The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/810339
30 PEER TO PEER: THE QUARTERLY MAGAZINE OF ILTA | SPRING 2017 CASE STUDIES The Value of Having Locked-Down PCs For most of my past 10 years at law firms, I have not been able to install soware on my Windows laptop. If I want a new program, I can either pick from a list of available programs advertised to my PC or contact IT for help if I need something new. In an emergency, I can have an IT person remote into my machine and help me with a "one-off " installation. This policy/process does not just apply to me, it applies to every single user at the firm. If you have proposed a locked-down system to your firm, you have probably heard aorneys and administrative leaders claim that locking down everyone's PCs would be impossible, that it would cause poor client service and too much inconvenience for laptop users who "need" to be able install soware. Leadership might also believe disabling administrative access for your users and whitelisting soware and browser plug-ins will result in unacceptable IT management expenses. The good news is you can secure laptops and desktops with group policy objects, which ensures users are not local administrators. This and whitelisting approved soware have significantly reduced troubleshooting calls to our help desk, and we believe the improved reliability and consistent performance our users experience enable beer client service. There was a significant initial time investment; completing an inventory of installed applications and gaining comprehensive control of our environment was a full-blown project. Once we culled all the junk, though, we ended up with a uniform configuration that required a fraction of the firefighting necessary to support the previous environment. We no longer spend our days troubleshooting random problems like incompatibilities between Outlook plug-ins and free desktop wallpaper applications, and our system configuration has shined in successive annual third- party security assessments (and client security audits). Getting Past the Naysayers If you have been trying to get a whitelisted, user-context- enforced PC environment rolled out at your firm but cannot get past the naysayers, here are responses to the four most common arguments I have heard: From Aorneys: I am on the road all the time, and I always have to install stuff. Since rolling out administratively secured PCs to over 4,000 users across two firms, I have yet to see a true need to let any user be an administrator of their local PC. It takes only a few minutes with IT during a remote session to help a road warrior install something. While many IT departments currently accomplish this using "Run As" and an IT account with local administrative privileges, we are rolling out a third-party solution that can be used to manage this securely, even when the machine is off-network. Since the most commonly used applications are advertised for self-installation, we don't get many "emergency installation" requests. Winning the argument that your users should not be able to install unapproved applications and features on their computers by Jon Washburn The Value of Having Locked-Down PCs