IT Employment·20,059 discussions

How to convince users to use their computers only for business related work

Locked

I always get impressed when i receive a help request from a user that said : ” My computer is very slow, i need to wait 5 minutes to open any application”

Although he has a P4 computer with 60GB HDD and 512MB of RAM, it looks like there is somthing serious happing, checking viurs monitoring log on the server, checking updates, every thing works fine , but finally you go to the user look at his computer then be happy or get made you fined thousands of MP3s songs, handrads of Moives and quit few games mostly not more than 10 – 15, and finally up to 13 -15 startup programs such as chatting programs, messengers, picture views, calenders !!! Now can any one tell me How to convince users to use their computers only for business related work specially if those users in upper managment levels ?

Topic

Policies

In reply to How to convince users to use their computers only for business related work

You desperately need to write and ratify some usage policies!

If you don’t tell the users what they can and can’t do, they will just go ahead and do anything they wish – especially if they work from home, use a laptop etc.

I work in the health service in the UK, and I am currently manufacturing an ISMS (Information Security Management System) which is based on a framework of policies which users are bound to abide by through their terms and conditions of working.

If you google Usage Policies, you’ll get my drift. You can also find lots of justification for applying policies, too – again, just look for Information Security Incidents, and you’ll have enough bullets for your gun!

Best of luck, you’ll need it.

GG

Rules breakers !!!!

In reply to Policies

Thanks for your replay, but i have set kots of rules and policies , the problem comes when i tell a user why you break the rules, i always got the same answer ” why you don’t tell my manager” and the most funny thing that his manager is doing the same thing, even if i goes to higher level than a manager, know body care they all said ” a good computer can handle any type of usage”. !!!!

Document the Issue

In reply to Rules breakers !!!!

Document the issue each time you find it.

When they download a virus or trojan and it knocks out their system and a multitude of others, you will have some lovely documentation to assist them in finding new opportunities.

Security and time loss

In reply to Rules breakers !!!!

I believe you have to bring your top manager to your team.
You have to start showing him/her the time spent on recovering from problems caused by bad use of the computer and the security problem the company could get with spyware or viruses.
Remember him that time is money and a bad virus could stop the entire company.
Than you should start writing a security/using computer policy to apply and make them signed by all employees.

Documentation

In reply to Security and time loss

We had a similar issue. Luckily I reported to the CFO. I gave him hard evidence of what was going on, but more importantly the cost to support/fix these issues. When he saw the weekly tally he pushed it to the other Sr. Managers and it was reduced. It also justified software to monitor and block these items. Use Sr. Management as a tool…show the lost cost.

Software Policies

In reply to Rules breakers !!!!

If you really want to do the work, create some computer software policies to ban the install and/or use of many programs. It will not get them all, but it may work for the most common ones.

What I learned

In reply to Software Policies

I went to a training class last week and they gave me this advice:

1> Do not enforce the policy yourself, have HR *the check signers* enforce it.
2> Make an example out of somebody. Somebody has to be the example of what happens if you defy the rules.
3> Make sure everybody knows that the enviroment is a “No expectation of privacy” enviroment. Meaning there IS a big brother in this area.
4> If all else fails, take away their computer. Its not theirs, typicly in an enviroment, it is actually the “property” of the IT department.

O yeah, teachers…

In reply to What I learned

O yeah, it’s so utmost simple to tell what to do in a classroom; and indeed, the advices look healthy.
But, about the rules in practice:
1. HR-people generally don’t know anything about ‘policies’…and will not be interested either
2. That’s the way to make an eternal ennemy
3. Who is going to do the checking? You? You got nothing else to do?
4. Taking away their computer? Good plan! But, where is this organization, where THAT will be allowed??

In short: LOL!

Strong IS Management is Needed

In reply to Rules breakers !!!!

We elliminated this issue with Strong IT Management. IS policies are reviewed by a VP, and the VP chosen to be in charge of IS has an IT background (he understands). The policy approved for situations like yours is when a user had ANY issue with their PC, the moment IS discovers anything on their PC that breaks the rules we ghost it. All we backup / restore is the users documents folder (and the rules also say that anything you need to keep, you need to have it in your documents folder because IS can reprep your PC at any time without any advanced notice). Repeat offenders get their PC reprepped automatically when they have an issue, virus alert pointing to their PC, etc.

Addendum: After reading the replies I’d like to explain how we have kept the attitude towards our department good, overall.
For every policy we have an explanation that comes across as helpful not only to our department and the network, but first and foremost to the user. Our job is to guide and keep them as productive as possible; we are the ones educated/the experts on how to do this- so at times out “guidance” does include locking down the desktop, taking CD ROMs away from the user etc.
As much as we respect the expertise of users in THEIR field of expertise, it is in their best interest to respect ours (or at least in the best interest of the company- and we are all here to help the company progress- right?
It has also been proven that when users take ownership of their systems, they are better motivated and equipped to handle issues with their software. Although IS can mandate how and when software is upgraded, it is no different then when administration mandates policies for departments without taking ownership of that department. Sometimes it helps to explain at the users level in parallel (if the user is unreasonable be careful not to stoop down to a lower level); many things are regulated- fences are everywhere- IT just has their own version. Other people have their fields of expertise and can do more in their field than we can do, just as we can do more on our PCs than most people. That does not mean we should do their software-related work for them just because we are the software experts; that would almost be like telling the Accounting Dept. they have to do your taxes because they are the experts, and they are the ones that got you into this mess by reporting your tax information to the government.

Unions

In reply to Strong IS Management is Needed

We seem to have a lot of fear about how the union will feel about standardized desktops, lock downs, Net use, mail monitoring, etc. We need to do these things because most of our Net use has nothing to do with the job and if I sign on to a machine and the e-mail is up 85% of what I see are jokes and personal e-mails.

Our brand new machines started getting cussed about being slow in less than three months. We were getting reqest for more RAM and bigger HDs. Go to the machine and like the original message it would be loaded with all sorts of junk.

The users think that the PC is THEIR machine not the corporation’s. Tell them waht to do and not do to keep their machine speedy and they will ignore you. I have even been called a Nazi because I will delete junk and lock down applications.

I want to pull what little hair I have left.

lol

In reply to Unions

My nicknames are Network Nazi and Hardware Himler

re: lol

In reply to lol

not Hardware Himler it’s Hardware Hitler

Reply To: How to convince users to use their computers only for business related work

In reply to re: lol

Hah surprizingly I havn’t yet been compaired to Hitler… Only Himmler

Not to get too off subject

In reply to Unions

You are not alone… My former last name is Hahn…some of my nicknames include: Ghengis Hahn, Attila the Hahn, the Wrath of Hahn (for you trekkies out there), and Network Nazi. There are others but they are unfit for posting.

Names

In reply to Unions

In my company I’m known as the Network Nazi – I’m proud of the fact our users very rarely open or go to a website that isn’t business related – they’re afraid I’ll take everything away. So if you have to be the Network Nazi do it – up to this point in time our company has not been hit with a virus or trojan.

RE: UNIONS

In reply to Unions

You have my sympothy, I do feel your pain but sometimes the best approach is to just let them live with it until they can suck it up and admit they made a their own bed that they have to lie in.

I deal with it everyday, my laptop is to slow, why do you people bother giving us one? Its Useles!!! And then they call you every thing from IT/Computer Nazi’s to PC Police, make claims that you’ve spied on their e=mail but as stated in earlier post…this isn’t YOUR machine it belongs to the company you work for and was given to them to do their job, don’t pull your hair out, it’s not worth it, you have to have support from your IT manager, good luck with that, but in the mean time, if they are forced to work with it “AS IS” until you can undo their self inflicted damage… they will certainly appreciate it more, union or no union, they aren’t IT and can make all the accusations they want but if parts aren’t available or some other more pressing issue is the problem like you don’t feel like fixing it today, well seems they could have a problem proving it to be an intentional delay, we justify stuff all the time to our self inflicted victims and it seems to work pretty well.

Management without control

In reply to Unions

Back in 1997 a colleague ask how you could manage something like this and I gave him a set up that I had dreamed up for a IT Network Management assignment, he later implemented it at his work. A big company with over 5,000 PCs across the country.

PC has 2 hard drives, C drive is the corporate system and D drive is for local data. My Documents and Favorites are pointed to folders on D drive as part of the corporate image, as is a folder called ‘Personal’ in the email client. All corporate data is stored on servers, with all but the Personal folder in the email on the mail server.

The corporate image is such that no additional folders can be added to the mail client no data storage pointers can be changed. All log on profiles are on the servers.

Every Wednesday night ALL computers are to be left on so that IT can roll out patches and updates etc. This is done by making a new image and then it is placed on every PC during the night. Thus every Wednesday night sees any new applications vanish. The people can do anything that they wish.

If an individual needs a special application it is loaded onto the D drive with a link in the favorites.

Gateway is set up so that all ports but those needed for corporate usage are closed off (chat and IM within the network works but not with the world) and some software to lock out inappropriate websites.

The corproate IT policies refelct all this and no one cares about what they want to do with the D drive as the main system works well and gets FIXED each week.

That’s the way to do it

In reply to Strong IS Management is Needed

The only way to get any traction on this issue is with management buy-in. Otherwise, you are whistling in the dark. No amount of reasoning will sway users if your management is resisting the very policies you need to implement. I know folks that have lost their job because management will not back them on something as unpopular as a reasonable AUP, but still hold IT accountable for upholding virus, piracy, e-mail compliance, and other issues. Heck, folks have lost their jobs for trying to implement something as simple as a password policy, due to user outcry. Look to the management, and you will see their attitudes replicated down to the shipping dock guy. If they (your management) won’t support you, you don’t stand a chance.

Good luck!

Here Is Another Way

In reply to That’s the way to do it

I did not have managment support for my policies at first. I implemented them anyway. I implemented strong password policies and even stronger windows policy’s.

Now that managment can see the benifit, I have there support. (And a promotion to Technology Manager)

Sometimes you have to go against the grain to get the job done and realy show management the results. Just reporting users, in most companies, is wasting your time.

Stand firm on what you believe to be right and follow through. If the company does not like the results, then it is not the right company for you.

Provide proof…

In reply to Rules breakers !!!!

You have to prove what they are doing is bad for the company. For example, we recently got a call from payroll saying that they couldn’t do their work because the website they were trying to get to was going so slow it was timing out. Well, I like to get paid, and so does everyone else I assume…. so, it was easy to see a few users flooding the T1 with streaming audio and video and provide that information to management. Needless to say, those bandwidth wasters were terminated and the websites they were going to were added to the blacklist.

Computer USERS

In reply to Rules breakers !!!!

I’m an old timer. Been in the business since the early 1980’s (ya’ll know how old that makes me in computer age) ….

I support top level execs and their secretaries. Because of politics these people have full rights to the computers in use which are W2k and Wxp. I even had a lady once who decided to clean up her workstation, deleting whatever files she felt were not needed in the windows directory. (don’t ask … people wanted access to everything) …

So we just learned how to work with the system. Oh, we documented the reasons why having admin rights to their systems was not good, how it caused problems, cost, etc., and they upper level managers agreed we were right but they weighed it against their need to feel they have 100% rights to their workstations.

So we protected our servers and the switches/hubs/routers, etc. We worked with those who were willing to work with us and we educated many people. Those who wanted the ills and pains of the downloadable programs, we would take the autostart features off, remove it from the run area of the registry, startup, msconfig, wherever we found it starting up and let the user run it when they felt like it. Call it a compromise.

The fun part is when a secretary went on vacation and had to hand over her password to a temp. We got to where we were allowed to create guest accounts such as ‘secretary1’ 2, 3 .. and that went over well.

Sometimes you can give all the reasons and you can be 100% accurate, but remember it is politics. The games people play and the control they insist they need.

We also kept a couple of loaner pc’s for swapout while we rebuilt systems. The users were always told if they want any data to be sure and save it on the network because we could not give them a 100% guarantee that we could recover anything off of their harddrives if and when they crashed it.

For those users coming in via Metaframe it is much better. :}} However if they are coming in via Metaframe that by extension means we have to support via phone their home systems unless they are willing to bring their system in. Some do, some don’t.

Again, a game of politics.

Somebody cares the question is at what cost

In reply to Rules breakers !!!!

I normally send out helpful “what to do at home” to get your pc back the way it was. I give links like Trendmicro, Spybot, Zonealarm, ?how to clean your mouse?, which are all user friendly and effect. The objective here is to educate them, help them out, and establish a ground of trust so that you aren?t the IT Gestapo, even though that is probably part of your job. It may take a sexual harassment clam due to inappropriate material or the network being knocked down due to one of those friendly sites before ?someone cares?. To cover your ?end?, email everyone or higher management the factual risk factors as well as reason why their pc aren’t working as they use to. Also, consider the man hours lost from cleaning up end user created problems, which could have been avoided. Perhaps any attorneys that might work there have seen or dwelt with financial lost due to inappropriate computer use.

Ounce of prevention

In reply to Rules breakers !!!!

If you lock the computer down so that only admins can download and install, then you will solve most of the problem.

If they want you to support the users with a reasonable level of service, there has to be some compromise. I would escalate this problem to your manager. Or, lower your expectations.

Reply To: How to convince users to use their computers only for business related work

In reply to Rules breakers !!!!

Sounds like you’re working for a bunch of morons. You can either put up with the continued idiocy, or you can start looking for a new place to work.

Those are the only two options available to you if nobody in upper management cares about the problem.

morons

In reply to Reply To: How to convince users to use their computers only for business related work

Well .. Sadly those morons are being paid by the tax payers of America. Plus I make far too much money right now and I got 9 years before retirement. So I’ll play the game. I do a very good covering my bum and keep archives of emails that I can go back several years with.

I document everything, then when someone starts raising cain and asking why, I pull out my archives, forward the emails and say, here is what meeting was on what the, the attendees, what was discussed and agreed upon, etc.

Because I keep such excellent ‘notes’ I have pissed off some because in time people forget what was discussed and agreed upon, etc. Then those shakers and movers want to change the rules of what they made, which is fine, just don’t blame someone else, such as the network group.

It’s not all bad, because I put in a Windows 2003 network early part of 2003, got the latest and greatest servers and slowly began the movement over. Then it’s the xp systems too.

Yes, there are drawbacks, but because I ‘play’ the game with them, they will help. Even in times of tight money, someone always wants to do in some department a new thing and they have money and will fund us.

We have upgraded to the latest and greatest routers, been to schools to keep up with our skills and been paid well.

That is what we get back for putting up with users who can trash their system on a whim and decide they can’t work because their computer is down.

I’ve checked out places and they don’t pay nearly as much as I get. I would take a 20k cut just to switch jobs. Ain’t worth it. I’ll stay with the morons and wear the many hats and continue to document myself.

re: morons

In reply to morons

dcbowiemd,

I think I know who you work for. It’s a bit better in Moorestown.

Management Rules!!!!

In reply to Rules breakers !!!!

You will be able to do nothing about it (except buy mucho more RAM) until Management decides THEY wish to do something about it. Perhaps the bill for more memory will make the point. But probably not. As long as the work of the company appears to be getting done and management is playing the same games, then there is nothing to be done about it actually. Consider this your opportunity to learn how to make really hot gaming machines (because that seems to be the preferred usage, eh?). We ahve policies also. For example, if porn is found on your computer, you are fired. Period. Fired. Well … unless you are mid-level or upper management. Then the IT guy will smirk and look the other way (he knows who signs his check all right).

If you have any idea that someone way up in the administration might some day attempt to blame the whole mess on you, (1) develop a record of the software each user requires to do their job [NOTE “requires”, not “likes to play with”], on the next hardware and/or system upgrade install only those applications, then (2) in the name of security, install antivirus software (if you haven’t), install anti-spyware (if you haven’t) and keep them up-to-date. I don’t mean the retail variety we buy at Walmart or download free from “freesoftware.net” … I mean centrally-managed, commercial / industrial applications (like Symantec or CA or someone really big and well known). Lock them down so the users cannot bypass them, then (3) install a content manager (like WebMarshall) on the incoming Internet access line; then (4) issue memos to department heads & staff (ie, anyone with an email address at your company) stating the typical company boilerplate about not having non-company programs on the computer and that Internet access is provided for company business use only and that company email addresses are provided for business only and that company phones are provided for business only … feel free to throw in “reasonable personal use” whereever you are comfortable … you get the idea [we have to sign, date and return ours when these come out periodically]; then (5) document abuses in a contemporaneous record based on personal observation, browser history logging, content manager reports, etc., etc., etc. (do _NOT_ advertise you are doing this).

Voil?! Now, if anyone ever complains that you are not “fixing” the garbageware on the users computers, you can say that (1) the systems were “standardized” and (2) the users were provided with the standard suite of company software required to do their jobs and informed of their responsibilities in regard to computer/Internet/email usage; and (3) you’ve got the data to prove it and you are more than willing to share it with any manager interested. If you’re still in “trouble” with the company, quit and go somewhere they are interested in working instead of playing all day!! YOu will be happier and probably better off!!

Just my 2 cents.

Log the time you spend

In reply to Rules breakers !!!!

Log the time you spend working on sluggish PCs and be sure you can demonstrate to the user and his accomodating boss exactly what’s slowing it down. It they still resist usage policies then you can assume their investment in IT support is meant to cover a relaxed environment. It this gets in the way of other, more pressing projects, show the reasons why you’ll need to augment your staff.

I agree.

In reply to Policies

At my job many policies are put into effect as well as a user agreement. When we find a computer that has tons of “crap” on it. We immediately report to management and the users are dealt with accordingly. This even applies for the “higher ups” within the work place. After all there is always someone in charge of someone else who is in charge.

policing or working

In reply to Policies

You can either write a bunch of documents full of rules that will become your responsibility to enforce, or you can use information technology to solve the problem at the user’s expense instead of yours. It appears that the main problem is hard drive clutter, plus some inappropriate or just unnecessary programs. If the luser has installed programs, the luser has been granted admin status on that PC, for whatever reason. Maybe you can solve your issue with a simple FYI document explaining (to employees who have the privilege) that if they spend their breaks downloading files that aren’t prohibited by company policy, the downloads should all go to a “pt” directory, and they are responsible for ensuring that if that directory exceeds 0.??? TB or whatever, they move their personal files to an external hard drive that they purchase at their expense. I just bet that takes a lot less of your time, and if the downloaded files aren’t illegal, indecent or offensive, why restrict your happy employees’ use of their personal time?

True – don’t be cops, be IT Pros

In reply to policing or working

I agree – let technology solve these issues where possible. But still enact an Acceptable Usage Policy (AUP) to safegaurd against the really stupid things. Bottom line, you want to get them to buy-in and find value to technology, even distored values (entertainment, etc.). As long as you can minimize the harm done, and avoid legal or other big issues (covered by AUP), then this becomes less of an issue.

Personal Time ???

In reply to policing or working

Its not my idea to be a police offcer that just want to annoy “Happy Employees” but a part of my job is to insure safty and more utilized busniess time, if the employees are having their personal time during the duty time plus the idea which says ” No warry we have IT” i beleave that controling such employees to keep them in-line specially with computer usage is better that to let them do what ever they want and at the end it will be IT problem, and in my opinion IT work is more that just fixing systems damaged by ” employees who have happy personal time”

Regards.

Results vs. Intent

In reply to Personal Time ???

I didn’t mean to imply it was your intent, rather to say that you might end up being the police if policies are the sole method to get users to stick to biz only. You should be thankful if you users do say “don’t worry we have IT”!!! Try “oh god I’d rather not call IT for help…”. You should focus on fostering support from the business unit heads in understanding the value IT & technology brings, and how other uses can bring down that value. If they are worth anything in your org, they’ll line up behind you right away when it comes to users wasting time. Also, last time I checked, IT was not responsible for oversight of employee productivity. IT is a part of the business, run by management & leaders that have that duty. Use technology to control your destiny, i.e. safegaurd as mentioned by all means, and make it easy to recover from problems, i.e. imaging, enterprise backup/restore/migration tools, monitoring devices, and network management tools. Sell the investment in these tools to senior management, and then keep them informed on what activity is causing problems, and the undesired activity will become a decision issue for management. If they want to allow it, then you will need to work around that. If they don’t want it to take place on company systems, you’ve then got their backing to systematically eliminate it. Hope this clarifies my post.
Regards

coffee breaks, etc.

In reply to Personal Time ???

Where I live, employees are entitled by law to stop working for 15 minutes twice a day, plus eat lunch for at least 30 minutes, if they work 8 hours. During these “breaks” the employees’ time is for them to use as they please, for their “personal” enjoyment. Since you “beleave that controling such employees to keep them in-line”, I judge from the spelling that English is not your first language, and from the sentiment that freedom is not your preference. Fine, you pathetic tyrant, “keep them in-line”, but don’t you come near me!

mmmm, naked coffee breaks

In reply to coffee breaks, etc.

While they can do whatever they want during their breaks, if they are using company property they still have to adhere to the company computer use policies…

Even if they bring their own notebook or PocketPC, if they are using company resources such as the T1 line or wifi, they have to adhere to company polciies…

Unless, of course, your company allows you to break policy during your breaks. If that’s the case, do you enjoy sexually harassing your admin assistants when you are on break? Do you wander around the breakroom in the buff?

the buff hehe

In reply to mmmm, naked coffee breaks

i do….well not really BUT i hear that i prance around in a tutu, little IT fairy wings and rollerblades…according to my users…that do not get to play on the AOL/MSN/Yahoo/IRC and download crap all day…or the ones that break a mouse or keyboard just to get a new one only because the new employee has recieved a brand new one…gah i say block everything but the local intranet from the users….but that can’t happen cause 75% – 85% rely on certian web sites to complete their jobs….blah you really can not win for loosing.

re: the buff hehe

In reply to the buff hehe

Quagmire,

If you really want to torque up their stress-o-meters, allow access only to the sites that they need to access for performance of their jobs, but deny everything else! Also, given the volume of trojans delivered (see http://www.sans.org for statistics on this one) via instant messaging, deny all access to all chat protocols at the gateway. Your headaches will decrease. When they whine that they can’t chat with whoever online anymore, ask that the request be sent via email and explain the business need for this connection. If they are stupid enought to do this, forward it to their manager for some sort of clarification as you “don’t understand how it ties in with business objectives.” Ought to be fun as long as the lusers are minions. If they’re higher up, some sort of explanation about incompatibility with the business software might suffice.

Harsh, much.

In reply to coffee breaks, etc.

Take a few laps and a cold shower man.

Why not just let your employees take joy rides on the forklift or surf on the conveyor belts during their personal time? These are company owned machines bought and maintained for a purpose. There are policies that govern their use for good reason.

Computers are no different. Sure, you’re not going to lose a leg if you screw up but you might open the door to a virus attack or a hacker. You *will* waste hours or days of IT time cleaning up after the messes made by these policy breaking users. There are valid reasons for keeping personal software off of business machines.

Reply To: How to convince users to use their computers only for business related work

In reply to coffee breaks, etc.

They can do whatever they want to during breaks, paid by companby or not. They can not use office equipment – including PC’s – as a private item. Especially not in a way that endangers you vital IT system.

re: coffee breaks, etc

In reply to coffee breaks, etc.

You’re out of line flaming him for that post. And if your strongest argument is regarding some spelling mistakes, then you are pretty lame.

The personal time of the employees while on break and lunch does not extend the right to do whatever they wish with company assets, such as the computer or the internet. Numerous US court cases have shown that very clearly.

re spelling

In reply to coffee breaks, etc.

May I quote you “Absolutely”….

vvvvvvv vvvvvvvvvv
Quote
“Since you “beleave that controling such employees to keep them in-line”, I judge from the spelling that English is not your first language….”
End Quote

Hmmmmm, best not to flame, doesn’t achieve anything really….. all I would comment is that English seems not to be your first language either.

re the coffee breaks, as an employee of a very large UK Civil Service department, I worked straight through them…… my “extra time” was a few hours before anyone arrived for work, and some hours afterwards.
I was still working, but with batch processing (at that time Windows didn’t exist) and there was a 30 minute wait between submitting a job to the mainframe system and getting results back

there are ways and means

In reply to coffee breaks, etc.

..of giving some leeway, and yet protecting everything. Most employees like to check email / travel / banking during their ‘break’ time. Where I work, is a 30 minute limit per day of surfing to most sites (not including chat etc) with special permission for other limited sites. It seems to work pretty well – they check their own stuff quickly – first thing in the morning & at lunchtime usually – but don’t complain as they are allowed to do the things they need.

As for spelling… whilst I was typing this on my tiny little laptop, I mis-spelled loads! I had to go back & re-read it!

Most likely to go postal

In reply to policing or working

Lots of great ideas and some hare-brained ones.

I think there’s no perfect solution here; there are competing values that cannot be resolved.

Too much restriction and regulation breeds employee discontent.

Too little regulation breeds support costs that are astronomical, and fosters poor performance.

IT wants RULES and ENFORCEMENT and PUNISHMENT because the support folks get really sick of dealing with the problem. User WANT FREEDOM — do just get their jobs done, or in unfortunate situations, to just screw around and “have fun.” Whether you’re willing to put up with the baby behavior is, of course, a matter of how desperate you are to hang on to the employee — I’m never that desperate myself.

The computing resources belong to the company, and the company has the right to dictate how those resources will be used. Where did “I can do anything I want with corporate assets” come from?

If you work someplace where you have a “right” to a break every couple of hours and a lunch hour (those jobs still exist?), then you have the right to the break, not to do whatever you want with company equipment during the break.

As a manager, I try to balance the different concerns; I try not to get in the way of people doing their jobs, but I draw the line at the illegal, at copyright violations, etc. I don’t think anyone in my department believes he or she has a “right” to do whatever he or she wants, and I expect employees to exercise judgment. I let them know when they’ve gone too far, so there is an ongoing series of course corrections going on. Yes, it’s annoying, but it beats the Nazi approach.

It is sometimes amazing to me what employees think they’re entitled to. One fellow called his broker once every 7 minutes for an entire month, something that showed up in phone logs I received at month end. He thought he had the right to do this, and told me that if he had to leave to use a pay phone he’d lose even more more work time. He’s gone, of course, and lost his shirt in the derivatives market, which was gratifying. So I can relate to people’s frustration, and their desire to become the Network Nazi.

But we should beware of a solution that’s worse than the problem. In my department, people do their banking, send personal messages, etc. while they’re at work. They exchange jokes. They print things for their kids’ school projects. But the time they spend on this kind of stuff is very limited. It’s just a matter of being professional.

In short, I really think the Nazi approach is over-kill for most work environments. A set of policies, enforced when things that shouldn’t happen do, and continual education works best.

Get executive buy-in by showing them the dollars. Come up with a reasonable set of policies (buy them — that way you can make the “industry standard” argument, deflecting the charge that you are a control freak). Enforce them reasonably, when you need to. Enforce the serious ones more vigorously — downloading music not paid for, or installing copies of software without a license, etc., should be prevented. Stay cool about the minor stuff.

Right!

In reply to Policies

Except it never seems to apply to users. Or, they don’t think it does! I had one fellow complain that he had ebay set up as his home page and it keeps switching to our company’s web page every time he rebooted! I kept telling him our standard image was to bring up OUR company’s web page, he argued and argued with me. I finally just gave up!

Without policy, give up

In reply to Policies

If you can’t get policy, walk away.

However, policy are powerful tools, not that you will necessarily always enforce them but in situations like this you have the tools necessary to deal with the problem. Again, you are not IT police, but well publicised IT usage policy will allow you to say ‘I’m sorry, but installing these applications violate the company usage policy. I’ll have to rebuild your machine’. You don’t use these policies to run around slapping hands and uninstalling apps. They’re there for the situation you’ve described – or to stop users installing spyware.

But…without senior management buy-in, policies are…not!

So how do you get policies in place? Best approach is during the SLA negotiations. At this point you take the SLAs to the management and tell them ‘The SLAs look great, I’d like to meet them, but to do so we need to establish usage rules’. You’ll probably need to explain why it’s important 🙂

Once you’ve got senior management buy in, the abusive users have lost, you have won!

Good luck

Get Some Help

In reply to Policies

Probably would be better to get someone else to “write . . . some usage policies”.

Partitions, purge and system images….

In reply to Policies

First you need a company policy, written, discussed and enforced. You will need backup from your manager and his mangager to make things stick.

Then take a system image of what is authorised on each machine, it helps if you do it by department or workgroup. Nothing personal should be on the “C”, system drive…if it has nothing to do with business, PC system operations, networking, etc. then lock it down.

setup a token partition for user descrestion, set a quota thru system or group policy that allows “x” disc space for misc.

The hard one: When the system is running slow, has problems or is infected….just format the “C” drive and reinstall the image. Anything else is up to the user.

If you wish to be kind, then set up space on the file server and allocate space for users to upload anything that is important, pertains to their job…and maintain backups from there. Again, anything on the local disk is subject to being deleted.

A bit draconian, but it works.

re: Partitions, purge and system images….

In reply to Partitions, purge and system images….

that’s not draconian. Maybe I’m a bit spoiled where I’m at, but I thought that constituted “Best Practices” as well as due dilligence.

Ghost is your friend

In reply to Partitions, purge and system images….

We are now in the happy situation where 95% of our desktops are a standard configuration. We’ve written policies on how databases should operate (storing temporary files in a named folder, etc) and users run with normal User rights.

We provide C:\TEMP where people can put files if they want, but anything in that folder will not be backed up if we have to re-image the PC.

STICKY!

In reply to Policies

This is true however policies are just but a mechanism to curb this problem. I’ve done my Research on “email in the workplace” and found that by taking preventive measures like monitoring application usage, installing cameras, restricting access to applications and explaining – NOW THIS IS A BIG ONE – the productivity that is lost in terms of man hours lost which directly equates to large sums of money. On the same token if all these measures are taken and if staff is aware of whose responsible for this – you’ll be able to sense the hostility.

Remember what ever the descision, take note of its ramification.

Policy & Training

In reply to Policies

Agreed! We have a strict Acceptable Use Policy that clearly spells out what is acceptable and the sanctions if not followed. No one, including the owner, is allowed to install software on company computers. That puts the ownership, license compliance & support fully on the IT dept. We also require all users to attend a Safe Networking presentation before they log on the first time. We follow up by periodically providing training on how to best use the electronic tools the company has provided them.

I agree and more

In reply to Policies

if y’re having trouble convincing upper management of the need to imply those polices (rules) then make sure you have a financial overview of what it will cost extra if they want all of those programs to run as nice as they would as if just 1 or the normal company programs are running.

I’m sure that will convince them as they are triggered on profit and not spending money on fun of the employee including themselves.

Rob

Reply To: How to convince users to use their computers only for business related work

In reply to Policies

Yes, I will back up all those song into a DVD and return to the user, at the same time I will mention it is the corporate policy of not allow any personal infromation in the system or use the system as personal use. Will note the user inform management if found next time.

Group Policy

In reply to Policies

We started using local Group Policy on the XP PC’s to limit what can and can’t be run. When you know what the excuteable is, then you can keep it froming running. We also install Spybot and Adaware. So when we found some new programs, excuteables, etc. that we want to block, we throw those into the “Do Not Run” list in Group Policy. Now if you are in Microsoft shop, you can push it out through Group Policy after they log in. If you are in a non-MS shop, then you’ll have to use the local group policy on the client machine. It’s a little more of a pain to do, but you can do it. We did.

The politics of management is they don’t understand what the problem is, let alone the solution. How many times do we encounter problems, and scratch our heads our selves. And we work with this stuff all day, every day. They basically expect you to fix whatever the problem is. Don’t you hear, after you start explaining what the problem is, them say, “Oh… just fix!” I love the dumb looks sometimes also.

Don’t give up. Find that little crack so you can do what needs done. Help to protect themselves from their own actions. Start out slowly at first. Then it’ll get accepted and be expanded even more.

Talk to each user

In reply to How to convince users to use their computers only for business related work

I have had to talk to each user who is plowed
under with messengers, cursor and veiwer
programs that load on start up. I explain that each one slows the machine down a little bit, after time and more added programs that this
can be substantial and even create lockups
and hangs. Make it the users decision if they
need all the happy stuff or want a quick
machine.. I use the task manager to even
illustrate this to some users, the response
so far has been positive. I’m trying to check
out if I can use two versions running at the same time, one user and the other for work.
Two machines is the cure, we have one desktop
just for games and browsing, as the others
can’t even get to the internet.

Best Approach – It’s Not Your Problem

In reply to Talk to each user

mjd420nova has it exactly right. What the user chooses to do on his computer is not your problem. Show the user how his choices have affected his performance and recommend clean up steps, but go no further.

If the person is getting his job done, then don’t worry about what he has on his machine. If he isn’t getting his job done, then it is an issue between him and his supervisor. Just provide an accurate report to the affected user about what is degrading his system’s performance.

Managing the work habits of the staff is not your responsibility. Focus on addressing the issue at hand: slow system performance.

I have to disagree

In reply to Best Approach – It’s Not Your Problem

That could be the best approach if that isnt really your problem. In fact, if you have to manage an help desk team and you’re responsable for the good work of the IT infraestructure, you have to be worried with what are your users doing with the system you’ve distributed them.
If they complain they couldn’t work because the computer is too slow, their manager will ask you why that is happening. If you block them, you have less trouble then wait the trouble get’s you.

Focus on the problem

In reply to I have to disagree

“If they complain they couldn’t work because the computer is too slow, their manager will ask you why that is happening.”

That is when you tell the manager what the problem is. Let the manager mange their employees. If you are the manager then deal with the problem employee. Too many mangers take the EASY way out and create a policy instead of addressing the individual. If the problem is bandwidth then inform the mangers of the issue and let them decide. Mange the IT and let the people managers manage their people.

Simple

In reply to How to convince users to use their computers only for business related work

Disable the cd rom drive and lock down the pc from certain programs. That way they cant load any programs or files, blame it on security against viruses or trojan attacks. Issue a usage policy that spells out deviation, and remotely connect to their pc and delete anything that is on there that you mentioned for all employees. That way nobody is blamed and all are given the same expectations. It is company property, not theirs. You can examine your equipment, there is no breach of privacy. If they want to listen to music they can get a radio or an mp3 player. Some companies use chat programs to converse with other departments for support. Mostly it is just used for flirting and joking with other employees, but it helps people be more happy in their position even though it lowers productivity. If it isnt used for business purposes take it away and lock it down with a policy. You can site network bottle necking that is costing company bandwidth lowering productivity. No manager will argue unless the top dog says I want it, I’m ok with that.

Another simple solution

In reply to Simple

lately I have been using a new / old approach. In conjuntion with a product called deep freeze, I have been locking machines down so no matter what is installed, etc, when the users reboot, they are back to the way our IT department configured them, after a short while, they pretty much give up.

The best part is, we haven’t had a virus or trojan infection in almost 2 years now. (And no more complaints of “my computer is so slow”)

It just takes a bit of planning with regards to Well developed roaming profiles and a set of complimentary policies.

The only complaints we get now are from users who broke the rules and d/l a 1Gig movie, hid it on the local drive only to discover the next morning it is totally gone, as well as the tool they used to get it.

While not suitable for all situations, it is far preferable than the usual fighting with users about accepted use policies.

what is that tool ?

In reply to Another simple solution

what is that tool ? or how did you do that ? is it automaticlly or manual can you please give more details …

regards.

Deep Freeze

In reply to what is that tool ?

The product is called deep freeze and it is produced by Faronics.

http://www.faronics.com/index.asp

It is perfect for school or public access situations, however I have started using it in the business setting as well with fantastic results….

It is well worth taking a look at.

You can even schedule a automated network “thaw” at a predeturmined time for performing updates.

On the down side, it is not very forgiving of a poorly designed set of network policies.

Somewhat of a good program

In reply to Deep Freeze

We use Deepfreeze here on some of the public stations.
We especially use it on the stations that are used by kids and have games on them. At least once a day a child has managed to get the pc to lock up somehow by hitting keys of some sort and doing a reboot clears it all up.

It has its pros and its cons.

Pros
–If someone alters a program or installs something without permission you just reboot and it will go back to what it was before.
–Users cannot alter the file structure in anyway
–Less time spent troubleshooting if there is an error
Cons
–Personally I have run into where Deepfreeze has caused a corruption
–IF you don’t set the network “thaw” correctly and you apply updates…start all over again. The updates never happened.
–If users add network drives or printers that they need and they reboot…guess what, they are gone.

Lock Down USB/CD

In reply to Somewhat of a good program

we use SecureNT from http://www.securewave.com. for our XP machines. and if the computer is really junked up it we can always automatically start a re-install. 😉

“Windows Disk Protection” is free

In reply to Deep Freeze

I’ve used DeepFreeze in school settings. Microsoft has developed their own version, called “Windows Disk Protection”, which is free – offered at part of the “Shared Computer Resource Kit”. Windows Disk Protection protects the Windows partition (typically drive C) that contains the Windows operating system and other programs from being modified without administrator approval. Disk changes made are cleared with each restart unless the administrator chooses to save them.

Deep Freeze

In reply to Deep Freeze

We had trouble in our computer training rooms with people putting on programs of all kinds. Put Deep Freeze on and no more troubles. They can install anything they want but on the next boot its back to ground zero.

Reply To: How to convince users to use their computers only for business related work

In reply to Deep Freeze

Just as a warning, I foutunately did this on a tested imaged computer where I was testing deep freeze on it. But be sure to put in a Thaw time on the computer because if you screw up on one of the settings and not have thaw time on it, you will not be able to uninstall the deep freeze configuration on the computer that it is installed on. Write down a note of when you set the Thaw time to be set, and uninstall then if you are just doing a testing of the program before you go main stream and install it on everyones computer.

Good luck!

Example of Public Access use of Deep Freeze

In reply to what is that tool ?

The Public Library in Waterloo, Ontario uses this tool for open PCs. When re-booted as instructed after use — clean as a whistle! Marvelous software.

Sandpaper

In reply to Another simple solution

Thanks for the idea of Deep freeze.

The reason for the heading is how many staff would come to work with sandpaper and paint and start re-decorating, especially in rented office space? Yet the same staff consider it ok to “re-decorate” there main work tool, normally at huge expense in support costs. The support costs are then normally made up by other staff, or lower wages to all staff.

SANDPAPER

In reply to Sandpaper

Boy I couldn’t agree more, we replace more stolen and physically damaged laptops abused by users than you can possibly imagine. Some are even frozen because they not only abuse them physically but add their own image to them, just replaced LCD and most of the plastics to a laptop that was ran over by a car…still trying to figure this one out.

Group Policy Object Editor anyone?

In reply to Simple

If you have a W200x server domain, this is an easy fix. GPO is a godsend to any admin. I had an issue with people using MSN Messanger, so I created a GPO to block that program from running on all workstations. It was easy, they get a nice little “you can’t do that Dave” type message, and no one complains.

As to the why Admin the user on the box – for some things this is needed. For instance, my auto virus updates will only run when the box is in Admin mode because it changes files. These updates take place all times of days, so I’m not running around locking and unlocking users just to get them installed.
I do wish the update would run in Power User mode, but for now, I let GPO handle what I do not what people to do, but keep the system open enough to let background things run.

Software scanners

In reply to How to convince users to use their computers only for business related work

Use one of the tools that scans the PC and updates a central database with what it contains, like SMS. Compare the installed software with your licenses. Then automate a notification that unlicensed software is installed when there is a mismatch.

I wrote an application in Access to do this in about a week. We loaded up our software licenses with the currently installed software, and then looked for differences. The guy in Michigan was really surprised when he and his boss got an email the day after he installed Age of Empires on his work computer.

Here’s a new one

In reply to How to convince users to use their computers only for business related work

We got 7 new Laptops for 7 new guys in the office. Dell Inspiron 6000. The damn things came pre-installed with so much crap.

I uninstalled everything. Uninstalled the pre-installed anti-virus Mc Afee. Did a defrag. Even optimised XP.

The computers are still running very slow. Any ideas?

]:)

P.S Only thing I can think of now is spyware … But these computers have only been running for 2 days …

more information

In reply to Here’s a new one

You forgot to mention the capacities of those laptops. Anyway, in my company, we always install computers from scratch. Format everything and install it again with our own software and crap ;-))

I want to do the same

In reply to more information

My boss wont let me.

The Laptops are 80 GB HDD, 1 Gig Ram Intel Pentium M 1.70 GHz Processor.

]:)

That’s a problem

In reply to I want to do the same

Anyway, I dont know how your company work but my boss only want things working and I decide what has to be formatted and what it isn’t.
If things dont work well, that’s my and my team’s fault, so I have to fix it.
Anyway you have several pages that tell you how to troubleshoot a slow windows xp.
Techrepublic for instance published several articles about those services we can disable.

Capacities

In reply to I want to do the same

Anyway I’ve forgot to comment those computer capacities.
1 Gb memory it’s enough to make an ordinary windows xp work fine with most applications, even so, some graphic ones need a good grafic card with its own memory. Is that your case?

format

In reply to Here’s a new one

It takes some time, but it pays off in the end. I always reformat new machines and give them a clean OS install. Uninstalling the preloaded crap still leaves a lot of crap on the system, so a reformat is the bet way to go.

I second that…

In reply to format

Reformat and build your own “clean” image. Have a couple if you want and one with the base image.
I am considering Deep Freeze, just not sure if this will be applicable to my environment – we’ll see.

Reformat VS Larg range

In reply to format

Reformatting and cloneing is one of system fixing ideas that always be the last option in my opinion, and lets think how long ot the IT time will be consumed by reformatting computers if he work with a 300 – 400 computer, it looks easy but in my opinion pervention is better and more time saving than go to the last choice

Regards

re: reformatting

In reply to Reformat VS Larg range

Creative,

If you come up with standard desktop loads (perhaps one for supervisors, one for lusers) and have master copies on hand, all you have to do is format and ghost it. Intially, getting all the boxes set with the “standard load” will be a bit time consuming, but after it’s done life will be easier. Any serious problem comes in, just format and ghost the drive. Figure about half an hour per box. While it’s running, go have a cup of coffee or work another machine.

antivirus takes massive resources from my lappy

In reply to Here’s a new one

As a poor college student in cramped student housing, I’m at a point where my Inspiron 6000 has become my primary machine. Obviously that means I had to do all the wonderful optimization you did with your new 6000s and pitch most of my music and games, and I too have some slowness issues.

But I’m pretty certain I’ve narrowed it down to the antivirus. Something about every antivirus I ever try (including McAfee–which was the biggest hog–and several free ones I’ve come across) just rapes my system resources. I’ve had to more or less turn off the auto-protect in my Norton and focus more on full weekly scans, and I’ve gotten used to protected webmail so that I don’t have to even consider Outlook’s threat.

Whenever I’m offline I shut Norton down completely and my performance goes back to how I imagine it should be.

Pretty crazy. And awkwardly frustrating. I guess I’ve never felt the need to do anything about it–poor college students can only hope for good enough–but I thought I’d share my experience in case it might help.

Why I hate Norton

In reply to antivirus takes massive resources from my lappy

Back in the 80s and early 90s, I used to love Norton products. They were the best tools for fixing HD problems (Disk Doctor) and other utility uses.

I bought system tools in the late 90s, and ended up uninstalling it because it was a resourse pig.

I’ve bought a couple of systems that were refurbs of mainstream manufacturers home type PCs that had Norton pre-installed – I uninstall it.

Currently I use AVG free at home. Its much less resource intense. I also use MS antispyware, which is moderate.

Once upon a time I spent hundreds of thousands of dollars of my employers money on Norton Anti-Virus. I wouldn’t now, under any circumstances.

James

why I hate Norton

In reply to Why I hate Norton

Agreed .. Norton *used* to be good. But what I find on most machines now, it IS the cause of the problem. They’ve gone seriously astray.

I use AVG-7 at home, too, with no problems. There is a new one for anti-spyware/malware/etc. you might want to try:

http://www.ewido.net/en/

I purchased it and consider it worthwhile. It catches things no other anti-spyware s/w does .. including my SpySweeper.

re: antivirus takes massive resources from my lappy

In reply to antivirus takes massive resources from my lappy

Abby,

Try this to see how wellit stacks up. Replace the Norton A/V with the free copy of AVG. Install and run Spybot and Ad Aware. Run them at least once a week, along with a full system scan with AVG. I’m pretty sure that you’ll have less junk invading your lapbox and more system resources available. One other program that you may find useful for getting resources back is called Maxmem from AnalogX. It’s free, too.
For download source for the ones I listed above, try either http://www.download.com or http://www.majorgeeks.com and good luck.

Oh yeah, download and run CCleaner – think I got it from Majorgeeks. It cleans out all the junk files, freeing up a lot of hard drive space. Also free.

Pete

re: antivirus takes massive resources from my lappy

In reply to re: antivirus takes massive resources from my lappy

Version 10.0 of Symantec Anti-Virus Corp Edition includes spyware protection. RTVSCAN.EXE found in processes consumed between 50 and 55K of system resources. Symantec soon after came out with a release of 10.0.01 which only consumes 35K which is still alot, but doesn’t bring a 2.4Ghz – 500MB Ram machine to it’s knees.

In addition to Symantec, we use the free Beta M$ Antispyware, as well as XPSP2. We utilize policies within active directory that prevents any unauthorized software installations.

Similar situation… here’s what happened & I did…

In reply to Here’s a new one

Client of mine purchased 9 workstations from Gateway, all with XP-Pro. Thel ALL came preconfigured with Google-Toobar and Desktop, and the final straw… MSN messenger configured to run at startup, AND even if you deleted through ADD/Remove it got re-installed. (Yes, I killed-off the system restore and it still got re-installed.) I found 3 Data/Mining cookies were present even though the PC had NEVER been hooked up to any network straight out of the box. Even re-installing from the “OEM-Restore” disks put back everything I manually removed. Solution: Format and Install the XP-Pro software from a Store-bought-Vanilla XP-Pro disk, then load in the needed drivers.
All spyware and startup issues completely bypassed. Lesson learned: People need to: STOP BUYING THE “CHEAP” HARDWARE SOLUTIONS. They aren’t cheap in the long run. It’s cheaper in the long-run to build the systems to your needs from the ground up and not rely on the “Big-Name” brands who bundle-in garbage software to make it “cheaper to buy” up front.

Its cheap for a reason

In reply to Similar situation… here’s what happened & I did…

I’ve had to do this exact same thing to a Toshiba laptop and to a Compaq desktop. The “restore disk” restored stuff that most ad-ware/spyware programs alert on, plus I don’t need AOL, Compuserve, AIM, MSN Messenger, Online Games, Yahoo Messenger, etc etc. My solution was about the same as stated before. I reformatted, then reinstalled the version of generic OS. The only problem I had was with drivers, and that was only a problem because I had to download them from the manufacturer. (An annoyance, really).

I am convinced that “cheap” computers are as inexpensive as they are because they are filled with software that is really sponsor-ware.

Try this for startups

In reply to Similar situation… here’s what happened & I did…

When you get XP installed, have you tried going into MSCONFIG and removing apps from starting up?

If you aren’t sure what each program is….go to this site and type in the file and it tells you if its needed or not. Yes, No or Up to user. These guys do a great job of keeping up with new stuff as it appears. The website is out of the UK.

http://www.sysinfo.org/startupinfo.html

With XP you will have to download the msconfig file and save it to the System32 folder.

I use that on all the computers when we reload them with Non vendor CDs (Dell, GW). It cuts down the startups.

RE: Try this for startups

In reply to Try this for startups

Thanks, someone I know could have used this address months ago. I will keep it to pass it on.

Slow Inspiron 6000?

In reply to Here’s a new one

Hello Stargazer(r)!

Could you please explain the slowness of these laptops? I mean: what are you trying to do, when you notice they’re slow (internet/office/graphics)?

I bought an Inspiron a few weeks ago, dropped all the crap (especially the anti-virus stuff!! Geez, talking about crap!) and the machine is running XP home fluently.
BTW I put up a few Linuxes also; use these mainly…

Slow as in

In reply to Slow Inspiron 6000?

Jumping windows … starting Outlook. The computer is behaving as if it has 32 MB of RAM or something … Internet as such is fine. Its the computers that are slow …

I removed all the crap, but I saw a few entries in the registry for the crap I deleted. I am going to try cleaning th registry and see what happens.

]:)

prefetch, system cache and folder viewing…

In reply to Slow as in

have you checked the system cache to see if it is somehow adversely affected? You might try setting it to a managed size of 1024 or something to that effect.

Also, I know these systems are relatively new, but you may want to check the “prefetch” area and delete everything up to about a week ago; if there is are a lot of files in the first place. This may not be an isue really, but if there are a ot of files, then it could very well be helping the problem.

One more thing, you could also go into “folder Options” – “View” – “Advanced Settings” and remove the tick from the “Automatically search for network folders and printers” selection if that is what is causing your problem. i find it can be annoying at times; especially if the AD is screwed up and bloated with bad entries.

Nuisance

In reply to Slow as in

What a nuisance…and that with seven (7!) laptops at the same time…
I suppose you know enough about computer-malfunctioning and ways to get a finger behind the reasons, but still:
– did you try and see what happens when you disable the networkcards?
– if you do not start Outlook (why not use Mozilla btw), do they function okay?
– you see anything strange running in the background?

etc etc, you know what I mean…

In the end it is also possible Dell (isn’t it?) put some murky system on your machines (by accident of course!); check them out…

Good luck

Something Else

In reply to Nuisance

You could also try this. Right Click C: drive, choose “Properties”, Uncheck “Allow Indexing Service to index this disk for fast file searching”. This may allow fast file searching, but it will slow down Windows too.

Image

In reply to Here’s a new one

Install a fresh copy of Windows and image it. Then put that image on all the other laptops. It never seems to work that good if you just uninstall what you don’t want. I like to wipe the drive, install fresh copy of windows, install what I do want, and make image.

What processes are running?

In reply to Here’s a new one

How much time/proces capacity do they take?

And so on from there you can get an idea of what is wrong with those damn things.

Have fun

Rob

ps check on the swap-file sometimes it isn’t installed, but then you did know that, didn’t you!

a couple of ideas

In reply to How to convince users to use their computers only for business related work

one: no sound system, hardware or software for the computer.

two, make then work on a linux box in console only when you catch them doing things they shouldn’t.

guarantee, being presentd with nothing but console will scare any windows wanker boss into not wasting time with mp3s and having no sound system at all will drive the point home.

Here we go again…

In reply to a couple of ideas

some Microsoft bashing from a Linux fanatic.

My advice to you about AUP is easily achieved.
1. Block users from installing applications on their computers. Something that can be achieved irrespective of platform.
2. Enforce a central file storage location. This will ensure users can only store files in a central location and also allow you to write scrips to scan for unwanted files.
3. You mentioned chat programs which infers internet connectivity. Unless IM is a core part of your business, you can block IM’s on your firewall.
4. You can also invest in content filtering software which will strip out any *.exe files (etc.) as it enters your environment via the internet.
5. I have to agree with Jaqui, do not purchase systems without any multimedia capabilities (unless required by the type of business).
6. Invest in defragmentation tools. Not only will they contribute to a better performing computer but also show that you are being proactive in what you do.
7. As for start-up programs, introduce computer policies which resets any changes made to the system. User can go crazy putting shortcuts all over the place, etc, etc but after each session the desktop environment is returned to its original state.

Here we go again…

In reply to a couple of ideas

some Microsoft bashing from a Linux fanatic.

My advice to you about AUP is easily achieved.
1. Block users from installing applications on their computers. Something that can be achieved irrespective of platform.
2. Enforce a central file storage location. This will ensure users can only store files in a central location and also allow you to write scrips to scan for unwanted files.
3. You mentioned chat programs which infers internet connectivity. Unless IM is a core part of your business, you can block IM’s on your firewall.
4. You can also invest in content filtering software which will strip out any *.exe files (etc.) as it enters your environment via the internet.
5. I have to agree with Jaqui, do not purchase systems without any multimedia capabilities (unless required by the type of business).
6. Invest in defragmentation tools. Not only will they contribute to a better performing computer but also show that you are being proactive in what you do.
7. As for start-up programs, introduce computer policies which resets any changes made to the system. User can go crazy putting shortcuts all over the place, etc, etc but after each session the desktop environment is returned to its original state.

It is a matter of an IUP

In reply to How to convince users to use their computers only for business related work

What you have a problem with, and it is common if it is not enforced at the beginning of employment is an Internet Usage Policy.

While I do look at TechRepublic and eBay items, there is no P2P sharing programs allowed on the network, and it has been made abundantly clear through policies and software (we have an item that is installed that reports back the asset and who has it, and if there is any P2P or other illegal software installed) that if any item that has been proven to violate copyrights or is not licensed, your are met at your office by the securty team who takes your badge and escorts you to the door.

It is plain and simple. Employees are there to do a job, not to further their life experiences with illegal downloads, chat with friends, or other non-work related item.

I would mention to the upper management levels that if a BSA audit walked through the door that the entire corporation would not pass.

In fact, many of things have been done by me mentioning that you remember a former colleague who had mp3’s and movies and the like is still working through the legal system and he might get away with a 2 million fine and 10 years in prison.

How to convince users to use their computers only for business related work

In reply to How to convince users to use their computers only for business related work

Well I guess that might be a question we all would really love to have a definite answer for but it is more complex than that but on the other there are policies that can be set in place;
1. Setup an IT policy – each user must sign.
2. Group policies – Lock ’em down – I love those windows group policies where you control every aspect of the system…great stuff.
3. Monitor installed software on network pcs – good open source software out there.
4. There are more alternatives to lock ’em down.
5. After advising all staff of the new policies and telling them that they have been warned, setup up a script where you can run it at a scheduled time to delete any prohibited file extensions, eq. mp3s, wav, mov, …..etc.

Works for me.

Force VS Convince

In reply to How to convince users to use their computers only for business related work

well as per as what i understand that you are apsoltly right, using your power as an administrator insequence with system controlling priviliges is an effective way, but my point is to “Convence” make users understand and accept the idea of uitilizing besiness time in besiness work and activities, it is also a part of team work idea which is you “the user” your part and i do mine to achive maximum corporating and reach to beyond suceed point.

regards.

Easy

In reply to Force VS Convince

The error you(?) made was to let users log-on with administrative rights. As others have pointed out, one of the measures is policies, which only really work with XP pro and 2003 servers.

Another very good approach is to skip the PC’s generally – yes it is possible – and let the big majority run on thin clients. This wil give you the benefit of minimizing maintenance, just think of changing hundres of PC’s with a handfull of servers. It will also ensure that malware attacks are kept to a minimum, everybody runs same version of SW, malware protection is ALWAYS on top, noice and heat emmissions in the officer are markedly reduced,and the user gui is the same wherever they log-on.
I tried it, and I would never even dreamof giving the ordinary office user a PC.

Also tell users that the compaby PC is just like the company car:
Don’t tune the engine.
Don’t install blowers, nitro or other stuff.
Don’t fit fat big slicks.
Don’t paint it pink (or whatever your fav color is).
Don’t fit spoilers.
In short – it is a tool provided by the company for company work.

/Peter

Why play policeman?

In reply to How to convince users to use their computers only for business related work

Write down the fix needed – give one copy to the employee and one to his manager with a request for permission to fix the computer. That way both the employee and the manager know what is happening and it is their choice as to the result. If they choose to keep the junk they also choose to take the slowness and related liabilities. You have done your job until you get their direction. That way you don’t have to revisit the problem.

Plocies and Management buy in

In reply to How to convince users to use their computers only for business related work

You must first have corporate policies and procedures for acceptable computer use and that spell out the possible penalties including and up to to terminain.

More importantly you must explain to the why they should not do these things telling them about viruses, worms, spyware, etc.. talk to them about about legal issues including copy write laws and how their actions could cause a compant wide problem disabling numerous computers and causing work stoppage and slowdowns for many others too.

Remeber you must bet management buy in, but scare the living *&^%^%$&^% out of them.

User requirements.

In reply to Plocies and Management buy in

Policies and rationale, consequences for transgression and visibility are all necessary. Realistic service levels are also vital.
Ex: My wife was a tax manager for a large public acctg firm. The call response time agreed to with their outsourced vendor was 72 hours! So she did what needed to be done; sweettalked a Jr. tech out of the admin p’word and figured out how to resolve issues herself. She’s taken that attitude with her to her new employer, who has the same service vendor (hmmm, who could that be?).
Imagine, a cubicle full of $100k pin-striped CPA’s sitting around for 72 hours waiting for a 20 yr old technogeek to leave his DOOM game and install some software. All while under IRS deadlines.
IT, outsourced or not, must be responsive to prevent users from taking things into their own hands.

DO NOT MAKE ADMIN ON THE BOX

In reply to How to convince users to use their computers only for business related work

That is so simple it isn’t even funny. Why would you ever want to make a user an admin on a corporate machine? Just install the apps they need to use and let them have the machine. As long as they are not a Domain Admin you are good to go. They will get the, “You need to be an Adiminstrator to install this Application” dialogue every time they try to install anything.

Problem Solved

Sounds good on paper

In reply to DO NOT MAKE ADMIN ON THE BOX

Whenever I setup a machine, I do not give admin to users unless there is a very specific reason. The problem is that there are many apps found on the internet that will load even if the user does not have admin. Google Earth anyone?

Simple – group policy and big brother

In reply to How to convince users to use their computers only for business related work

When I worked for Novartis, the end users didn’t have authority to install software. There was no ‘Run’ option on the start menu.
If users know that their systems are remotely scanned for unauthorized software and that any self installed software can result in termination, they usually will stick to business.
If you can’t get support from upper management, then your problems are bigger than you are going to be able to deal with.
If they knew how much this is costing them in support, they might be more receptive.
I’d change jobs.

LOCK THEM DOWN

In reply to How to convince users to use their computers only for business related work

I am in Healthcare IT. These type of things not only cause issues with the user, but could conceivably affect patient care in a very REAL way. I do not allow anyone to install ANYTHING on ANY PC unless IT approves it….which is usually denied unless its absolutely critical. My domain policy is so tight that users cannot even save files to desktops. If they want files saved they must put them in “My Documents” which is pathed to the file server (and backed up). They cannot even open a command prompt….WHY WOULD THEY? There is absolutely no reason!

I have taken everything out of the control panel…WHY DO THEY NEED TO GET TO IT? They dont… Because of this policy my days are filled with NORMAL IT tasks instead of strangling stupid users who install the latest version of US NAVY SEALS to play at lunch… Aint happening on my watch 🙂

Yea, I know, some of you will say I’m a Network Nazi, but thats ok. My network is secure, I’m not wasting time trying to figure out what any number of “LUSERS” has done to “MY” PC’s.

This is a hospital – it is NOT an extension of their home PC. It is a tool to ensure our patients are taken care of by providing the best and latest technology. Most of you are aware that many Healthcare systems are now totally “electronic medical Records” – so, without the systems, a patient could conceivably suffer harm or even die because their patient data wasnt available to nurses or doctors.

Yep, I’m a Hard A**, but I do it for my patients…my users know without a shadow of a doubt these are “MY” PC’s – NOT theirs. Yea, I also do sweeps on the file server for MP’3…. wham – Bam – gone. Unless… its some I dont have 🙂 (Hey, thats the benefit of being IT!)

Ok, who’s gonna take the first shot at me for being so mean 🙂

Jim S.

Not a Slam at all

In reply to LOCK THEM DOWN

Your approach is actually quite understandable, a little belligerant maybe, but quite justified. I understand the frustration these kinds of users cause, but smooth IT doesn’t let that get in the way of doing the job. For others, one possibility in a Windows environment is to create a user group with policies which lock down their rights. Make someone a member of that group when the issues of use come up. Reprep the machine and then lock them down to business only functions. An earlier post spoke to being IT and not police. It is crucial that IT never take a public side in establishing and determining application of corporate directives.

lock them down, throw away the key.

In reply to LOCK THEM DOWN

I am with you 100%. I am an independent consultant and maintain about 30 different networks that go from 5 seats to 300 seats and I have found that the “Nazi” approach is the right way for me and my networks.
Typically I deal with the top level management/business owners and they are behind me completely. Even if they are the source of the problem.
Some of my networks started the same as creative’s and when I took the issues to the big boys they asked what we could do about it. The answer was simple and the users have had no choice but to accept it.
If they want to spend their personal time at work surfing or downloading … go home or starbucks or wherever but _do_not_ do it at work! I even had one company that would charge the department for any user caused issues. The charges came out of bonuses and such for the affected department. When the perks of a job are affected for a group of people they tend to police each other. The flipside is they tend to be reluctant to call for help. Its a viscous cycle but it works out for the greater good in the end.

The easy way to win is show the big boys your bills/costs and they will agree to just about anything that will reduce those costs or use that expense in a more productive manner.

I have told every tech that has worked under or for me one thing they must always remember. You are in charge! You may not be at the top of the food chain in your orginization but without the support of IT no one can do anything. You are in control of everyones ability to be productive. If they are suffering from their own stupidity, then it is your goal to never let them get to a point to be able to make the stupid descissions they do.

“I don’t know what happened. I clicked on this icon and everything went crazy.”
If you are maintaining your network properly and in the best interest of the company, the user should not have the option to open any app that could be dangerous. Make it personal. When they are destroying your network they are affecting not only their productivity but your livelihood.
Consider the network as your children just as management considers their department their baby.

Some people find themselves in a position where this doesn’t work for them … then you are in the wrong end of this industry. You can not be passive nor too aggresive, just know how to pick your battles to win the war on stupidity.

This kind of mentality has worked well for me for 20 years.

lock them down, throw away the key

In reply to lock them down, throw away the key.

Hey why would I want to take a shot at you, I agree 100%. My machines are imagined with what they need to do thier jobs and they are users only on their machines. We even hide the USB from them. It will say it installs but won’t showup as a device so as far as the user is concerned his camera or thumb drive don’t work. I may be a hard a** but at least I can sleep at night nowing that my machines and network is secure.

Adware, Spyware,Trojans, Oh MY GODDDD,what was that blip on the screen?

In reply to lock them down, throw away the key

I work in a fairly busy computer shop and have had to service some small business setups from time to time.
I ceased to be amazed at all that crap I found in msconfig, start menu and task bars…
We use a few tools, cc cleaner, hitman pro and a bunch of various anti-virus goodies..
As long as the admin password is by passed those problems are going to appear sometime in the very near future.
There doesn’t necessarily have to be P2P on the machine, or Yahoo Games or wahtever. The very existence of popups and click here’s that install goodies is rampant on the Internet.
I do like the deep freeze best though in the shop, keeps the massive 3d games off the network hehehheheheh. Works great in an internet cafe setting too.
If all all else fails , there is the evil option of typing in format C: watching it go bye bye and sticking in a Linux cdrom 🙂

The Flipside

In reply to LOCK THEM DOWN

There are certainly people who waste company time with personal stuff. But there are also people who ‘waste’ as much or more personal time with company stuff.

So they want to watch a movie on their comapny Laptop during a long flight, or maybe listen to some music, orm,aybe even play a game or work on their personal finances. Why not try to accommodate them?

We have a solution that works pretty well. ALl systems are built forma golden image. Policy establishes that all company data is to be stored/backed up to a network drive (which is swept, by policy for .mp3,.mov,etc…).

If the user’s PC is having problems, we generally reimage if it takes more than about 5-10 minutes to troubleshoot. The user gets it back the way it was pre their non-comapny related stuff.

Not a perfect solution perhaps, but one that helps manage the problem users without crippling the power users.

Bravo!!!

In reply to LOCK THEM DOWN

I love your way of doing things. That is the way IT should be performed. LOCK EM DOWN!!

I’m with you on this.

In reply to LOCK THEM DOWN

I don’t work in an environment as serious as health care, but I have the same views as you. Those computers are for work only, if they try to go to a domain or subdomain I feel is not for work, bam-o, they are redirected to a webpage that says “This website has been deemed unuseful for your line of work, please do not visit it again”. Really upsets those who wanted to play online games and listen to internet radio and suck up system resources.

I agree

In reply to LOCK THEM DOWN

I agree wholeheartedly with your decision at a hospital.

Unfortunately not every business is a hospital or has the same requirements as such. what about a business where you have developers that need local admin rights to do their job? what about execs that hold power over your position and tell you to let them install a certain application you deem unworthy of installing? what about custom/proprietary applications that require administrative rights in order to run properly? What about project managers that know enough about computers to be dangerous?

I had one project manager take a guy’s system (minus the HDD) in order to install and run a server in his workgroup. The guy let his manager do it and then requested a new system. I thought I had already given him a system and confirmed it and took it to my 2nd line manager who was extremely upset that a project manager had the gall to do something like this. He gave me the authority to take the server and swap it all back the way it was, and unfortunately the server no longer worked, but the guy got his system back at least. when the PM complained to a different high level manager, he was told to deal with it and that all the managers had knowledge of what he did and that it was frowned upon.

anyways, people try to get away with all kinds of crap regardless of the consequences. i try to circumvent this by warning them in advance and appeasing at least a few of thier requests. I had a MP3 server setup so that the company could listen (not copy) to music of their choice as they worked.

I like the gestapo tactics you describe, but it jsut doesn’t fly for all types of business…

*sigh…

this is all too true

In reply to How to convince users to use their computers only for business related work

of management (your boss or supervisor) that really don’t want to work. It makes it very difficult to say or suggest that he takes off the games, movies, mp3s, IMs, etc, even when there are board approved policies that police such actions. If you say anything to HR or his manager, you get canned with his denials, even if you do document this situation. If it’s your boss or senior management, just make a suggestion after you fix it. If it is a joe blow regular worker, just document it and consult your IT manager and let him/her handle it with HR and the worker’s manager or supervisor.

Policies, Policies, Policies

In reply to How to convince users to use their computers only for business related work

GPO’s!

If management blatently disregards these rules; then you need to document and start charging these departments more for their negligence; until they ratify the problem.

Computers For Business Only

In reply to How to convince users to use their computers only for business related work

First off, do you have a Computer Utilization Policy in place? If so enforce if not put one in place; delete all non-business related files.

Change user access to Limited user; I am assuming the the PC files being consumed are all local and network drives are not affected.

You need management support for any and all restrictions to work. They must be applied across the entire workforce.

JoBriKa

It Can Get Worse

In reply to How to convince users to use their computers only for business related work

While working for a Comercial Calibration laboratory as Network Administrator I rolled in early one morning to find a very unhappy technician who’d been there for hours attempting to get caught up with the work load. He cannot access the network, the server broadcasts a message every few minutes that the server is running out of disk space. I knew that was impossible because I monitor the disks regularly. I discovered the problem was a jpeg file that had been saved to that little partitian drive that holds all of the Novel Command Codes and rarely changes size. I moved this to file and all was running fine. When I opened the file, after a virus scan I found a found a large, rich color photo of a Flyers Hockey Player. When the rest of the employees arrived I went around asking about this picture. I finally met an angry technician who was ticked off because he wasn’t able to load his new ‘screensaver’, so had saved it to a network drive.
The follow day all management and employees recieved notice from I.T. that no personal screensavers were permitted, the company Web Page was locked in and none of the employees or management was able to change it. Also, they were all locked out of all network drives except for the space alloted for their documents and they were reminded thatf failure to clean out their documents would result in new documents nots being able to be saved.

Business Use Only

In reply to How to convince users to use their computers only for business related work

If the rule breakers are in upper management, you will not be
able to just lay down gestopo type rules unless the people above
them are on your side and even that makes bigger enemies.
Instead the best way to win them is to show them the impact to
the bottom line. Show them what it costs in time, money, lost
productivity, cost of opportunity — theirs and yours (and
perhaps others). Make sure that you are logging all of your
hours — what are you doing all hours of the workday (minus
lunch and breaks, of course)? How much time is taken from
other more important duties and stragetic projects that improve
the company and its bottom line? Bill your hours to each
department — even if it is not in terms of really $$ coming to
the IT account, you can at least show a monthly report of where
all of your time is going.

The user never listened to you

In reply to How to convince users to use their computers only for business related work

Although you say them, they will ignored you. In my company we found that 45% of the help desk reports originated by this type of situations. We decided to emit restrictive rules and enunciating sanctions, nevertheless also we blocked the users to install, to share and to chnage some folders. This reduced 45% of this.

Don’t bother

In reply to How to convince users to use their computers only for business related work

They are the ones affected by the performance. Publish a message out to all users and tell them the results of their actions. Then tell them they can either ask before installing garbage and violating the company’s computer-use policy (you DO have one, right?) or they can deal with poor performance.

Limit their rights – standard user

In reply to How to convince users to use their computers only for business related work

Then they can’t install these programs.

Our solution is simple…

In reply to How to convince users to use their computers only for business related work

…fire them. Once the other employees actually see people getting fired, then tend to stop doing whatever bad stuff it was that got their buddies canned. When you have a company that survives by the computers working properly, everything from production to payroll, you can’t afford downtime from (L)users screwing around on their computers. Not to mention paying people to sit there screwing around instead of doing their jobs.

When we find computers like that we make alot of noise about it to embarrass the (L)user among their peers and make sure their manager takes notice, %99 of the time resulting in that employees termination.

I used to be nice about it…. but when I get called in on a weekend or late at night to fix something because someone has been using their computer in a manner it was not authorized to be used…. I tend to be a real A-hole

Picture out of focus – Problem not properly identified

In reply to How to convince users to use their computers only for business related work

Big Picture First:
People at home are using their computers for a significant amount of work. Some companies are starting to send the W-2 electronically, workers are doing email, after hour support is sometimes done from home, research on business problems, training, etc.

This is not a non-trivial aspect. The siode effect of companies putting increasingly repressive policies is that users will do work(only) on the company computers. And they will do less work on their home computers. The overall impact has been a significant loss for companies that track both the work and non-work computers.

Morale, productivity, adaptability to change are all lessened.

If someone abuses this is just like someone who spends the entire day chatting at the office coffee pot. Do not get rid of the coffee pot, but their manager should be worried about productivity. Is the person in your example one of the most productive users? IE if Mary never does non-work on her computer, but also does not accomplish as much as Sally who does other actions, then it is Mary not Sally that needs to be looked at.

Blue

let’s call it what it really is

In reply to Picture out of focus – Problem not properly identified

ANY use of any company resource for other than company business is stealing. I suppose you could argue that no one else is using it, but would you ask the boss’s secretary to type up your resume if they weren’t doing anything at the moment? Does your company let you use the executive limo to take you to lunch if it’s not being used at the moment? Besides how many people use company resources for personal use ONLY on personal time? I also suppose you could allow stealing – it happens more than most people would like to admit. In retail 75% of theft is internal.

Different View

In reply to let’s call it what it really is

It depends on how narrow you define company business. I have been in field since 73. When first training users who had never seen a computer before, using solataire was more effective than anything else in teaching how to use a mouse. So do you consider playing solataire theft?

I prefer users to 1> Get their job done. 2> Be efficient 3> Be easier to adapt to new changes 4> Suggest ways that the processes and programs be improved. All of these are core business concepts. You do not reach All of these goals with box of regs around your users. Yes, abuses have to be stopped. And Yes, getting the current job can be also be done. But in stopping abuses, you do not want to stop the adaptability and suggestions. You do not want a climate of fear either. Fear can be ok for the short term, but it is like a acid on long term productivity and growth.

I have requests for tighter policies from my staff from time to time. There are a few very valid reasons for some (no porn), but most I turn down. But many are about increasing control or sensibility of the IS and not the core business reasons. Limiting what the users can do means they can do less. Making users fearful in general degrades performace.

what really is theft?

In reply to Different View

ah – how about since ’63 – back then – this wasn’t a problem – the problem was getting people to use computers. no – playing solitare is not theft unless solitare happens to be the only thing you do all day and it’s strictly for personal enjoyment(i’ve seen this really happen). it’s not what you do, but the purpose. company business is company business and personal business is personal business. I know it’s tuff to seperate the two (i have the same problem), but unless we call it what it really is (in my opinion) people will have a tendancy to minimize it. you’re right on with the rest. PS – i have had to look at porn just to validate what was going on and “police” it. only once. and not by my choosing.

Personal vs Business

In reply to How to convince users to use their computers only for business related work

I sent the guy on break and said I’d fix it while he was gone. I simply deleted all the things the clown had installed. A note was left that the more junk he put on the PC, the slower it would run. Leave it alone. It has been awhile and he hasn’t complained about a slow system since….
I’m not really a mean person, trust me.

They need to learn the hard way

In reply to How to convince users to use their computers only for business related work

I had several “maverick” users who thought that the computer provided by the company was THEIR property, and as such, could do anything they wanted with it provided that they did the work required of them. I established a company policy working with the HR dept., and still abuses such as selling on eBay, visiting joke sites, chain e-mails, etc. on *company time* kept up on a daily basis! How did we change it? One of them was dumb enough to launch a virus that cost a full day’s work for the company, including holding up payroll checks! They became VERY popular in the plant for that, and we rewarded their action by terminating them on the spot. End of troubles, as the other “mavericks” more than received the message!

fixing the same issue over and over

In reply to How to convince users to use their computers only for business related work

you know sooner or later all that troubleshooting is going to add up to over time and constantly fixing the same issue over and over again…if not on the same machine or on different machines with the same issue about there system running slow or taking forever to boot-up….this happen to me and i was questioned by my manager….and then had to explain why i am always having to go back and fix the same issue over and over….when that happens you can best bet that there will be some serious policy changes in computer usage on the job.

Convince vs Enforce?

In reply to fixing the same issue over and over

Policies and standards that are not enforceable are not worth much.

Work stations should be set up with least privileges, separation of duties and user provisioning for the purpose of doing one’s job, and nothing else. Internet privilges are not needed on the loading dock, for example.

Trusted operating systems track all that is done on a system and prevents abuses by authorized users. If you rely on policies, you have grounds to fire someone for non-compliance, but infractions will continue to occur, causing downtime, loss and expense.

A few public systems could be set up separately in a separate network for employees to use on break, answer personal emails etc., if necessary to keep morale up.

Constant Struggle

In reply to How to convince users to use their computers only for business related work

I worked as the Network Admin at a law firm that made policies and actually enforced them. The standing rule is if you wanted to install something on one of the firms computers, it had to go through me. Peroid. No games, no MP3’s, No JPG’s unless they were case related. No screen savers or wall paper, actually no nothing I didn’t OK. Anyone who broke that rule was subject to termination as stated in the employment manual under “Computer Usage”. These people did not tolerate any BS from secretaries, and some Attorneys. Had one instance of a secretary who went out of her way to make life miserable for me. She was very religious and one day, I saw a Bible passages screen saver on her system. I asked her how it came to be installed. She said one of the other secretaries installed it for her, and since it was religious it couldn’t be any problem. I didn’t say anything, just walked away. When I got back to my office, my phone was ringing. It was the office manager, The secretary in question called to make her case first. The office manager reminded her about policy and had a little talk with the secretary who installed the screen saver. Didn’t have any problems from anyone after that.

I changed jobs, the new firm has the same policy, but does not enforce it. I have some problems with unauthorized programs, I guess it will take a disaster to make them take notice.

Change users way of thinking

In reply to How to convince users to use their computers only for business related work

1st off you need to refer to all computers used in a work environment as workstations and all home computers as PCs and explain the difference to your users, Personal computers are exactly that, personelized for the user, owned by the use, by its very definition “workstation” means that it is used for work, not personel (but sometimes funny) emails, or chat programs or my favorite free casino card games(cant seem to convince users that free means spyware), but for work only, I find it takes a combination of talking to Sr management, implementing group policy and in general being a network nazi to accomplish the task 🙂

Fire A Couple Of Users

In reply to How to convince users to use their computers only for business related work

Fire a couple of the user that are violating company policy, by using the computer system, network, and internet access for non-business use. The word will quickly get around and very few others will want to take the chance.

It worked for me!

In reply to Fire A Couple Of Users

I hate to be ruthless, however firing one is what it took for users where I last worked to get the message that company computers AND time are for company business. Although, it helps when they cause a problem which holds processing payroll checks up for a day! Nobody wants to be responsible for that again, as you become public enemy number 1!

Oh wouldn’t I love that

In reply to Fire A Couple Of Users

I have found and documented cases of objectionable material but to date, the employees involved have only been ‘lettered’. I really think that the only way to get users attention on this is for someone to actually lose their job over it. We do have written policies but they are being ignored. The topic has come up again with management and I hope to get this into our employee handbooks.

I was working on a system today that had spyware and viruses and found some naughty stuff. I did my documentation and backed up the files in question on my external hard drive. Unfortunately, the user of the system is the older brother of the young man that I am training as my assistant! I did inform my manager of what I found but I didn’t like doing it this time.

You could just notify the user…

In reply to Oh wouldn’t I love that

Two things come to mind about naughty stuff appearing on a system.

One, it may not be that person’s complete fault. i have seen some people leave their systems logged on and “others” go onto their systems and cause the naughtyness to appear. i even had a problem with a security guard getting on user systems that have been left logged on and doing some “weird” stuff.

Two, you could have just notified the user and get his input as to what happened and warn him verbally that he either needs to logoff or not go to those types of sites, or you will be forced to report his activities. You could also just say these things get logged as to the sites each user goes to and it’s beyond your control. Most users have no clue as to how that works anyways, lol. Truth be told, it can be monitored, but most companies don’t bother with it.

anyways, reporting him to a manager could jeapordize his position and it’s something you want to resort to as a last ditch effort. I wouldn’t want to get anyone fired over something so trivial, and I would at least like to give the user the benefit of the doubt or at least a chance to not screw up like that again. Besides, it’s fun seeing them squirm knowing you are aware of what strange activities they are up to, heheh…

In an Outlook folder called ‘keepers’?!?!?

In reply to You could just notify the user…

Sorry, but I need my backup of my management on this and the only way to get it is to inform them. Also, what I found was mail messages in an Outlook folder named ‘keepers’. This indicates to me that saving these was intentional.

I have pointed out to users many times that they are responsible for what occurs under their userid. They have been told that their best protection is to log off their computer at the end of the day and not to reveal their password to anyone.

By the way, pornography is not trivial. It is offensive and could result in lawsuits against my employer. The same follows with racist or other types of offensive material. If I find it, it gets reported. This has been made very clear to me by my management. I know that this particular employee is being lettered (a warning, not fired).

As systems professionals, we all need to recognise that this type of material has NO BUSINESS on a user’s system. Please do not make excuses for those people that consume this type of garbage. If you want to look at this, DO SO ON YOUR HOME COMPUTER, NOT ONE THAT I HAVE TO SUPPORT!

Wouldn’t say trivial

In reply to You could just notify the user…

As misusage of your company?s property and time is theft. Let alone the harm that can be done to your company?s image what can result in sales loss.

I wouldn’t take it that lightly as trivial.

I agree to give the user a chance to improve behavior

Rob

Letter from management should improve behaviour

In reply to Wouldn’t say trivial

The letter that this employee is about to receive should help improve his behaviour. Since this is a smaller company, I am hoping that the word will get out that I will report ANYBODY I find misusing company equipment.

I have been accused of being “out to get” a certain manager. People think that the PC on their desk is a personal toy and they should be allowed to ‘play around’ when things are slow. I am attempting to force the old boys network to clean up their act and need any help I can get from management. In order to get their support, I need to report this type of misuse.

As I put it earlier on

In reply to Letter from management should improve behaviour

For sure if the word gets out that measures are taken and consequences will follow the other mis-users will back down.

But … (there always is a but, isn’t there)

Will it give you a nice and comfortable working environment, will company atmosphere improve? I guess not.
On the other hand if you give them the reasons why these rules are … and if their sensible to logic … then maybe it doesn’t has to come to a repercussion/ fear frightening company (don’t say that it is now but the risk is there.)

Maybe these links will give you an idea.
http://techrepublic.com.com/5208-6230-0.html?forumID=7&threadID=191169&messageID=1978356
http://techrepublic.com.com/5208-6230-0.html?forumID=7&threadID=191169&messageID=1983264

Rob

LOVE THIS COMMERCIAL!!?

In reply to How to convince users to use their computers only for business related work

I know this will not help the problem. But I love the comercial where an IT employee screams; We have a virus!! Then a few IT’s gather and ask HOW did it get in, we had everything secure. The bosses’ daughter comes out of his office saying, “You should see the coolest game I downloaded from the internet.” Even office managers do not understand that ONE trip to wrong site and the network is down..I will not even start on an intranet.

game is one thing, but email is another

In reply to LOVE THIS COMMERCIAL!!?

I like that commercial too, I got a big kick out of it when I saw it… I don’t doubt that a scenario such as that could happen, but I find what is more likely is freemail aaccounts. The ones like hotmail, Yahoo Mail and any others that do not scan for virii, that users subscribe to are the worst enemy of the IT profesion. People email all kinds of crap and do this in the corporate world as well. The proliferation of crap is astounding and when one person gts a worm and his system starts spamming any available ports and email addys from the first users address book, the propagation gets a little ridiculous.

How do you shutdown or even enforce external email like that? Besides having a solution that works on the firewall…???

Signed Policy By Users

In reply to How to convince users to use their computers only for business related work

We have a simple policy that says all computer equipment and everything on them is the company’s property. Any software not on the approved list may be deleted with or without warning. We do allow for personal software installs if approved by administration. Everyone with computer access signs this policy acknowledgement – if they don’t sign, their account gets disabled. It’s also part of new employee orientation so everyone gets the word.

Excellent

In reply to Signed Policy By Users

My employer does this also (altho’ clients don’t get admin rights to PCs, thus can’t install whatever they want. If a bone-fide software install requires admin rights, we grant it for the duration of the install, then once the app has run, revoke the admin access). Plus the employee has to (read and) sign an Internet Usage policy document. We generate internet usage reports & send to departmental managers so that any untoward usage is dealt with as the local manager sees fit. If the manager is happy with his\her staff browsing , then all well & good. It’s the manager’s call, we in IT just give them the information (or ammunition, depends on which way U look at it). Obviously we have policies which block access to certain websites etc. (who doesn’t). We run an SOE, so all users are created equal – VIP users get increased email & home directory allowances (space-wise). This seems to work well – the only clients who get miffed by lack of ‘rights’ seem to be the usual suspects who would abuse any way. Cool.

We have a policy too but….

In reply to Signed Policy By Users

It doesn’t sink in for some.

I’m impressed.

In reply to How to convince users to use their computers only for business related work

As a older dude (who’s send a lot of wierdness go by the board) I’m impressed with the amount of thought and the good ideas you guys have come up with. I’ve seen most of them implemented, and almost anything works, from stricter policies to the “network nazi” approach.

I see the biggest problem as the lack of distinction in today’s world between “I’m at work” and “I’m not at work.” I work at work, and play at home. But too many times, I’m not sure where I am. If I’m at home, working on a cut-over of new software on a remote server at one o’clock in the morning, and I have a one hour dead time until the next step, am I at work? Or am I at home, and free to play a WOW session on the side?

On a personal note, I have a bunch of computers and home and reserve one for work, but not everybody has these resources.

Personally, I think the problem is going to get worse as more portable information devices are added, people started working from more venues, and crossover viruses become common.

Good Luck to us all.

Lock everything out

In reply to How to convince users to use their computers only for business related work

Lock everything out through group policy, dont let them have access to anything they dont need. Then at your firewall perimeter only let out what services/ports need to go out, most commonly 80, 25, 110, 20, 21, 3389, etc then block everything else out. that then natively stops any p2p networks, messaging and chat programs etc, block access to any media players, dont let them install anything. Do it all through software and if they pack a stink tell em tough shite. Time to get hard

Profiles

In reply to How to convince users to use their computers only for business related work

Let the title guide you. Give users only access to business items. Don’t let them change anything or install any programs. When they ask how to do it , tell them there is a WORK-ONLY policy and you have to follow it.

Lock’m Down!

In reply to How to convince users to use their computers only for business related work

Network security is key to protecting your network infrastructure and the data within. Alot of the stuff that people download is just not games and programs that rob cpu and memory. Alot of it may contain key loggers and other virus traffic that can sniff out passwords and other data that is integral to the security of your network. SO my answer is lock them down. If you are part of a domain take the ability to write to the c: drive right away. Give the appropriate applications folders permissions to run but allow them to olny write to their My Documents folder using security groups and adding your domain local security groups to your local security groups on the individual computers. Another method if you are using a Windows 2000 domain is to enforce restrictions on how much space thay have on the hard drive to copy to using disk quotas. At some point and time some end users will just defy the nice guy or gal in you to the point where you have no choice but to take charge of your end user environment or they will take charge of you.

Steve

What I done,

In reply to How to convince users to use their computers only for business related work

was, in the login script, scan for .mp3s and other known problem files on the hard drive and simply delete them. They already can’t install programs that write to the program files directory or modify the registry. If they ask me to install something, I tell them the request has to come from their supervisor.

Just delete the crap

In reply to How to convince users to use their computers only for business related work

I just delete the non-business related stuff when they complain the new pc is running slow. If they have a complaint they can take it up with management. I have 2 or 3 users constantly downloading stuff that doesn’t belong. Unfortunately I can’t take the internet away from them because they need it when they do some work. I just refuse to repair any programs that I don’t install when the PC is put on the desk. If someone leaves I usually will write zeroes and format the hard drive instead of trying to delete all this stuff. It is a constant battle of wills and the user will ultimately lose. I don’t think you can convince those users about what they can’t download until they get written up or something like that.

Not good enough

In reply to Just delete the crap

You put yourself on the defensive. You let it happen, and remedy later.
Be proactive instead. Set-up barriers, block users.
Go to the extent of partitioning local drive to Windows minimum, and store ALL userfiles on central server with limitations on size. Additonally run an hourly batch job removing unwanted files.
Scrap their PC’s and give them diskless thin clients.
Take it up with management. You might end up on the frontpage on papers with charges of copyright infringements or stoles SW. Very bad PR!

Try to get a new job, after being responsible for you latest company going to court sued for stealing SW and music….

Feet to the fire

In reply to How to convince users to use their computers only for business related work

Having been botha business owner and a company employee, I find this issue to be misunderstood by many. Many employees abuse company assets while many companies abuse their employees.

Here’s what I do. If you use your PC for “non-business” items (e.g. listening to MP3s offline from the Internet), then you are responsibile for local admin and maintenance of your PC. If your activities impact my network infastructure, we talk. If you can’t do your work, we talk. Obviously, don’t do stuff that is illegal or would compromise the company (e.g. porn or gambling). But, if you work through lunch to meet a deadline in the office and elect to shop online vs. leaving the office, I’m cool with that. Just be a safe surfer. Be smart and let’s work together. Need to check your bank balance on payday, cool. Want to watch that 500Kb streaming video of some cheesy pop star, no. Save that for your dial-up connection at home.

Lock it Down

In reply to How to convince users to use their computers only for business related work

At the company I work for we use a product called Surf Control. It allows you to add the websites you only want your users to access. It also trakc were users go and logs it for you. This gives you proof for management. Once we rolled out this program all we had to do was mention to our users that they are being tracked. This has cut our virus reports down from 5 pages to 1 page.Just the thought that they are being watched has kept our users company friendly but it also made IT a bad word among users. Our policy states that computer use is for “Business” related use only. If users are caught surfing sites they should not be on they are disciplined.

Spend a litlle a money – Get SpectorSoft

In reply to How to convince users to use their computers only for business related work

First you buy the software. Then let everyone know you’re monitoring them. Bingo! Problem solved immediately. When they think things have blown over and no one is checking on them – you got’em!!

Go to http://www.spectorsoft.com/

Go with organisational policy

In reply to How to convince users to use their computers only for business related work

I worked in an organisation that had policies on these issues and the staff routinely ignored the policy. We had another policy was that any call re problems with the OS performance were dealt with quickly and simply.

Take special 2 disc cd set to PC, boot from CD running first a virus checker, using the latest definitions on the network server, then adware and spyware programs. Check performance, if still bad.

Boot second CD which did a format C and reimaged the operating system.

Since all corporate local data storage was pointed to D drive by the corporate image, no corporate data was lost but all extras were. After a few incidents of this most users limited what extras they did put on.

Another organisation had their systems set to have them boot over the network with the registry settings and start up programs reimaged at each boot. Anything set up just never got a chance to restart.

Bring it to management’s attention

In reply to How to convince users to use their computers only for business related work

If this user is spending that much time downloading and listening to music and watching movies, management might be interested in knowing where the money that they are spending is actually going. Further, the issue of stolen copyrighted material and liability for it comes up. Not something that your management would want to get blindsided by. I don’t know how big your firm is, but if it’s small the litigation costs could seriously hurt the business, and thereby hurt you.

Speak to the employee’s manager after clearing it with your boss, as this situation will undoubtedly be of interest to him or her. The employee is stealing time from the company by not performing the assigned work. Spending the time he is being paid for by downloading movies and music is nowhere in his job description. I sincerely doubt that he is whipping out a credit card to pay for any of the movies or music, which brings up the second issue: theft of copyrighted material. It doesn’t matter where you or I stand on the copyright infringement / theft issue. What matters here is company liability for the actions of one of its employees that it failed to properly supervise. The company’s assets (computers, network, servers, internet access) have been used to illegally obtain the copyrighted materials. You can bet your severance pay that the holders of the copyrighted material would love to sue for major bucks over this. The headlines have been full of such cases. It would be enough to make a Temple Law School lawyer salivate. If the company takes a hit, the company has way less money to put into interesting things such as employee compensation, profit sharing (no profit, no sharing) and retirement accounts. So it is in your best interest to perform the due diligence needed by to prevent the company from taking a hit that would vaporize your next raise.

I’m not going to go into all the various moral and ethical aspects of this, as others here have, or will do that sufficiently.

Cover your ass: go to your boss.

Pete

policy, approval, image, and roll out

In reply to How to convince users to use their computers only for business related work

A few steps ->
(a) Get a policy, there are a tonne of them on the web, adjust it so it suits your company, with statements like -> only tech support can install software, and only company data is to be kept on company machines, and any non-company data/programs can be deleted without warning
(b) Get it approved by management -> by management as a group, so the odd single manager who won’t like it can’t tell you no – a simple justification to use is to bring up a single user who has wasted company money and time by doing something like what you describe – and tell them how much it cost in $$$$, and ask if they want to keep spending those $$$$ on things like this – or would they rather have their company cars – and see if you can find similar incidents in company history so the $$$$ amount is higher
(c) create an image (or images, if necessary) which doesn’t allow any users to install software, only administrators -> use something like ghost or
if your smart enough, ghostforunix (free and easy) to roll it out
(d) roll out the image to all company boxes, making sure no standard users have admin access to the image of course

I did this about 4 years ago, and it has saved so much money and time for my company, in not having to deal with problems like you describe above. It also saves money on the training angle for your staff, as they know all machines are exactly the same, and can teach and support each other without too much resort to tech support for individual customised computers.

It’s Our Fault!

In reply to How to convince users to use their computers only for business related work

1st of all: STOP BLAMING USERS!

We exist to serve them … and THEY DO NOT KNOW ANYTHING AT ALL ABOUT OUR WORK

If they don’t understand something it IS UP TO US TO EXPLAIN IN PLAIN LANGUAGE

2nd: BLOCK THE POP-UPS THAT THEY SEE WHICH TRICK THEM INTO INSTALLING AND DOWNLOADING ALL THESE EXTRAS

…….

Bottom line: IT IS UP TO US TO BE PRO-ACTIVE

Do not get mad at them, they truly do not know what they are doing.

Reply To: How to convince users to use their computers only for business related work

In reply to How to convince users to use their computers only for business related work

I just start deleting / un-installing. I don’t care – I know that my boss and his/her boss(es) will back me up. Our users know the rules, they know what is and isn’t allowed on company owned hardware. I will just (w/out any warning to the user) will just start un-installing out of add/remove programs until I get the machine cleaned.

When I’m done – I will then announce to the user – “ok – machine should run better now…” and I’ll pretty much leave it at that. If (and they frequently do) the user asks what might have been the problem – then I’ll just tel them that I found all sorts of weird s/w on the machine that shouldn’t have been on it – so I un-installed it. I rarely get resistance…. and when I do – I tell them who to talk to (my boss).

-=- jd -=-

Policy at one company

In reply to Reply To: How to convince users to use their computers only for business related work

I used to work at a Fortune 100 company and they came up with an interesting policy. If there a PC related problem and there was software on the PC that may be business related but not on the approved list, they would do “best efforts” to resolve the problem(assuming the problem was with supported software or the OS). If best efforts fail, the next step was to back up the data and reimage the PC to the original supported and test again. If the problem no longer existed, the user was not allowed to re-install the non-supported software(or if they did they were on their own for support on any issue).

James

Why backup

In reply to Policy at one company

Were they allowed to have company data on their company’s pc? Didn’t they have to put it on the file-server? What would have happened if the pc-disk crashed irreparably, with vital company data on it?
Oh my there is a lot to learn I think.

Rob

Ever heard of Local/Group Policy Settings?

In reply to How to convince users to use their computers only for business related work

I don’t think they have to be told that during work hours, they’re supposed to be working (unless they’re going there for fun and not getting paid). To answer your question: Group Policies (or local computer policies for that matter). Question for you: Why on earth are they allowed to install software on the local machines?

Why??

In reply to Ever heard of Local/Group Policy Settings?

I have management insisting on each desktop user having Admin privlieges. Luckily, some of the senior management at my company understands why this is not allowable. It is still (after a year) in the balances if our management will insist on global admin for all users. All the arguments have been placed on why admin should be locked down, but some of our managers feel that a users ability to install a random program at an instants whim is more important than any security or possible licensing issues. In addition, some of our programs will *ONLY* work if it is run by an admin user….

AD Group Policy

In reply to How to convince users to use their computers only for business related work

If your company uses Active Directory, why not just create a GPO that locks down the users’ permissions so they can’t install anything?

Post deleted

In reply to How to convince users to use their computers only for business related work

Post deleted

Lockem Down Man

In reply to How to convince users to use their computers only for business related work

Lockem down man! No one needs local admin rights.
Give them only the access they need, not want. Forget the politics, and do what is right for the network.

Not really possible with some systems

In reply to Lockem Down Man

Our church computers all have local admin locked down and are used almost daily on the Internet for searching out records. They all have anti-virus programs installed and are set to update the AV definitions daily. Yet the AV definitions are still at the point they were when shipped 18 months ago. Why you ask? Because the local admin rights are locked down and we do not have them and the AV defintions will only update in full admin mode – we cannot change any of the system files or settings.

So each day we spend a long time downloading AV updates that we can not install and we cannot stop because some idiot wen overboard in their lockdown.

You have to look at what can be done while still maintaining reasonable usability levels and total lockdown is not one such option. If a total lockdown was a totally reasonable wortk solution then you should be using older equipment and using thin client as you will get by with less resources and faster responses and ensure data is always stored in the right place.

authorisation

In reply to Not really possible with some systems

I guess your systems are in a LAN environment.
Did you ever try to have the AV updates at login-time? This way the local security-settings can be overruled by the netadmin and install the AV updates. Don’t ask me how exactly that this is done, as I am not a system/netadmin, I just know that it can be done.

Success

Rob

Image set up by Head Office we have no

In reply to authorisation

admin access out on site so we cannot make changes. The AV upgrade is run form ‘Start Up’ when you log on and does not activate as you need to be log on as Administrator for the update to install. We are not and cannot log on as Administrator.

I have worked in a place where the system had a special script to run the AV update and install it between when you clicked to activate a user log on and when the log on was activated by the system. That worked just as you say. So did one where it ran a script upon boot up but prior to the screen with the choice of log on ID options. Neither of these apply here.

Are you using a AV management utility?

In reply to Image set up by Head Office we have no

Do you have a manaement utility or a server side component that manages the updates?

Symantec Corporate uses a mangement utility to update all clients without interactive required responses from the end user. It’s all automatic and behind the scenes, but it has to be setup by an administrator.

You could also create a script that can “run as” a different user, say a local admin. You would need the local admin to set it up though.

You could also setup the update service to run as a different user as well, so that when the update took place it would automatically run as the local admin or any other account that had authority to do so…

Hope these suggestions help.

Wish I could – it is a HO lockdown not mine

In reply to Are you using a AV management utility?

I know there are a number of ways this could be done. The AV program that is installed can be made to work properly with a basic user IF it is installed as the basic user – but NO – HO installed it as Administrator and ship them around the country and no local staff are given the Administrator password. And you get in huge trouble if you make any changes to it at all.

Bloody half trained gorillas who read a manual somewhere one day about locking down a PC. Total lockdown is the most stupid way to go for security.

AV product?

In reply to Wish I could – it is a HO lockdown not mine

What AV product is this? make and model?

responsibility

In reply to Wish I could – it is a HO lockdown not mine

Then make damn sure that your NOT hold responsible if any damage is done, it either be your company or your clients damage. So make sure that your IT dep. at headquarters is held responsible for any mal function/damage due to viruses, spyware or anything else that can damage your dep. our your dep. clients.

Maybe their not half trained but don’t know what customers need (as you are their internal customer). ]:)
But then again don’t they test an image like that first? And then not only as being an admin but as a normal user? ?:)

([i] f***ing nerts, living in an ivory/electronical environment/tower, dunno anything about real business. oh boy this can apply to a lot of us, can?t it [/i]) 😀 :^0 😉

Rob

If you can tell me

In reply to How to convince users to use their computers only for business related work

How to tell the CEO to not send email with blank subject lines, or how to tell the CFO that they really do not need 3 years of email retained, or perhaps just to tell the Marketing Director that the delited items folder should not be considered as a filing cabinet.
ON the other hand I have found buying them a bigger and better computer, gets me some great hand me downs that have more than enough capicity for what this lowley tech needs.

I can’t worry about users…

In reply to How to convince users to use their computers only for business related work

…when my IT manager installs two different versions of SQL on my SQL server. Thus, bringing my DTS packages, remote connections and what not to it’s knees.

Seems my eyes would be looking in the wrong place.

Heavy-handed policies…..

In reply to How to convince users to use their computers only for business related work

Heavy-Handed policies simply generate animosity and are counterproductive. Try an honest, non-tech speak seminar that shows the merits of using a workstation for business. Show the users an example of what can happen when virus, fungus, and plague gets into a workstation. Make them accountable (and deny access where it makes sense), but give users valid reasons. “Because I said so” is a excuse, not a reason.
Remember, you (the IT person) should also abide by the same policies that you set. “Do as I say, not as I do” methods will cause much more harm than good.

Start using a desktop lockdown tool

In reply to How to convince users to use their computers only for business related work

Then start using a desktop lockdown tool, or computer-based policies that limit software installation. Take a look at the new Microsoft Shared Computer Toolkit at:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7256D456-E3DA-42EA-857D-92B716077A84&displaylang=en
and put the machines out on the floor so they can be used for what the company bought them for.

Here is what we do.

In reply to How to convince users to use their computers only for business related work

Our strategy is multi-headed.

The first part is to realize that this strategy has to not only be the rules on the computer, but how the user thinks of it. If the user stops thinking of the computer as theirs (even just a little) then a lot of your job is already done. Most users will only try so hard when it comes to these things so make their life difficult and they will give up (most of the time anyway).

First thing we do is block the downloading of .exe .zip .rar .ace at our proxy. If they don?t have a way to get new programs easily they probably won?t install them. I would also recommend blocking streaming content, music and movie files extensions as well. Users have no need to be downloading these things at work and blocking this will help cut down on all that extra bandwidth wasting. Obviously there will be some people who need these things for their job, primarily multimedia people (and execs if you are forced to believe them).

The second thing we do is implement a good set of group policies. Think of your policies like you think about a firewall. Don?t just block the programs you know you don?t want. Instead allow only the ones you know you do want, and block ALL others. If your users don?t have permission to run “Yahoo_Messenger_installer.exe” then it becomes much harder for them to install the program.

This last thing is actually more psychological, and will get you hated, but it works. Disable the ability to change the wallpaper/screensaver/Browser start page. Standardizing these things to the “company wallpaper” and your intranet page will really hammer home to the user that this is NOT their machine.

Realize that doing these things will make you the enemy though. You do need cooperation at some level from the users in order to do their job. People are driven to make the things they work with theirs. Here are some things you can do to help get at least a bit of respect from them. Some of these things use network resources and do bend the rules above, but they are being sanctioned by you and are being used in a controlled environment so are “safe”.

Make the screensaver a slideshow of their “my pictures” folder and allow them to put the images they want in there.

Set up a streaming music redirection server that plays the top 5 requested internet radio stations. This is not that hard. Set up a weekly vote on your intranet page where people vote on the genre of music they want to listen to and or the station names you are already providing. Based on the top 5 picks find streams that provide what the users want. Open a hole in the firewall to one machine and allow it to stream music from an internet radio station. Use streaming software on that machine to re-stream the content out to your network in multicast. This way you only use a small bit of bandwidth getting the 5 streams in (as opposed to a few hundred if the users do it on their own) and your internal network usage is used efficiently because you are multicasting it.

If you REALY want to work on your IT/user relations, set the wallpaper to a web page that allows them to constantly have a little slideshow in one corner that displays their pictures. Allow them to submit requests for RSS feeds to also be displayed on their new “Dashboard” wallpaper.

Remember. It is important to think of both the networks security AND the users morale. Just remember to make all your rules exceptions to a global NO rather than trying to block specific things.

(By the way, just incase you don?t think this works large scale, I am one of 10 people in our IT department responsible for about 10,000 machines. We deal with workload by having “power users” who are part of the normal workforce that are assigned from within each section, to do the “easy” stuff. Helpdesk is our level 2 support and policy says that they only talk to our power users. We are level 3 and we only talk to the helpdesk.)

Accountabity /Responsibilty Clause

In reply to How to convince users to use their computers only for business related work

When the employee applies for the position, it is made crystal clear that ICQ, MSMessenger, Pal Talk and all those other “wonderful” programs will not be tolerated on Company machines,end of story.
Then it’s up to the firm to decide which of these is appropriate to use etc.
No Multi_GBs of Music allowed, no crap games that have nothing to do with business.
No online gaming etc.
Decide what is and what is not appropriate for your Firm’s Computers and make up and agreement form whereby the potential employee MUST understand and sign before he/she is even considered for employment.
Control is the only way to monitor such a situation.
When you consider the enormous cost of maintenance on these things, IT’s don’t come cheap, even if they are working for you, then throw in the down time because the dunderhead got virused or wormed while playing a stupid game, of worse yet, these horrendous Music downloads that take up incredible amounts of space and then the user complains that the computer is slow?
The Computer is No Good??
That’s when you show him the affidavit that he/she signed coming in and remind him/her that the next time, it will be a fee to be paid or termination.
A Laptop is company property, not their own and it should be treated in the same manner as a business accessory.
Bored? Go have a Pizza or something but leave the Computer alone, unless you want to be charged for the repairs.
There’s the answer.
Accountability and Responsibity for one’s own actions.
Regards
Aaron 😉

Yeb, y’re right

In reply to Accountabity /Responsibilty Clause

The problem with this comes in when upper management want to bend the rules just for their own sake. And worse tell their workers they have to get those “nice” programs to.

In fact they are undermining their own set of company rules. Then the complaints come in about bad response times on the local/company’s LAN/WAN.

So every now and then you have to make upper management aware of the issues/problems they get the company into if not staying with good company rules.
[i] best done when ever upper management feels the urge to let slip the rules to their own “benefit”. [/i]

Rob

I certainly agree

In reply to Yeb, y’re right

Agreed an well put.
Aaron

Here’s how.

In reply to How to convince users to use their computers only for business related work

Lets go back to dos. 🙂

Here’s a twist on consequences

In reply to How to convince users to use their computers only for business related work

First make sure you have documentation/logs of all the work you’ve done to fix user-caused problems. And have a list of the associated costs to the company.
Now go see the CEO and convince him/her that these are behaviors that departments are choosing to allow to happen; and that logically, the cost to correct those problems should be docked from their annual budgets and reassigned to the I.S. department.

Easy: pay us!

In reply to How to convince users to use their computers only for business related work

Specify allowed use, prohibited use, and fire us if we disobey.

DUH.

How to convince users to use their computers only for business related work

In reply to How to convince users to use their computers only for business related work

I suggest you to have policy in your domain that you can limit users from doing what you do not want.

Also you should spend in getting solutions, such webcontent filter and email content filter, and concentrate in your security, you will have better and controller environment.

Khamis Awadh
Infrastructure Specilist
Team Leader DSS
Injazat Data Systems

[Author]

Replies