Fed govt to keep locked-down desktops

Fed govt to keep locked-down desktops

Summary: The Federal Government's peak technology strategy group has published a significant new policy that lays out common standards for deploying new desktop PC and laptop environments for the entire public sector in Canberra. However, workers frustrated with their lack of control over their work computer may not find much to like in the document.

SHARE:

The Federal Government's peak technology strategy group has published a significant new policy that lays out common standards for deploying new desktop PC and laptop environments for the entire public sector in Canberra. However, workers frustrated with their lack of control over their work computer may not find much to like in the document.

Traditionally, many government IT departments have maintained direct control over the desktop fleets they administer — restricting users from installing their own applications and customisations without permission. Although many employees dislike the restriction inherent in such policies, IT managers and government administrators have argued that they allow sensitive government information to be held securely and for staff to focus on working during business hours.

It appears the trend will continue under the standard operating environment policy released on the Australian Government Information Management Office (AGIMO) blog yesterday.

The document states that "by default", staff are not to have accounts that grant them privileged access to their PC. In addition, the workstations themselves should be configured to ensure unused features were removed or disabled, and the configuration and updating of machines should be done centrally by the desktop support provider and not by the user themselves.

Alternative web browsers such as Firefox and Chrome are currently gaining in popularity around Australia, with many workers finding their open and extensible nature delivers them advantages over Microsoft's Internet Explorer, which is the default for most large organisations. However, AGIMO's policy states users must not be able to install their own "unauthorised add-ins" to their browser, and the browser software itself must be centrally managed.

Any email clients used must be able to work offline so that users can still work if they are disconnected from the corporate network. AGIMO has also mandated Microsoft's Office Open XML format, which is not supported by a number of alternative office suites as the default document standard. Users are not to be able to halt antivirus activities on their machines or firewall software, with the aim of making sure security standards are maintained. Logging and remote access by administration staff must also be possible.

Topics: Government, Government AU, Laptops, Mobility, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Sounds like linux, we lock you down until you opt in to the things you want, not lets give you everything even if you dont use it

    Good to see that the policy makers have started off on the right foot - it also makes employees work, and not play.
    amckern-b0f83
  • Sounds like a job for Group Policy + Active Directory.

    They'll need to be enhanced to keep pace, as will Mozilla Firefox if it wants to break into the Government model.


    All they really need to do is fix their roaming profiles from going corrupt, once that happens most of the Group Policy enforcements break and the user can 'start to do things' - typically assuming that sanctions had been lifted.

    So basically they've made huge leaps in one particular area, and very small steps in another. (Which is better than nothing).

    In time they'll see what really needs to be done to complement this action.
    scott2010au
  • This is going to give the open-source in house developers the ####s.

    Doing Intranet work without the benefits of two browsers is taking a step back 10, maybe 20 years.

    The sites aren't typically that complex, but 20% of the pages probably require 80% of the work, and those few pages are now going to take ten times longer to update, fix, or whatever is required.

    This is not good for Government 2.0.

    They need to permit certain staff roles to have exceptions to this rule, as Firefox is as much a developer tool (Intranet / Web / Government 2.0 development) as it is 'a browser'.

    As for the plug-ins, they can have the existing firewall stop them doing things they shouldn't be.


    Of course, almost everything else AGIMO did in the last fortnight has been of benefit, or at least will be within 12 months. So I can't really complain. (Especially as I am no longer an Intranet Developer for Government).

    I just feel sorry for the 'open source' minded individuals who are taking up where I left off. Without Firefox to aid them, in addition to other commercial tools, they're completely left in the dark.


    Perhaps they are making an excuse to move to SharePoint deployments on a large scale? (As this policy basically enforces that in the med - long term, and makes it look far more attractive 'economically speaking').
    scott2010au