• Great articles on other sites
  • RSS Great articles on other sites

  • Featured, News - Written by on Wednesday, January 19, 2011 13:21 - 5 Comments

    Fed Govt to maintain locked-down desktops

    The Federal Government’s peak technology strategy group has published a significant new policy that lays out common standards for deploying new desktop PC and laptop enviroments for the entire public sector in Canberra. However, workers frustrated with their lack of control over their work computer may not find much to like in the document.

    Traditionally, many government IT departments have maintained direct control over the desktop fleets they administer — restricting users from installing their own applications and customisations without permission. Although many employees dislike the restriction inherent in such policies, IT managers and government administrators have argued successfully that they allow sensitive government information to be held securely and for staff to focus on working during business hours.

    It appears the trend will continue under the standard operating environment policy issued by the Australian Government Information Management Office yesterday.

    The document states that “by default”, staff are not to have accounts which grant them privileged access to their PC. In addition, the workstations themselves should be configured to ensure unused features were removed or disabled, and the configuration and updating of machines should be done centrally by the desktop support provider — and not by the user themselves.

    Alternative web browsers such as Firefox and Chrome are currently gaining in popularity around Australia, with many workers finding their open and extensible nature delivers them advantages over the browser that is the default for most large organisations — Microsoft’s Internet Explorer. However, AGIMO’s policy states users must not be able to install their own “unauthorised add-ins” to their browser, and the browser software itself must be centrally managed.

    Any email clients used must be able to work offline — so that users can still work if they are disconnected from the corporate network — and AGIMO has set Microsoft’s Office Open XML format, which is not supported by a number of alternative office suites, as the default document standard. Users are not to be able to halt anti-virus activities on their machines, AGIMO wrote — or firewall software, with the aim of making sure security standards were maintained. And logging and remote access by administration staff must be possible.

    AGIMO has been asked to comment on to what degree it believed some of the standards outlined in its policy document had the potential to hinder efficiency within the Federal public service and restrict alternative software from being used.

    When queried this morning, a number of current and former government workers laughed off the Federal Government’s current desktop software strategy as a bad joke. One former public sector staffer said at his previous workplace, he had been locked out of installing new applications or drivers, or even changing his background picture or saving files to his desktop. Calling the help desk to get fixes done was also problematic, he said — as even for a 10 minute fix, internal billing would show the change as having taken two hours, increasing government expenses.

    Another former government worker said it was her normal practice to take her MacBook Pro into work and use it instead of the Government-supplied desktop — emailing herself reports and documents to be worked on and then sending them back to her work machine.

    One worker at the Australian Taxation Office bemoaned the fact that the agency still used Internet Explorer version 6 — first released in 2001 — and most of the staff who spoke to Delimiter about the matter communicated their frustration with the fact that they were still forced to use Windows XP — also first released in 2001.

    Not everyone was unhappy with the state of affairs, however. One user said they were able to use Windows 7 (the 64-bit version) at work, with 6GB of memory. But, they noted, they had control over their own desktop environment — which most government workers didn’t.

    Image credit: Microsoft

    submit to reddit


    You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

    1. Thateus
      Posted 19/01/2011 at 10:17 pm | Permalink | Reply

      It’s hardly woeful that some places are still using XP – you could have been forced to use Vista… Sometimes it’s just best to use the classics.

      One of the current workplaces I contract to about 30% of systems are “user updated” – which is politically correct term for “what? what is a patch?”. Those systems are first to the wall when the first network replicating worm shows up…

      On the flip side you can choose between XP/2003/2008/Win7 (no Vista), Office 2003/2007/2010… want local admin? ok you got it. You stuffed your machine? ok here’s a fresh image. Where are my non-standard apps and C: drive data? ok you lost them…

    2. David
      Posted 19/01/2011 at 10:46 pm | Permalink | Reply

      This is news ? hmm.. this is common practice and for good reason.. users will, in general, get a more reliable, more consistent computing experience if you stop them installing their own apps and drivers.
      Having worked on Standard Operating Environments (SOE’s) for hospitals, utilities, mining companies, corporate and government areas – if you have an environment where users can do what they want, then you have chaos. People downloading and installing all sorts of crap, and then wondering why their machine falls over all the time – or the network is flooded with torrents…
      If you gave admin access to all workers in say, a 1500 user company, a service desk of 3 which would previously have been able to cope, would probably now need to be a service desk of 15 to have any chance…
      No I’m not making this up, I’ve consulted on the support calls, user downtime before and after a proper Managed Operating Environment is deployed, and without fail, they have an ROI of less than 1 year when you measure support costs, and improved user efficiency.

      Having a proper Managed Operating Environment (MOE), you have applications that are deployed (through whatever mechanism you have decided (SCCM, Altiris, app-V, Citrix, RDP.. whatever) based on your role and profile on demand.
      When done properly, the MOE gives you and environment where the PC is like a DVD player, if it breaks down get a new one, plug it in, and you have everything, instantly.. all your apps, your flow chart program, your video editing software, your desktop shortcuts, your documents, your email signature.. are all there without any intervention from IT

      If you had been able to do what you want, and therefore installed stuff from the Internet, friends, etc, then how does IT give you back something they didn’t build/configure… how do you get all those shareware, ‘borrowed’ or illegal applications back on your machine…trust me, the user will be unproductive for days trying to work out where they got it all from
      .. stoping users from changing the look and feel is probably going a touch far though

      A proper managed environment promotes efficiency, and ensures users can actually collaborate (standard formats for documents, project plans, presentations, etc)

      .. and I have not even started on the security aspects.. which should be obvious, and have many aspects (remember a company is liable if the staff install illegal software… that alone is enough to justify this policy)

      Now I’m not saying that government departments have a proper managed environment, their restrictive, badly designed and costly outsourcing arrangements in most cases result in an out of date software, and poorly performing service desks.

      That is not a fault of the locked down SOE/MOE strategy, that is a fault of their senior IT management not having a clue on how to define requirements, and how to manage their IT suppliers

      One key theme that seems to be missing from this article, is the fact that IT systems are there to allow a business to function efficiently, and perform the work it needs to …. most organisations are only part way through Windows 7 deployment projects, because XP was solid and reliable, and Vista was crap
      It would seem to those who actually work in the industry, and have to build and deploy systems for many thousands of users, that the AGIMO are thinking very clearly indeed

    3. Posted 09/12/2011 at 4:07 am | Permalink | Reply

      I will crack ANY microsoft product. Test me. (as long as done without being watched and my way/rules – just leave me with machine and IT IS DONE).

      • Dean
        Posted 09/12/2011 at 7:32 am | Permalink | Reply

        Cool story, bro.

    4. moldor
      Posted 22/02/2012 at 2:56 pm | Permalink | Reply

      Where I work (Bank) we have everything locked down tighter than the Feds are proposing. Installation of software is tightly controlled, as is Admin rights (IT staff and some dev’s only). It works well.

    Leave a Comment


  • Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:

    Follow us on social media

    Use your RSS reader to subscribe to our articles feed or to our comments feed.

  • Most Popular Content

  • Enterprise IT stories

    • Super funds close to dumping $250m IT revamp facepalm2

      If you have even a skin deep awareness of the structure of Australia’s superannuation industry, you’ll be aware that much of the underlying infrastructure used by many of the nation’s major funds is provided by a centralised group, Superpartners. One of the group’s main projects in recent years has been to dramatically update and modernise its IT platform — its version of a core banking platform overhaul. Unfortunately, the $250 million project has not precisely been going well.

    • Qld’s Grant joins analyst firm IBRS peter-grant

      This week it emerged that Peter Grant, the two-time former Queensland Whole of Government CIO (pictured), has joined well-regarded analyst firm Intelligent Business Research Services (IBRS). We’ve long had a high regard for IBRS, and so it’s fantastic to see such an experienced executive join its ranks.

    • Westpac dumps desk phones for Samsung Android mobiles samsung-galaxy-ace-3

      The era of troublesome desk phones tied to physical locations is gradually coming to an end in many workplaces, with mobile phones becoming increasingly popular as organisations’ main method of voice telecommunications. But some groups are more advanced than others when it comes to adoption of the trend. One of those is Westpac.

    • Ministers’ cloud approval lasted just a year reverse

      Remember how twelve months ago, the Federal Government released a new cloud computing security and privacy directive which required departments and agencies to explicitly acquire the approval of the Attorney-General and the relevant portfolio minister before government data containing private information could be stored in offshore facilities? Remember how the policy was strongly criticised by Microsoft, Government CIOs and Delimiter? Well, it looks like the policy is about to be reversed.

    • WA Govt can’t fund school IT upgrades oops key

      In news from The Department of Disturbing Facts, iTNews revealed late last week that Western Australia’s Department of Education has run out of money halfway through the deployment of new fundamental IT infrastructure to the state’s schools.

    • Turnbull outlines Govt ICT vision turnbull-5

      Communications Minister Malcolm Turnbull has published an extensive article arguing that the Federal Government needed to do a better job of connecting with Australians via digital channels and that public sector IT projects needn’t cost the huge amounts that some have in the past.

    • NZ Govt pushes hard into cloud zealand

      New Zealand’s national Government announced a whole of government contract this morning for what it terms ‘Office Productivity as a Service’ services. This includes email and calendaring services, as well as file-sharing, mobility, instant messaging and collaboration services. The contract complements two existing contracts — Desktop as a Service and Enterprise Content Management as a Service.

    • CommBank reveals Harte’s replacement whiteing

      The Commonwealth Bank of Australia has promoted an internal executive who joined the bank in September after a lengthy career at petroleum giant VP and IT services group Accenture to replace its outgoing chief information officer Michael Harte, who announced in early May that he would leave the bank.

    • Jeff Smith quits Suncorp for IBM jeffsmith4

      Second-tier Australian bank and financial services group Suncorp today announced that its long-serving top technology executive Jeff Smith would leave to take up a senior role with IBM in the United States, in an announcement which marks the end of an era for the nation’s banking IT sector.

    • Small business missing the mobile, social, cloud revolution iphone-stock

      Most companies that live and breathe the online revolution are not tech startups, but smart smaller firms that use online tools to run their core business better: to cut costs, reach customers and suppliers, innovate and get more control. Many others, however, are falling behind, according to a new Grattan Institute discussion paper.

  • Blog, Enterprise IT - Jul 5, 2014 13:53 - 0 Comments

    Super funds close to dumping $250m IT revamp

    More In Enterprise IT

    Blog, Telecommunications - Jul 5, 2014 12:12 - 0 Comments

    What should the ACCC’s role be in guiding infrastructure spending?

    More In Telecommunications

    Analysis, Industry, Internet - Jun 23, 2014 10:33 - 0 Comments

    ‘Google Schmoogle’ – how Yellow Pages got it so wrong

    More In Industry

    Blog, Digital Rights - Jun 30, 2014 22:24 - 0 Comments

    Will Netflix launch in Australia, or not?

    More In Digital Rights