The passionate middle wins.

I’m not talking about the presidential race, although we should all be so fortunate. I’m talking about PC policy. The consensus of my correspondence seems to be that to lock or unlock isn’t a binary choice. There are levels of openness. How open each system should be depends on a variety of factors, including how rigidly or openly defined the job is, the regulatory environment, and how much risk with how much impact a particular compromised system can create.

I’ve written columns about leadership, process, SOA, application methodologies, the late and unlamented network computer, and muscular client architectures vs the misnamed “thin-client” architectures.

Lots of other topics, too. Only a very few others generated as much correspondence as this series on whether to lock down or open up the desktop. Windows vs OS/2 vs Linux vs Macintosh was one (of course), religion in the workplace was another, although there are those who would say these are one subject, not two.

Certainly, how a CIO handles leadership, application architecture and methodology, and the nature of process in the enterprise has a much bigger impact on profitability. Why did PC policy generate so much more response?

The answer, I think, goes back to a point made by the column that opened this series, “The portal,” (2/25/2008): That we in IT … and many corporate executives of all stripes … have an obsolete, 1950s industrial view of employment. In this Leave It To Beaver world, work is a place people disappear to for awhile to earn a paycheck. Work/life balance means emulating the Cleavers.

Increasingly, though, work/life balance doesn’t just mean leaving the office on time so you can attend your daughter’s soccer match. It also means you experience a sense of fulfillment from achieving difficult and important accomplishments for your employer. It means you attach the same significance to friendships in the office that you attach to friendships outside of work.

Yes, that’s right. If your life is a 1950s sitcom, it’s more likely to be Dick Van Dyke, where Rob, Buddy and Sally’s work life was as real as their home lives, and got as much screen time as anything else on the show. Work/life balance? They had one life, not two. No partitions.

In 2008, you take care of personal business at the office just as you think about and solve business problems when you’re home, or out and about … and stay in touch with colleagues on these subjects during off hours. Blackberries, anyone?

Smart employers value this. It means having employees who are, to use the now-tired joke, pigs rather than chickens (the former have the bigger commitment to a bacon-and-eggs breakfast).

Employers want employees who are committed to their work. What they haven’t always done is to explore the consequences of having them.

The TANSTaaFL rule applies: There Ain’t No Such Thing as a Free Lunch. Want committed employees? Show some commitment to them. Recognize that in 2008, much more than in 1958, if you want someone to sleep in hotel rooms half the nights of the year, then maybe you should let them download music into their laptops and sync it to their MP3 players, not to mention letting them check personal e-mail.

The big work of IT … the work of implementing and supporting enterprise applications … is about supporting the company’s efforts to be more productive and efficient. It’s where profits live.

PC support is different. It is, as the name of the device implies, personal. That means it’s where IT defines its relationship with employees at all levels throughout the enterprise.

In companies that practice blanket PC lockdown neither your intentions nor the business logic matter one bit. IT runs the orphanage; employees are Oliver asking, “Please, might I have some more?”

There are, for that matter, companies where the IT staff provide no training, actively dislike power users, and prefer employees who “leave IT to the professionals.” Some advice: Arrogance isn’t a sound foundation for productive working relationships.

IT at the other extreme isn’t any better. While employees might like a wide-open environment, they won’t respect IT that provides no protection, ignores widespread software piracy, and in general shows no professionalism.

Professional IT provides training, education (not the same thing), support and encouragement. It protects the enterprise while respecting its employees and understanding their circumstances.

Why is the PC so important? Employees work in the enterprise applications you manage.

But they live in their PCs.

It doesn’t hurt so much anymore.

A couple of weeks ago I was forced to acknowledge that long before the idea was mentioned here in KJR, Gartner published a prediction that increasingly, end-users would own their own PCs.

Daniel Fleagle was kind enough to point me to an article by John Dvorak advocating knowledge-worker ownership of PCs that pre-dated the Gartner reference by more than three years (“Know-Nothing Knowledge Workers Must Go!” PC Magazine, 2/1/2002). It’s well worth the time you’ll need to read it (ManagementSpeak for “It agrees with all of my personal biases”).

More on the subject of PC policy — on whether and how far to open up employee PCs:

A cautionary tale: Last week I helped my father install some software. It might have been on the installation disk. It might have been lurking somewhere until the installation process opened a door for it. Whatever it was, his system became infested with the SmitFraud virus.

McAfee didn’t detect it, even with a full system scan. Neither did Spyware Doctor. A bit of research found a cure, and all is well but only because I happened to be visiting and recognized that the screen message “informing” us that the system was infected with Spyware — Click Here to solve the problem — was a Trojan horse, not a legitimate warning.

Does this negate everything I’ve been saying the last several weeks?

No. Dad and I have both used PCs since 1980. This is the first infection either of us have seen that wasn’t detected and prevented by standard anti-malware measures. Do the math — that’s one difficult-to-handle infection per 16,000 days of personal computing, more or less.

The nature of security: Here’s a reminder: The point of a company’s security policy is to establish the company’s desired balance between managing risk and doing business.

It isn’t to eliminate all risk. If it were, it’s easily achieved: Eliminate all technology more advanced than a 10-key calculator and a typewriter from all desktops, and go back to 3270 terminals for any computer use that absolutely can’t be avoided.

The nature of risk: IT security spends its time thinking about three risks — data loss, damage to systems, and fraud. These risks certainly matter.

They aren’t, however, the only risks companies have to deal with, or even the most important. Think about these much more serious risks to the enterprise: Employees who are complacent, or, worse, apathetic; employees who see no purpose in showing initiative; employees who feel distrusted by their managers and act accordingly; a general lack of innovative spirit; and the absence of a “culture of discipline” (to use Jim Collins’ term).

Data loss, damaged systems and fraud can lead to financial penalties. The other risks can turn a company from a vital force to a lifeless, staggering zombie.

Evidence it can work: Among the Comments posted in response to my Advice Line blog entry, “Getting to 21st century IT – User-owned PCs?” (3/4/2008) was one pointing out that open PCs are just a day in the life of university IT. Academics and students both install whatever they please, and central IT is expected to keep everything running.

More evidence it can work: Here’s a comment posted in response to another Advice Line entry, “More on whether or not to open up PCs,” (3/8/2008):

“My desktop team of 4 field technicians (they do double duty answering the helpdesk phones) support 900 users and 1300 devices at our headquarters building. We have no AD (still NT4!) and therefore no desktop lockdown policies. Everyone is a local admin on their own equipment. And you know what? We do just fine!”

The nature of employees: A lot of my correspondence on this subject has centered on what employees are like. Many of the correspondents who hate the idea of opening up PCs describe their fellow employees in terms otherwise reserved for pre-adolescent children — naive, foolish, ignorant, reckless and self-indulgent.

Those who advocate openness universally describe their co-workers as responsible adults focused on getting their work done.

One comment to those in the pre-adolescent camp: The same policies and procedures that led your employer to hire these untrustworthy souls were the ones that led to your own employment.

Benjamin Franklin advised that, “Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.”

In business terms, I’d translate that to, “Those who would give up employees who take responsibility and initiative in an attempt to achieve perfect safety deserve neither responsible employees nor safety.”