IT restrictions hurt productivity

Farhad Manjoo sez, "I just wrote a piece about why office IT restrictions hurt productivity. There's a great deal of research showing that people are more creative and driven when they feel some sense of autonomy at work; locking down their computers works against that goal."

The restrictions infantilize workers--they foster resentment, reduce morale, lock people into inefficient routines, and, worst of all, they kill our incentives to work productively. In the information age, most companies' success depends entirely on the creativity and drive of their workers. IT restrictions are corrosive to that creativity--they keep everyone under the thumb of people who have no idea which tools we need to do our jobs but who are charged with deciding anyway.
If I sound a bit over-exercised about what seems like an uncontroversial practice, it's because I am--for too long, office workers of the world have taken IT restrictions sitting down. Most of my co-workers at Slate labor away on machines that are under bureaucratic control; they need special dispensation to install anything that requires running an installation program, even programs that have been proved to be safe--anything that uses the increasingly popular Adobe AIR platform or new versions of major Web browsers. Other friends are blocked from visiting large swaths of the Web. IT departments install filtering programs that block not only adult sites but anything that might allow for goofing off on "company time," including e-mail and chat programs, dating sites, shopping sites, and news sites like Digg or Reddit (or even Slate).
Different IT managers have different aims, of course. At some companies--like Slate--the techs are mainly trying to keep the network secure; preventing people from installing programs is a simple and effective (if blunt) way to ensure that corporate computers don't ingest scary stuff. Other firms want to do something even more sinister: keep workers from having fun. These companies block the Web and various other online distractions on the theory that cowed a workforce is an efficient one. But that's not really the case.

Unchain the Office Computers! (Thanks, Farhad)

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

More at Boing Boing

Ants and Stars: Bruce Sterling and Jasmina Tesanovic visit the Sardinia Radio Telescope in Italy

The Snowden Principle

DoctorWhat

I encountered an interesting spin on this recently. While talking with a friend, we discovered several email he’d sent to me at my work address seemed to disappear – he didn’t get a ‘bounce’ message but I didn’t appear to receive them either. “Bob”, as an experiment, started to copy messages to my Gmail account.

Now, Bob’s not exactly profane but when frustrated he has been known to write ‘f*ck’, ‘sh*t’ and refer to his boss in less than flattering terms. It would seem my IT shop has a filter that seeks and destroys email containing profanity. No notifications in either direction – just bit-bucket the message and keep going. Funny, eh?

Yes, Bob should be using my gmail only and will do so unless he cleans up his language. “Bob, do you write email to your grandmother with those fingers??” :)
Nixar

Â«My employer has no obligation to provide me with books to read, games to play, puzzles to solve, in short, amusement.Â»

Great moralistic paternalistic missing of the point, buddy. With a gist of strawman, too.

See my company is blocking youtube because it’s a waste of company time or something. Well I just setup a VPN to one of my colocated servers, … so that I can watch Google fucking TechTalks while waiting the maintenance window to update a production server after hours.

Yeah, I’m a sysadmin, and I’m a grown up, too, and I don’t need to be told how to do my job by the fucktarded IT dep’t that’s full of people like you. See, they don’t want to spend â‚¬20 to upgrade the developer’s RAM (most have 1G I shit you not!), nor do they want to spend the â‚¬30 a month it would take to get a 28Mbps line behind the proxy instead of sharing a craptastic overloaded DSL. Instead they believe that people just waste RAM and bandwidth watching cartoons or something.

And every day, hundreds of man-hour of expensive, highly-skilled labour are wasted by moralising, patronising people like you who think they know so much better. Your kind is a drag on society as a whole.
Keneke

C’MON BOEING

I WANT MY PORN
MattBD

We’ve been having to share a spreadsheet for recording customer’s address updates between some fifty-odd people at my workplace, and we had to set it up to share because otherwise no-one could get any work done and someone would go to lunch with it open and lock us all out. Of course, once it was shared then people were having problems with conflicts when two or more people tried to write to the same cell.
I’ve got some knowledge of Python so I wrote a script to create a GUI front end that we can use to update it automatically using the xlrd and xlwt modules, and I asked if we could get a Python interpreter and the necessary modules installed. Have yet to hear back after a week…
ahaley

We have these implemented in the organization of which I am IT monkey and I can tell you that they are essential. Just because you have them installed doesn’t mean that you have to use them to filter sites, but they are essential to block nastysites and such. A machine, even with all of the right patches and software, can get infected by crapware within days even with the appropriate user education and then the end user blames IT for “letting” this happen. Days after we made the choice to open Facebook at our office the total time spent on that site was 100s of work hours. Yet people still went home at 5pm. Explain how that is a good trade off?!
Anonymous

I do web-blocking and machine cleanup at my job. The purpose of web-blocking for us is not a “cowed workforce”. It’s to control the insane amounts of bandwidth that get used by people streaming their nanny-cams and slingboxes, and playing youtube videos.

We’ve been directed to clamp down a couple of sites that got abused, but we don’t do it just to reduce the Proles to abject misery.

As for allowing various web browsers, try running 150 different pieces of custom software on various machines without running into interaction difficulties. We limit users to IE because (for better or worse) a good many professional sites out there are incompatible with Firefox.

Heck, some portions of the USPTO website require either IE 6 or Firefox 2. Which blows goats from an administrative standpoint.
resnovae

You know, at this point I’m so angry at the IT managers in my office, it’s actually hard to type this without cursing. Information, and how it’s transmitted, is basically my entire job description. Yet going to work every day has become like trying to run through a labyrinth, blindfolded- I never know where the next wall will crop up.

Trying to get work accomplished around IT roadblocks has literally become 50% of my time on the job.

Forget online games, Cubs games, or online shopping, I just want to do the job I’m being paid to do! But TRY to explain to IT that their one-size-fits-all (unless you actually work in IT) solutions are killing your productivity, and they get all pious about viruses and malware…

I’m pretty sure if they could take every computer off the internet entirely, they’d be overjoyed at all the “problems” this would resolve.

And my favorite- when you tell the help desk staffer you need help because you can’t do something as basic as install a printer without admin rights, and they say something clueless like “I’ve never had any problem doing that.”

Of COURSE you haven’t, you jerk- you HAVE admin rights!
oddible

Simple rule. You can install anything you want but if it becomes my headache I push a new hard drive image to your machine wiping all of the crap and proving a crisp, clean, speedy environment. Make sure you save your data to the network.

This policy works very well and users start to even appreciate it – they look forward to an overnight push of a new desktop install to their machines.

Allowing users to install whatever they want becomes a huge IT time suck as service personnel spend hours trying to sort through why things no longer work.

Net censorship is another story.
bardfinn

Farhad Manjoo has moved me, emotionally. This is dead-on correct.
Nixar

@Doctorwhat: that kind of filter is probably hurting the company in many ways (lost biz ops), clbuttical style.
dimmer

As a (prior life) IT manager I have to side with the users. Using your computer should not be some damn puzzle of what and how to do: it should just work.

IT folk should be working with the firewalls (and no, blocking YouTube is not “Working”), the routers, and their servers. That Personal Computer on the desktop? You give it 10/100/1000 whatever connectivity and then and there your job ends.

And if it doesn’t, you didn’t figure out how to define a desktop OS. And that, buddy, is not hard.

Of course, most IT folks are in love with Microsoft: hell, they make money from it, can add to their staff (building their importance), and use the old IBM defense (“No-one ever got fired for buying IBM!”)

IT managers should be taken out behind the chemical sheds and disposed of. We’d all win.
shadowfirebird

I’m an analyst in an IT department of a small UK company, and we’re not even allowed to change our wallpaper.

Now, I would be the first to say that having some picture on my desktop is not a vital issue for productivity or for my sanity: if it were it would be a sign that the job was a really shitty one, and it isn’t. But it *is* indicative of a growing environment of non-trust of us employees. And that is a very bad sign indeed.

FWIW: if you find a guy reading a newspaper in the loo for half an hour, you don’t put CCTV cameras in there or a timeswitch on the door — you just discipline the guy. I fail to see why it should be different with computers.
gollux

Because of the nature of our business, we have to meet PCI-DSS. One screwup by one person with administrative rights that leaks our customer information can result in the loss of our merchant services and damage to our reputation. It will probably foster resentment, destroy productivity and result in all the aforementioned, except in the opposite direction as the people working for us realize they are out of a job due to the infantile actions of one turkey, who in this economy would probably be summarily lynched out in the parking lot. I try to reconcile the loss of productivity caused by malware cleanup with articles like these, but something kind of seems out of balance, unlike our IT who tries to keep restrictions in balance to avoid downtime and decreased productivity.
Anonymous

This is entirely cultural. In many countries this article would read like gibberish. A good friend in Japan once bought concert tickets online while at work and while there was no one looking at her network traffic, she felt incredibly guilty for wasting her company’s time and money in this selfish manner. I’ve heard some similar stories from a couple of Dutch guys I know.

“The restrictions infantilize workers–they foster resentment, reduce morale, lock people into inefficient routines, and, worst of all, they kill our incentives to work productively.”

This claims that workers who screw off in their browsers all day are somehow role models, mature workers who don’t need to be watched like children who will throw a tantrum when the ‘net goes down for half an hour.

Prove me wrong.
Anonymous

I spent an 1/2 an hour last week trying to work out how to compress some photographs I had taken into thumbnails for student bio’s. After using trying to use 3 different applications on the “locked-down” computer but to no avail, I had to turn to the IT staff. “Use this 4th application” was the response. I asked why Picasa was no longer on our systems (30 seconds to complete my task rather than 30 mins!). The response: “Google hasn’t been updating their software so Picasa doesn’t work on our machines”.

Tech teams are support crew right? Don’t they work for us?
roboton

Whatever. Just because you think it doesn’t make it true.
syntaxerr0r

#29, I feel we have the same employer. Is your salary also 3 weeks late?
Anonymous

I tried to post a comment from work, but the WebSense filter blocked it as a “social networking” site :)

I can see the side of the IT guys who say they have to constantly clean up crapware or limit bandwidth.

But if it is being done to “increase productivity” somehow…

If your company doesn’t have a policy in place to keep people from screwing off in the first place, this won’t prevent it.

People will still muck around, somehow, unless you have a “three strikes and you’re fired” rule.

Some folks just aren’t wired to slave away for 8 hours solid, or don’t have interesting jobs that allow them to do so.

I fall into the latter category. I have always been able to meet my targets ahead of time, but admit to perhaps spending a little time online, to take a break now and then.

Our IT department has been cracking down heavily on “non-work related” sites, perhaps for a combination of bandwidth control and productivity control – I know it isn’t for crapware control, as we all have local admin rights and can install anything.

So now, I can’t take little breaks online.

Fair enough, it isn’t my computer, and I’m not paid to take breaks.

But…

I have come to realize how mind-numbingly boring my job really is, and how little interest I have in continuing to work there, now that we’ve been “locked down”.

So I say, “thank you, IT police, for getting me off my ass and encouraging me to find another job.”

Bravo. I used to put in a good day’s work, but soon I’ll be gone. Ten years of experience in a very specialized position.

Call me a bad employee if you wish, I will then respond that either you have a great job, an incredible tolerance for boredom, are a very dim-witted person who doesn’t need much stimulation, or you are full of crap.
Ito Kagehisa

Corporate LANs typically run 1000 Mb per second. WAN links, which are shared by all users, usually run around 3 Mbps if you’re lucky – a T1 line is 1.4 Mbps and some change. So, one user streaming porn or playing WoW can significantly impact productivity for all users.

In my experience, if you are knowledgeable enough to decide how best the company’s computing resources should be used, you are capable enough to circumvent any inconvenient restrictions on those resources.

To put it another way: if you can’t figure out how to get around the roadblock, you are almost certainly the person the roadblock is for.
peterscampbell

I’ve blogged on this topic as well, with similar conclusions, but from the perspective of a long-time IT Director who tries to balance security with flexibility. IT should not be control freaks, nor should they be in the position of setting HR policy via restrictive technology.

But whiny end-users like Mr. Manjoo don’t help the situation by being so dismissive of staff that are trying to provide a safe computing environment. The heavy-handed approach is, unfortunately, the easiest, and I think it behooves my peers to not take the easy route if they want to support their organization’s objectives (and my career is in non-profit – I completely support my org’s objectives). But I’ll also note that, in the places where IT is allowed to dictate personnel compliance via technology, it’s usually with tacit approval and encouragement from management. IT staff will adapt to culture, and culture is established at the top.

My more measured case for why IT departments need to loosen the reins is here: http://techcafeteria.com/blog/2009/04/21/the-roi-on-flexibility/
Nixar

@Tzctlp: You’ve gotta be fucking kidding. A PC virus taking down the public facing biz? You don’t put production servers on an office lan. I don’t care how long ago that was — it’s always been a very bad idea, for as long as production servers and office LANs have existed.

But oh wait, your company did, and they blamed it on one poor sob who dared plug his laptop in? Oh the chutzpah.
Anonymous

PS – @Ito Kagehisa,

I could easily circumvent the roadblocks where I work. However, the penalty for doing so in my line of work would be many years in prison… not a good idea, eh?
sleze

Google Search NMCI sucks.
asuffield

I’ll stop locking down the desktops when management implements my IT literacy test for all new hires and starts docking people’s pay for every system they break by putzing around with personal toys, the same as they do for physical equipment.

I don’t mind systems that get broken by people who were trying to do their job, and it’s not my job to care about people who are doing personal stuff on company time. But people who break things because they were trying to install games? I’m never going to tolerate that, and if it was down to me they’d get billed for the wasted time.

Until then, no local administrator rights.
atomix

#32: I simply googled “NMCI” and I got an invalid certificate warning. What is the military putting on a Google search that requires SSL, has an invalid certificate, even though I haven’t clicked on any results!?!?!
Anonymous

#33 – that’s one of the most intelligent things I’ve heard about this issue – it would work, in many cases.
DWittSF

This ‘one size fits all’ mentality needs to go in the rubbish bin, right next to ‘we use Windows because PCs are for business use.’ Yes, non-techies don’t need admin rights, but as was pointed out above, YouTube and many other sites do in fact have legit business uses. If you run a widget factory full of widget stampers then, again, one size does not fit all.

What I find interesting is that nobody has brought up the boogeyman of ‘downloading illegal software,’ which has kept many an IT manager awake at night. At my last job, I was fortunate enough to have an IT person who realized that, as a Developer, I knew enough not to download malware, and that FOSS software was an important part of my toolchain…and it saved the company money by not having to requisition proprietary alternatives, if they even existed. She even managed to pacify her corporate superior, when he heard that GASP I was using SSH on the corporate network.
Anonymous

The computer I work for doesn’t (or at least says they don’t) have any restrictions. However, they DO say that everything is logged, including changes to your PC and if you are found to be using a PC for personal use in company time (which, strangely enough, includes your lunch hour) then they will take disciplinary action.

They also say that you can install your own software, so long as it is properly licensed. However, should that problem cause your PC to ‘function incorrectly’, then they have the right to “charge for any repairs necessary”.

So, even though we are allowed to, no one dare do any changes to there PC or visit any non-work related websites. This certainly hinders productivity as people continuously think that some websites may be classified wrongly so they don’t use them at all.
Anonymous

“Many IT people are smart, but a lot of them are idiots.”

“Many users are smart, but a lot of them are idiots.”

Both are pretty much true. But having spent more time on the user side than the IT side I’ll only tell stories about idiotic IT…

My favorite IT story was when I was working with a project that used IRC. I was running the linux cmd line ICR client “BitchX”, and some sys admin saw it and assumed it was some kind of malware. They killed it, and reported me to my boss, who called me in to discuss the internet usage policy with me and otherwise read me the riot act.

My second favorite was when the same IT people failed to put any kind of password on the admin page for a web cam we had. I logged in, and had it flip the image upside down, then emailed them making some offhand joke about things being turned upside down as a hint that they should check the password. They reported me to the boss again, who AGAIN read me the riot act about how that was not for me to access and it was against policy for me to access such a device and so forth.

Follow up to second story. 4 months later, I checked the admin login. The IT people still had not set the password.

So yea, keep IT policy the hell out of my machine so I can actually do my fuckin’ job.

Paul Deacons
Anonymous

This again? Enough already. We have debated this to death. Such corporate policies are in place to reduce risk. Most organizations are willing to accept the productivity hit.
Anonymous

As an IT admin I have to say it has little to do with productivity efforts and more to do with cost of bandwidth and support. Less user functionality and usability equals less IT staff to keep it running.
FruitSmack!

I work at a medical school where there are no blocks on the computers. Faculty/Staff have full admin rights (although we do require a separate admin account for troubleshooting use). The only thing that isn’t negotiable is our enterprise virus scan software. Beyond that, once we deploy a computer to them we’re pretty much hands off and support mostly whatever it is the fac/staff use.

I think the closest we come to a lock-down is student lab computers and the computers on the nurses stations in the hospital. They run a software that upon reboot reverts the drive back to an original state. Even then, this was done because these shared computers ended up being infested with malware on a daily basis and became unusable quicker than we could clean them.

I can say that the users here seem to be more productive using computers because of our lax policies. There’s no reason to lock down the computers if IT has their shit together.

amb
Anonymous

Tech teams are support crew right? Don’t they work for us?

No, the tech team does NOT work for you; it works for the management and officers of the same company you work for.

If some VP needed the software you just described, you would hear the sonic boom as it landed on their workstation, because the assumption is that the VP’s time is more valuable than yours, and the production hit that the VP takes costs the organization more money than your production hit.

And that’s true; just ask to compare your salary to the VP’s. His/her time IS more valuable than yours :-).

Now take the number of people at your salary rate, and divide by the number of tech dept people who are available to deal with requests like yours. Is it 5/1? 10/1?, 100/1? 1000/1???

And that assumes that the people in the tech dept are properly fed and watered (i.e. trained). Put people who aren’t qualified in those slots to begin with, or have people who aren’t encouraged (or subsidized) for training, and that number may be 10/1, but will feel like 1000/1.

Most accountants (and execs) view IT/Tech as a cost center, which is true. The IT dept does not generate revenue, and is there for a drag on the bottom line of the company. Like a janitor. Or a security guard. Does your company pay big bucks for their janitorial service, or their physical security? Odds are, your answer would be ‘NO’. So don’t expect them to shower the IT dept with cash, either.

Which brings us back (in a round-about way) to your original complaint, which can be summarized as ‘IT is UNRESPONSIVE’.

IT is there to make sure that you can get your job done, in the narrow confines of what your immediate supervision understands your job to be (ah, that’s the trick, isn’t it?). As long as you stick to ‘vanilla’, you’re fine. God forbid that you ask for ‘Rocky Road’ or ‘Banana Fudge Ripple’. But you have, haven’t you ;-).

I’m sure that most of the IT group is trying it’s best under the confines of what their own operating instructions are. When you ‘order off the menu’, you’ll just have to relax until they can get around to you. Or get creative.
TJ S

I can’t read the article, because it’s blocked by my work’s internet filter.

Seriously.
Anonymous

I engender a very simple IT policy. Treat people like adults until they act like children. Then treat them like children.

It’s all well and good to give people control over their own computer destiny, however, they’re not the ones who have to clean up after themselves when they do something stupid.

And with most users, stupid is just a matter of time.
Anonymous

It comes down back to good, old McGregor’s X and Y theory, is it not?
Alys

At my office I rarely run into their nannying software (though they do have it, as I once was unable to proceed on a link to a forum post for some reason), but what I hate more is being unable to have admin rights. Our Windows updates every month (XP) keep breaking the functionality of how we open TIF files, and while the fix is easy (adding the suffix to file types), it requires admin access. So that means that our IT guy has to come around and manually update 65+ computers every month. Utterly ridiculous.

That being said, there are enough folks in my office that would grind their computers to a halt through sheer stupidity, so I get why they have such a lockdown.
Anonymous

@Doctorwhat:
I had a similar situation at a former job. My wife and I would email each other reminders to turn on our radios because a baseball game was on. Well the IT lords at my place of employment, in their infinite wisdom, decided to filter anything with the word game in it so of course our emails got blocked. We replaced game with an unfiltered word and the emails got through no problem.
It was fun to send my wife messages reading “It’s time for the Cubs sex” or “Don’t forget the sex is on at 1 today.”
randompie

Interesting article. This is something we have battled for in multiple organisations. I put this post on my blog and added some stuff here: http://schngrg.rg/blg/2009/08/t-rstrctns-hrt-prdctvty-bng-bng/
- Antinous / Moderator
  
  randompie,
  
  Please don’t link to your blog when it’s just a cut-and-paste of our post.
soubriquet

I give my time, and effort, in exchange for my employer’s money. At the time of my starting employment there, it was understood that I was there to do my job for forty hours each week, in each day, I get two twenty minute breaks, and one hour for lunch.
I agreed to this deal, there’s nothing sinister about it. Each of us know where we stand, and each of us has room for some give and take, which we do mutually.

My employer has no obligation to provide me with books to read, games to play, puzzles to solve, in short, amusement. If I want to chat with friends, check the weather in some remote part of the globe, watch music videos, I can do that in the part of the week where I am not taking my employer’s money.

If I were to suffer so much from computer deprivation, I could of course bring in my own laptop, and connect to the internet, using a phone-company connection deal, in my breaks or my lunch.

Or be honest at the interview “Well, some of the time I’ll do what you pay me for, but really I like to surf the net, go dating, twitter my inconsequential thoughts, and get you to pay for my leisure time.”

Dammit, do your job, play with your own computer on your own time.
Anonymous

Interesting coincidence. I just got sent a threatening email from our IT department for “accessing streaming media” by downloading Cory’s reading of “The Hacker Crackdown.” However, streaming here is defined as any A/V file that allows immediate playback, which means any A/V file at all, and I’m not entirely sure why they bother specifying “streaming.”
toyg

The most hateful element of this situation is the politics it generates. Sooner or later some people will get the admin passwords, and some others won’t, and the definitions for these groups will invariably be “friends of the local BOFH” and “others”.
theWalrus

I’ve worked IT for many years, mostly in the publishing industry. I think that it’s true that setting too many restrictions on what users can do on their computers, especially restricting web access, would be really demoralizing to people who are salaried employees and work long hours. The idea that somehow those restrictions will improve productivity is laughable. If an employee is not getting their job done because of a Facebook addiction, then that’s an issue for their manager, not IT.

But, for security reasons, users should not have admin rights to install whatever software they want. I believe in a ‘restrict with leniency’ policy. That is, if you want to run a chat client or try out Chrome, fine, but IT should know about it. That way IT can say ‘no’ to the more egregious stuff (like, P2P clients).
Anonymous

The restrictions on my work computer would be easier to stomach if our IT department would do anything productive.

While they play WoW and watch movies in the server room, both laser printers have been low on toner for six weeks and our file server locks up like clockwork every Saturday at 2:14 a.m. We’re still running OS X 10.3. They banned us from launching .apps, but we can still drill down into the app folder and run the binaries of anything we download – hell, that’s the only reason anybody has Firefox 2 (3′s not supported on 10.3). If someone hadn’t found a Flash 10 installation hack that circumvented the administrative lockdown, we wouldn’t even be able to navigate some of our own clients’ websites.

All these are known issues that we printed 11×17 posters of and hung up around the server room after one month of our e-mails and memo requests were ignored. Our publisher knows this and would love to fire the bastards, but he’s afraid they’ll h4x0r the m41nfr4m3 or some other ignorant-ass fear that they’ll take their revenge out on the company when they’re let go.

The only way to solve the problem is to set off the halon in the server room with them in it, air it out, then burn it the fuck down.
Pantograph

If I sound a bit over-exercised about what seems like an uncontroversial practice, it’s because I am–for too long, office workers of the world have taken IT restrictions sitting down.

Keep the red flag flying comrade. Take control of the means of production. This will be like 1917 all over again, but this time with excellent espresso and mandatory brass goggles for all members of the Central Committee.
Ito Kagehisa

anonmymous@32 wrote: I could easily circumvent the roadblocks where I work. However, the penalty for doing so in my line of work would be many years in prison… not a good idea, eh?

I believe you proved my point. ^_^ You are aware of the risks and consequences, so you will not do anything harmful, regardless of the roadblocks. If you knew there would be no negative consequences you would sidestep the roadblocks. You are not the person the roadblocks are engineered to stop.
Tzctlp

I used to work in a big company.

In a couple of occasions we got owned by a virus that was introduced by somebody connecting his laptop to the corporate network (something that was forbidden at the time, but not enforced by technical means).

The virus not only spread to many desktop machines running an inferior operating system security wise, but began to orchestrate denial of service attacks against the corporate servers, this brought several of them down.

That meant public facing services stoped working.

The company was the butt of all jokes for a while in the specialized press.

The solution was to pull all our available resources for overnight patching of all the desktop and server machines running this feeble operating system.

Let me play with some numbers:

There were around 50 people involved (desktop support , disaster recovery coordinator, and poor sods like yours truly, administering servers that were collateral damage as explained above), working around 10 hours over night in order to fix the mess.

According to my quick calculations that is approximately Â£15000 (at the time it would have been $30 000 or thereabouts) in salaries, out of hours bonuses and the like (assuming Â£30 hour/person, not unusual in the industry where I worked).

So in only those 2 events we wasted $60000 time of personnel time fixing things.

No company can keep dealing with this in a regular basis, there would simply be no economics that would scale and no reputation that could survive regular occurrences.

And I haven’t even touched the ethical aspect of why people should be allowed to do personal stuff during a time when they are supposed to be working, opening vector attacks for all kind of malware.

There are solutions that would make easier for people to do personal stuff while in the office, during their brakes, but anybody advocating to allow people to do whatever they want on the employer’s computers should not be considered a professional, regardless his field of expertise.

As of now I don’t consider the poster of the article as one.
Anonymous

They force us to use IE6 only at my workplace. I end up wasting time waiting for websites to download in IE6 that would download immediately in Firefox. I am a technical person who needs to use the web for information and running science and technical web-based applications. IE6 is a barrier to efficient use of these resources. I don’t want to go to Youtube or stream music at work, I want to use a modern browser, that’s all.
Anonymous

I hate seatbelts, airbags, and freeway medians. Who the heck do you people think you are interfering with my right to plow headlong into oncoming traffic at whatever time I see fit.
eliba

My job doesn’t block Youtube or Hulu.. but blocks Flickr. (I don’t get it, either.)
Apreche

Unlocking the computers works if your users are technically inclined. Got a room full of developers? Definitely leave them open.

Got a room full of data entry monkeys? Lock them down to all hell. If one of them gets a virus, or tries some corporate espionage, you’re entire business could be ruined instantly. The hurt in productivity is worth the risk you are avoiding. Also, you are saving a huge ton in IT costs from having to support all the busted and broken computers that people put viruses and spyware on.

Nah, actually, you’re right. We should let all those workers in the bank branches have complete Administrative rights to their machines. Yeah, it will be totally awesome when all of our money is missing, and we have no idea who did it.
Anonymous

When I was running IT at a small company (100 or so employees) I inherited an open system that pretty much let all the employees download and install whatever they wanted. What did I do most of the first 2 months I was there? Yes, uninstall screensavers with malware, browser bars that made their browsers unusable, games software bundled with malware, and just straight up malware, reinstall OSes, etc.). After a couple months of that crap I had to lock down the admin rights to everyone’s systems just so I could get some real work done as I also was the guy building and maintaining the company websites. Email was another ridiculous problem. I had to constantly remind everyone not to send chain emails using their work email, or send 100mb attachments, etc. I remember so many times our email server would be running slow and I’d go look at what was on it and everyone in the office was forwarding everyone on their contacts list emails like “forward this to 10 people or a puppy will die”. Now what the hell is an IT guy supposed to do with an office full of that crap going on?
sophos7

As an IT Administrator who has locked down web access and other computer restrictions, I can tell you that most were not of my choosing.

People complain about it and try to convince me to open access for a certain webpage (usually facebook or youtube) and I tell them that I can’t. I don’t decide what is blocked, my boss and upper management do. The actually IT staff who interact with the rest of the company day to day and do all the trouble tickets and personal support do not have control over these decisions.
Anonymous

As an IT Security professional of more than 20 years I have seen this problem increase with the lack of understanding of security best practices.
One of the objectives of security standards is to ensure that authorized users are always allowed to perform their role without restrictions or disruptions. It does not matter if the restriction or disruption is caused by a virus, hacker, or infrastructure failure. Security fails when a user cannot perform their role because of these restrictions or disruptions. It is even worse if the restriction or disruption is imposed by security in the first place.
Anonymous

well, for 50 PCs maybe ok.
but for 3000+ PCs, you need more “control”.
bwcbwc

As an IT person, I personally favor opening the machines to the users. Coupled with an IT policy that says if they abuse company resources or install malware (knowingly or unknowingly) they will either be demoted or terminated. If your people are going to be idiots (see the litany of stupid user tricks from Brielle@21), your company is better off getting rid of them anyway.

Nice and libertarian: you can do whatever you want, but stupidity is a capital crime. OR you can opt for limited user rights and live under the protection of your watchful IT support team.
Anonymous

Wht crck f crp.

The author is ranting and raving without any sort of understanding of IT policies and procedures. He complains about people still being stuck running Internet Explorer 6, but doesn’t realize that almost 100% of the places where that’s true are using an old (and expensive, and not easily upgradable) corporate intranet that won’t render properly in a modern browser. Or about not allowing people to run as Administrators on their local machines, when in fact NOBODY should be running as an Administrator, especially in a corporate setting: Administrator accounts should be for administration, not general use.

Anybody who gripes about not being allowed to do what they want with their machine should be forced to spend a week in IT and see all the sorts of trouble people can get into with a locked-down machine, much less one to which they have administrative access.
Anonymous

@Soubriquet

The problem with your analysis is this: I frequently check my emails, answer work calls, read, makes notes, think, talk about my work outside of my contracted hours. Further, many of my personal friends work in overlapping areas so some of my social time ends up spent in ways that further the cause of my employer (finding out useful things, strengthening connections, telling people about our projects, etc).

I think this is inevitable and not really a problem. But in return I think it’s pretty reasonable for me to sometimes do personal things during the day, where I need to, or it’s significantly more convenient (book flights, print out maps, check emails, etc).

If I worked to rule and only worked exactly my hours, and conversely never did personal stuff at work, I’m prepared to bet that it would be my employer who was worse off, not me.
Anonymous

It’s all well and good, and even though I “have my shit together” dealing with 125 people means I lock the network down via squid and opendns as well as restrict access to the machines.

I’m a one many show and I’m not letting the animals run the zoo. If I trust that the user is competent, they get more privileges, but again it’s my ass on the line if/when we go down and I’m not paying the quarter of a million dollars a day that we loose should I have to shut the network down. Fuck. That.

Yes, I’m jaded and pissy, but you dear author probably have never had to blow and reinstall a machine while your user just gives you a confused blank stare and claims they didn’t do anything.
Nor have you pobably had a 36 hour “day” when the file server crashes and wipes the entire RAID array (unrelated to privileges, but I get the feeling the author has never been any kind of an IT person…)

You’re not here to play poker, look for someone to poke (or be poked by), you’re hear to do your job and go home. Be glad you have any web access.
You want some incentive? Work or get fired.
soubriquet

I just wandered back here , and found
@22 nixar’s views on my comment @8.
It seems Nixar derides me as a moralistic paternalistic strawman.

Ha! I love it.
Kissy kissy, Nixar, I think you’re a petulant waster, let’s agree to hate each other.

My point, which Nixar does not understand, is that if production workers are caught goofing off during work hours, they’ll find themselves walking out of the gate, jobless.
Yet office workers are outraged when they’re blocked from watching youtube, and checking their facebook.
Boo-hoo.

Oh. Sorry, Nixar only watches Google Tech talks on Youtube in order to be better at his super sys admin job.
Have a medal, sweetheart..
Anonymous

wow, that is a narrow argument that is almost insulting. it assumes IT locks it down just for the sake of productive policy.

given the chance people install alpha/beta software, install pirated software, hog bandwidth if given the chance. and then when it grinds to a halt. run to IT to fix it for them.
Anonymous

#45, no, the salary is still coming on time – for now. I expect things will become worse, though, just a matter of time.
brielle

I developed the web proxy/filtering for a local company. The primary reason why we had to implement a somewhat restrictive filter on both the proxy and the firewall, and severe GPOs on the workstations is because employees were:

1) Listening to streaming music at super-high quality, dragging down the T1 during times where VoIP was in heavy use, or when a critical 500MB project was being uploaded/downloaded.

2) Listening to the hate filled rantings of Rush Limbaugh and other conservatives, creating a hostile environment for those who don’t subscribe to their form of ‘family values’.

3) Installing Limewire and saturating the T1, putting the whole company at risk for copyright infringement, and security problems.

4) Spending 75% of their day on WoW forums, or Star Wars forums

5) Playing online games beyond just lunch hour, and having the balls to bill as if they were actually doing work.

6) Installing CometCursor, Personal Antivirus 2009, and other malware.

7) Trying to hexedit applications to remove licensing restrictions

… I could go on for an hour on what they were doing that they shouldn’t have. TBH, the only reason why the restrictions exist, is because people won’t do their job without being forced to.

Each department exists for a reason. IT doesn’t do accounting/billing/engineering/whatever for a reason – its not their job. Non-IT shouldn’t be doing what the IT department is paid to do. If people would remember this, and stick to doing their job… Perhaps we wouldn’t have these problems.