It’s finished. You’ve built the perfect network for your organization’s users—they have fast, well supported machines and all the software they could ever need. But soon some users complain that their machines are slower than normal. After some investigation, you discover that these users installed unofficial programs like CounterStrike, The Sims, or Morpheus on their machines.
Stopping users from adding unauthorized programs to their desktops and laptops is a common headache for many managers. Consider TechRepublic member Matt Hall’s problem. “My company operates 30 ministorage companies in the United States, and we have employees installing miscellaneous software onto our PC(s),” Hall posted in TechRepublic’s Technical Q&A Forum.
“Is there a way, through hardware or software, that we can password-protect what is installed on our systems?” Hall asked. Several members offered Hall advice on how to keep users’ personal software off of an organization’s machines.
The first step to keeping rogue software off your organization’s machines is to educate users, said TechRepublic member Wolfgang B.
Explain to users that adding software to a machine can be a security problem, especially if the programs are available for download on a Web site. Software from the Internet may contain damaged files that can expose an organization’s network to corrupt code, bugs, and viruses.
Make sure users know that unauthorized software can hog network resources that belong to everyone in the organization. Users should be reminded that their desktops and laptops are company property and should be used according to the use terms of that organization.
To ensure that users are aware of these facts, Wolfgang B. recommended including a record in users’ personnel agreements that explains to them why they are not allowed to install their own software. Make sure a user reads, understands, and signs such a document.
Wolfgang B. said educating users in a small- or medium-size organization will likely work. However, large organizations might need to take additional technological action.
Managers can use various technology to keep users in line. For example, if you use Windows NT or Windows 2000 servers, you can take administrative ownership of the servers, said member Aaron Song. “(With ownership) the administrator will have the right to do the installation and uninstall only,” he said.
Other technology options include locking users out of adding their own software. “I think the simplest way would be to migrate your PCs to an NT-based OS such as Windows NT 4.0, Windows 2000, or Windows XP. You could then lock down the workstations so that only (an) administrator could install software,” said senior process engineer Charles Harag, Jr. Visit Microsoft’s Web site for some preliminary information about configuring users’ desktops.
At times, you can trim down your users’ capabilities, especially when they don’t need many software and hardware options to perform daily tasks. If you are in an organization that does not require users to save files on diskettes or documents to their own hard drives, using thin clients might be an option.
A thin client is a low-cost, centrally managed machine that lacks local storage devices. The idea behind a thin client is to give a user only the bare essentials. Judy Patterson, an IT manager with Central Texas Corrugated LP, a cardboard manufacturer in Waco, TX, maintains thin clients for users on the company’s shop floor.
With a thin client, users have access to their e-mail accounts and other basic programs but can’t add or save anything to an actual machine, said Patterson. This restriction puts control of CTC’s system in Patterson’s hands, giving her more power over what users can do within the system. Patterson said that the thin clients CTC use consist of a monitor and a keyboard. Each machine connects to the company’s network so users can interact with each other through e-mail or instant messaging and run networked applications.
We want to hear from you
These are just a few of the ways managers can keep users from adding software to their machines. We know you probably follow a different strategy with your organization. Tell us what that strategy is and help Matt Hall find one that works for him. Leave a note in the discussion below and tell us.