Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Should IT Shops Let Users Manage Their Own PCs?

Zonk posted more than 6 years ago | from the hairy-question dept.

Security 559

An anonymous reader writes "Is letting users manage their own PCs an IT time-saver or time bomb waiting to happen? 'In this Web 2.0 self-service approach, IT knights employees with the responsibility for their own PC's life cycle. That's right: Workers select, configure, manage, and ultimately support their own systems, choosing the hardware and software they need to best perform their jobs.'" Do any of you do something similar to this in your workplace? Anyone think this is a spectacularly bad idea?

cancel ×


Sorry! There are no comments related to the filter you selected.

in the perfect world... (5, Insightful)

AdamReyher (862525) | more than 6 years ago | (#22944404)

In a perfect world this would actually work. But then we'd run into pirating like crazy and companies being sued all of the the place. I certainly support a more liberal approach to what employees are allowed to use on their machines, but restrictions certainly need to be in place.

Re:in the perfect world... (4, Interesting)

MooseMuffin (799896) | more than 6 years ago | (#22944522)

We already run this way at where I work. We're a small place and there's no in-house IT department. If one of us in development needs more ram or a new harddrive, the procedure is to go buy it and install it yourself and give management the bill. Nearly everyone is savvy enough to handle this on their own, and if you aren't its easy enough to ask someone to help you.

Re:in the perfect world... (5, Insightful)

ushering05401 (1086795) | more than 6 years ago | (#22944734)

Hardware is one thing. Software, and the BSA, is another.

Your shop may be small enough to avoid attention, but allowing users to install their own software could put a company in hot water fast.

Re:in the perfect world... (5, Insightful)

fm6 (162816) | more than 6 years ago | (#22944566)

There are better ways to deal with piracy than locking down computers. Nowadays, companies face all kinds of legal issues: discrimination suits, corruption investigations, export control laws... The standard solution is to force your employees to attend a bunch of brief classes covering these issues. I had to work through a half-dozen online lessons when I got my current job.

Piracy has nothing to do with the fondness of IT departments for locking down user computers. Really, it's a response to nitwits who fancy themselves experts and know just enough to get them into trouble. Of course, it's pretty frustrating for those of us who really do know what they're doing, but face it, we're a tiny minority.

I worked as a site tech in one place... (4, Interesting)

DaedalusHKX (660194) | more than 6 years ago | (#22944790)

A government institution, to be precise, and the locals were using government computers, government media (CDR's) and various other resources to pirate everything from Windows to Games for Windows... and you know what? I was nearly fired for bringing it up. Taking action with my "superiors" in IT over what I perceived to be a legitimate issue, and being not only stonewalled but also treated like scum, is what resulted in me tendering my resignation shortly thereafter. Total time on job? Less than a year... far less. Reason? Dirty business practices. Yes, this was a SCHOOL... these are the people teaching your kids what to think, and possibly (in rare instances of "good teachers") even how to think. Another example of government "honesty" and examples of justice. Piracy reigned, and when notified, my "superiors" felt offended that I did not remove the offending software. After much correspondence and arguments, and nothing getting done, I finally got fed up and left. There is a reason schools enjoy Linux like pricing on software. So many of the teachers pirate everything in sight, with full oversight of the various officials.

And then they teach kids that "crime doesn't pay". Talk about hypocrisy.

Another reason to pick up homeschooling.

Run it for an imperfect world (5, Informative)

Gription (1006467) | more than 6 years ago | (#22944588)

We have 7 techs supporting 2000+ computers in 800+ offices. We give guidance but we don't tell them they have to run them any any specific manner. The biggest advice is, "Boring is good".

License compliance is one detail were you can't offer any wiggle room. There are a number of good auditing software (including some free ones!) that will report on the installed software. That will keep you out of legal trouble.

Re:Run it for an imperfect world (1)

CowboyNealOption (1262194) | more than 6 years ago | (#22944674)

Can you post which software auditing packages you use and/or recommend?

How do you handle the following issues? (3, Insightful)

khasim (1285) | more than 6 years ago | (#22944890)

1. User just deleted a "critical" data directory/file.

2. User just deleted an OS directory and their computer will not run.

3. User kept everything on his/her local drive and it just caught fire.

4. User wants an email from 3 years ago that user had deleted from his/her last computer 2 years ago.

5. The legal department wants all email to/from Mr.X, Mr.Y and Mr.Z.

6. User keeps getting infected with viruses.

With centralized control, all of those are simple. Once you start allowing users to choose what to run, how to configure it and so forth, all of those become major issues.

Re:in the perfect world... (2, Insightful)

Captain Splendid (673276) | more than 6 years ago | (#22944634)

But then we'd run into pirating like crazy

How silly. TFS said the users got to manage their own PCs, not the routers or switches ;)

Re:in the perfect world... (4, Insightful)

homer_ca (144738) | more than 6 years ago | (#22944718)

For a microcosm of this problem just look at users with local admin on their computers. Some people do fine. Other are always getting infected with crapware or calling with stupid questions, e.g. when they wanted to install printer drivers, but installed 300MB of printer crapware with 3 tray icons they don't understand.

Re:in the perfect world... (2, Insightful)

Phil_At_NHS (1008933) | more than 6 years ago | (#22944782)

Depends on the user. If a user wants to do something on their own, I determine if:

1) They REALLY need it to do their job.

2) It has potential to really screw things up for more then just themselves.

3) They have the brains to deal with typical issues themselves,

4) They have the brains to know when they are really about to screw the pooch, and stop before that happens.

Then, as long as I am comfortable with the answer to question (2), I make my suggestions, and inform them that if they wish to install something, they can, but I am not supporting it, if it screws up their system, fixing it will be a low priority for me.

I generally find that few people who are not really up to the task of self support decide to install, and the few that go on are generally not much of a problem.

Of course some things, like P2P, are a "Flat No Way in Hell," period.

This is coming from someone responsible for about 70 workstations, 20 of them laptops.

Letting everyonee do it "free for all" style? Only if I am not supporting them, and I would feel truly sorry for those that are...

Re:in the perfect world... (5, Funny)

KillerCow (213458) | more than 6 years ago | (#22944796)

"I'm trying to make an Internet on my desktop but I can't get the file to program."

Can those people really manage their own machines?

Re:in the perfect world... (2, Insightful)

rikkards (98006) | more than 6 years ago | (#22944810)

I think it would work, user can do whatever they want... as long as the IT Admin can audit and dole out punishments like the angry fist of god. What's that? you installed utorrent and are sucking up all our intertubes bandwidth? Well I guess we will be unplugging you from the network since you can't act like a grownup and do your job.

Works for me.

Re:in the perfect world... (3, Insightful)

COMON$ (806135) | more than 6 years ago | (#22944858)

It is already widely done, check out college campuses and any college student.

BAD idea (0)

Anonymous Coward | more than 6 years ago | (#22944412)

I'd say this has "bad idea" written all over it, but my PC just blue-screened.

mixed feelings (4, Interesting)

the4thdimension (1151939) | more than 6 years ago | (#22944418)

Bad idea for those that run shops with people who are clueless to computers. These types of people are walking disasters for the entire IT dept. Good idea for those young-ins that know what they are doing with computers. These types of people not only already save the IT dept. a lot of hassle(I personally help numerous people in my area with computer problems that might otherwise get relegated to IT), but they will know how to work and manage all the software and tools that they opt to install.

Re:mixed feelings (1)

MoonlightSeraphim (1253752) | more than 6 years ago | (#22944466)

Its all good as long as the stuff they install is not for Home Use Only and they didn't remove that pesky "Activate Me ..." message with a magical file they found on the i-net somewhere without paying a penny

Re:mixed feelings (2, Interesting)

JJNess (1238668) | more than 6 years ago | (#22944470)

I went from administering a community college to an engineering firm's branch office... big difference in user trustworthiness. As it is now, we only make sure that licensing is respected, but users are Power Users and are still pretty wary about their machines, calling me or my supe up before doing anything major. To not have to hold hands anymore, like the math instructor who didn't know how to copy/paste in Word back at that college... that's a blessing!

Re:mixed feelings (1)

qoncept (599709) | more than 6 years ago | (#22944592)

People that think they aren't computer illiterate are a bigger problem. Even if they're right. Thank god cleaning up their mess isn't my job.

Select own software? (1)

MoonlightSeraphim (1253752) | more than 6 years ago | (#22944426)

Let them select everything on their own? I have a 72 years old guy in a next cubicle ... I don't think the man knows the difference between a CPU and motherboard ..

Re:Select own software? (1)

another joe (1132353) | more than 6 years ago | (#22944506)

Unless he is building/maintaining hardware,why should he?

Re:Select own software? (4, Funny)

vertinox (846076) | more than 6 years ago | (#22944626)

I have a 72 years old guy in a next cubicle ...I don't think the man knows the difference between a CPU and motherboard ..

I don't think he knows the difference between a 401K and lottery tickets either.

Re:Select own software? (4, Insightful)

peragrin (659227) | more than 6 years ago | (#22944834)

My old(as in previous) boss is finally retiring at the age of 80. he was still working a 55-60 hour work week.

He didn't need the money, but did it so he wouldn't get bored. I have another friend who is 63 has 4 seasonal jobs to keep himself busy and gives him just enough extra cash to play. he doesn't need the work, but he works to keep himself going.

You don't have to stop hard when you retire, you just change priorities.

Sure (5, Funny)

Dan East (318230) | more than 6 years ago | (#22944428)

Sure. I'm getting them to write their own software too, but the learning curve is a little steep. We would like to have them fabricating their own chipsets by 2010. Of course we'll have them start with FPGAs first before actual silicon, because that only makes sense.

Re:Sure (2, Funny)

moderatorrater (1095745) | more than 6 years ago | (#22944546)

Of course we'll have them start with FPGAs first before actual silicon, because that only makes sense.
Good idea. And while you're at it why not give them a mint, tuck them in at night and make sure that they have all their stuffed animals. Do you want employees or pussies?

Re:Sure (1)

Scooter's_dad (833628) | more than 6 years ago | (#22944582)

Do you want employees or pussies?

When I envision myself with a harem, I do not see myself surrounded by employees.

Re:Sure (1)

LiquidCoooled (634315) | more than 6 years ago | (#22944548)

OK, I'm finished designing it.
Where should I put the spreadsheet for you?

Re:Sure (0, Flamebait)

Otter (3800) | more than 6 years ago | (#22944724)

Sounds like you should be in charge of OLPC 2! Just give those kids a fluorescent green plastic case, and they'll be taping out the CPUs of the future in no time!

As for the original topic: that's frequently how it is for corporate Mac users. You can have your machine, but don't expect IT to come in and break it for you like they do with the Windows computers.

Web 2.0? (0)

Anonymous Coward | more than 6 years ago | (#22944436)

What in the fuck does this have to do with the Web, much less whatever 'Web 2.0' is, you inane retard? Kill yourself.

Re:Web 2.0? (1)

denis-The-menace (471988) | more than 6 years ago | (#22944474)

With 2 stories in a row with "web 2.0" in them, I guess that's what's needed to be posted on /.

Depends where you are, and how mickey mouse (0)

Anonymous Coward | more than 6 years ago | (#22944444)

Real companies have an IT dept that manages things. If you're some cool 10 person 'web 2.0' shop or whatever maybe you can get away with shit like this. A company that has typical users CANNOT do this. Some of my users are IT savvy people, most aren't. They scratch their heads when it comes to anything over and above logging in and opening the business software.

Two Computers... (0)

Anonymous Coward | more than 6 years ago | (#22944446)

At the last two companies I worked for my desk had two computers, one to essentially read email and use Outlook and another where I actually did my work (software engineer). We weren't allowed to muck with the 'corporate' email computer but were free to do almost anything we wanted with our dev machines. The corporate system was more capable than my development box. What a waste!

Re:Two Computers... (1)

lahvak (69490) | more than 6 years ago | (#22944686)

I have seen the same. My previous job was at a community college, where I had two computers on my desk. One of them was brand new fairly high power machine running windows XP. This was the official machine I was not allowed to mess with, and I needed it to access the college intranet, which required internet explorer. Basically I used it twice each semester, once at the beginning to download rosters for my classes, once at the end of semester to turn in grades. Next to it was the machine I used to do the rest of my work: at least 6 years old machine that was officially discarded and which they gave to me so I could run Debian. I didn't complain, I was glad they let me plug it into the network. I wasn't the only one with similar setup, the chair of the chemistry department also had two machines, except that she used Windows 95 on her work machine. Needless to say, the college was very proud that all their faculty have brand new very capable machines on their desks.

In a young company, maybe (1)

Beavertank (1178717) | more than 6 years ago | (#22944450)

When your company is full of young, tech savvy, computer literate people then maybe. But the vast majority of the places I have worked have been half (if not more) full of old semi-luddite completely computer illiterate people who, if left to pick their own computers, would be as likely to come back requesting a PDA as an actual computer. As for running their own maintenance... once again, only with a younger company. Unless the "older segment" of the company is very tech savvy, i.e. engineers/scientists and have all been using computer their entire professional lives, then this sounds like an absolutely terrible idea.

Re:In a young company, maybe (2, Insightful)

sarhjinian (94086) | more than 6 years ago | (#22944730)

I don't think "young" or "tech-savvy" are necessarily the virtues you think they are: I've supported a group of "young", "tech-savvy" developers and network people who insisted on purchasing and adminning their own machines. What did it get us? More SQL Slammer/Blaster/Worm-of-the-day infections per capita then the rest of the company.

We ended up putting them on their own network and cutting them off the WAN fairly often because they couldn't patch, protect or resuist opening every random attachment they came across. Yes, they ran Windows by and large (one guy had a four-processor box with eleven VMware images, all infected with something), but these were supposedly "young" and "tech-savvy" people who didn't need to be controlled and could be trusted to patch their own machines.

At least they didn't place many support calls.

In a big shop, someone needs to either rule with an iron fist, or self-adminned machines need to be sequestered into the own network and allowed exactly zero access to company data. Heck, even in a small shop there has to be one person designated to kicking ass and taking names. People have day jobs--even IT people--that would get in the way of proper maintenance and someone needs to ensure that:
  • Stuff gets backed up
  • Stuff is secure
  • Stuff doesn't screw up other stuff
Yes, even "Web 2.0 aware hipsters" need to do this, and it's not their job any more than bookkeeping or balancing cash would be.

Re:In a young company, maybe (0)

Anonymous Coward | more than 6 years ago | (#22944844)

Maybe a PDA would meet their needs better than an "actual computer"?

Bad idea? No, but... (0)

Anonymous Coward | more than 6 years ago | (#22944460)

I think that if The User is savvy enough, then yes. This is pretty important anyway, as we've still not figured out how to toaster-ify our computers. In fact, I think we never will. Trying to make something DAU proof will merely invite a dumber DAU.

We tried that with cell phones. (1, Funny)

Anonymous Coward | more than 6 years ago | (#22944468)

After letting users pick their plan, phones and cell providers and having ***$900*** cell phone bills each month we said "You will pay for anything over $85".

Surprisingly the bills dropped to about $85 and they let us manage the plans.

As a IT guy like so many others - the reason users don't manage their systems is a) they can't and b) it's better for the company if professionals do it.

Tagging? (5, Funny)

fuocoZERO (1008261) | more than 6 years ago | (#22944476)

Any idea why this article hasn't been tagged "whatcouldpossiblygowrong" yet?

Re:Tagging? (1)

Nimey (114278) | more than 6 years ago | (#22944584)

Maybe Taco finally blocked the 'tards who kept tagging the same things all the time.

One Size Cannot Fit All (4, Insightful)

dhavleak (912889) | more than 6 years ago | (#22944482)

So the answer is basically, "it depends".

For security reasons its always important to manage the AV, updates, etc. on the machine.

If you have important IP on laptops, it becomes even more important to have a good policy to manage machine health, rather than leaving it to individual discretion.

And finally, if you have well-defined and relatively narrow roles for which machines are required, again it makes sense to lock them down.

So depending on how much of the above is true, the answer will vary, but in general IT shops should not trust users to manage their own machines especially because users really don't know much when it comes to keeping a machine secure.

Give them choice (0)

Anonymous Coward | more than 6 years ago | (#22944484)

We all cry for choice in our software.... let the users do the same. Let them choose to either manage their own system and they can purchase/upgrade/sell whatever they want and, when it blows up, they reinstall. Or let the IT department do it and then they can get the ugliest locked-down no-fun non-root access box to play with. Also the servers aren't theirs so anything users put on there is still subject to corporate rules but otherwise let users be smart and just let them know when they break rules (illegal content sharing that could get the corporation in trouble, or propagation of viruses from their system, etc.).

Anyway, someday when I'm the administrator I'll do it this way, or try to at least.

I should be so lucky (5, Insightful)

elrous0 (869638) | more than 6 years ago | (#22944486)

If I tried to go through my IT department to get anything done, I would never have time for work. Basically, I have to work from my home computer to get anything done. My work computer is absolutely worthless (can't install any software on it, most of the internet is blocked with Websense blocking software, takes months to get any software approved for it). Basically, I just finally told my boss that I would buy my own personal equipment and software and set that up at home. It serves me well, as I do freelance work at homne anyway.

If I went through IT at work, I would still be using Photoshop 5.0 and some ancient version of Pagemaker. They're so slow (and this is a true story, honest to God) that the last time they approved any work software for me, the company had stopped making the version they approved before they finally approved it.

Re:I should be so lucky (1)

nbannerman (974715) | more than 6 years ago | (#22944596)

If your IT Department is that bad, surely other users are raising the same concerns?

What was the response from management regarding your complaints?

I can choose hardware!? (1)

headkase (533448) | more than 6 years ago | (#22944500)

Of course I need *both* those 3870x2's for ... climate modelling? Yes! Climate modeling, if its gonna rain I'll let you know! Think of the money we'll save by knowing... Ah, to dream - I'd probably get a TNT2 instead no matter what I asked for.

Re:I can choose hardware!? (1)

kalirion (728907) | more than 6 years ago | (#22944788)

You can choose it, but it comes out of your paycheck.

Fuck no (4, Informative)

Nimey (114278) | more than 6 years ago | (#22944504)

Some of my users would and can do a fine job of that, but they're outnumbered by the ones who aren't trained and/or bright enough to be trusted administering their own box. Click on shiny! free tool to clean spyware that it just detected when you visited this website, oh yes. Install all kinds of crap and wonder why the computer's crawling & BSODing. Get us audited by the BSA, etc.

Maybe for the better sort of user, but gods no for the unwashed masses.

April fools (1)

Lewrker (749844) | more than 6 years ago | (#22944510)

is long over. I'm sorry but this could only be a good idea if people weren't idiots.

Middle ground is a good place for me (2, Insightful)

erroneus (253617) | more than 6 years ago | (#22944514)

You can do all the hand-holding you can and they will STILL find a way to mess the machines up. And as long as management sees it as YOUR responsibility to clean up and correct the messes that uses create, you're nothing more than a janitor.

I have expressed the philosophy to various departmental management people that it doesn't matter whose 'responsibility' it is to get things fixed. It matters that things get broken. The amount of down time suffered happens regardless of who owns the responsibility, but can be avoided with more responsible behavior by the users.

I express that "these are your work tools. you mess them up and you're losing money until I can fix it again. There is nothing more I can offer."

I think that hits home with a lot of intelligent leaders.

So yes, give users control over their machines... but make sure they know that even though you're there to clean up the mess, the mess's fall-out is still on them. They will then take better care of their tool... their source of productivity and income.

Computer Illiterate (0)

Anonymous Coward | more than 6 years ago | (#22944516)

Well I'll need a monitor, a keyboard, a mouse, and one of those boxes that makes it go too right?

In a Word... (1)

D Ninja (825055) | more than 6 years ago | (#22944526)


It's one thing to let users do admin work on their computer. There are many IT folks who are knowledgeable a competent and will manage their software well. But, when it comes to configuring, purchasing, etc, etc...ack! I know for a fact, if I was given complete liberty over the hardware that I was using, I'd have my own server. Money and resources need to be managed. Giving a developer a faster computer won't make his work any faster if his current machine is Good Enough(TM).

The real trick is to have an efficient IT support system within the company that actually understands the user's needs. Many times, IT folks are not well trained or just don't care. That's when it becomes an issue.

It Could Work... (1)

FalleStar (847778) | more than 6 years ago | (#22944528)

If maybe there was some kind of test employees could take to ensure that the user is competent so that you don't have clueless employees installing Bonzi Buddy on work systems. Letting people who know what their doing have their systems customized to their liking doesn't seems like it would be a big problem, but you never know I suppose.

Re:It Could Work... (1)

Sciros (986030) | more than 6 years ago | (#22944792)

OMG BONZI BUDDY! I remember that poltergeist! We installed him 6 years ago on my computer (I was a freshman in undergrad then) so that we could have him say stuff like "punch me in the testicles" and random variations on the Arnold's Pizza Shop message. But when that got boring it turned out he didn't want to leave. I don't remember what it took to exorcise him in the end, but it probably involved registry configuration and animal sacrifice.

The answer is yes (4, Insightful)

Overzeetop (214511) | more than 6 years ago | (#22944534)

Is letting users manage their own PCs an IT time-saver or time bomb waiting to happen?
It is both. I'm not sure about the new kids coming out of school, but us old-school computer guys are just as literate as most of the IT folks. The problem is that when we screw something up, it's screwed up pretty badly. I would venture to say that 95% of those who want to manage their computers can do so far more efficiently than the corporate IT staff. The other 5% will likely cause major grief.

For those in IT who think this is not the case, consider your power users. Many really can function - even if not to corporate standards of security or conformity - with very little help. They probably will spend an extra $200-$400 per machine for stuff that has marginal use, but they'll feel better about it and be productive. The problem is that there's that one guy - and everyone in IT know who he is - that is way out of his depth and just doesn't know it. You spend a lot of time praying he doesn't screw up more than his own workstation. The good thing is that considerably more than half of modern staffs will likely just want you to set it all up and keep it running.

In the case for users managing their own PCs, NASA used to be this way where I worked in the 90s. We ordered our own PCs, set them up, installed all software. The IT staff would help get us on the network and keep the network running. There were exceptionally few problems. This was, however, before most people had access to the internet, and predominantly before the web existed.

Re:The answer is yes (1)

Bryansix (761547) | more than 6 years ago | (#22944732)

I think it requires restraint but you can let everyone be local admins and still lock down the network enough to they can't take everyone down. I run everyone here on roaming profiles. All the computers have the same software (for the most part) and users can do whatever they want. When they screw it up I just give them a new computer and tell them what they did wrong and then set the old computer back to the base build. They don't lose anything because everything is stored on the server that is important to them.

You're out of your mind (4, Informative)

Calyth (168525) | more than 6 years ago | (#22944778)

I worked as help desk at a bioinformatics research facility, with roughly 200 people, and I can fit the number of power users that I could remotely trust to run their own machine in one hand. And 3 of them have gone over our heads - one wiped his own RHEL Linux (not that I'm a fan, but it's managed) with his own Ubuntu install, causing us grief when we change settings. He also cause a Kent State Computing Science PhD (who's more like a n00b who can't type his password right) to demand the "same" setup, burning up weeks of time for 2 out of 4 IT staff, myself included. The other 2 would routinely try to install pirated software on work computers.

And we do try to install software in time for our users. We would try to allocate the right software in time, and if there's no reasonable way to do it (i.e. the user can't get the funding), we try to offer alternatives. In the past, yes, the IT department had been sluggish, but the majority of them have left, and we do try to provide good service.

Apparently, in a bioinformatics research facility, most of the staff who do research don't know jack about computers, or how to maintain them. If the users are allowed to manage their own machine, I would spend so much time fixing machines, I would want to jump off the building.

Thank god I left that place. It was bad enough with the existing setup. To think that most users can maintain their machines is pure folly.

Academia (1)

Hatta (162192) | more than 6 years ago | (#22944536)

This works great in academia. IT is never going to know all the weird software I need anyway. The only time I've ever needed to call IT in the past 3 years is to get administrator access or fix a hardware problem. But what works for a small biology lab isn't necessarily going to work for a large corporate call center of course.

Could work if the users are technical enough (2, Interesting)

syousef (465911) | more than 6 years ago | (#22944540)

I imagine this could work and work well in an IT shop full of software developers. However it isn't going to work if the users don't know an operating system from an aardvark. You'd still want some minimal rules like keeping the PC patched and good A/V software if you're running Windows. but I'd say it's doable.

What it isn't going to do is reduce your costs. You might have a very minimal help desk and no specialized staff installing those desktops but that knowledge, time and effort must be spread through the organization. You may also find it harder to get good deals on bulk purchasing depending on how you do it.

Re:Could work if the users are technical enough (2, Insightful)

sarhjinian (94086) | more than 6 years ago | (#22944766)

From my experience, developers are some of the worst people in the world when it comes to systems management. Developers develop; they're not network, security or desktop support people.

I started in end-user support. Developers might be able to write their own mail client, but they're just as helpless when Outlook cheeses itself. The only difference between a developer and an accounts payable clerk in that situation is that the developer (in some of my experiences) can be insufferably arrogant.

Case by case. (1)

wattrlz (1162603) | more than 6 years ago | (#22944542)

You need to be able to evaluate this on an individual basis. Most places I've worked have users who we can trust to do whatever they want and get work done, but I've never heard of a workplace it would have been safe to let everybody have free rein.

Some employees (1)

MT628496 (959515) | more than 6 years ago | (#22944552)

I think that some employees should be able to. Granted, almost everyone in IT probably has Administrative access to their work machines. However, some might not. If so, then it's wasted prodcutivity for someone that knows what they're doing to have to wait for the helpdesk staff to do it. And, let's be honest. The helpdesk doesn't always do everything right.

The question is where to draw the line. Obviously if you or I had to sit around and wait for someone to come do everything for us, we'd be pretty unhappy. What are the chances that there are capable people around that are just getting annoyed with having to go to IT for everything when they are perfectly capable of handling it themselves?

For small companies only (5, Insightful)

SparkleMotion88 (1013083) | more than 6 years ago | (#22944558)

This sort of thing would never fly at a sufficiently large company. Once you get to a certain size, the pressure to "standardize" becomes too strong to resist. I suppose this is reasonable, because the licensing, support, etc. is much cheaper this way. Oh, and arguing that individual choice makes workers more productive is useless: productivity can't be easily measured -- therefore it doesn't exist.

To what extent? (1)

Microlith (54737) | more than 6 years ago | (#22944562)

You can let your users manage their machines, but only to a certain extent before it gets damaging. But at the same time you have the converse, where you have so many users that your IT staff cannot hope to manage every machine.

This is why corporate and network policies are so popular at major companies. Generally the systems are set up to maintain themselves, but are still open to being wrecked by their users. Corporate policy comes into play regarding illegal materials or pirated software being on the machines, and that's usually enough to keep most machines in working order.

Where I work every user has administrative access to their machines, but the network policies enforce the presence of McAfee and various background installers that push security updates when necessary. Not that this stops the more adept users from getting around this (Task Manager running as the system account lets you bypass network policies,) but generally anyone that can do that won't be the first out of the gate spamming the internal network with a virus (that'll be the CEO!)

Reality check... (1)

qlayer2 (1122663) | more than 6 years ago | (#22944564)

Let's face it, the general workforce is in no way prepared to handle their own systems.

The lack of proper firewall and security software of the machines connected to your network should be enough to give any IT staff pause. Add in piracy, and you have opened a pandora's box no company wants to be left holding.

If you run a small business of tech savvy individuals, you could try this out and see how it went. For any company that has information important to itself and the shareholders, it is not a realistic option.

While I understand the concept, the risks are too high to consider it an actual IT plan or solution.

It really does work ! (1)

mikaere (748605) | more than 6 years ago | (#22944570)

The company I work for requires that all workers (who are not employees, but are contractors) must supply their own PC. The company still provides basic development software and OS (Visual Studio 2008 etc), but it's up to us to

a) administer our machines
b) add any software we think may be useful
c) handle our own licences

So far, no issues except for the guy who rebuilt his machine and didn't put on any virus protection. We got hit by a nasty virus that infected a bunch of servers for about a day. I really like having ownership of my PC. I can customise and upgrade it whenever I want. This means just about everyone has dual monitors because they only need to justify the cost to the only person who counts - themselves.

It's just a bad idea... (1)

klubar (591384) | more than 6 years ago | (#22944590)

In most (non-software developer) environments, employees are hired for other skills, e.g., process claims, sell new business, operate a shipping machine, etc. They are not hired for their PC abilities.

In better run companies a centralized IT department can improve efficiency and keep employees focused. It's a waste of money to have some high-paid sales rep, doctor, lawyer, lab tech or financial analyst spend 2 or 3 hours fixing a PC where a trained, less expensive person could do it in a few minutes.

This is where a Microsoft-centric environments really shines--it enables good centralized controls and allows for enforcing company policies. It is perhaps one reason why the Windows OS is so "bloated"--it's really corporate features that the big buyers need. (For example, AD is really useful in corporations, but overkill for the home user.)

Asking employees to manage their own PC is like asking them to be their own package delivery firm instead of using UPS or FedEx. Do you really want your lawyer (or doctor) to be billing you $250/hour while they are installing a new driver on their PC.

Managing PCs might be ok for software developers or specialists who need unique hardware. (As an aside, all software developers should be required to run as a regular user (not administrator) to ensure that the product doesn't require administrator rights.)

Pretty much how it goes (0)

Anonymous Coward | more than 6 years ago | (#22944600)

That's pretty much how it goes with our IT dept. Not because it was a conscious choice.... .but, because we are a very small company and they are lazy as shit.

Goose versus Gander (5, Interesting)

Nakito (702386) | more than 6 years ago | (#22944602)

In the days when I was on a large network, I thought it was a bad practice for the IT department to have better setups than the end users. Some IT people had not just faster computers but leaner images with less integration and less overhead. Their machines flew.

But of course they had no appreciation of how bad it was to be in the trenches. Their computers performed so much better than the equivalent computers of the end users that they often did not realize how hard it was to get work done on a standard image.

When I reached the point where I ran one of the departments, I kept an old standard-image computer as my main computer and made sure I was always at the end of the upgrade queue. My view was that if something worked well on my computer, it would work on anyone's. And if something didn't work well on my computer, then it meant some of my users were having a bad experience.

So maybe if the IT department would just use the same image and hardware as the end users, they'd know enough to provide a decent standard image, which would solve a lot of user complaints.

Users in control? (2, Insightful)

bherman (531936) | more than 6 years ago | (#22944604)

In my opinion, there is a vast difference between what a user "thinks" they need to do their job and what they actually need. Just like any other part of the company you need some gatekeeper for cost control and to make sure that purchases don't overlap. If every user could pick what they needed to get their job done I'm sure you'd see a lot more Quad cores being ordered with SLI video cards. Not because the user thought they needed them, but because they were more expensive so it must be better for them.

If you were in a technology company this might be different because in theory the users would be more knowledgeable about tech products. However in most companies I would guess the users don't know the difference between XP Home and XP Professional, so how can they pick what they need?

madness!!! (2, Funny)

jollyreaper (513215) | more than 6 years ago | (#22944606)

I have trouble convincing people not to set their beverages on the copier while waiting for jobs to complete. Give these people local admin rights and we're going to have smoke and shrapnel.

it crowd (1)

darkstarx420 (1220470) | more than 6 years ago | (#22944610)

My IT guy is scared of me. I usually just leave the room when he insists on going on my machine, because I have the rude tendency to look over his shoulder and tell him he's doing it wrong. I stay on his good side by fixing other people's computers for them, he reciprocates by giving me new hardware when I ask and leaving me alone. Next step: installing linux.

great idea, but will be mostly pooh-poohed. (1)

Toonol (1057698) | more than 6 years ago | (#22944614)

I think most responses to this story will be very critical of this idea. That's because most corporate slashdot readers work in an IT department.

I don't; and if I had management of my box, I would literally have saved weeks of wasted time last year. I'm still doing some crap manually because I don't have the administrative ability to install a perl interpreter on my machine. Every few weeks somebody from IT tinkers with it for an hour, fails to get it working, I report it as a problem, then wait a few more weeks. For all that IT workers are known to hate bureaucratic red tape, it sure seems like they don't shy from foisting it on other areas of the company.

Most incompetent people won't want to mess with their settings in the first place. Give the employees some rights, but just require accounting of installed software, and publish guidelines that must be followed.

Re:great idea, but will be mostly pooh-poohed. (1)

edraven (45764) | more than 6 years ago | (#22944692)

You are absolutely right. You don't work in an IT department.
Most incompetent people won't want to mess with their settings in the first place.
Whooo, that's priceless.

If Ever... (1)

Lookin4Trouble (1112649) | more than 6 years ago | (#22944628)

If ever a story more deserved a "whatcouldpossiblygowrong" tag, I've never seen it =oD

Did web 2.0 magically make end users not stupid? (4, Insightful)

reemul (1554) | more than 6 years ago | (#22944640)

Maybe end users have changed miraculously from when I was still doing desktop support, but I doubt it. IT doesn't develop policies limiting supported configurations just to be mean (generally). They do it because that's all they can in fact support given existing staffing and support metrics. Maybe you can get small numbers of users to be sufficiently knowledgeable that they can support themselves, but the overwhelming majority of users don't know enough, and don't *want* to know enough, to do this. They'd come to rely on some absurdly obscure or broken application, then call IT when it doesn't do what they want it to, and IT would have no idea how to fix it. Plus they'd end up with massive amounts of pirated material. The techs aren't going to memorize the manuals for every possible bit of code a user might take a fancy to, and they certainly can't test every possible combination of applications to test for incompatibilities.

Letting end users choose their own machines and apps sounds like a lovely and empowering idea, right up until the point where they need to call tech support. And find out that it might be days before IT can fix whatever is broken, since they are starting with zero idea what is wrong because of the wacky config. Those days of lost productivity can be hugely expensive compared to the costs of testing a few specific configs that can be easily and quickly supported. Some tech hours of advance testing and some possible minor losses of productivity from using applications that aren't the user's favorite choices are far cheaper than having an employee turn in no billable hours for several days because his computer is down.

Pro's and Con's (1)

Big Frank (921537) | more than 6 years ago | (#22944644)

On the pro side I see:

          Increased employee morale
          Labor savings from having one less IT technician who used to order and set-up laptops and work stations

On the con side I see:

          Increased IT hardware costs (everyone has the best of everything)
          Increased labor cost from high paid users spending days and days researching, ordering, installing and repairing systems
          Increased hardware and software cost from loss of corporate mass purchasing contracts
          Interoperability issues (different software, versions, formats, etc...)
          Exposure to system intrusion, viruses, data loss, data theft, etc...

IMHO looks like the con's outway the pro's (at least with today's technology).

It would be very nice.. (1)

PenguinGuy (307634) | more than 6 years ago | (#22944656)

At the company I work at (web hosting), I have full access to customer's servers. I can delete data, reboot the servers, do anything I want. BUT I don't have any rights on my work PC so I get to deal with the joys of desktop searching or offline files or other crap things. So they trust me enough with customer's data, but not with my own machine...

God I would love to have admin rights for just 5 minutes...if for no other reason to shut off the crap that I don't need.

well... (3, Informative)

Dzimas (547818) | more than 6 years ago | (#22944660)

It depends on the organization. I used to work in a 20 or so person division of a software company in which the technical staff were allowed to configure and maintain their machines, within certain constraints. The funny thing is that the primary development team ended up with the same software on their machines, the consulting engineers ended up with their own tool suite, and the marketing guys just relied on the support staff to keep them running. There were a few differences as far as text editor and debugging tool preferences, but generally you could sit down at any machine and expect it to have everything you needed - a virgin install contained our core tools and network stuff anyway. That said, it was *really* nice to be able to install a necessary program or utility without having to go through layers of bureaucracy.

However, I've also done stints at telcos and other massive organizations where things were incredibly locked down out of necessity/paranoia. I never had too much difficulty getting tools/permissions that I needed, but that was probably because of my role within the IT group. Had I been a marketing guy trying to install some sort of whacky video software, things might not have gone so smoothly.

Re:well... (1)

Dzimas (547818) | more than 6 years ago | (#22944700)

One last thought... It was sometimes a challenge to ensure that we had sufficient license for some of our utilities. Typically, someone would introduce a good tool into the team and everyone would want a copy. That could cause headaches, especially as team sizes fluctuated throughout a project.

The question is too broad (5, Insightful)

Weaselmancer (533834) | more than 6 years ago | (#22944662)

Is letting users manage their own PCs an IT time-saver or time bomb waiting to happen?

It's a good idea if your users have a clue. It's a bad idea if they don't. It entirely depends on the users.

In my shop we're all coders, so that plan would work. In fact it's vital to our work. Originally we were locked down and had to have an admin install pretty much anything we wanted to use. IT became an inhibitor rather than a helper. They eventually had to lift the ban. The policy was in the way.

On the other side of the coin, I've also held IT positions managing users. Giving some of my former customers the keys would have been an immediate disaster. In that case a lockdown was a lifesaver.

This is a terrible idea for my workplace... (0)

Anonymous Coward | more than 6 years ago | (#22944666)

...except for me.

Only if... (1)

ScienceDada (1232890) | more than 6 years ago | (#22944670)

they run Ubuntu on the PCs. Then there will be peace and harmony, and the planets will align (this is /. after all).

We do that... (1)

johannesg (664142) | more than 6 years ago | (#22944680)

Where I work (40 people) we do precisely that: staff select their own equipment and mostly do their own system maintenance on it. There is a support department that can be called for help, and that enforce the use of anti-virus, system updates, etc. For the rest we're free to install what we want as long as it is legal.

And it works great! But I should add that I work for a software house - you'd expect decent knowledge and strong opinions in such a situation anyway. I wouldn't advise the same strategy to places where people have far less computer knowledge, unless of course you are interested in running after your users day and night to fix their problems.

Not a good idea... (0)

Anonymous Coward | more than 6 years ago | (#22944684)

How about..

Cab drivers get to fix their own taxi cabs.
Pilots perform their own maintenence on their jet.

Standard practice for Mac users (2, Interesting)

david.emery (127135) | more than 6 years ago | (#22944690)

At least the last 3 places I've worked. The Mac community helped itself out, at the largest site we had one formally trained Mac tech support person covering probably 150 or more Macs.

Then another place I worked, the one time the tech support people touched my Mac, they screwed it up...

On the other side, I watched an employee of a Fortune 50 company visit another company's location, where the latter would assign you a specific IP address to use. This guy didn't have enough privileges on his Windows box to configure the IP address on it, and of course his corporate help(less) desk's attitude was that they had to have the machine hooked up to the internet to remotely administer it. Catch-22...

Dilbert's "Mordac, Preventer of Information Services" is unfortunately the way of life for most corporate IT departments. When I'm King, every CIO will provide each employee with a charge number against the CIO's budget, when an IT problem prevents that employee from doing productive work.


Our company - not a good example though (1)

scubamage (727538) | more than 6 years ago | (#22944706)

Our company lets people pretty much do whatever they will with our workstations and laptops. Luckily though, everyone here comes with a resume a mile long in the tech field, everyone has at least one tech certification, and most of us have spent the past 10+ years in data centers. So, we have the freedom to do what we want. For instance, on this laptop I have bioshock and call of duty 4 installed (for plane flights, etc when I have no real source of entertainment), numerous training software packages, a couple movies, and a ton of mp3s. A lot of other people have itunes installed along with a small subset of their music collections. So far I've yet to see anything bad come out of 'nonstandard software' - funny enough, the only big disaster we've had was actually when mcafee had a bug in their dat files which led most of our servers to commit suicide. The irony was that this was company software. Luckily though it gave us ammo to get the layer 8 types to switch to Kaspersky. But I digress...
If anything people are more relaxed when they are responsible for their machines. I think there's a mind set to it as well - the computer isn't kept a black box to users. They can play with it and interact with it. They can make it theirs. Its like when a carpenter has a favorite hammer or screwdriver - the others will work, but he'll prefer his or her own.
I think what makes my situation unique though is that everyone here is very tech savvy and security conscious. I highly doubt that in a situation with lots of average Joe and Jane users would our methods work even remotely as well.

It depends on the user and the shop (1)

davidwr (791652) | more than 6 years ago | (#22944726)

Are the users competent to do the job more efficiently than IT?
Is the network configured to treat all machines as untrustworthy OR are all users competent enough to not endanger the network?

If both, then it's not a bad idea. Many engineering shops take this approach. Most other shops do not.

Limited superpowers (2, Insightful)

ZerMongo (1129583) | more than 6 years ago | (#22944742)

I work for IT for a decent-sized department at a university -about 200-300 machines. All purchase requests go through us, but we usually get what they ask for (as long as it's a Dell or an Apple, but mostly because we have institutional deals with them and they're on the cheap). We set up XP (Vista only if the user wants it). We lock down antivirus and things like that, but for the most part the sub-group they're in has admin privileges on all their machines - but no one else's. When things get fubar'd, they call us to fix it. If it's something they could have avoided, we'll try as hard as we can to fix it. If it's something stupid ("I opened an e-mail attachment") it may take us a while to get to it. YMMV.

It should be something to think about... (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22944746)

especially if it's not Windows. I use a Mac at work and it's a HUGE productivity killer as a customer service rep for an internet hosting company. I don't just use a single application (so uhm, mac PS'ers and FC users, or whatever that use like WHAT?! 2-3 applications at once maybe? This is not flamebait!). I am required to use numerous applications and rapidly go back and forth between: email, CRM software, terminals, FireFox, iChat, Parallels, and some textedits. Without tabbed browsing... this machine would die a horrible death by way of my foot to it's 'skull'. I am typin this in parallels running Win XP. I hate when I actually have to use Mac. They tout the OS as be simple to use. Yea, cuz it's made for simple people. Just like I prefer Windows 2000 over XP or Vista or whatever. Windows 2000 treats the [primary] user as an administrator, that's what I consider myself. I don't like being treated by the OS as a stupid user who needs excessive bullshit that I either disable... or can't(FUCKERS!)! I don't want to be asked for a password if I install something. I don't want the computer to waste it's cycles on excessive GUI, animatons, shadows, anti-aliasing, cleartype, whatever. I want intelligent functioning of the UI iteraction. And on a LCD screen... aliased text looks way better to me. Very sharp, and very clear. No ambiguity. Compare a bold anti-aliased font with a non-bold one... it can be deceivingly similar (unless I wanna put my head to the screen). And ClearType makes stuff look like crap, waste cycles, and makes stupid rainbows around text that looks awful (with black on white text). Doesn't seem to be a big issue with brigh text on black.... Perhaps it could be adjusted to negate from the BG color to improve the look to a more solid, consistent color.... I used to be a programmer (for 8 years), but got tired of selling my soul for inadequate pay. I'm such a geek.

I didn't read the article, but . . . (1)

Tanman (90298) | more than 6 years ago | (#22944772)


Clueful, Clueless and those in-between (3, Insightful)

spaceyhackerlady (462530) | more than 6 years ago | (#22944800)

Depends on how technically savvy the users are.

Technically clueless users wouldn't know what to do anyway.

Technically savvy users need little more than an IP address and a beer to do the right thing. Hell, our sysadmins consult with me to help figure out how to do things right.

The middle ground is the one that makes me nervous. The nouveau-techie little bit of knowledge types are the ones that scare me.

I've installed and configured everything in my cubicle, and have root/admin access as well, because I need it. This is as it should be. I do not have root access to our main file server, because I do not need it. This is also as it should be.


Sure, if it's not one of the 5 users... from Hell (1)

eepok (545733) | more than 6 years ago | (#22944812)

Slashdot posted this well-accepted article a while back [] and it described the 5 users with whom an admin hates to deal.

1. The Know-It-All
2. The Know-Nothing
3. Mr. Entitlement
4. The Finger-Pointer
5. The Twentysomething Whiz Kid

Given that there are more of these than there are "Dream Users", a "Web 2.0" approach may not be the best idea.

However, speaking from the lips of one of the "Dream Users", I'd like to have a bit more freedom on *my* workstation. As it is right now, I cannot write to the program files directory nor install any program that requires registry entries. That means no compatability updates, no utilities (Acrobat Reader), etc. I can't streamline boot up, reduce RAM usage-- any of the things I would do on my own with an out-of-the-box machine without any fear of technological repercussions.

So, no, don't give everyone self-governance abilities, but please utilize the bomb-ass users you have. Help them help themselves!

Power Users (1)

WarJolt (990309) | more than 6 years ago | (#22944818)

You're lucky if your IT guy even speaks English well. Often times communicating the problem is hard enough. Then you have to wait for them to schedule time. IT has always been a mess. I've always been frustrated when an IT guy had to come over and type in a password to change something on my machine. Two days later it's broken again. It's really pointless. I use IT for network infrastructure and maintenance. Someone has to tend to the server. Individual machines can be handled by power users. Some of us have had computers since we were old enough to speak. We know how to use them. If I need to use a corporate app I'll RDP into a windows server or ssh into a linux server. That solves many problems. The IT guy only has to maintain the server for me, so he becomes more effective. I'm only using the server for corporate apps, so it's not likely to get messed up by me or any other user when trying to install a new game. All that only works if you're savvy enough to run your own machine. IT doesn't need to spend time with those people. If you can't support yourself then you should request a locked down computer, so IT can handle your problems quickly.

I have something like that. (1)

grahamd0 (1129971) | more than 6 years ago | (#22944826)

At my workplace we can do pretty much whatever we want with our computers as long as it's legal. I take my machine home and play games on it all the time. (My work laptop is actually a faster gaming machine than my desktop.)

It seems to work out pretty well. I haven't seen any big problems from it.

Which question? (1)

himurabattousai (985656) | more than 6 years ago | (#22944832)

In an IT shop, why wouldn't you want the employees managing their own computers? At the very least, it helps to keep them in practice. At the best, it helps them to be more productive. IT people tend to be much pickier about how they have their machines set up and have the ability to get to that point.

As for everyone else, the percentage of people in an office setting that are competent enough to be trusted is much, much lower. Also, given that corporate environments have a heavy emphasis on conformation and uniformity, that's the last place you'd want people making that decision.

The general rule that I've seen is that the larger the set of computers that needs to be managed, the less control you want the individual users to have over management of their machines. They can take it personally all they want, but, as much as I dislike saying this (I really do), no (large) corporation should ever let its employees use their own machines for business work or give its employees any more control over their work machines than pushing the power switch to turn it on.

Our company does! (1)

TibbonZero (571809) | more than 6 years ago | (#22944846)

We have a small Plone/Zope consulting firm (10-15 developers + project managers + designers, etc). We let our employees and subcontractors do whatever they want. If they want to use vi, emacs, textmate, or whatever the like then they can. We have people running OS X, Ubuntu, Debian, etc. Everyone chooses their own IRC clients, chat clients, etc.

Obviously this doesn't work in ever environment. You can't have the kid at the register at WalMart saying that he wants to use a different embedded OS in his cash register. We have smart people working for us and it's their job to know computers. As long as the job is done, we don't care.

The only downside being that we sometimes want to do something together that gets tricky to standardize then (video conferencing, screen sharing, screencasting) that doesn't work always great in all linux distros. That's rare however. Also since we let people choose then everyone gets very opinionated when it comes to choosing a piece of software that everyone MUST use (like project management tools, document sharing, etc).

YES! (1)

AioKits (1235070) | more than 6 years ago | (#22944868)

And while we're at it, you can leave me in the cigar shoppe overnight to safeguard it's contents. You can trust me!

We get to choose (1)

SpaceWanderer (1181589) | more than 6 years ago | (#22944876)

At my workplace, we're pretty much left on our own with our computers. We usually get to choose our own hardware (within a budget), software, OS, etc. For some of us, there aren't any problems, so this works great. And if we need something, IT support is available. But for some at my workplace, this is very very bad. For example, several people here can't resist clicking on the "YOUR COMPUTER IS INFECTED" or whatever malware teaser pops up while they surf the web or read email. So, every few months, they hopelessly infect their machines and have to call IT support. Then the IT support guy comes over and spends a week recovering their data and reinstalling everything, etc. Same thing goes when ordering hardware. The same kind of person who clicks the virus.exe popups, finds 10 super cheap brand new Dell workstations on ebay for less than $100 each. He can't resist the bargain, so he orders them and they're mostly DOA. Dell tech support won't service them, because there is something wrong with the service tags and some questions about the legal status of their ownership. Then the work IT guy gas to come over again and waste countless hours and money trying to get a couple of them working.

IT approved software -vs- User downloaded software (1)

Pyrophor (1255862) | more than 6 years ago | (#22944888)

There is all kinds of great software out there for the users to download and manage themselves like gain gator, weatherbug, myCoolWebsearch, and so on. Oh yeah, lets protect ourselves too, I can't WAIT for the phone call from the guy that installs 5 different AV softwares, Norton Internet Security, and puts Zone alarm on his PC... "Um, my internet if broken.. do I have to buy more internet or can you get me some more?..." -- Actual question. This really needs to stay in the hands of IT.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?