When I started in my current job, I immediately ran out to buy my own, brand-new computer. Although my company has computers employees can use, the owners have another option that we all find more attractive: They contribute a specific, reasonable dollar amount, which we can then apply to any computer we choose.

The catch is that we're responsible for maintaining our own computers for the next three years. This means that if we break it, we fix it ourselves or we buy another one at our own expense. Of course there are some assumptions and business policies, such as our use of only open source or legally obtained software. Frankly, I find this solution to be ideal for our small company, which is full of tech-savvy employees. We're responsible for getting our jobs done, and the software or hardware we use to do it is left up to us.

Obviously, our solution won't work for every company or for every type of employee. I'm reminded of a former colleague from early in my career. One day I was horrified when I overheard him calling our IT Department – in another state – to get help reinstalling his computer’s wallpaper, which somehow disappeared from his screen. Can you imagine an employee like that with admin-level privileges? (I apologize to any admins who will have nightmares after reading that last sentence.)

Maybe you're thinking your employees can be trusted to update and install their own software. You might be right. But are you sure?

License and Registration, Please

How do your employees manage software licenses? According to the Business Software Alliance (BSA) 2010 nternational Software Study, more than half of the people using unlicensed software aren't even aware of it. “The most common form of software piracy is buying a single license for a program and installing it on multiple computers: 60% incorrectly think this is legal at home, and 47% think it is legal at work (including 51% in emerging economies),” the study concludes.

Brad Franshier, IT director for multi-media communications company The World Company, says that considering the business impact of allowing employees to admin their own systems is important. He points out that even honest mistakes can create corporate liability. “Audits, lawsuits, loss of competitive advantage, and loss of productivity are all very real possibilities,” Franshier explains. “And by the time the situation gets to the point where business has been impacted, using an excuse like 'I didn't realize the software required me to purchase a license for commercial use' or 'I didn't know that running my machine with admin privileges would make me more vulnerable to malware' won't help the situation much.”

There Be Pirates, Spies, and Malware

Consider software piracy or copyright infringement. Is your company prepared for legal action if one employee installs not-quite-legal software? According to the BSA study, the commercial value of pirated PC software in 2010 was $59 billion. The study shows that the piracy rate in the United States is one of the lowest in the world, but at 20%, it's still not what the proprietary software industry would call low.

Software companies do go after companies who run unlicensed software. In May 2011, BSA announced a settlement with Williamson Eye Center, which was running unlicensed copies of Microsoft, Adobe, Corel, and Symantec software. Charles Williamson Jr., administrator at the eye center, said that the company was not aware of the unlicensed software. “I would warn any business to be aware of the downloading practices of its employees,” he said.

If your employees don't care that Adobe claims that the company loses $18.5 million a day because of piracy, they should still be extremely worried about viruses, malware, and spyware that can be included with pirated software.

“While it's difficult to say with 100% certainty that every computer in an organization is running properly licensed software, is free of malware, and the data on it is secure from prying eyes, there is an expectation that organizations take steps to insure that those goals are met,” Franshier says. “Computer policies are in place at companies not to dictate every single detail about what an employee can or can't do with their computer, but to provide a framework for building good business computing practices that keep information moving smoothly and keep the company out of hot water.”

When to Loosen the Lockdown

Some systems are less critical than others and might not require expert administration. Franshier suggests that development systems that can be shut down or taken offline without impacting productivity could be candidates for allowing users to perform their own updates or installs. But he adds that production systems should be handled with a more measured approach.

In some companies, the approach is to assume that employees can take care of their systems, until they prove otherwise. “Employees need to take responsibility for the tools they use to do their work, so I avoid locking down configurations,” says Spencer Kendall, management consultant at the Bryggen Group, a small business consulting company in Austin, Texas. “That said, they get one free pass at buggering up their system,” Kendall adds. “The second time I have to 'brick' their workstation because they downloaded the latest crap-ware or visited a 'speed booster' website, on go the restrictions.” Kendall says it's too costly from a time perspective to reconfigure systems repeatedly for employees who load non-essential applications.

IT-approved updates and installs is another approach that works for some companies. “IT will approve based on safety to company assets and data,” says Karla Osorno, consultant at EE Technologies, an Electronics Manufacturing Services (EMS) provider. Osorno's company has more than 275 employees located in Reno, Nevada and Empalme, Sonora, Mexico. “IT has the ability to review what has been installed on computers,” she says, “and to date we have not experienced any problems; so the controls are not rigid at this time.”

Perhaps the most practical system for companies is to have role-based privileges. Matt Malone, account manager at Vintage IT Services, a computer and network management services provider, suggests that an office with no technical employees should be more restricted than an office full of programmers. “My advice is to build policy based on roles,” he says. “Programmers need to change their systems often, whereas Accounting may not. Sitting down and creating and defining those roles in the beginning can save you lots of time fixing problems on the back end,” Malone points out.

When it comes to system administration, Æleen Frisch literally wrote the book: Essential System Administration. Frisch, the owner of Exponential Consulting, has 25 years of experience in system administration and follows a role-based system. She says that her general practice is to allow professional and scientific employees to have admin access and to select and install any software or operating system they need. Clerical and customer service employees, however, use computers that are set to update automatically, so they don't have admin access or privileges to update any of their own software.

“The general principle is that employees to whom I can say 'Your machine is your problem' get all privileges and access, and others get none,” Frisch explains. She says that her main concern about allowing admin access is data loss or actions that result in a system or package no longer functioning. “It's about minimizing administrative time,” she says, adding, “Over the long run, doing things this way requires the smallest possible amount of administration time.” And really, who wouldn't be happy with that?

How does your company empower – or limit – its employees? Tell me about it in the comments – and include your company size and industry, so we all can correlate the results.