Is it common to have no control over your work computer?

Question

I posted a comment on /. the other day, and somebody responded with something along the lines that people may be browsing at work where they have no control over which browser they are using.

This struck me as kind of odd, as at work, I'm allowed to install whichever software I want, so long as there is nothing without proper licensing. Maybe I'm just part of the minority, because I work for a small company, and I'm a web developer, so installing lots of different pieces of software is part of my job. However, even when I worked for the government, I never had a computer so locked down that I couldn't install the web browser of my choice on it, and I've never seen a policy which would want to stop me from doing so.

Is is common for computer professionals (which I imagine a large number of /. users are), to have absolutely no control over the software running on their computer, the software they need to get their job done well and efficiently? I could understand for office secretaries and stuff, who would be more likely to install screen savers and smileys (aka viruses), but for computer professionals, it just seems like completely over the top.

What are your experiences with restrictions of what can be installed on your work computer?

Answer 1

I know of some companies where you have to ask permission to install every piece of software (you're not an admin in your PC).

For all of the offices I've worked in, however, I have free reign over my PC.

Answer 2

A lot of programmers and technical staff have admin access to their own workstation, but most other employees do not.

A big part of including Cassini (the built in web server) in visual studio was removing some of the need for web developers to have admin access to their machines.

Answer 3

I work in a bank, and they lock the computer environment down for financial compliance legislation reasons.

However for developers, they provide us with an alternate, individual logon that has local admin access without network access. This allows us to install most things in a manner that will reduce the instance of viruses by not allowing network access during the install.

I think that this is an elegant and workable solution. In general, I don't think that a locked down desktop is a hinderance once you are set up, it just makes the first two weeks a bit painful.

Answer 4

Most of the computers in our company are configured by the IT department, and are automatically updated over the network when patches are required. These users have no control over their systems and have to put in a ticket to have software added or changed.

Some groups (like our software development group) are given local admin rights to our computers because a) we can actually maintain them in working order (barring hardware failures) and b) we are constantly changing our development environment because of the demands of our projects.

Answer 5

at larger companies - and quasi-governmental agencies - we had to fight for admin control over our own development machines, without which we could not debug our own software, much less install the tools/utilities/libraries that we needed to do our jobs

yes, many users at larger companies use PCs that are completely locked-down. With good reason, mostly - it's far too easy for someone with too much access and too little knowledge to download and/or install something heinous that infects/affects the entire company

that and license violations can get expen$ive

Answer 6

It varies. At my last company we had to have IT install every piece of software once they had 'validated' it. This validation seemed to involve check to make sure that the programme's name was "HugeVirus.exe". At my current company not only can I install what I want I can pick the operating system and even have input on what sort of computer is ordered to replace my desktop when the time comes.

Answer 7

Extremely common.

I used to think it was unnecessarily draconian, but having seen the states people let their computers get into I can see why the practice is so common.

However it is rather a shame when policies like these are extended to technical staff who really should be capable of managing their own machine.

Answer 8

I'd originally wiped XP on my Dell to install Gentoo Linux, then got bored one day and switched to Ubuntu. Not long ago I got a new Dell with Vista and immediately replaced it with FreeBSD so that I have the same software on my desktop as on our servers.

My boss doesn't know any of this and couldn't possibly care less. As long as I do my job, he has zero interest in what I use to do it (as long as we're licensed, and my coworkers ask for - and receive - the commercial software they want).

Usual? Probably not, but that's been my requirement at every place I've worked and so far no one's resisted.

Answer 9

I work onsite as a contractor to the US government, and we're lucky to have IE7 and Firefox 3.0. No chance of using Chrome, Safari, or Opera. They're not "approved". We have to submit help tickets to have the software we need to do our jobs installed, whether that be Visual Studio, MATLAB, or even just a Visual Basic Add in to link Access and Outlook. Depending on which IT tech gets assigned to your help ticket, this can take 1-2 days or 1-2 weeks.

Answer 10

In a previously life I worked as a DOD contractor and we were restricted as to what we could do with our Windows boxes. The IS department was the Administrator on all of them. We were restricted as to which apps we could run, but they didn't care too much about browsers.

Our linux boxes, however, were administered by our group and we did whatever we wanted on those - the IS guys didn't know anything about Linux. :-)

At my shop the devs install what they need to accomplish their jobs. Nobody cares what browser you use or if you use some open source alternative to MS Office or anything like that. In the end, we are trying to get things accomplished and the devs are trusted to not do stupid things. I like that way of doing business.

On customer machines, we follow whatever rules the customer has, of course.

Answer 11

I work in IT for a well known bank. Their policy on information security enforces extremely strict policies. Many are imposed based on government regulations. The main idea is that confidential information cannot leave on unmoderated channels. Our internet access limits any and all email sites, social networking, file storage, even flickr.com is blocked. So basically, very little fun on the interwebs.

Likewise, the area is also physically locked down. USB ports are disabled, so you can't use flash drives. Cell phone use in the office is illegal, as are cameras.

Aside from security, when managing thousands of PCs it makes it really easy to manage OS patching, software upgrades, etc. when all the PCs are Dells and the users don't have foreign software running on them. Not to mention, the cookie cutter PC limits the administrative burden of users breaking their own systems in various ways. Without this setup, I'd love to see someone attempt an overnight SMS deployment of a third party app to 2000 PCs and not have it blow up when people come in for work.

This is basically par for the course with any company that is concerned about security and/or ease of administration. Though, I will admit it's almost like they try to look for anything fun to do and block it.

Answer 12

Most computers in our department are partially managed. Most staff and all technical staff are admins and can install software, but some policies are controlled via GPO and some updates are pushed via SCCM. I just got included this week in the managed set. They asked first, and I said yes based on what they were planning to do as it was basically the same things I had already been doing. I'm a little concerned that someone might decide to image my machine remotely some day, but I guess that's what backups are for, right.

With security concerns what they are these days, I would expect managed or partially managed solutions to become increasingly common as companies are required to meet standards for data privacy and accountability.

Answer 13

I have been pretty fortunate in that, at all of my previous jobs, I have had local admin access to my PC, and the ability to install whatever software we had a valid license for. Typically the IT departments at these companies are pretty lenient with their restrictions for developers, and IT support staff, but much stricter with your average user (Often extending to not allowing any customisation at all, even stopping screen saver and desktop background modifications).

But I think it depends on the company. I know, the place I worked at previously, I was given the hardware (Case, motherboard, processor, Drives, Ram, etc) and the required installation discs, and told - "Right, your first task is to put it together and make it work." At least if you install the OS yourself, you are sure of having local admin rights (as long as the IT department isn't feeling malicious).