February 11, 2009, 12:21 PM — If Jon Stewart said this on The Daily Show, it would come out “It's not your F-beeeep computer!” I say "It's Not Your &#%*@$ Computer!" because beeps don't come out well in print. But the thought is the same: they may be called “personal” computers, but employees do NOT own the computer on their desk or in their briefcase. If the company provides the computer, the company owns the computer and has the sole right to decide how the employee uses that computer and what software can be loaded.
This discussion started a couple of days ago when I made mention of Computerworld's story Removing Admin Rights Stymies 92% of Microsoft's Bugs. When users don't have administrative rights to the Windows operating system, many spyware attacks, viruses, and other security breaches are thwarted.
As usual, some readers agree and some disagree. The argument for letting users add their own software is "productivity" by letting users find their own software tools to enhance their personal working environment. Sorry, but that's a crock of beeeep. Do users who drive company delivery vehicles get to choose the color and rims on the vehicle? Do users bring in their own chairs and desks and demand the company pay for and support them? No, and no, and they shouldn't continue to believe they control how to use their "personal" computer.
Ask your lawyer, and you'll learn employees have no control over the tools of their workspace. Worse, employees have absolutely no legal expectation of privacy when using company equipment, which is why users can't complain when companies read employee e-mails and check disk contents. If the company provides it, they legally control how the employee uses it. Period.
Some readers missed my point about control. I didn't mandate all computers be configured the same way, because you need different tools for different jobs. But once the system is set, the user shouldn't have rights to change it. I said nothing about eliminating new programs that may help, just that IT should install them, not the user. Some groups, like IT, will certainly need full administrative rights to at least some of their computers for testing and troubleshooting. But does an accounting clerk need the ability to install a new kitty screensaver from Viruses-R-Us.com? Absolutely not.
One comment came from an IT consultant who tries to convince clients to lock down their systems. Those that follow that good advice "have fewer problems and lower support bills to prove it." One client had no virus or spyware related support incident in over three years. How's that for an endorsement? Can your company say the same?
Another IT person took the Computerworld article to upper management. Guess what? Idiot vice presidents said no, and reiterated their instructions giving all users full administrative rights. As an IT person, you can only remember the wise words of science fiction writer Larry Niven: "Not responsible for advice not taken."
Idiot vice presidents always trump IT. Write that in stone beside "the sun rises in the east" because they're both absolutely true.
