Interestingly, one of the lessons Johnson has learned is to avoid tweaking the standard desktop -- even for IT staffers. "Less than 1% of our IT staff have admin rights," says Johnson. "But we do give people room to roam. We don't say 'You can't use that application.' We're happy to deliver it, as long as we can deliver it virtually," to any employee, he says.
St. Luke's is a bit unusual in how it locks down administrative rights, even for IT staff. Ed Boyle, a consultant with SecurityCurve, says the tactic makes the enterprise more secure. In the long term, there are "saved dollars in overall fewer security issues."
Travelport: Taming the Rogue Employee
Based in Langley, England, Travelport is a 3,500-person company with offices in more than 160 countries that provides transaction processing for the travel industry, including many major airlines. For its standard desktop, the company has taken a fairly aggressive stance about administrative rights and whether an employee can install his own apps.
The company uses Altiris , now owned by Symantec, to manage the standard desktop. Senior architect Rob Moore explains that as soon as a new employee turns on his work computer, the core OS image is updated with a few standard applications such as Microsoft Office 2010, Adobe Flash and Adobe Visual Communicator.
Requesting software outside of the norm is a fairly easy process and involves a call to the help desk to gain access to a software repository, which contains hundreds of applications; Moore declined to give an exact number. The company chooses software that will not interfere with the core enterprise applications, and it upgrades to the latest versions only if Moore's team knows that the back-end processing required for core applications has not changed much. The 25 to 30 people on the help desk are well acquainted with the approved applications.
However, because the company's workforce is highly distributed throughout many countries, Moore says Travelport has locked down workstations more firmly than most companies do. Users can request a unique application like Google Chrome, but it won't become part of the core offering. In fact, he says, since streamlining the standard desktop, rogue installs have been extremely rare. To add software, an industrious end user would have to rebuild his computer from scratch.
Here's one lesson Moore has learned: Maintain a core standard desktop that is hardware-independent, even as you develop standard images that are department-specific. There may be some variance, but most of the efficiency in the organization comes from having the fewest possible deviations.
Advocate Health Care: A Large Enterprise
For smaller companies, standard desktops are easier to develop and the processes are often easier to manage. But for larger companies, every change to the standard image and core applications is compounded quickly.
Sign up for Computerworld eNewsletters.