Fed govt to keep locked-down desktops
The Federal Government's peak technology strategy group has published a significant new policy that lays out common standards for deploying new desktop PC and laptop environments for the entire public sector in Canberra. However, workers frustrated with their lack of control over their work computer may not find much to like in the document.
Traditionally, many government IT departments have maintained direct control over the desktop fleets they administer — restricting users from installing their own applications and customisations without permission. Although many employees dislike the restriction inherent in such policies, IT managers and government administrators have argued that they allow sensitive government information to be held securely and for staff to focus on working during business hours.
It appears the trend will continue under the standard operating environment policy released on the Australian Government Information Management Office (AGIMO) blog yesterday.
The document states that "by default", staff are not to have accounts that grant them privileged access to their PC. In addition, the workstations themselves should be configured to ensure unused features were removed or disabled, and the configuration and updating of machines should be done centrally by the desktop support provider and not by the user themselves.
Alternative web browsers such as Firefox and Chrome are currently gaining in popularity around Australia, with many workers finding their open and extensible nature delivers them advantages over Microsoft's Internet Explorer, which is the default for most large organisations. However, AGIMO's policy states users must not be able to install their own "unauthorised add-ins" to their browser, and the browser software itself must be centrally managed.
Any email clients used must be able to work offline so that users can still work if they are disconnected from the corporate network. AGIMO has also mandated Microsoft's Office Open XML format, which is not supported by a number of alternative office suites as the default document standard. Users are not to be able to halt antivirus activities on their machines or firewall software, with the aim of making sure security standards are maintained. Logging and remote access by administration staff must also be possible.