Font Size

Locking Down Workstations


Computer/Internet/Software Articles
Submit Articles   Back to Articles

For years the office PC was truly a personal computer. Whether a standalone system or part of a network of PCs, the PC was controlled by the user. He or she had access to all files and folders, could install any applications, and had unquestioned control over settings and use. The PC was a revolutionary tool, making workers more productive and more informed-there was little reason to question such unfettered access.

But cases of abuse arose, such as excessive web browsing, gaming, and other indiscretions. Acceptable use policies were eventually established which were intended to assert the employer's ownership and control over the PC while sanctioning a certain amount of personal use. The reality was, of course, that there was little the employer could do to monitor and enforce such policies.

“ With recent developments in operating system security, such as Microsoft's XP group policy management, systems administrators are able to greatly limit the access and control long enjoyed by users.”

In fact, recently there has been a dramatic backlash. IT organizations are imposing draconian lockdown policies upon user workstations which prevent any installation or change to the system. This addresses the abusers, but also undermines some of the advantages of the decentralized, distributed workstation for those trustworthy and conscientious workers who need some flexibility in their computing environment. In addition, harsh lockdown policies send a message of distrust and suspicion to employees, which is contrary to the service-oriented spirit IT should be fostering.


A sensible approach should be taken in managing user access and in implementing group policies. Although administrative access should be viewed as a privilege and not a right, a middle ground can be taken which accommodates the interests of both IT departments and users.

1. Workstations in common or high-risk areas should be locked down to allow access to specific applications only.

2. A range of profiles with varying levels of privileges and access should be offered, and managers should be allowed to make judgments about who should have which profile.

3. Although full administrative access should be the exception rather than the rule, profiles for trusted workers should be open, disallowing only high-risk activities such as changing IP addresses or modifying rules.


Managing IT resources and network security require good risk management. But managing risk does not mean eliminating risk. You must balance the need to secure IT resources against the goal of providing the organization with quality IT services. A one-size-fits-all lockdown approach to workstation management is an easy solution to controlling and securing workstations, but it is not service-oriented. Offering a tiered approach to workstation lockdown and leaving the decisions to managers may be the best approach to accommodating competing interests.

About the Author

Jonathan Coupal is the Vice President and Chief Technology Officer of ITX Corp. Mr. Coupal manages both the day-to-day and strategic operations of the Technology Integration Practice Group. Among Mr. Coupal’s greatest strengths are evaluating customers’ unique problems, developing innovative, cost effective solutions and providing a “best practice” implementation methodology. Mr. Coupal’s extensive knowledge and experience enables him to fully analyze client systems to recommend the most effective technologies and solutions that will both optimize their business processes and fulfill immediate and future goals. Mr. Coupal and his team build a high level of trust with clients, establishing ITX as their IT partner of choice.

Mr. Coupal holds certifications with Microsoft and CompTia, including MCSE, MCSA, Security+, Linux+ and i-Net+, and served as a Subject Matter Expert (SME) for the development of the CompTia Linux+.

About ITX Corp:

ITX Corp is a business consulting and technology solutions firm focused in nine practice areas including Business Performance, Internet Marketing, IT Staffing, IT Solution Strategies and Implementation, Technical Services, Internet Services, and Technology Research. To learn more about what ITX can do for you visit our website at or contact us at (800) 600-7785.

Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2006-08-21 18:08:31 in Computer Articles

All Articles

Copyright © 2004-2021 Scopulus Limited. All rights reserved.