That's a huge jump to make, so I assume you've seen cases of a Mac infecting the network. :rolleyes:

This has certainly been my experience as a consultant: my machine had to be "cleansed" before I could hook it up inside a corporate firewall or Timbuktu to any machine inside it. While I was on site "uncleansed" I was often given an IP address I could use to get outside to the net from one location inside their offices so I could TB2 to my own office. Otherwise, I had to use one of their loaner laptops while I was there.

All that said, however, nothing prevented me from disconnecting a router in the room from its feed and forming a small LAN with no WAN connection so a group could work together on a document. During that time, they and their pristine machines were all defended from me by their own firewalls.

Folks who argue against these strictures (and they are a PITA) would not consider leaving their car unlocked.

These strictures are put in place because Windows needs to be quarantined at all times. I find it amusing that so many people will claim Windows is "just as secure as a Mac" at the same time they insist on using security precautions so draconian that most long time Mac users wouldn't even consider them.

Just so we're clear, getting out of bed in the morning represents a risk. The real issue is risk vs reward. Attaching any computer to the network is a risk, but the Mac represents a much lower risk while increasing the reward: user performance. Of course, many IT types aren't interested in that because it doesn't do anything for them. On the contrary, a system that doesn't need to be isolated behind routers, firewalls, virus scanners and anti-spyware threatens their job security.

Actually I have found that most are put into place because there is a finite amount of people qualified to handle problems as they arise. You (general you) are lying if you say you can fix every problem in every system and configuration.

If the people who are there to fix the problems are trained on one system and x amount of images of that system (because no matter how much they know walking into a new place one needs to learn how that place does things), adding new systems also means adding more people to handle them. This means more training, more work, more policies and more money.

Most places would rather hire people to do work for them that generates money over hiring people that are there to support those making the money.

Boy what a read..


In some cases IT departments will say "NO, we do not support that so you can not have it, end of story"


IT's job should be to advice and support systems to get the job done.
If they feel there is an issue with some tech that may cause more problems than its worth, Then fine.

Find me something that does what I need, the way I need it.
Because if I can not get my job done we (IT included ) might as well all go home with our collective thumbs up our collective Arses.

I do not expect your IT to understand your job, I think in most cases thats the problem.
IT understand the Tech, but only superficially understand the work the companies they support do.

But what should not happen is people putting in their own Wifi.
I am surprised you still have a job.

Here's the crux of the issue. If you've got an IT department that isn't doing it's job, and it has made a "policy" decision to try to remove some one who is trying to do theirs by working around IT's laziness, what do you do? I'd keep doing my job. A wrongful termination suit may be just what's needed to straighten that IT department out.

People every day have to figure ways around some IT restriction to get work done, this includes IT staff

The problem with the guy putting in a Wifi, is he possibly put his company at more risk than him not being able to work on his Mac.

IT's will claim some of these restrictions are in most cases due to Security.

True or not true, doing what he did just proves they need to worry about people bringing in their own hardware. And gives them more Power to say what is what, because the Users can not be trusted.

He did what he needed to do. The fact that he needed to do it shows that IT isn't doing it's job, and therefore cannot be trusted. Once again, the security claim is a red herring. If they were using secure systems, the network wouldn't be an issue. It isn't possible to infect a network, only the devices on it.

No, what he needed to do was go to his boss.

I'm not saying his IT are doing a good job, nor am I saying they are doing a bad one.

But no where in the OP post do they say they went through any proper channels to get what he needed.

Also from their own take on the situation, the IT people are more upset about the wifi than the fact he was using his PB.

I think the same would go if he was using a PC laptop.

I am also not only thinking about infection.
With the wifi, Their network is now open to intrusion from someone off site who has nothing to do with their company but now can gain easy access by cracking the wifi.

All unknown to the company because as far as they know they do not have any un-authorised wifi connected to the network.

**edit**
So in this case the security issue is not a red herring.
And because of lack of forethought, His IT now have more power to veto anything the OP thinks
they need to do to get the job done, using the security issue

You said it yourself:

There is a big difference between advising and dictating. When they're dictating what systems you can and cannot use, they're out of line. They are not the "proper channel" any more, but are a rogue element within the company more akin to a parasite, since their "policies" are costing the company money in favor of they're own financial and political gains.

The network is just a bunch of wires, it's the systems on it that count. And once again, if their systems were secure they could open the network. Blocking Macs and claiming it's because of security is more than just a red herring. It's disingenuous at best.

What is a network with no devices on it? I think it's called abandoned cable?

I agree with mark, putting a rogue wireless device on a network is a secutrity risk.

One person out of thousand who "needs" insert (Mac/PC) when everyone else is not on the platform is a red herring too. He just wants, he doesn't need. If he needed than Management should get him what he needs and if they don't it is not up to the employee to find a way around what he doesn't like.

That said, "policy" should be clear as to what is expected and allow, along with the actions taken when the policy is broken.

If management chooses to use one platform for all compouters, than using another platform is a security risk. If it's a one platform envirnment then that's all IT needs to know. Them not supporting platform #2 is not a lack of knowledge of IT's part, nor does it show they cannot be trusted.

Lucky for me I am my own IT department and I can use which ever platform I wish. I happen to use both PC and Mac.
But if you work for a company that uses a computer platform different than your own, time to learn.

The point is that it is the devices on the network that represent the security risk. The Windows systems need to be isolated from the real world because they're so insecure. Installing a Mac or any other device increases the risk because of the insecurities inherent to the Windows systems, not the Macs. That means that IT hasn't "secured" the PCs. They've merely hidden them from the rest of the world. Sure, there is some small risk to the Mac, but that's only in the same sense that Fort Knox is at risk.

You can't possibly believe that if the situation were reversed, with one PC on a network of hundreds or thousands of Macs, the security issue would be nearly as severe! On the contrary, it would be negligable.

And who is "Management"? If you're talking about IT Management pulling the wool over the rest of the company's eyes, then I strongly disagree. Self policing rarely works, and IT departments certainly aren't acceptions.

The idea that "standardizing" on one platform will make things easier and more efficient has long been discredited, and only lazy IT people benefit from attempting it. The company certainly doesn't.

My main point is that if you don't agree with company policy then you should go through the proper channels to make a change. If they refuse to change (for whatever reason) then you should live with it, keep trying to change it, or move on.

And by "Management", I mean the top management of the company, their decisions can rule of the IT department's.

Taking action against the company, meaning doing what you want anyway is not the router to go, unless you like risking your job.
I think this issue applies to everything not just IT.
Standardizing is not necessarly the sign of "lazy IT" it chould just be a cost issue. Additional cost coming from many areas of having multiple computer platforms.
And while using non-standard platform may or maynot be more efficient, but likely the deciding factor is cost. And most management looks at the cost now, not the cost overall or longterm.

This is fun by the way. :)

In my experience, very restrictive IT policies are often the result of proprietary or in-house software that will only run in Win/2000/XP. The router trick usually doesn't work either unless IT provides it because only registered MAC addresses are given an IP Address by their DHCP server. I have used a router that would spoof MAC addresses and loaded the MAC address of one of the inside participants, but that was for about an hour.

In one place I consulted, they gave me roaming rights (after I told them my MAC address), but my DHCP lease never exceeded 15 minutes (a bit of a bitch when making a presentation). A guy from IT actually came up to the conference room to look at my machine before I started.

My solution to these problems, BTW, was to buy a Thinkpad T30 which I never used for anything else.

1. Top management knows very little about technology, and that's part of the problem. They're easily manipulated by IT management bent on an agenda that doesn't represent the best interests of the company or any of the other departments.
2. Doing your job in spite of what the IT department wants is not taking action against the company. The IT department IS NOT the company.
3. Standardizing has been discredited because it is cost-prohibitive. The security risks of standardizing alone outweigh the benefits, since a hole in one system means a hole in the entire system. Even farmers know not to plant just one type of crop.
4. Only poor management makes decisions based on the cost of the box. If you work at a company that does, you should be prepared for layoffs at any time because they're likely to happen.

This is just the kind of abuse by IT that shouldn't be tolerated! There is no reason to give a 15 minute dhcp lease. If your system isn't secure, one minute is plenty of time to cause a problem. If it is, then there's no reason you shouldn't have access for the entire day. The only reason I can think of for them doing that is to force you to buy a PC.

that was a mistype sorry, That should have read "But no where in the OP post do they say they went through any proper channels to get what they needed."

As in the OP going to their boss...


So your saying if I physically had your mac in my hands I could not do what
I wanted with it because the 'systems' on it are secure.

I dont think so. There is no such thing as a secure system.
It is only ever about how many hoops you make some one jump through and how hard you make it.


Yes this is true, But Stop fixating on the Fact they were using a Mac. It making you miss the point.
It could have been a Pocket Pc.

The point is the OP introduced a weak point on the Network.
They did not seek permission from anyone to be able to use a wifi connection. So how do we know they would not have got one set-up by IT
Nor I suspect did seek permission to connect the 'device' to the network.
Where do they say IT have Banned Macs.
From what I've read, The only Mac banned was the one they brought in and plugged in without permission.
Again it could have been a 'Pocket Pc'

Their IT have now decided to 'Plug the hole' by banning the individual from using any device not specified or agreed to by the Company on their network.

The OP now needs to go to their Bosses and explain that they can not do their job as effectively on the office Pc's as they can with their Mac.
This is how you Should do things in the first place.

I could be wrong, but the way I read this:
is that the Mac was bought by the company, but some dolt in IT management has decided to "standardize" the company.

Even if that isn't true, I don't buy the premise that simply adding a device to the network is a security risk.

No. I'm saying that if you had physical access to my wife's iMac you couldn't do anything you wanted to my Dual G5 because it's secure on my network.

I'm sorry this could go on for ever...

Whether the company bought it or not.
Whether they have made the choice to only use PC, so what.
I have fought the long fight to keep using Macs. I'm happy to say I see light at the end of the Tunnel. I know the issue all to well. But thats a whole Other issue.

The OP should not have connected a wifi. Which is the point I am making.

And you right I personally could not hack your mac from the iMac.

But I believe even if your home network can not be hacked due to no services or what ever, Large companies have to allow access across the network and as secure as they maybe, they will not be invincible against attack if the attack is coming from within. Which the wifi allows.

I understand, but the argument that Mac's aren't 100% secure misses the point. Nothing is 100% secure. Especially not the corporate approved and locked down PC. Everything is relative, and I have no doubt that a stock Mac is at least as secure than a locked down PC.

The wireless issue only came about as a way to get around an unreasonable IT department. Maybe it wasn't the best solution, but it was an attempt to get the job done. I would have used the same router, but with the wireless capabilities turned off. ;)