Why IT types should never be allowed to rule the world: Because they would rule it with an iron fist that would make Mao’s Cultural Revolution look like Burning Man.
Okay, I’ve done the IT tech support thing. I’ve done the IT site management thing. I’ve done pick-up network admin stuff. I have my chops here.
IT folks get crazy sometimes.
I was at this big meeting last week with the top two tiers of IT managers in the corporation. And the folks on my level — top-middle-management — were going on and on and on about “We need lock down all employee PCs.” “We need a standard load and that’s all that anyone can ever install unless someone from IT does it from an approved and tested list.” “Users are filling computers with illegal software.” “We should delete all JPG and MP3 files from the network.” “Life would be so much simpler if …”
Ah. It’s the last one that really counts. Life would be so much simpler for IT if all PCs were standardized, if everyone used them exactly the same way, if all employees were interchangeable automatons that bounced their balls on their driveways at exactly the same rhythm.
(They call it IT for a reason, you know …)
Now, as I said, I’ve been there. I know how frustrating it is to do IT support when folks are installing AOL clients and messing up their other software, or when they’re clogging the help desk to ask for assitance with iTunes on their company PC, or when they load pirated software and then expect tech support to use it or when it breaks (or when it breaks other stuff). I know how crazymaking it is when they complain about performance because they browse all over the place and have a machine full of spyware (“Why didn’t IT stop it? I didn’t do anything.”). I know how irritating it is to have someone complain about performance and it’s because their hard drive is 98% full, 65% of which is non-business stuff. I know how maddening it is to get the same call from the same person for the same thing that shouldn’t be the IT support group’s responsibility.
But … but …
I also know, as a user, how frustrating it is to have capabilities locked down. And I’ve been to offices where that was done, where a new printer couldn’t be added, or a new screen saver selected, or a new desktop wallpaper loaded, without an IT admin signing in (and they wouldn’t because It Isn’t Standard).
What I told my colleagues (without success, I fear) is that for a lot of people, their PC is their workspace. It’s where they live and work 8 hours a day, 40 hours a week. It’s the same as their cubicle or office or desk. Would everything be neater and tidier and less expensive and easier to deploy if everyone sat in exactly the same office configuration, with exactly the same supplies and with none of this “decoration” or “art” or “pictures of the kids” cluttering things up? Without any chit-chat over the water cooler? Would things be easier to manage if everyone worked precisely 8-5?
Could you make a business case for all that? Sure — and you’d have a lot of unhappy and unproductive employees.
I have my laptop highly customized. I have all sorts of non-standard stuff installed on it. And I take responsibility for it. I don’t practice unsafe browsing. I scan my own system for spyware. I diagnose problems on my own. If something breaks that’s not official, then I take responsibility for my own mess if the techs need to re-image the machine. I don’t put my junk on the servers. If I run out of space on my PC’s hard drive because of my MP3 files, or because I have a test instance of CoH loaded, I figure out what I’m going to delete, rather than ask for a bigger hard drive or a new PC.
I act responsibly. And it all comes down to responsibility.
The end-users have to be responsible for their own messes. If they load X on their machine and it breaks stuff, they need to (a) be held responsible to try and fix it themselves (if they can’t, they shouldn’t be playing with it), (b) be held responsible and accountable with their management for the lost time (and lost data), and (c) be given back a standard install clean machine and “So sorry, your settings are all back to default, talk to your boss about the time it will take to get the way you like it.”
IT needs to take responsibility and say “No” to unreasonable non-standard requests and installations. If the user wants to do it him/herself, that’s their lookout. If it’s not ours, we don’t fix it. If you want a standard image reinstalled, that will take 45 minutes, then you’re on your own. If we spend a lot of time fixing a problem that turns out to be due to your screwing with things you shouldn’t, your department will be getting a bill for the time and your manager will be told about why. If you install something that causes problems beyond your machine, we *will* lock it down.
The least appropriate control is the best. Requiring AV and firewall software, even locking down some core security-risk system components, is reasonable. We put locks on the building doors, too, and have office safety rules. But the more control you exert, the less productive people can be — not just “do you have the business tools you need” productive but “do you have the ability to innovate” productive — and, as important, “are you happy” productive.
It’s like with kids — if you give people responsibilty, they will tend to act responsibly (or will be held responsible — it’s a nice feedback situation). Locking things down and making everything the same is a cheap out — it makes life easier on IT, but it does so largely because it avoids confrontation with users. It’s easier to lock ’em out than hold them responsible, or confront their managers over their behavior, or anything of that sort. It let’s us just point hopelessly at the policy — “It’s not our fault, that’s the rules.”
It’s easier, but it’s wrong. It does a disservice to our customers, and it does a disservice to ourselves.
Okay, as someone in the trenches here, I feel it’s my duty to respond. I agree wholeheartedly with your sentiment. Folks SHOULD have full control of their machines (proprietary data not withstanding), and if it could be truly and honestly stated that individuals are responsible for their machines and that IT is there to help them with business related problems and if, as you said, they dink it up, they get a standard image installed and can start over.
Where I work, the nightmare scenario that you laid out, where local admin privledges are handed out only with express permission, is in place. However, a standard user profile (which is what we use for most folks) still allows them to change stuff like backgrounds, listen streaming audio, etc. This seems to be a happy middle-ground for the most part.
The reality that I’ve seen as far as giving users full control across the board is that even if they’re explicitly told that they need to be responsible for their stuff, more than half aren’t. And when a tech comes over to fix their machine for the various reasons you listed…we’re the bad guys because they didn’t back up their data, or can’t/won’t fix their Napster software.
And, I can understand that. You come into work, you do your job, it’s only human to want to…you know…I just went back and re-read what you wrote. You’re right.
Personally, I like to give people the benefit of the doubt. And if the policy says “Thou Shalt Not Screw Up and Blame it on IT”, then policy can always be quoted as justification if someone is acting in a less than reasonable manner.
So, hear hear for acting responsibly and getting smacked down like a just-peed-on-the-rug puppy when acting like a jerk. 🙂
I have no problem rubbing users’ noses in their messes. But I think that’s a healthier situation than leaving them chained up outside all the time. 🙂
I’ll admit it — a big part is that I don’t want someone coming to me and saying (for example), “Hey, get rid of all those pirated MP3s” — and have to demonstrated that, no, every single was was ripped from a CD I own, and I don’t go and download random music from pirate sites and so endanger the network, and I back them up on a regular basis so that if the techs have to wipe the machine, I won’t pitch a hissy-fit at them.
*I* try to be a responsible user. I don’t want to be presumed not to be.
Of course, and if everyone acted responsibly, then it wouldn’t be an issue at all. Of course, we’ll have been assimilated by the Borg, but at least the RIAA will be happy.
Something else to keep in mind, is that in general IT is seen as an overhead, something that generates no profit. As such, it’s kept to a minimum and when budget cuts come around…the neck of IT is a tempting target. As an example, my site has me and two other techs to handle ~1300 users at 6 locations.
So when someone says “I need you to figure out how to upload ringtones to my cell phone.”…I have little sympathy. 😀