User lock down

In many big companies it is quite normal to lock down most features at the desktop that would allow the user to adjust settings and install software. Basically there are strong limitations for the user.

I can understand the reason, why this is done: To reduce security risks and to avoid users accidently change something that they don't know how to change back.

So the overall lock-down is a way to reduce required end-user support.

The other side of the medal is:
  • Every person is different and hence works in a different way. Hence the same configuration can't be the optimum for all users.
  • Depending on the position different additional tools might be interesting for different users boosting their productivity.
  • For the most users it is simply demotivating when they are locked down.
  • Users will find workarounds for many lock-downs (e.g. using http://portableapps.com/ on a memory stick).

Because of the disadvantages I want to point out alternative options:
  • Lock down only where and when necessary.
    Some users - especially the beginners - either prefer a lock down. Those are the users who have some fear in front of a computer to mess something completely up. Other users have detailed know-how on how what operations to avoid and how to prevent themselves from viruses as good as possible. You could introduce a point-system or simply lock down a users PC only when a particular support time per month is exceeded.
  • Set a time limit before pushing default configuration.
    In some companies when a user calls for IT support, there is a maximum time of 15 or 30 minutes to solve the problem - otherwise the user gets a new image (with default configuration). That way it is ensured that your staff does not loose plenty of hours to solve end-user problems.
  • Train the users.
    Train them security and other basics (who to distinguish executable files from data files, where to never confirm approvals in popups, don't running executable attachments from emails, how to properly install and remove software etc etc etc). The user who is aware of the risks cautious and prudent.
  • Migrate to Linux on the desktop.
    Linux is more secure and less prone to break down after several software installations, uninstallations or upgrades. Also backup of local settings is easier. And it is a proven fact that Linux users require less support - even if they are no geeks! Everybody I talk to, who gives Windows and Linux support, tell me that and this is matching my own experience.

Related posts: Your holy machine, Why Linux?, Going Linux, The community.

No comments: