Lock 'Em Up

Jonathan Feldman replies: I'm not suggesting that we return to the wild and free days of Windows 98, when everyone would hit ESC at the login prompt. But I do believe our ability to create a virtual mainframe should not be used indiscriminately.

Like it or not, employees can take charge of their workstations simply by resetting the administrative password. While I don't endorse the practice, I'll bet there's someone at your organization who has already done it. This sort of thing happens when you have plenty of memos and policies but not a lot of meaningful communication between end users and IT.

Tell users why it's bad to violate your AUP (acceptable-use policy) and why they should want to be part of the solution, not the problem. Let them do their jobs within the scope of your AUP and required restrictions.

As with most everything else in life, there's got to be give-and-take. Although local administrative privileges shouldn't be granted cavalierly, delegating some measure of authority is inevitable, given the nature of Windows today.