As an IT pro, I am offended and amused at the same time.

In my experience (that's "experience," not merely opinion), if we don't lock down company computers, the users *will* visit every malicious Web site they can find, they *will* install every damnfool useless time-wasting application, and (what is significantly more troubling) they *will* grant malicious software permission to install itself and siphon both sensitive personal and company-owned information to unknown third parties.

Any of our users who want Firefox can get it; all they have to do is ask. What we *won't* do is grant the ability to install it themselves, because Windows doesn't have the ability to distinguish between useful (or even harmless) software and trojans, and most of our users refuse to learn it for themselves.

As someone in IT, I can say "NO. They get what I give them." I cannot tell you how many people f--k up computers trying to do simple s--t. There's a reason the acronym PEBCAK exists. Users are most dangerous when they think they know what they're doing when they don't. They'd have to stop being idiots if they want restrictions lifted, which isn't going to happen anytime soon.

As an IT pro, I agree with the previous statement. Typical computer users are too stupid to use a computer. They either load harmful material, illegally download copyrighted material, or go to porn sites.

Let's just take all the cops off the street too. Drivers can regulate themselves, right? Or would the drunk drivers and 10-year olds be too much of a problem?

Yes, sometimes things are too restrictive. But a broken iPhone app that's free could result in tens thousands of dollars in tech support calls. Multiply that by the population of an unregulated community, and the iPhone wouldn't be worth producing.

You cry babies who want your FireFox and openOffice. Grab a shovel and do some real work baking under a sun.

I hope this guy is kidding. Sure let users decide what they want to install and while we are at it, lets let occupants design buildings. Surely you don't need a knowledgeable professional to design a stable reliable and functional building any more then you do a stable reliable, functional computer.

Anyone who thinks that "people" should have the software they want has never had to support those "people." Even in a controlled environment they manage to screw things up. What kind of chaos would it be if their IT departments had to support 5 browsers 3 word processors and 50 stupid social networking widgets?

I also am a IT professional I work in a health care environment with many users with vastly different levels of computer knowledge. That being said the Twaddle that this person has written is the kind of crap that has cost me hours of time fixing what these so called advanced users such as Larry Finkle have done or installed. The problem is the mind set many users have that the computer on their desk is somehow their property. Well it is not it is a tool that is provided by your company to do your job and if your company has a half decent IT department then the tools that you need to do your job within the requirements specified should be installed Period. Now as for Firefox and some of these other wonder apps again I can not count the after hour or weekend calls I have gotten because somebody is trying to use something incompatible with the different specially written software for our facility that we run.

Amen to each of you who have responded. Only someone who's never had to SUPPORT the end users would think that leaving the gates wide open is a grand idea. We have PCs mostly locked down and they STILL manage to completely screw up their PCs. And when you are supporting over one thousand desktop computers at a company, letting each person run whatever they feel works is completely non-productive and harmful to the company as a whole. Compatibility between users is a requirement. With a staff of four to cover support how are we supposed to support every hair brained random app a user decides they want to use that day? You want weird apps? Great, go home and install them. Use them all you want a home. Don't put them on the corporate network though. Screw up your own pc, not the company one.

@Larry Laffer.
You just hit the nail on the head my friend. We used to allow users to do whatever they wanted and all it did was send our help desk staff on a daily trip around the building fixing user created issues. then we locked them down like an 18th century virgin and low and behold, a huge number of issues stopped happening. Let the stupid people mess up their own computers but if it is going to waste my time, screw that!

Screw you...you elitist IT jerks!
I should be able to Twitter and Facebook all I want.
If I get an enticing pop-up that says that they have pix of Jessica Simpson nekkid...I should be able to click on it.
Who cares about all the malware?
It aint my personal pc!

heh...j/k guys.
Although, there are some valid issues that are presented in the orignal article.
I have run across many issues created by the net-nanny bots that have hindered my progress at times.

Overall though, I gotta side with IT...they may be behind the times with some apps, but there usually is a valid reason. Its only the lazy IT people that give those bogus answers though. Most IT people are on the ball.

@Larry Laffer...lmao..locked down like an 18th century virgin. gotta remember that one.

Here's a question I'll pose to any who feel IT rules and restrictions are hindering them, do you want Itunes on the computers that control water flow of an aqueduct system? Or how about Excel (unpatched mind you) on a server with sensitive and critical data on it? If we let end users get what they want, expect social security numbers flying through the internet, bank statements from anyone available to anyone who wants it. As end users don't know how to secure or patch computers, it is our job, the IT to keep everything secure. Now imagine if IT had to take care of all software loaded onto every computer, without standardization, ITs will have to know what is on who's PC, be versed in it and take time from duties that actually require their attention. As companies don't want to hire more IT, you'll be stretching IT thin and with that, IT will leave to a company that is less stressful.

We don't make rules to make your life tough, we make rules to keep data valid, available and confidential. We want the business to succeed and we will do what we can to do so while maintaining C.I.A.

Honestly those who think security is to constricting tends not to use their hardware for business use.

Follow-up note: After reading the entire original article and quite a few of the professionally-written followups by IT pros, I want to state for the record that Farhad Manjoo should never, ever be permitted to use any technology more complex than a toaster, and certainly should not be allowed in the same room with a cell phone, computer, or Nintendo Wii. Farhad Manjoo is either a master of hyperbolic sarcasm or a willfully-ignorant fool who is too dangerous to be permitted on any corporate network. Prudence tells me that the best and safest bet is that he's a dangerous fool.

And whoever wrote the cover at DVICE should go count his fingers until he understands the difference between "safe" and "convenient." 75 years might be long enough.

can anyone say "ID10t" problem?

You know, being in IT at a university and seeing these "users in training", so to speak, makes me think of how much work future IT departments have in front of them. Now, I'll be honest, I haven't graduated yet, but I have worked with the school's IT group and been helping them regulate users and the network (got my CCNA too :P) and it seems as though many of the people entering the work force today are even more dangerous than ones of the past.. They've grown up around technology and think they have a good handle on it, but have never taken the time to learn proper security or anything about software compatibility. Really, from the position of a network admin, I don't deal as much with the end user, but I've seen the kind of havoc they can cause when they end up with network propagating worms, running torrents in the background and they kill off everyone else's bandwidth or they bring in their own "router" from Wally world and end up screwing with the carefully laid out systems involved in network management.

And, yes, a 1D-10T error is what I would describe most users as :D

Also speaking as an IT manager, I agree that there are SOME users out there who actually know what they're doing at a PC. Given an opportunity to do something stupid or do something smart, they'll usually do something smart.

That group is in the minority, however. My company doesn't have an 'official' internet usage policy... unfortunately. I've had to rebuild 6 computers due to virus infections. I've rebuilt 4 more due to performance issues because the users SOOO loaded down the computer with crap I couldn't completely remove that it slowed the computer to a crawl.

I've been begging the powers-that-be to establish a usage policy and at least partly lock down our computers. I've lost DAYS out of my life covering for people here who were too ignorant to avoid doing something stupid, despite my many warnings on what to look out for.

I have no desire to turn our IT department into the Kremlin. However, for the sake of other computers, users and servers here, we need some kind of control.

You all really think all of us as idiots don't you? you know about 80% of the problems are caused by 20% of the users (or some other unequal proportion) If you can identify the idiots you could apply appropriate restrictions to the ones who need them. this would of course require time and money, but so does everything else. this would leave you dealing with the occasional moronic screwup normal people occasionally engage in.

No one is talking about opening up machines that have to be secure, just the average workplace desktop. nobody is talking about taking the blocks off porn or blatantly dangerous websites, just the oft visited and useful bits. done right it'll still mean more work for IT people, having to go out and find out what the users need, but the results will likely be worth it.

Wow, thanks all of you for reinforcing every sterotype for IT 'pros' everywhere. Keep up the good work.

Im from the other side of this situation i work at a certain office supply store in the copy and print center our computers are locked down so tight that we dont have access to start menu functions copy and paste or my computer funtions and we need these things to do jobs daily for customers. someone in this compay thinks that all the stuff we do for customers can be done with ease without those key funtions. something need to change here!

Here's my two cents (from the IT world)...it's not YOUR machine! it's a work device. a tool provided for you by your employer to do a particular task. The argument is equivalent to saying "you issued me a cell phone, so what's wrong with calling my friend in Madagascar for 12 hours?"
And in the end, you can get taken out by a roving attack panda and we'll still have to get that machine ready for the next drone, so no...we really DON'T care about YOU as a person. There's a job to do and you do it and we'll do ours. If you KNEW enough about computers to be trusted you'd either (A) already be IN the I.T. department, or (B) know how to get around it when we're done. Deal with it.

@Anonymous - Gladly :). I'm due for a "we need to take down your computer for maintenance while you're almost done playing your flash game" anyways, so I'll go ahead and get on that. ;)

Also, I just realized how knee-jerk the title of this is "Your restrictions are stupid..." *cues pouty face* :P You know, users who are unnecessarily restricted have only fellow co-workers to thank. Most IT depts. don't put restrictions on things unless these things have ended needing to be restricted in the past due to the fact that someone kept doing something to screw it all up. Basically, the Pvt. Pyle of the group. Time to throw that guy a blanket party :P

Your comments all made me very happy.

Perhaps, it would help suggesting, that IT pros tend to overlook the vast variety of qualification their brethrend tend to have. Thus providing varying companies' PCs with a plethora of different security setting ranging from sensible to downright mindless.

It is indeed a problem that computers are trying to be user friendly. As a tool a computer is about the most complex thing we have invented yet, but due to it's usefulness, application designers try to make it useable to the masses of people who don't want to spend 10+ years learning the intricacies of the inner workings of computers. which is at first glance a rather laudable thought.
however, it creates a problem. no craftsman worth their salt will use a tool without understanding how it works. you don't use an axe if you don't understand what it does. that would be dangerous. admittedly, it is also very easy to learn the correct way to handle an axe. with a computer, not so much. thus IT pros are required to handle users who have no idea about the tools they handle on a daily basis.

As it is customary, one has to pull a solution for this problem out of one's nose and who am i to question that tradition, so here goes:
I would like to throw the ball back into the application designers' court. If someone along the line decided to make computers easy to use, they appear to have stumbled somewhat. I can see a LOT of improvement, but i also see a job glaringly unfinished.

i think it's fine to declare a complex machine easy to use. provided of course, it actually is easy to use.

sam

I'll make you a deal, stop doing stupid crap with company owned equipment and I will lift the restrictions. We both know that is never going to happen.

Well, my company won't let us do simple things like defrag hard-drives without requesting special admin privileges. So we request the privileges just to be able to basic things--and we get full privileges to install anything we want. We get so many IT forced startup software items (encryption, firewalls, backup s/w) that are all valuable but clearly the lowest-bidder slowest functioning crap available--it takes 10-15 minutes to boot a laptop.

And I worked at another (also large) company that was too cheap to put any sort of firewall and antivirus protections in the system--until AFTER a trojan shut the place down for a full week.

We users realize that standardization and protections are necessary--the general disdain for IT comes not from that but from our direct experiences with IT professionals without people skills or technical skills--clearly, this is a subset of experiences, but the next time you treat a non-techie user like an idiot, remember there are idiots in your profession, too.

True Story: I could not log into my work computer at all--it worked, but no account access of any kind. I called the Help Desk to put in a ticket, and was told repeatedly: we will email you a new password so you can log in. I repeatedly explained that the reason for the ticket was that I could not log in, and I would not be able to log in to email to obtain the password that would allow me to log in. This confounded several persons at the help desk, until I got someone who finally grasped the concept--I said if you can call me on the phone with the new password... No, they were not allowed to make outgoing calls, nor could I call a rep directly. Again, almost grasping the concept, he said I am not allowed to call you, but I can email you so you know when to call me to get the password! I asked if I could just hold the line for the password: no, we are not allowed to give out passwords over the phone!

You can see where this is headed. I finally got hold of a manager who was local, and he solved the problem--called me when my account was restored, gave me the new password, and voila!

BTW, the account was down for technical reasons--IT changed the renewal procedure from a written form to an online form--my manager had filled out both, as I was in the transition period. They took neither one.

So go ahead and be smug about how smart IT Pros are and how stupid your users are. Keep it up, make sure we know it. IT will continue to be outsourced, and it will partly be because users and managers do not perceive the value you bring, or will be tired of tolerating attitude.

I know there are stupid users, and stupid IT types. Let's not paint everyone with the same brush--collectively users are not as stupid as you say, and collectively IT folks are not as useless and impeding as users think. Let the exceptions be exceptions and not stereotypes.

I have worked in IT for over 25 yrs, first as an engineering tech, then as an IT tech on help desk, lately as IT Admin for my company.

I have a mix of users that sit at a dedicated PC/desk, and others that are floaters (50/50 mix). The dedicated PC users have local admin rights for every 9/10 users - my floater users only get regular user rights. 99% of my admin problems come from the floaters.

I can say without any doubt, that IT departments that restrict ALL user access have MORE day-to-day problems then those that allow most of their local users to have admin rights to their PCs. I have dealt with this over the years at various places I have consulted, and IT shops that lock down PCs require many more people resources to manage and keep their systems stable.

Best advice - (if you are a Microsoft shop) use a good Small Business or Enterprise anti-virus/spyware management product like TrendMicro, use something like the Tea Timer feature in Spybot Search and Destroy, and keep up with your security patches. Make sure you have a good spam firewall for your email. If you have users that are prone to visit places they shouldn't, remove their admin rights. Last, for added protection, put a content management feature on your firewall - so that you can ensure the truly malicious sites are not visited by your users.

I was in the IT industry for over ten years, as a programmer outside the IT department, As a systems admin inside an IT department, and as a desktop support person both inside and outside IT departments.

I've see lazy IT department personnel and cheep managers trying to reduce head count do silly things such as remove windows explorer so they don't get "My folder has disappeared!" calls. (Why did the accountant cross the road? Because it said here on line seven of the procedure…. Imagine how many procedures stopped working that day)
I've also seen public service IT managers lock down defrag rights so they get more calls to the help desk and can therefore justify adding more people to their empires.
I've seen users try to install their own video cards in corporate SFF PCs (messy). I've seen an incompetent one armed tech try to reset the bios on a PC with a large pair of pliers....without turning it off.... (There goes the magic smoke...)
I've been asked to install a PC video card into a laptop by an expensive consulting electrical engineer. I've spent the day fixing up another engineers laptop after he tried to hook it up to his TV to watch a movie....

Moral of the story: Idiots are everywhere. Both inside and outside IT. But then so are very very bright, competent people. Of the five people I know at work that are most regularly asked for advice on home IT issues (networking, ISPs, PC setup, content streaming to their TV, anti-virus products, anti-malware products, etc) none of us works in IT at the moment. (I got sick of being treated as a PC janitor, so work is paying me to retrain and get 1/2 and Elec. Eng. degree, the rest is up to me)

The IT managers that want to reduce their depts. to the IT equivalent of McCharnels will always loose the best people. Those that are left will try to compensate by limiting what the users can call them about. This results in complaints to the next level up who replace said managers with others who are told to win back the love of their user base.
The IT managers that don't try to their depts. to the IT equivalent of McCharnels, will get abused by the next level up, until they leave.

And so around and around it goes...

For private industry this cycle usually takes between 1 and 3 years. For the public service this cycle usually takes between 5 and 10 years.
I have watched one manager play both strategies during different phases of the cycle and thus keep his job. He may be our next EIO.

There are no blanket solutions. Recognise where you are in the cycle and use it in what ever way helps your productivity.

Good luck!

This Manjoo person is quite the moron. You have to treat the users like the little whiny babie's that they are.

Lock them down tight as possible and tell them to shut the hell up! Spend too much time cleaning up their messes. If they don't like it, then take the damned computer away from them!!!

I've worked in places where access requests to additional software and internet sites/services were considered on a case-by-case basis, and quite a few were granted. Need access to a particular YouTube video for an upcoming case? Done. Need to install Firefox because you're part of the corporate website programming team? Fine. Want to be able to change your desktop background to a picture of your grandkids? Knock yourself out, and what the hell, we'll give that access to everyone in the next minor update.

However, it was simply astonishing how many requests dried up and disappeared when the requestor was asked precisely how this would help them to do their actual job. It was amazing how many times someone tried to concoct a reason for taking sports-scores sites or internet radio stations off the web gateway filter.

Fortunately, I never managed to run across anyone trying to get a porn site unblocked, but I bet someone tried it at least once.

I say we let users have COMPLETE, FULL control of their workstations as soon as they have to pay $$ out of their own pocket when they screw things up.

Here's a nice analogy that applies perfectly to computer users:

When you go to a zoo, you see all of those nice, playful monkeys behind the glass or cage bars. They look so nice, and probably wouldn't hurt a soul if they were allowed to roam freely throughout the zoo interacting with the patrons. HOWEVER, there are FEW (usually) stupid ones that throw feces, bite people, and cause all kinds of trouble. Because of these few, ALL of them have to be locked up behind bars and glass.

I'm sure this analogy will be wasted on (and probably offend) most people. However, I truly hope that anyone who has spent at least 6 months doing some kind of IT support is able to laugh and relate to this.