The Inmates in Charge

  • Comments posted to this topic are about the item The Inmates in Charge

  • I tend to agree. If you're a network admin and manage all desktops, people stop using their brains. If you leave them freedom, they will make mistakes, even very stupid, but learn something from them.

    About

    PS: Vote for Service Pack 3 for SQL Server 2005. Right now there are no plans to release it. We need your vote so Microsoft will build it.

    Microsoft announced SP3 for mssql2005 last week.

    http://www.pcworld.com/businesscenter/article/144712/microsoft_to_offer_sql_server_2005_sp3.html

    Robert.

  • I really wouldn't want this, even though we probably only have about 1000 devices. Major reasons:

    1) Any fault on a user device means a full diagnosis effort; anything could be wrong

    2) Lack of a standard image makes DR and rebuilds a nightmare

    3) Would stop us from using our fleet of emergency swap PCs as they also have standard builds

    4) I don't buy the "patching chaos stops malware" idea - random patching usually means almost all are less patched than they should be, so you'd end up probably with more varieties of malware

    5) Roll out of desktop software would be something of a lottery - our in-house applications are not as defensively written as commercial stuff as they don't need to be, and make fewer client-side checks for the right components

    6) Our users simply can't be trusted. A recent clean up left many users' monitors at the wrong height, and the number who asked for a desk visit to re-adjust was surprisingly high.

    Bill.

  • Bill Geake (4/21/2008)


    I really wouldn't want this, even though we probably only have about 1000 devices. Major reasons:

    1) Any fault on a user device means a full diagnosis effort; anything could be wrong

    2) Lack of a standard image makes DR and rebuilds a nightmare

    3) Would stop us from using our fleet of emergency swap PCs as they also have standard builds

    4) I don't buy the "patching chaos stops malware" idea - random patching usually means almost all are less patched than they should be, so you'd end up probably with more varieties of malware

    5) Roll out of desktop software would be something of a lottery - our in-house applications are not as defensively written as commercial stuff as they don't need to be, and make fewer client-side checks for the right components

    6) Our users simply can't be trusted. A recent clean up left many users' monitors at the wrong height, and the number who asked for a desk visit to re-adjust was surprisingly high.

    Bill.

    Valid points. Nightmare users. Quite usual scenarios in large companies. Such users are usually good candidates for massive layoffs on restructuring. Indicates that something is very wrong with organization. A good company educates its employees. It's an effort that costs something initially, but returns a lot more in longer term, if they're longer term employees. If they're not, it usually means there's something terribly wrong with company.

    An analysis of "love letter attack" showed that it had greatest success in managed networks - companies where administrator takes care of everything, users are plain dummies, strictly doing their jobs and not using brains, so a scam of any kind is a surprise and has great success.

    :hehe:

  • I am not totally for not totally against the idea of letting users manage their desktops. I think there should be a standard configuration at setup, with any and all applications currently required and then let users "manage" from there with Windows updates set to download and ask for when to install.

    In my experience most users will be fine with that. Sure there are issues that will arise with this, I have encountered several users in the past who thought turning off the monitor was rebooting the computer, but I do think this allows some ownership of the PC as well.

  • As noted in the InfoWorld article comments and referenced here, what about anti-virus, anti-spyware, etc? Granted, a home broadband user probably has some experience there, but at worst they expose their own information. In the scenario described, they potentially expose the company and its customers. Is the employee going to accept the responsibility for dealing with identity or corporate data theft along with the ability to choose? My guess is going to be no. There is a reason that companies are encrypting laptops and it had nothing to do with what features the user wants on their laptop.

    And anyone who relies on automated Windows update will find themselves woefully short of patches. Most .NET Framework security patches (as well as original . NET Framework downloads) are under the optional category. You don't get those unless ytu select them. If you half-patch the machine, expect to get half***ed results.

    ------------
    Buy the ticket, take the ride. -- Hunter S. Thompson

  • I agree with Bill Geake. I think that some of the benefits that come with standardized images would be lost. Additionally, you sometimes have those "problem users" that, no matter the amount of training, you still have to spend an inordinate amount of time with, fixing their systems. We have some brilliant engineers with local Admin access that screw up their computers on a regular basis.

    Cheers,

    J.

  • I thought I might add a different perspective to the discussion: Education.

    I'm new to the corporate world as I have been in public education for nearly 12 years prior to last month (as a DBA). The school district I left was one of the premier districts in the nation for technology use and many districts around the nation looked to us for advice. We used a standard image for all of our computers for many reasons with centralized management:

    1. Sheer volume. We had 33,000+ desktop PCs and more than 5,000 laptops. Add to that 6,000+ administrative staff plus nearly 54,000 students...

    2. Just plain dumb users. Even the younger generation of teachers coming to our district found it a challenge to turn it on much less be productive.

    3. Students. I can say most were very respectful of the equipment and services we provided. There were some, though, that had malicious intent when they logged into the computer. One student in particular, managed to do enough damage that the campus had to have all of the computers re-imaged as well as restoring the servers to a backup point nearly eight weeks prior.

    4. With the number of PCs provided continually increasing, a standard image allowed us to provide that to the hardware vendor so all new machines were simply "plug and play."

    In my environment now, with only 270 employees, I think a less managed environment could be justified but some things, such as patch and security maintenance, still need to fall on the IT department. It is our job to make sure that the user experience is 100% every time they sit down at their computers.

  • I feel that IT people should have full responsibility of making sure the hardware is working and that the software is fully patched and functional.

    The end user should be fully responsible for knowing how to use the programs. If you don't know how to setup your 'Out of Office', or setup a header/footer in MS Word, then that is an experience issue.

    I see IT as the vehicle and the users as the driver. If the brakes don't work properly then it's the cars fault. If the driver gets lost, or hit doesn't know how to turn on the radio, it isn't the cars fault.

    Personally I think until all applications are accessible via web browser the desktop will always need the attention of an IT Tech.

  • I support giving users as much freedom to manage their own machines as they demonstrate they can handle. In my company, most of the employees are engineers, so they are, for the most part, trusted with administrative permissions on their machines. But, a company has to be willing to revoke this privilege, person by person, if those particular people demonstrate that they can't handle it.

    I like the idea of allowing users to purchase their own equipment, although I can see how this defeats the purpose of volume purchase discounts. If given my choice, I would have a MacBook Pro running Windows XP under Parallels. I know many developers who do this, usually with their personal machines, but their employer must give them access to the network and permission to install company software on personal machines. Now that's another topic altogether!

  • Why is it that in today's world we expect users to be able to patch and manage their own computer?

    How many people out there, tech-heads included, fully 'manage' and 'patch' their own car? (Changing oil, patching the ECU, full routine inspection, etc.) The vast majority of the driving public can't keep their tires inflated at the right pressure, and lots of people run out of gas every day!

    In today's world, irrespective of the complexity of the devices, we should achieve maximal benefit from specialization -- have the people who really know and love computer management do that, with the rest of the user population benefiting.

    I'm all for users choosing their own equipment, but leaving it to them to manage I would think will be a great loss....

    -frank


    The End.

  • Perhaps allowing the IT folks to manage their own computers would be fine......but actual user users?......not such a good idea. The first time Fred loses important data because of poor configuration management then the whole office will be up in arms.

    I liked the car analogy.

    Standardized PC management is really necessary in larger corporations. It decreases costs and raises productivity. Fred doesn't have to worry about versions or patches and can go about his corporate life designing the widgets.

    Susan

  • I like the car analogy too. We do most of the car maintenance (patches, updates, virus protection). We do assume the user can drive and turn on the radio. We send out links to articles on how to be a 'better driver' (how to's in Excel, Outlook, Word, Desktop Management, Custom Apps) However, if they prove to be a passenger instead of a driver, we set them up for the Autotopia (special user group, with extra spyware and malware scans, limited internet access) to keep them on track on this 'E-ticket ride' and not able to turn it into Bumper Cars for the rest of us. 😉

  • Susan Shafer (4/21/2008)


    Perhaps allowing the IT folks to manage their own computers would be fine......but actual user users?......not such a good idea. The first time Fred loses important data because of poor configuration management then the whole office will be up in arms.

    My experience would tell me that IT folks would be precisely those you DON't want completely in charge of their own machines... After all - they know enough to be dangerous...:)

    I think that a balance between being entirely locked out of adding things to your machine, and the "no controls in place" whatsoever. I think that the automated push for the patches and virus def's are a must, especially in a larger organization (where each person individually connecting to Windows Update directly would turn into a huge drain on the company bandwidth).

    Having had the pleasure of reporting a few viruses TO McAfee (yes - as in brand new viruses not yet defined in their DB), I don't think you get to choose when you update your machine. The fallout of you neglecting to do it is just too high.

    Once you hit that baseline though - THEN I could see a fair amount of latitude to deal with what's on your machine, or for that matter what is IN your machine.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • I would generally agree that letting users manage their own PCs is a bad idea especially in a large corporation where users run a number of different applications on a daily basis. From my own experiences, I have seen users download patches that they did not need which caused third party apps to stop working with Microsoft products and I have seen them completely ignore critical Windows updates as well. (Unfortunately I have seen server support do the same thing but that is another story!)

    I think that PC support is generally tasked with keeping up to date on patches and proper PC setup for their company so they should manage the user's desktops unless the users are at a competency level to where they may be given full rights to do so themselves. This would be on a case by case basis at the administrators discretion. IT is always a gray area as some users can maintain things fine while others tend to wreak havoc by deleting dll's changing config files, etc.

Viewing 15 posts - 1 through 15 (of 23 total)

You must be logged in to reply to this topic. Login to reply