praying he doesn't screw up more than his own workstation. The good thing is that considerably more than half of modern staffs will likely just want you to set it all up and keep it running.

    In the case for users managing their own PCs, NASA used to be this way where I worked in the 90s. We ordered our own PCs, set them up, installed all software. The IT staff would help get us on the network and keep the network running. There were exceptionally few problems. This was, however, before most people had access to the internet, and predominantly before the web existed.
    --
    Is it just my observation, or are there way too many stupid people in the world?
  10. Could work if the users are technical enough by syousef · · Score: 2, Interesting

    I imagine this could work and work well in an IT shop full of software developers. However it isn't going to work if the users don't know an operating system from an aardvark. You'd still want some minimal rules like keeping the PC patched and good A/V software if you're running Windows. but I'd say it's doable.

    What it isn't going to do is reduce your costs. You might have a very minimal help desk and no specialized staff installing those desktops but that knowledge, time and effort must be spread through the organization. You may also find it harder to get good deals on bulk purchasing depending on how you do it.

    --
    These posts express my own personal views, not those of my employer
    1. Re:Could work if the users are technical enough by sarhjinian · · Score: 2, Insightful

      From my experience, developers are some of the worst people in the world when it comes to systems management. Developers develop; they're not network, security or desktop support people.

      I started in end-user support. Developers might be able to write their own mail client, but they're just as helpless when Outlook cheeses itself. The only difference between a developer and an accounts payable clerk in that situation is that the developer (in some of my experiences) can be insufferably arrogant.

      --
      --srj/mmv
  11. For small companies only by SparkleMotion88 · · Score: 5, Insightful

    This sort of thing would never fly at a sufficiently large company. Once you get to a certain size, the pressure to "standardize" becomes too strong to resist. I suppose this is reasonable, because the licensing, support, etc. is much cheaper this way. Oh, and arguing that individual choice makes workers more productive is useless: productivity can't be easily measured -- therefore it doesn't exist.

  12. Run it for an imperfect world by Gription · · Score: 5, Informative

    We have 7 techs supporting 2000+ computers in 800+ offices. We give guidance but we don't tell them they have to run them any any specific manner. The biggest advice is, "Boring is good".

    License compliance is one detail were you can't offer any wiggle room. There are a number of good auditing software (including some free ones!) that will report on the installed software. That will keep you out of legal trouble.

  13. Goose versus Gander by Nakito · · Score: 5, Interesting

    In the days when I was on a large network, I thought it was a bad practice for the IT department to have better setups than the end users. Some IT people had not just faster computers but leaner images with less integration and less overhead. Their machines flew.

    But of course they had no appreciation of how bad it was to be in the trenches. Their computers performed so much better than the equivalent computers of the end users that they often did not realize how hard it was to get work done on a standard image.

    When I reached the point where I ran one of the departments, I kept an old standard-image computer as my main computer and made sure I was always at the end of the upgrade queue. My view was that if something worked well on my computer, it would work on anyone's. And if something didn't work well on my computer, then it meant some of my users were having a bad experience.

    So maybe if the IT department would just use the same image and hardware as the end users, they'd know enough to provide a decent standard image, which would solve a lot of user complaints.

  14. Users in control? by bherman · · Score: 2, Insightful

    In my opinion, there is a vast difference between what a user "thinks" they need to do their job and what they actually need. Just like any other part of the company you need some gatekeeper for cost control and to make sure that purchases don't overlap. If every user could pick what they needed to get their job done I'm sure you'd see a lot more Quad cores being ordered with SLI video cards. Not because the user thought they needed them, but because they were more expensive so it must be better for them.

    If you were in a technology company this might be different because in theory the users would be more knowledgeable about tech products. However in most companies I would guess the users don't know the difference between XP Home and XP Professional, so how can they pick what they need?

    --
    Error: Sig not found.
  15. madness!!! by jollyreaper · · Score: 2, Funny

    I have trouble convincing people not to set their beverages on the copier while waiting for jobs to complete. Give these people local admin rights and we're going to have smoke and shrapnel.

    --
    Kwisatz Haderach
    Sell the spice to CHOAM
    This Mahdi took Shaddam's Throne
    1. Re:madness!!! by Selanit · · Score: 4, Funny

      Have you considered putting a table right next to the copier?

      Alternatively, if there's one already there, have you put coasters on it, as a hint?

      And if it's got coasters already, have you considered purchasing a cheap mug, drinking coffee out of it just once so it'll have an authentic ring-stain in the bottom, and then setting it on one of those coasters permanently as an added hint?

      Failing that, have you taken a bunch of tennis balls, cut them in half, duct taped them to the top of the copier and spray painted them the same beige as the rest so there's no flat place to put drinks?

      Further, have you considered sneaking into their cubicles by dead of night and supergluing their cups and mugs to the desk?

      If all else fails, have you considered supergluing your coworkers themselves to their desks? I bet their productivity would go up. The smell might get bad after a while, though ...

  16. Re:Select own software? by vertinox · · Score: 4, Funny

    I have a 72 years old guy in a next cubicle ...I don't think the man knows the difference between a CPU and motherboard ..

    I don't think he knows the difference between a 401K and lottery tickets either.

    --
    "I am the king of the Romans, and am superior to rules of grammar!"
    -Sigismund, Holy Roman Emperor (1368-1437)
  17. Did web 2.0 magically make end users not stupid? by reemul · · Score: 4, Insightful

    Maybe end users have changed miraculously from when I was still doing desktop support, but I doubt it. IT doesn't develop policies limiting supported configurations just to be mean (generally). They do it because that's all they can in fact support given existing staffing and support metrics. Maybe you can get small numbers of users to be sufficiently knowledgeable that they can support themselves, but the overwhelming majority of users don't know enough, and don't *want* to know enough, to do this. They'd come to rely on some absurdly obscure or broken application, then call IT when it doesn't do what they want it to, and IT would have no idea how to fix it. Plus they'd end up with massive amounts of pirated material. The techs aren't going to memorize the manuals for every possible bit of code a user might take a fancy to, and they certainly can't test every possible combination of applications to test for incompatibilities.

    Letting end users choose their own machines and apps sounds like a lovely and empowering idea, right up until the point where they need to call tech support. And find out that it might be days before IT can fix whatever is broken, since they are starting with zero idea what is wrong because of the wacky config. Those days of lost productivity can be hugely expensive compared to the costs of testing a few specific configs that can be easily and quickly supported. Some tech hours of advance testing and some possible minor losses of productivity from using applications that aren't the user's favorite choices are far cheaper than having an employee turn in no billable hours for several days because his computer is down.

    --
    You're just jealous 'cuz the voices talk to *me*
  18. well... by Dzimas · · Score: 3, Informative

    It depends on the organization. I used to work in a 20 or so person division of a software company in which the technical staff were allowed to configure and maintain their machines, within certain constraints. The funny thing is that the primary development team ended up with the same software on their machines, the consulting engineers ended up with their own tool suite, and the marketing guys just relied on the support staff to keep them running. There were a few differences as far as text editor and debugging tool preferences, but generally you could sit down at any machine and expect it to have everything you needed - a virgin install contained our core tools and network stuff anyway. That said, it was *really* nice to be able to install a necessary program or utility without having to go through layers of bureaucracy.

    However, I've also done stints at telcos and other massive organizations where things were incredibly locked down out of necessity/paranoia. I never had too much difficulty getting tools/permissions that I needed, but that was probably because of my role within the IT group. Had I been a marketing guy trying to install some sort of whacky video software, things might not have gone so smoothly.

  19. The question is too broad by Weaselmancer · · Score: 5, Insightful

    Is letting users manage their own PCs an IT time-saver or time bomb waiting to happen?

    It's a good idea if your users have a clue. It's a bad idea if they don't. It entirely depends on the users.

    In my shop we're all coders, so that plan would work. In fact it's vital to our work. Originally we were locked down and had to have an admin install pretty much anything we wanted to use. IT became an inhibitor rather than a helper. They eventually had to lift the ban. The policy was in the way.

    On the other side of the coin, I've also held IT positions managing users. Giving some of my former customers the keys would have been an immediate disaster. In that case a lockdown was a lifesaver.

    --
    Weaselmancer
    rediculous.
  20. Standard practice for Mac users by david.emery · · Score: 2, Interesting

    At least the last 3 places I've worked. The Mac community helped itself out, at the largest site we had one formally trained Mac tech support person covering probably 150 or more Macs.

    Then another place I worked, the one time the tech support people touched my Mac, they screwed it up...

    On the other side, I watched an employee of a Fortune 50 company visit another company's location, where the latter would assign you a specific IP address to use. This guy didn't have enough privileges on his Windows box to configure the IP address on it, and of course his corporate help(less) desk's attitude was that they had to have the machine hooked up to the internet to remotely administer it. Catch-22...

    Dilbert's "Mordac, Preventer of Information Services" is unfortunately the way of life for most corporate IT departments. When I'm King, every CIO will provide each employee with a charge number against the CIO's budget, when an IT problem prevents that employee from doing productive work.

    dave

  21. Re:In a young company, maybe by sarhjinian · · Score: 2, Insightful
    I don't think "young" or "tech-savvy" are necessarily the virtues you think they are: I've supported a group of "young", "tech-savvy" developers and network people who insisted on purchasing and adminning their own machines. What did it get us? More SQL Slammer/Blaster/Worm-of-the-day infections per capita then the rest of the company.

    We ended up putting them on their own network and cutting them off the WAN fairly often because they couldn't patch, protect or resuist opening every random attachment they came across. Yes, they ran Windows by and large (one guy had a four-processor box with eleven VMware images, all infected with something), but these were supposedly "young" and "tech-savvy" people who didn't need to be controlled and could be trusted to patch their own machines.

    At least they didn't place many support calls.

    In a big shop, someone needs to either rule with an iron fist, or self-adminned machines need to be sequestered into the own network and allowed exactly zero access to company data. Heck, even in a small shop there has to be one person designated to kicking ass and taking names. People have day jobs--even IT people--that would get in the way of proper maintenance and someone needs to ensure that:
    • Stuff gets backed up
    • Stuff is secure
    • Stuff doesn't screw up other stuff
    Yes, even "Web 2.0 aware hipsters" need to do this, and it's not their job any more than bookkeeping or balancing cash would be.
    --
    --srj/mmv
  22. Limited superpowers by ZerMongo · · Score: 2, Insightful

    I work for IT for a decent-sized department at a university -about 200-300 machines. All purchase requests go through us, but we usually get what they ask for (as long as it's a Dell or an Apple, but mostly because we have institutional deals with them and they're on the cheap). We set up XP (Vista only if the user wants it). We lock down antivirus and things like that, but for the most part the sub-group they're in has admin privileges on all their machines - but no one else's. When things get fubar'd, they call us to fix it. If it's something they could have avoided, we'll try as hard as we can to fix it. If it's something stupid ("I opened an e-mail attachment") it may take us a while to get to it. YMMV.

  23. You're out of your mind by Calyth · · Score: 4, Informative

    I worked as help desk at a bioinformatics research facility, with roughly 200 people, and I can fit the number of power users that I could remotely trust to run their own machine in one hand. And 3 of them have gone over our heads - one wiped his own RHEL Linux (not that I'm a fan, but it's managed) with his own Ubuntu install, causing us grief when we change settings. He also cause a Kent State Computing Science PhD (who's more like a n00b who can't type his password right) to demand the "same" setup, burning up weeks of time for 2 out of 4 IT staff, myself included. The other 2 would routinely try to install pirated software on work computers.

    And we do try to install software in time for our users. We would try to allocate the right software in time, and if there's no reasonable way to do it (i.e. the user can't get the funding), we try to offer alternatives. In the past, yes, the IT department had been sluggish, but the majority of them have left, and we do try to provide good service.

    Apparently, in a bioinformatics research facility, most of the staff who do research don't know jack about computers, or how to maintain them. If the users are allowed to manage their own machine, I would spend so much time fixing machines, I would want to jump off the building.

    Thank god I left that place. It was bad enough with the existing setup. To think that most users can maintain their machines is pure folly.

  24. I worked as a site tech in one place... by DaedalusHKX · · Score: 4, Interesting

    A government institution, to be precise, and the locals were using government computers, government media (CDR's) and various other resources to pirate everything from Windows to Games for Windows... and you know what? I was nearly fired for bringing it up. Taking action with my "superiors" in IT over what I perceived to be a legitimate issue, and being not only stonewalled but also treated like scum, is what resulted in me tendering my resignation shortly thereafter. Total time on job? Less than a year... far less. Reason? Dirty business practices. Yes, this was a SCHOOL... these are the people teaching your kids what to think, and possibly (in rare instances of "good teachers") even how to think. Another example of government "honesty" and examples of justice. Piracy reigned, and when notified, my "superiors" felt offended that I did not remove the offending software. After much correspondence and arguments, and nothing getting done, I finally got fed up and left. There is a reason schools enjoy Linux like pricing on software. So many of the teachers pirate everything in sight, with full oversight of the various officials.

    And then they teach kids that "crime doesn't pay". Talk about hypocrisy.

    Another reason to pick up homeschooling.

    --
    " What luck for rulers that men do not think" - Adolf Hitler
    1. Re:I worked as a site tech in one place... by cb8100 · · Score: 5, Funny

      Yes, this was a SCHOOL... these are the people teaching your kids what to think...

      I like to let the TV teach my kid what to think

      --
      My lack of God, it's Trotsky!
    2. Re:I worked as a site tech in one place... by DaedalusHKX · · Score: 2, Informative

      Gee thanks. Here's the rest of that story:

      Yes indeed, I had cultivated a few contacts at ITS dept, who later told me that the department heads and my local administrati had lined up a way to have me "removed" for not being "cooperative" with the principal and a few teachers and office staff.

      While I couldn't stop the administrative staff from using my workstation or any computer (they outranked me) to pirate software, I did resist mightily... legal and bureaucratic repercussions were explained to them... (and we're talking games, and home software, not school related stuff or "just" photoshop... we're talking about a LOT of games).

      I went up to ITS, and discovered that pretty much everyone was doing it, which is fine and dandy, but keep in mind that the software being pirated and the possible fines would be paid out of the tax money of the local residents (myself included.) That is actually one of the only reasons I didn't report them. The BSA would've sued the city or the school district, not the individuals.

      Either way, they were on their way to getting me fired for not playing ball. I don't mind software pirates, but it is rather upsetting when they're doing it on someone else's dime, with someone else's hardware on someone else's CD's, namely bought with tax money, yours and mine.

      So rather than be fired later for not playing ball, or turning them in only to get my other business and my property taxed even higher the next year, I quit early on and saved myself the headaches. I made more money from my own businesses anyways. It wasn't as steady as a "steady job", but at least contract work was far more honorable than the farce that passed for kindergarten and elementary schooling.

      All in all, I remembered once more why I really didn't like being a participant in "public schooling"... as a student OR as an admistratus.

      --
      " What luck for rulers that men do not think" - Adolf Hitler
  25. Clueful, Clueless and those in-between by spaceyhackerlady · · Score: 3, Insightful

    Depends on how technically savvy the users are.

    Technically clueless users wouldn't know what to do anyway.

    Technically savvy users need little more than an IP address and a beer to do the right thing. Hell, our sysadmins consult with me to help figure out how to do things right.

    The middle ground is the one that makes me nervous. The nouveau-techie little bit of knowledge types are the ones that scare me.

    I've installed and configured everything in my cubicle, and have root/admin access as well, because I need it. This is as it should be. I do not have root access to our main file server, because I do not need it. This is also as it should be.

    ...laura

  26. Re:Select own software? by peragrin · · Score: 4, Insightful

    My old(as in previous) boss is finally retiring at the age of 80. he was still working a 55-60 hour work week.

    He didn't need the money, but did it so he wouldn't get bored. I have another friend who is 63 has 4 seasonal jobs to keep himself busy and gives him just enough extra cash to play. he doesn't need the work, but he works to keep himself going.

    You don't have to stop hard when you retire, you just change priorities.

    --
    i thought once I was found, but it was only a dream.
  27. How do you handle the following issues? by khasim · · Score: 3, Insightful

    1. User just deleted a "critical" data directory/file.

    2. User just deleted an OS directory and their computer will not run.

    3. User kept everything on his/her local drive and it just caught fire.

    4. User wants an email from 3 years ago that user had deleted from his/her last computer 2 years ago.

    5. The legal department wants all email to/from Mr.X, Mr.Y and Mr.Z.

    6. User keeps getting infected with viruses.

    With centralized control, all of those are simple. Once you start allowing users to choose what to run, how to configure it and so forth, all of those become major issues.

    1. Re:How do you handle the following issues? by Anonymous Coward · · Score: 4, Insightful

      1. User just deleted a "critical" data directory/file.
      backups exist.

      2. User just deleted an OS directory and their computer will not run.
      backups exist.

      3. User kept everything on his/her local drive and it just caught fire.
      backups exist.

      4. User wants an email from 3 years ago that user had deleted from his/her last computer 2 years ago.
      see 5. (anyway, even many "managed/locked down" setup (like in small companies) don't have this one solved so, not a huge deal.

      5. The legal department wants all email to/from Mr.X, Mr.Y and Mr.Z.
      email archived server side, without any implication on the client side

      6. User keeps getting infected with viruses.
      enforce running AV

      Letting the users do some stuff doesn't mean not running AV / backup. Of course, one can hack the machine to disable all of this.. but honestly.. these people can be fired too ;)

      I'm not saying it is the way to go, but your points are not really proving it one way or another.

    2. Re:How do you handle the following issues? by Surt · · Score: 3, Insightful

      These are all easy to deal with if you have centralized control of the network, you don't have to control the end points.

      1) You design your processes so that important files are centralized. Don't make it possible to do 'work' locally. Backup is handled on the network. Now the user has, at best, deleted something that was important to them (not your business) locally.

      2) Reimage. See #1 in terms of what the user loses.

      3) See #1.

      4) everything using mail protocols recorded on the network.

      5) see 4.

      6) reimage, reimage, reimage until the user learns. have virus checker in the image (I guess user can possibly uninstall, but if you have a user with this chronic problem, respond to them more and more slowly / report them).

      Giving the user control over their pc doesn't mean the same thing as giving up centralized services.

      --
      "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
    3. Re:How do you handle the following issues? by sulfur · · Score: 5, Insightful

      reimage, reimage, reimage until the user learns

      So you want to pay desktop support techs to re-image users' computers all the time? In our company re-image takes about 8 hours due to hard drive encryption, which translates into lost productivity of the user.

      I've worked as a desktop support tech both in my college where users had admin rights to their PCs, and for a company that had locked-down environment with packaged software where almost nobody had admin rights and no non-approved software could be installed. I'd say on average I spent 3 times longer to put the users in the college back online, and to restore their data. Of course there's the whole issue of weatherbug/toolbars/ActiveX/other crapware that the users installed on a regular basis.

  28. Depends on the company by Quattro+Vezina · · Score: 2, Informative

    It entirely depends on the company. Small companies, Linux shops, and engineering-focused companies work better with people maintaining their own machines.

    I work at a Linux-based network security startup. Engineers maintain our own Linux boxen, IT maintains the Windows boxes given to non-engineers. Most employees, engineers included, have Windows laptops assigned to them as well; those laptops are maintained by IT. Of course, we're a small company...IT consists of one person in our US office and one person in our India office.

    Not much piracy concerns with Linux; we don't run any commercial distros on our desktops (we run a hodgepodge of Debian, Ubuntu, and Fedora), and none of us have any use for Linux commercial software.

    --
    I support the Center for Consumer Freedom
  29. In IT, they should, and they must by ZZeta · · Score: 3, Insightful

    Like most slashdotters, I'm in IT.

    The last couple of companies I've worked in, have made the decision to allow us -employees- to admin. our PCs. We are mostly semi-senior developers: we have the knowledge to make our computers perform their best, and we know what we want -and need- from them. No one else -not even support dept.- can know what service, application or tool is best for us and, being highly trained, we're the best admins. these computers could have.

    -- For instance, even though we need to use Windows XP, no one uses IE --

    And last (but definetely not least), this is what we *do*. Most of us could hack through the security policies if they were there. I don't think that having over a hundreed skilled developers trying to bring down your security infrastructure is the best way to go.

    Whenever I start my own company (that's right, I still like to daydream), I'll make sure I hire talented, trustworthy people, and grant them admin. rights of their PCs.

    PS: Note that admin. of PCs != network admin. Everyone here should appreciate the difference

  30. Yes, we do this by theolein · · Score: 2, Informative

    I've been at a number of companies with totally opposite ways fo doing things. Currently, where I now work, we let users do mostly as they please. Surprisingly, the amount of support time isn't must greater than when one has to control the IT worker's every move. The greates part of support is still helping users with various software issues. Generally, it works quite well.

  31. Techy people - yes with caveats. Other people? NO! by hattig · · Score: 3, Insightful

    In tech-savvy teams, yeah, let them manage their own computers, especially programmers and sysadmins. Otherwise they'll have every moment and to be honest their productivity will probably be reduced. Especially because many IT facilities are nazis on a power rush who take positive delight in being obtuse and difficult - especially to those more skilled with computers.

    However other people? Noooooo! Not even with a course in basic computer management.

    I'd still get the former group to take a course in acceptable computer use, of course. Too many universities don't have a proper ethics course on their CS courses these days - then again, too many CS courses are glorified "programming" courses.

  32. Re:It Could Work... by Nullav · · Score: 2, Funny

    We installed him 6 years ago on my computer (I was a freshman in undergrad then) so that we could have him say stuff like "punch me in the testicles"
    I hate to break it to you, but you could have said it yourself and it would have been much less painful in the end.
    --
    I just read Slashdot for the articles.
  33. But it wasn't the companies profile by DRAGONWEEZEL · · Score: 3, Insightful

    that stored the music. It's pretty reasonable to assume that well, lets see the music is stored under

    C:\Documents and Settings\John User\Documents\My Music\Lita Ford

    I think John User must have done it. I am pretty sure if you spell it out as policy against such actions, that the company would divert *.aa to the actual user that comitted the infraction. No amount of hand holding can really prevent this sort of thing. If they have access to the box, they have root right? That's what we say all the time here.

    They will do stuff like this. It'll get worse as the younger generation grows into working age.

    That's why I don't store too much personal data on my work computer, but access my own music via streams from orb.com

    However, I guess we could just make it illegal to use workstations at work, and make everyone access company infrastructure via a terminal. Yeah GREAT IDEA...

    --
    How much is your data worth? Back it up now.
    1. Re:But it wasn't the companies profile by tha_mink · · Score: 2, Insightful

      But it wasn't the companies profile that stored the music. It's pretty reasonable to assume that well, lets see the music is stored under C:\Documents and Settings\John User\Documents\My Music\Lita Ford Doesn't matter one single bit. Possession is 9/10s of the law. Your file server now has d:\backup\sales_force\docs\John User\Documents\My Music\Lita Ford and so do your tapes. So now, YOU have copied it twice. Not him, YOU. It's bad to let people make their own decisions with your network and hardware when your ass on the line. It always has been and always will be.
      --
      You'll have that sometimes...
  34. They are valid ONLY for centralized operations. by khasim · · Score: 4, Insightful

    I don't understand why parent is modded down. These are all valid answers to the issues listed.
    No.They are not "valid answers" in a decentralized operation because there is no way you can backup the user's machines.

    Saying that "backups exist" does not address the question of HOW the backups are made when the user can put any file anywhere on their system.

    With a centralized system, the users can be restricted to ONLY saving files on their TEMP directory and the servers. Those are MUCH easier to backup and lots of packages exist for that exact purpose.
    1. Re:They are valid ONLY for centralized operations. by Xoltri · · Score: 2, Informative

      No.They are not "valid answers" in a decentralized operation because there is no way you can backup the user's machines. Saying that "backups exist" does not address the question of HOW the backups are made when the user can put any file anywhere on their system. You are wrong on this point since I manage a decentralized company with several remote sites and I have set up a solution to back up the documents on their computers. It uses memeo autobackup on the local machine which sends the files to a DLink DNS-323 NAS device. Then ftpsync (http://www.fileware.com/products.htm)synchs the files to our file server at our main office which is backed up onto tape daily. So it can be done. Memeo is a great program. It would even back up to a USB drive if you configure it that way, and all the user would have to do is plug in their drive and it does it automatically.
      --
      -Xoltri
  35. NOOOoooo by EvilTwinSkippy · · Score: 3, Insightful

    As someone who has worked for 10 years as a network admin, the answer is NO.

    Yes, there are special cases out there. But they are special cases. By default, the only policy that works is to lock down a machine and grant access as needed. Too many people treat an unrestricted machine like a "rental." They abuse it. They don't take simple precautions because, hey, it's the company's machine. Given a chance, they will treat it as a personal plaything.

    To deny these truths is to deny basic sociology. And as I said, 10 years of first hand experience that is amplified by every competent admin I know.

    --
    "Learning is not compulsory... neither is survival."
    --Dr.W.Edwards Deming