Many technical-related problems stem from personnel who are poorly trained, careless, or don’t follow established procedures. Also, there is still the possibility for accidents, even with the most conscientious and careful users and administrators.

Compounding the potential problems, most users don’t understand the possible implications of the changes they make. As if that isn’t enough, not all organizations develop change control policies, much less enforce them.

Imposing change control can prevent many potentially catastrophic problems and when it comes to change control, no one should be above company policies or outside the change control envelope, regardless of their position in the organization.

Understanding your users
To apply change control effectively, you first need to understand your users and the types of tasks they need to perform. With that understanding in mind, you can accommodate their application and operating system needs while still imposing adequate security to protect their systems and the network.

First, classify the users based on the types of tasks they need to perform and the applications they use to accomplish those tasks.

Knowledge workers: These users are typically more skilled than other users in their respective job areas and might be engineers, accountants, designers, developers, and so on. The fact that they are skilled in a particular area doesn’t necessarily equate to computer skill, however. These users typically work from a single computer and work with it most of the day.

Support staff: These users support the efforts of the business in a task-oriented way. They include data entry clerks, order takers, receptionists, assistants, shipping clerks, and so on. While some work from the same computer all day, others might work with one or more computers. Again, skill level in their area of job responsibility doesn’t equate to computer experience or skill level. These users run the gamut from novice to advanced users.

Technical: These are your system administrators and support staff. They typically work from several systems a day, but each probably has his or her own system, whether workstation or notebook. While they have a much higher computer skill level, they also have a higher risk factor because they typically have more latitude and knowledge to make changes.

Management: The company president, vice president, and other such executive staff fall into this category. They often work from notebook systems because they are more often on the go, presenting additional risk for introducing applications and changes to the network.

In addition to classifying users by their job area, you should also take a look at the types of systems they use. These include:

Fixed workstations. These users work from the same workstation all the time and do not need to take their work with them.

Remote workstations. These users connect to the office network through a dial-up or VPN connection but don’t need a notebook because they work from home or the remote office all the time.
Notebooks and docking stations. These users work both in and out of the office and need to take their systems with them.

Multiuser workstations. These users move from one workstation to another as needed and often don’t have their own user account, but instead use a guest account or whatever account is used to log on to the particular workstation.

Mobile computers. These users work with a notebook computer without a docking station and typically connect to the network via a dial-up connection or remote office.