“I’ll put whatever I want to on my computer.” That’s how some end users feel about their laptop and desktop machines. It’s funny how they think they own something for which the company cut the check.

Some of those maverick end users think nothing of installing new hardware or software on company machines. But when something goes wrong, they come calling us and crying for help. So how do we prevent those users from messing with our systems and wasting our valuable time and resources when we clean up their messes? The answer is easy to talk about but nigh on impossible to implement—you need a policy.

Install nothing without IT’s approval
In a perfect world, we could establish a written policy that says, “No end user shall install any software or hardware on their machines without prior approval by the IT department.” And no end users would inadvertently trash machines because they didn’t understand the ramifications of their actions.

Of course, we don’t live in a perfect world. Some users—department directors, vice presidents, CEOs—will mess with their machines any time they please, knowing they can pull rank on the IT department and say, “I know I shouldn’t have done it, but fix it anyway.”

In other settings, experimenting with different software and hardware configurations is part of the end user’s job. Here at TechRepublic, for example, downloading and installing new programs and trying out new hardware are part of the job description for many of the folks on our editorial team.

Tales from the desktop
I asked Andrew Overall, a contract IT support professional for New Age Technologies, if he’d encountered any maverick end users who’d completely trashed their machines. One story came to mind immediately. He received a call from an end user whose machine was stuck in screensaver mode.

It turned out that the user had downloaded and installed a Titantic.mov (movie) screensaver file. “She broke the rule about downloads,” Andrew said. In that environment, there was an official policy prohibiting end users from downloading anything without explicit approval from IT. When the screensaver locked up the machine, the end user had no choice but to call IT for help.

“Another time, one of my users caused all kinds of headaches by installing Windows 98 over NT,” Andrew added. In that case, the end user was sophisticated enough to successfully convert the machine from NT Workstation to 98. The problem, Andrew said, was “the IT director had decided to move all end user machines to NT workstation.”
I was called to a consulting client’s office a few years ago because a machine had “locked up” inexplicably. It turned out that the user—a new employee—had brought in his own software because he “didn’t like” using the applications that were the so-called corporate standard. He’d also installed a game, a new video card, and a disk-doubling application. The latter turned out to be what was causing his machine to lock up. The business owner put out a memo that declared, in no uncertain terms, that no one was to install any software on a company computer without his personal approval.
What’s the solution?
So how do we strike a balance between protecting the company’s assets (the computers and applications we officially support) and putting a stranglehold on our end users? If you’ve implemented a program that works in your shop, we’d like to hear from you. Please post a comment below or drop us a note, and we’ll publish the most interesting and compelling suggestions.
Each Tuesday, Jeff Davis tells it like he sees it from the trenches of the IT battle. And you can get his report from the frontlines delivered straight to your e-mail front door. Subscribe to Jeff’s View from Ground Zero TechMail, and you’ll get a bonus of Jeff’s picks for the best Web stuff—exclusively for our TechMail subscribers. To respond to this article, please post a comment below or send Jeff a note.