I work in the IT department for a large manufacturing company. We have thousands of users in our workforce, and therefore thousands of PCs and laptops to manage. Our biggest headache by far is security.
Our solution has been to enforce very strict rules for PCs, and even stricter ones for laptops. Only the higher executives have both a PC and a laptop assigned to them, and any executive assigned a laptop has to go through training about how to use it securely. In addition, our IT department has implemented rigid procedures for regularly checking each PC and laptop.
[ Want to cash in on your IT experiences? InfoWorld is looking for an amazing or amusing IT adventure, lesson learned, or war story from the trenches. Send your story to firstname.lastname@example.org. If we publish it, we'll send you a $50 American Express gift cheque. ]
For example, users are required to attach their laptops to our network at least once a month. It would be rare for even a high-ranking officer to be travelling away for more than a month, so that is why this timeframe was adopted. Connecting to the network, even at this bare minimum, ensures that the laptop will receive the latest virus definitions, security patches, etc., and also be scanned for viruses and malware.
Offenders face consequences: Failure to follow this minimum requirement will result in the laptop landing in "computer jail." If it's been more than a month since the laptop was connected to the network for the scans and updates, the system denies access to the network and sends a notice to IT. Our group confiscates it, runs it through tests on our isolated network, and when we determine that the laptop is safe to reconnect to our network we return it to the executive.
I received such a case one day. The user was a VIP from the sales department, so I hustled up to his office to retrieve the laptop. Most of the users get quite annoyed when their laptop goes to computer jail, and this VIP was no exception.
After I performed the updates and scans, I returned the laptop to him and explained why this had happened. "But I've had it plugged in," he replied. "I was travelling for the past two weeks and just returned. It was plugged in before I left on my trip."
Perplexed, I tested his network connection and, sure enough, it was active.
"When was the last time you used the laptop here at work?" I asked.
"Well, generally, I don't," he explained. "I mostly use the desktop when I'm in the office."
"Can you show me how you connect the laptop to get the required updates?"
He promptly connected the network cable to the laptop. "There," he showed me.
I had to stifle a laugh. "Just like that?" I inquired.
"Yes," he agreed.
"Don't you turn the laptop on?" I asked politely.
"Oh, you have to power it on?" he asked.
It may seem obvious to most people, but powering on a device is a prerequisite to actually connecting to a network. I guess the lesson here is that communicating procedures can never be overdone.