The IT Agenda: Desktop Lockdown Limits

Now the pendulum has swung to the other side. Corporate America has modified its acceptable-use policies all too well, and draconian desktop lockdown is the norm at many institutions. To propagate some image of fairness, the lockdown is almost universally applied--no users can install or modify their workstation setup. Ah, unilateral policy: What a great way to avoid making management decisions!

One of your engineers wants to install a different app for calculating torque? A programmer wants to change start-up characteristics of a workstation? As Wayne and Garth would say, "Denied!" Get in line at the service desk--we'll get to you whenever we can. Now, this is efficiency, eh?

If you took away all freedom from your best employees--decisions about which tool to use, or when to work on a project, follow up or change tasks--would these folks still be your best employees? On the other hand, if you gave total freedom to your worst employees, what would they do with it?

Free people can be incredibly self-destructive or self-empowering. The question is, do you have the right to decide what your users will be? Or will their managers know how to treat each person appropriately?

As with any IT technique, lockdown applied indiscriminately across the board can only spell disaster. PCs certainly aren't "personal" computers when hooked up to the corporate network, but neither should they be "dumb" terminals. The PC revolution happened because people discovered that they could be more nimble by using an individual workstation and decentralized tools than by waiting for the Brontosaurian centralized IT to give them what they need. Having now realized the benefit of the workstation concept, why would your company now want to backtrack completely?Middle Ground

Instead of locking down every desktop, consider educating business managers on how to selectively provide their people with the right computer tools--and on the bottom-line consequences of misused freedom.

At a previous job, we offered three stock "profiles" to managers. For most managers, this was enough. For others, we custom-built profiles--it was a large enough organization that one size couldn't fit all. We took care to explain all the things, bad and good, that could happen by applying the profiles to users before managers made choices. We discouraged local administration but allowed it when necessary.

Naysayers and lockdown fanatics will argue that any local administration is a disaster. It can be. But these same folks tend to forget that network security is a risk-management exercise, and by educating managers, you will drastically cut down local administration (and thus risk) while giving your people the tools they need to excel at their jobs. And that's your job.

Jonathan Feldman is director of professional services for Entre Solutions, an infrastructure consulting company based in Savannah, Ga. Write to him at [email protected].0