HP fail again.
Why would anyone trust what HP say given their rather poor efforts in mobile and tablets?
Apple's "very limited success" in penetrating the corporate enterprise market with the iPad reflects the lack of control IT managers feel they have over the device, as well as the dominance of Windows. That is, according to HP exec Jos Brenkel, global senior veep of sales for Printers and Personal Systems, who said no single …
Every device locked down so hard that the users can barely do their proper job let alone anything else.
In a windows desktop shop this usually means AD and Group Policies and all that shite.
iPads and Android Tablets can't (AFAIK) be controlled like that. That is why IT Managers hate them. They see these devices as threats to their control over the whole IT ecosystem. Not invented here and you are not going to connect that device to MY network.
Users on the otherhand seem to like them far better than Surface type devices.
My team suffered for a while on our new Windows 7 builds. It was next to impossible to do our job. The end result what our boss went out and bought us a bunch of laptops that allow us to do our jobs but the IT Admins are forever locking our laptops out of the corporate network.
Let battle commence?
Saying 'how' you were unable to do your job would give your post a bit of credit - who's going to make sure you have up to date antivirus, software that is patched and actually is supported with any corporate software it integrates with? When the next version of 'whatever' comes out, you're all going to know it's out, source it from 'somewhere' and install it yourselves?
That's exactly what IT drones said when people started bringing their PCs into the mainframe-dominated workplace of the late 1980s.
These Windows tablets are like the IBM PS/2s and OS/2, the dominant vendor's last-gasp attempt to seize back a market that has slipped their fingers (and where only the IT departments cared any longer).
Since we can see the same things happening - e.g. OEMs being denied the opportunity to profit from the "pushback" technology - it is very likely the result will be the same: Microsoft centric networks will continue to be core to business but the devices in workers' hands will be dominated by another vendor (almost certainly Apple this time around, because people love their iPads in the save way that PCs were loved in the late 1980s).
Don't you just love end-users who don't see how it all works!
"I have 2 computers at home and some ethernet cable. Therefore I'm an expert"
For the record, you can control iPads - as soon as you connect to email using ActiveSync, a bunch of security settings are forced upon you.
There's also software out there that allows you to control the iPad security settings. As far as I know, it just needs to integrate better with AD.
"The end result what our boss went out and bought us a bunch of laptops that allow us to do our jobs but the IT Admins are forever locking our laptops out of the corporate network."
...and when your laptops have a fault or stop working is it going to be your boss that fixes them or the evil IT Admins?
If they wouldn't have me sign a paper saying I wont modify the laptop they are assigning me, I would fix it myself. They are going to give me VPN access anyway...just give me the relevant data and I'll take care of it. Let me take full charge of the machine I'm given and it will work longer, harder, and faster than it would if anyone else did it.
Every device locked down so hard that the users can barely do their proper job let alone anything else.
There are good reasons for this.
1) IT need to stop users from breaking things. It happens all too often: A user downloads some badly written software that they think they need, or changes some settings, and BLAM! The PC is dead. It then takes IT hours to fix. Hours which stop them from doing their job. (Incidentally, these problems happen more often when the user is someone who "knows about computers", you know, the type of user who complains that they should be allowed more freedom because they know what they are doing...)
2) IT need to stop users from doing things they shouldn't be doing. I know we should be able to trust each other, but some people will do naughty things when noone is watching. If kiddie porn or pirated material is found on a system, the company could be in for a world of pain. Even things like watching a football match on your PC in your lunch break could have an effect. IT must ensure business rules are followed with their equipment.
Now obviously, sometimes an over-zealous admin will apply too strict a policy, or will make a mistake. But the entire point is to make computers business tools.
The problem with large IT environments is that they are filled with idiots. You get companies to scale up by employing a bunch of trained monkeys who follow a processes designed for trained monkeys. This leads to an office full of trained monkeys that you simply can't trust with root.
I despise what Fortune 500 IT policies do to a desktop machine. I can also kind of relate to why it's done that way.
"This leads to an office full of trained monkeys that you simply can't trust with root."
Fortunately in the Windows world you have a more advanced security model and can use features like Constrained Delegation to give the Monkeys only the rights that they actually need....
There are plenty of things that employees shouldn't do on company computers/networks. But IT does not need to install "monitoring" software. Just filter out EVERYTHING except what is required. Only allow access to certain things and nothing else. This would solve alot (if not all) of this.
Your laptops are locked out of the network because you can't be trusted, as proven by bringing computers that are not using corporate anti-virus software, aren't configured to use corporate proxy servers for internet access and have been setup with illegal software - because whatever you have installed is violating its end user license agreement the second you started using it in a business environment.
You know all those free tools you like to download and install, but IT admins refuse to install? All illegal to use if installed on a business machine. But of course you don't care about the person struggling to make his mortgage payment because everyone is downloading the free version of his application and ignoring the version that actually makes him money.
iPads on the other hand are hated not because they can't be controlled, they can. They're hated because IT has no control over the use of software that once again is illegal to use in a business environment (go ahead and try to convince a corporation to pay for business license of your favourite app, interesting challange that). Mostly that's fine because beyond email, you can count on one hand the number of apps that have BOTH a true business purpose AND enough functionality that they can replace their desktop equivalents. Mostly business apps have been thrown together in around 90 seconds of shitty coding and half of what should work, doesn't. Then guess whose job it is to fix that. Not the person that wrote the shitty app apparently, but rather the person that has no control over it.
So yes, IT locks things down, and it's for two reasons. First, most of what you want to do is illegal (because you haven't paid for a business license), thus IT is protecting their company from lawsuits. Secondly, it's to protect their multi-million pound systems from the crap you'd do if you were free to run on your own. Handing an unlocked computer to a user is like organising a "run down the stairs with scissors" event for toddlers.
It does make me laugh, how angry some users get when control is taken away from them. We have just migrated to Windows 7 and as part of the migration, I removed many of the permissions our staff had. With XP, they had local admin rights and strict instructions to not install software unless agreed by us. They ignored it, and caused massive problems network wide. Removing the rights and changing the culture would have been impossible without a major reason to do so.
So, I used the migration to Windows 7 as that reason. I introduced SCCM, locked things down and now? We have had a 90% drop in user created problems. Sure, our "we need X package" requests have increased, but packaging up and putting into SCCM for self-service installation is a very quick process usually.
Staff have complained about not being able to install all the dodgy software they used to, but overall they can do their jobs more reliably than before.
That is why we lock things down. Not to be controlling and annoying, but to further the purpose of the IT equipment beyond being a toy for staff and into being productive, and ultimately the purpose of the business.
"You know all those free tools you like to download and install, but IT admins refuse to install? All illegal to use if installed on a business machine."
Really? How can you possibly know that the software is illegal to install. Are all the sysinternals tools illegal? What about gnu stuff? How on earth have you managed to come to that determination?
As an aside, we're in the process of moving from XP to W7, due, of course, to the dropping of support from MS. I'm perplexed that the first thing that our IT crew have done is disable all the updates and have never installed any updates themselves. Previously XP SP2 unpatched, now W7 unpatched (not even the SP). I can only presume that all of these machines are remotely exploitable, and vulnerable to driveby pwning from lunchtime surfing. I can't help drawing a link from that to the regular malware problems we have. Is this normal in med-large (several 1000 people in this business unit alone) organizations?
What are these tools that are illegal to download for business? I smell lots of FUD.
Anything under a GPL, Apache or MIT licence can be used freely for business (I don't know about licenses, I'm British and YMMV, but I do seem to recall all those licencing schemes are of US origin).
I know that corporate lawyers have in the past tried to argue that, for instance, any software developed using IDEs licensed under the GPL, of whichever version, was itself GPL, but I've never been told of a case where that stuck.
And then there are the Express versions of SQL Server, which most definitely can be used for business purposes and are sometimes needed because someone needs to do some database work which requires a version of SQL Server that IT doesn't support, for instance where IT is still stuck on 2005, and this analytical database uses Dates. Or where a researcher or analyst needs to be able to vary a database schema frequently and IT won't let them do that.
"Handing an unlocked computer to a user is like organising a "run down the stairs with scissors" event for toddlers."
Only if it has sufficient access to the corporate network. Are you saying that you can't provide that? You don't have a sandbox that can only connect to the main network via a suitably controlled VPN? You don't, say, have a farm of VMs in Azure that you can let users have access to?
Of course, if you're saying your IT department is under-resourced and so cannot provide the optimum level of service, that is one thing. But trying to argue that unless your company has bought a licence, all downloaded software is illegal for business use - that's FUD, pure and simple.
When you've been in a job where it's your neck on the line if you don't comply with:
a) The Data Protection Act
b) PCI DSS.
Then you can whinge and moan about control over your devices.
Fact is, I make a career going into places where users had been let loose on their freedoms, and by clamping them down I fixed the problems they were having almost instantly.
If you can't do your job, go tell the IT guy or his boss, or his boss. Guarantee you that somewhere along the line your request will be / has been overruled already by those in charge (who are listening to the people whose job it is to keep you out of court when it comes to IT data). If it doesn't, you'll suddenly "lose" all those annoying IT people anyway. Guarantee you.
Walk a mile in my shoes, and you'll see what I mean. Some case law says that even giving you the POTENTIAL to access data that you shouldn't is against the law (e.g. providing you with a password that would allow you access to it in theory). Hospitals and schools have fallen foul of it A LOT and got fined heavily. Extend to laptop encryption, monitoring what software is installed, making sure you don't have a virus transmitting people's personal data outside the company, etc. and you'll quickly find out WHY we lock systems down.
How dare we build secure systems with least-privilege principles? It's almost comical you even bring it up.
> next to impossible to do our job
We had that when moving to a new enterprise-wide umbrella IT setup. Group Policy meant that me and my colleagues couldn't install *any* software, including that which we wrote ourselves. We are employed as software devs.
Doh!
-A.
We had quite a few idiots who did that too - rather than explaining what access was needed and going through the appropriate approval processes to get it they started using their own hardware.
We enabled Microsoft NAP - and diverted all internet access from non authorised hardware to the IT Policy page that states that non company hardware must not be connected to the corporate network....Lots of BOFH fun was had...
Anyone told HP that IT Managers and CIOs don't make decisions beyond "Yes sir" (To which Department tells them to do something) and How High? To any other C level that comes barking."
Wow.. glad I am not CIO wherever it is this happens.
Too bad for such a company, they will never compete with one that uses an IT department properly.
What I don't like about the iPad is that it's almost unsuportable, unless you can actually stand in front of the device. This doesn't work for most IT departments because they don't have phyiscal access to all their staff. They're designed to be aimed solely at the person using it.
You can't do the simplest things like copy a file to an iPad without jumping through hoops - using iTunes from a proper PC, and then syncing to the particular app the iPad user wants to use. We've spent years getting all these automation processes put in place, to then have a 'dumb' device that flips it all around. MDM is a start, but it's such a long way off.
This post has been deleted by its author
You seem not to understand the difference between the iTunes application (which is what was been moaned about) and Apple accounts. There is no need to connect an iPad/iPhone to a PC with iTunes any more, hence my comment. Apple accounts are needed to register a device, add applications and synchronise stuff via iCloud, but need not belong to a specific user.
BS. You don't need an Appleid unless you want to download apps, or music or movies and tv shows to the device from Apple. Just like microsoft, and Google, if you want to buy a paid or free app, you need an account from their store. The same is happening in the PC world. If you want to buy a new copy of MS anything, you purchase it online.
Another comment by someone who never saw let alone used an iPad.
Our IT department have been testing and securing iPads since they've been on the market.
We have 3000 of them in the field and nobody uses iTunes for anything other than their music library which users are allowed to have.
Business Apps are pushed through a MDM and documents are stored on a privately owned cloud. Devices are secured down to their IP addresses.
When I hear about the "problems" other companies seems to be having with tablets, all I can think of is that their IT department is either too incompetent or too lazy to make them work.
"all I can think of is that their IT department is either too incompetent or too lazy to make them work."
I can easily think of another reason : an understaffed and overworked IT department. If you've got a succesful rollout of 3000 of the buggers, I assume this project took some planning and resources. If you've got 5 techs on 2 continents that support and maintain everything (servers, clients, phones, telco contracts,...) for about 800 users worldwide and management suddenly decides they want 100 iPads and an app for sales, you start hating 'em. Mind you : we did it, in a month and a half (including MDM research and deploying what we thought was best, learning xcode to create the app, basic training for users).
But yes, I hate them. Not because they're iPads (I love mine and am typing this comment on it), but because they are hell to support.
And you, sir, deserve a good kicking for assuming that incompetent and lazy are the only two options. The same thing goes for all bloody commentards that assume that their machine is locked down because they think IT are "control freaks". Some might be, most are doing their jobs. Same goes for all people.
I didn't think Apple cared that much about businesses wedded to Windows systems. In fact, I don't think they have for many years now. If I'm right, I can't see how they are going to worry too much about this news - especially when they are still making money hand over fist in the more lucrative consumer market.
Plus, the days of buying a home computer based on what you had at work are long gone. Otherwise we'd all be rushing out to pick up XP based systems with IE6 - rather than iPads, iPhones and Android based devices.