Question about computer policy at university

In My Humble Opinion
21

And it may surprise many users to know this, but in order to allow the computers to carry out a variety of university-related tasks, the IT department has to take action to make sure the computers remain useable. That’s the purpose of most IT policies: to provide the greatest amount of trouble-free computing for the greatest number of people. It may be inconvenient not be able to use the hard drive, but it’s much more inconvenient if the computer is down because people have messed with them.

The time and effort to back up data files from the hard drive so the computer can be ghosted is beyond the budget of most college IT departments. It’s also not IT’s responsibility to protect your files. Since there are other options, it’s better for everyone concerned if you save the data elsewhere. That allows the computer to be available on a much more dependable basis.

We’re dealing with the common good here, not individual convenience.

22

I agree with you.

Every individual i’ve talked to who uses these computers—and i’ve talked to most of the people who use them—think that the policy sucks and want to be able to use the hard drives. So the the only individual for whom the new policy is convenient is one IT guy.

So my proposal is for the common good.

23

What kind of an answer are you looking for? People gave you potential reasons to lock down a system, but you say none of them apply. Well, the only person who knows the real reason is the guy who did it – especially since different labs in your school have different policies.

If he doesn’t want to explain, well, we can’t exactly read his mind…

24

Free ice cream for all the users would be for the common good, too. Cutting the free ice cream program would only be for the benefit of one guy: the guy who has to provide the ice cream.

What exactly is it you can no longer do with these computers, assuming you have your USB key with you?

25

True enough. I’m hoping that he will, some time soon, reply to my email requesting an explanation. In fact, one of the things that annoyed me the most was that this policy was implemented without even explaining why it might be necessary.

You’re right that people gave potential reasons. And i 'm sure that many of them are good reasons. But in most cases they seem to apply to computer labs where there are large numbers of users, and where there is considerable pressure on hard drive space. I’ve already made clear that these things do not apply here. Surely IT people are smart enough to realise that a set of policies that apply to one set of computers might not necessarily be applied to another set, depending on the circumstances.

Completely irrelevant analogy, since the IT guy is not the one who gave us the computers. The decision to provide them was made by the faculty. And the IT guy provides nothing for free—he gets a salary for doing his job, like any other university employee.

26

Our Uni has a student network drive on every computer that is dumped daily.

27

I work in a corporate environment where people’s workstations are highly managed - people can’t install software on the PC, files are stored on the network, etc. This was a business decision that was approved by senior management. A top reason for the change was to minimize licensing liability (there are situations when employees download “free” software, and when they accept the end-user license agreement, a clause is in there that the vendor can change the software from free to fee-based in the future and the company would either be out of compliance or potentially owe lots of money).

IT is generally responsible for ensuring that the university/company is compliant on all software licensing.

Was locking down the computers a change for people? Yes. Did it prevent them from doing their jobs? No. The other benefits were lower support costs as mentioned in previous posts that were reaped by the company. Universities are generally under tight budgets, and I’d imagine the university is trying to lower their total cost of ownership of their computers. Why is their one policy for the Grad lounge, and another policy for the computer lab? I don’t know, but the computers do have different audiences and uses, and perhaps other things happen behind the scenes at the computer lab to manage the environment.

At the end of the day the computers are a university asset that is provided for the convenience of the grad students. I’m struggling to understand why saving something to a USB drive as opposed to the hard drive prevents the computers from being useful to the grad students. If you were told you needed to save files to a network drive would you have the same reaction? What is it exactly that you can’t do now that you could do before?

28

Isn’t this a non-issue? For Pete’s sake, a USB flash drive can cost as little as $25, and there extremely handy.

So skip buying 1 case of beer and buy one already :wink: !

29

Damn my fat fingers - “They’re extremely handy”

30

And he probably gets that salary whether he’s sitting in his office waiting for the phone to ring or toiling over your computer trying to clean up the latest malware some luser installed. You’ve already said that the IT guy unilaterally made the new policy, so I don’t see why you can’t understand why the policy would favor the IT guy. In order to get some user-centric policy, the users have to go over the IT guy’s head and try to convince some administrator to overrule him. He’s simply betting that you won’t take the time and effort that requires and he’ll get to keep the policy that makes his job easier.

31

Don’t most colleges have network space for students to save files? That way you can access your files from any PC on campus.

32

A bit of clarification: my comments in this thread make it sound like I think IT staff are malicious lazy twits who spend their trim trying to screw the users. I don’t really think that (for the most part). My point is that IT staff are rarely looking at the big picture. They often don’t consider what users need to get their jobs done, what’s convenient or efficient for users, or how to make everyone happy. They’re concerned with doing their job, which is maintaining the computer gear. Often they will read about some tool (disk imager, protocol filter, etc.) which would solve some problem they have, and they often have no incentive or perspective to look at the negative consequences for the user.

I’m certain this is what has happened in the OP’s case. The IT guy is tasked with maintaining certain machines and probably decided that any machine which fell into the category of “public terminal” (i.e. not someone’s office computer) should be restricted in a certain way and re-imaged on a regular basis whether this terminal was in an undergraduate lab with 500 other machines or in a graduate lounge alone. Yes, from a user perspective those are different situations, but not from the IT perspective.

Maybe just a conversation with the IT guy who made the policy would allow him to see your point of view.

33

Why is not being able to store data locally on the HDD a problem? Storing data locally, instead of on a server, means that the data doesn’t get backed up. I deal with HDD failures regularly and when the user has lost data, the usual response is twofold: it’s against company policy, and is it worth the large sum of money that a data recovery bureau will charge? That computer is the university’s property; they can manage it as they wish. How many other such computers are there? Locking computers down doesn’t just make the technicians jobs simpler and easier, it results in considerable savings for the organisation (I’m not at liberty to cite figures) due to reductions in complexity, less time required per issue, reduced call-outs, reduced number of calls, reduced number of problems etc.

It will certainly help.

34

This is true. But there are also users who don’t understand that there is a tradeoff between usability and security. Sometimes, popular features need to be restricted or taken away for security reasons, and if this is not done, the university could be facing large lawsuits or fines or negative publicity.

A good example of this tradeoff is remote access to the computers. Most users would like it to be as easy as possible to do as much as possible on the computers from any remote machine. This allows them to read email and deal with problems while away at conferences or on vacation. But that easy access also makes it easy for someone who should not be using the computers to get in. That person might use the computers to hack into other computers (and, say, steal some Social Security numbers or credit card numbers), or might just install some trojan horses on the system.

An IT person has to find a happy medium between having the computers wide-open and insecure and having them so locked down that no one can use them. The best you can do there is to allow most people to do what they want to do without what most of them consider an undue inconvenience.

And even very educated people do dumb things from a network security perspective. I knew a graduate student in astronomy at one of the top 10 astronomy grad schools in the country who couldn’t understand why the IT people were unhappy when she let her visiting friend bring in his laptop and plug it into the department’s network (it could have had viruses or worms on it, or the friend could have used it to do something like download illegal material).

35

The main point of my comments is that it is in no one’s best interest (except maybe the IT person) to have the IT person find this happy medium. IT people should not be setting policy, they should be implementing policy.

Yes, of course there are exceptions. If we were talking about a large organization where the head of the IT department was some VP-level executive with both management and IT experience, then maybe that person is qualified to set policy. However, the OP has said that in this case they’re dealing with an IT staff of one person. I’m just guessing (but would bet heavily that I’m right) that this guy has low-to-moderate technical qualifications and zero management qualifications. He made this policy because it made his life easier, not because it was the end result of a deliberate decision-making process that looked at all consequences of the change.

I don’t mean to dis IT people, but I’m all too familiar with university-level IT staff. I know one university IT department that passed a policy forbidding any staff/professor from installing any software on their computer. Any installs had to be done by the IT staff or they wouldn’t support any subsequent issue with the machine. In order to do the install, you had to let them take your computer back to their shop for 8-10 days, even if it was just an upgrade, an open-source package, or a driver. I knew one IT department who would similarly confiscate hardware and hold it in their shop for two weeks just to set an IP address, something the user could do if the IT guy would give them an IP over the phone. They got away with this kind of lazy policy because the people affected couldn’t convince the administration to put someone qualified in charge of making policy.

36

Such policies are usually a result from someone’s misuse of the system, besides, why should anyone be allowed to store their crap on the university computers? Everyone has access to the files so anyone leaving it on their cannot expect to find them their again when they leave. Having to force students to store their files on disk is inconvenient but not unreasonable.

37

Yes, but the person setting the policy should be someone with a working knowledge of computer security, otherwise the balance goes too far away from security toward usability.

I’ve also encountered the professors who don’t care if the computer system gets hacked, just so long as they can read their email from somebody else’s unsecured computer that doesn’t run ssh. They shouldn’t be setting the computer security policies, either.

38

I’m still failing to see how forcing students to save their files on removable media is such a huge limitation in what they can do with the computers. They can still browse the web, they can still download stuff from the net onto their removable drives, they can still edit and save their documents, etc. In fact, this probably helps matters, since carrying your files with you won’t leave you in the “oh, my files are on that computer in the lounge” situation when you’re down at the library.

What is it that this policy is stopping you from doing?

39

Maybe because, as i’ve stated on numerous occasions, the faculty of our department decided to provide these computers specifically for our use. They came out of the department’s budget, and were provided specifically for us to use in our own lounge.

Furthermore, as i also stated on multiple occasions, the computers in the university’s main computer lab—well over 100 of them—all allow students to store files on the hard drive, with the understanding that the drives will be cleaned up periodically and that any files left on them for long periods of time may be subject to erasure. So this is not some university-wide IT policy; it is, as micco has correctly surmised, a decision made unilaterally by the guy who happens to service our department’s computers.

They can if the computers are intended for the use of a group of people who are considerate enough not to fuck with other people’s files.

When i first entered this department as a grad student, i didn’t have a computer as i had just stepped off the plane from Australia. For the first semester of my time here, i used those computers for my papers and other things like email. I had a folder on the hard drive, in which i kept copies of all my work, and never were any of my files modified, moved, or erased by another grad student.

I reiterate that these computers are not used by massive numbers of people. They are nominally for the use of about 90 people, i.e., all the grad students in the department. But, as i’ve also said before, in practice they are only actually used by about 20 people on anything like a regular basis. We all know one another, and trust one another. And if someone had a file that was really sensitive, presumably that person wouldn’t leave it on the computers.

Well given that the computers were provided specifically for our convenience, in this case “inconvenient” equals “unreasonable.”

But the only security at issue here is the security of the very files that we’re no longer allowed to put on the computer.

It’s not really a case of network security because, as i’ve said, hundreds of other computers on the university’s netowrk allow the very practices that have been banned on our computers. As far as i can tell, the absolute worst thing that is likely to happen is that the computers do get infected by a virus or trojan or something, and then have to be formatted and have the OS reinstalled.

The only people placing actual data at risk are the very same people who want to have access to the hard drive—the grad students themselves. Every one of us knows that there’s a possibility of computer failure, and that we should have our files backed up elsewhere. Why not let us decide whether we want to risk storing files on the computers?

40

The computers still provide you a convenience, so this is an extremely weak argument. They just provide less convenience than you think they should.

So because the other admins on campus haven’t taken this highly advisable step, it must not be about security? That’s BS.

Because you apparently would just decide it based on what’s the most convenient for you, not what makes the computers easier to maintain.

Look, your “general question” has been answered with a lot of different possible reasons they might want to do this, and all that’s left is you whining and saying stuff like, “but that can’t be a good reason because other labs let me save files!” You’re coming off like a child who isn’t getting what he wants and refuses to consider the reasons for it. You asked a question, and you got a lot of answers. Those answers are not wrong simply because you refuse to listen to them.