IT Professionals

The Importance Of End-User Policies And Procedures Part I

Posted by on May 1, 2008 | One Comment

Do end users in your company call the service desk wanting assistance with applications unsupported by the company? When your technical support analysts visit user workstations to troubleshoot problems, do they find problems are the result of the installation of unauthorized hardware?

If so, your help desk and tech support staff are spending time fixing problems that could be avoided. When any user in the company can install applications or add new hardware, the results include an undue burden on tech support, security breaches, loss or compromise of data, spread of viruses, and increased use (waste) of precious network bandwidth.

So what can companies do to prevent end users from installing unsupported software or hardware? Simple: implement policies and procedures.

Written policies should be established that define who can install what and who can do what on company computers. Then, wherever possible, put in place operating procedures that prevent users from breaching your written policies. These can include things like monitoring software, group policies, or even making changes to the workstation’s registry to prevent users from doing things they shouldn’t.

  • http://www.ustream.tv/channel/datalore Datalore

    Hi Diana,

    I would also recommend that from the outset of new employees starting in a company, that all but the hard disk, cpu, monitor, keyboard and mouse and network card are the only pieces of harware that work.

    I disable the DVD drive, USB ports, sound card (where it is not an aid to the user) and floppy drive (where there is one installed!) and other removable drive slots from Windows’s Device Manager, and then the BIOS.

    Applications only supported by the company are preinstalled (Office, AV, Browser etc.), and the OS it patched and up to date. The IEAK is a godsend!

    And lastly the Group / Local Security Policies are put in place to enfore a user-level profile and disable (or enable a ‘disable’) features such as installing apps or hardware like USB drives, etc. I also restrict one-user per PC, and have a Default USer profile setup within the netlogon share so that a new user automatically inherits the corporate desktop layout and group policies set out for existing users on existing machines.

    9/10 times I find that what users try to install are non-essential or a compliant workaround can be put in place. If users cannot see all of these (vunerable) access points to a PC, then they usually are too afraid or stupid to look. :)