I think we've all been there, your IT Support/ Infrastructure team inflict some meaningless, very frustrating, poorly explained "policy" on you and your team that irks you every time you are affected.

My current fairly trivial issues are that the IT department have reverted to the old school Start Menu. I really didn't realise how much I used the new one until they took it away.

They have also reverted to the old school Windows 2000 grey look which is quite frankly just ugly! To add to that they have also imposed a rather unnecessarily short Screen Saver time of 5 minutes, very annoying if you're flicking between remote desktop sessions!

Non trivial, they are completely unwilling to enter into a debate about using non-company laptops over our VPN.

Anyway, I'm sure you've all had more frustrating issues than me...have you?


Not having administrative access to my own machine.


Once upon a time, I was working as a data entry clerk. In order to do my job well, I set the refresh rate at 75 hertz and the resolution up to 1024/768 (a huge improvement over the 640/480 everyone else was using). The refresh rate allowed me to work for hours in comfort, and the resolution allowed me to do data entry without jockying a scollbar - needless to say, I was one of the best.

Other data entry clerks observed my success and the way in which I used the technology to achieve it. They started to fiddle with their screen settings. This was back when adjusting screen settings beyond the capabilities of the machine could leave you in a blackscreen "lockout".

I can understand IT's frustration that data entry clerks were "breaking" their machines. What I cannot understand is why they came to my machine (which never had a problem), and locked me in to 60 hertz and 640/480 resolution. I worked through the afternoon on these settings.

By the end of the day, I could see the flashing screen when I closed my eyes. I told my boss that I would not come in the next day and I went home and covered my face with a wash cloth. The flashing persisted for two hours.


I once had corporate IT block Facebook while I was developing a Facebook application for the company.


No Internet access.

(I feel I have to specify that this was at a previous job, not on my current one - which is why this is not posted from my Blackberry ;-)


I like to listen to music while I code. It helps me concentrate.

Management stated one day that headphones were now banned as they're a "barrier to communication".

I complained to my manager, saying I found it hard to concentrate when I have to listen to the sales guys shouting on their phones.

My manager suggested I used earplugs to block out the background noise. I pointed out that they would also be a "barrier to communication".

He said he'd be happy for me to use earplugs, but not for me to use earphones.

I'm glad I don't work there any more.


I've been at a couple of banks who don't allow physical access to your PC. This means that if it blue screens you have to call the help desk to reboot it for you. This is bad enough but to add insult to injury the phone directory is online.

Bonus answer: the last place that had this policy also didn't allow FTP access. My job was to install my companies software. I couldn't bring in a CD (see above) and I couldn't download from our support site. They paid me to sit and twiddle my thumbs for two days while their IT department tried to reconfigure their firewall.


Disabling the right mouse button! Honestly.

This was a very large car company with about 20 people in IT support.

However, they didn't disable the context menu key. So getting to menus was still possible but a pain in the ass.

I hope they feel satisfied knowing that the "huge security whole" (their words) created by the right button has finally been solved...


Lotus Notes


Each individual restriction put on me didn't seem too bad, but all the restrictions put together really annoyed me.

  • Internet Explorer 7 (I prefer Firefox) was configured to not allow tabs.
  • The taskbar could not be right-clicked.
  • I could not view C:\
  • They had installed some Internet filtration software
  • 800x600 monitors
  • Flash drives could not be used (less of a restriction and more of a bug, but there was never an attempt to solve this bug).

It still brings a chill down my spine.


No admin access to my machine. I have full access to millions of credit card numbers, private customer information, a keystroke could shut down our multi-million dollar company and they are worried about me turning off the screen saver.

Maybe the biggest WTF is I'm the primary 'go to' person for the network admin team when problems creep up they cannot fix (which they give me 'temporary' admin access to fix the problem).


Couldn't browse hacking/flashgames/community sites. And these are subjects we had use of in our work.

Developers went crazy over this and we got the useless Websense software removed.


Overly aggressive anti-virus scanning.

Not only did they scan all DLLs & JARs (sqldeveloper took about 3 minutes to start up) but they also scanned vhd's (virtual hard drives) which was really stupid because the corp. requirement was to also have the anti-virus install in the VM to start with.


There was a company that tried its best to kill developer productivity by:

  • No VPN except from company laptops, but they are hard to get.
  • Otherwise, remote access only through Citrix Metaframe.
  • But Citrix copy-paste breaks sometime after 20 or 30 pastes and refuses to work again for the rest of the day.
  • Citrix logs you out after a few minutes and you have to go through two logons to get back on.
  • Citrix doesn't understand dual displays, it won't let you use the second one.
  • Access to servers has to be done through Remote Desktop running from Citrix, but the servers' screen saver is set to lock up after a few minutes also.
  • Servers kill all remote desktop sessions sometime during the night so you can't leave anything running overnight.
  • Forced to change passwords regularly even if your password is strong.
  • Developer desktops don't have CD/DVD drives.

They put up a proxy that blocks all streaming video.

I am managing an offshore team and much of our communication is with recording quick screencasts using Jing and uploading to screencast.com

The results: I can record and post my screencast, but I can't view what I just recorded.


The randomness of sites blocked. Way back when I tried to download an FAQ on writing VXD's and the site was blocked for sexual content. Recently I wanted to get an update for a Hex editor and was blocked for hacking.

The rules that are applied to e-mail. I had to research why some e-mail wasn't received at our site and I found out that a research article on how radiation affects the human body (I work at a nuclear power plant) was blocked because it contained the word "breast" too many times.

I have to use VPN to work from offsite but they don't allow printing to a local network printer, so I can't print when I'm connected (split tunneling would allow that to work).

  1. We can only print in Black and White, not colour.
  2. The Company provided screensaver does not work just throws an error everytime it runs

The only web sites we have access to are:

  • Intercountry company website
  • Whereis.com yellowpages.com
  • rta.nsw.gov.au
  • jobs.nsw.gov.au
  • bom.gov.au

    So we can look up people's business'/personal address/number, find the way to places, check the traffic and find a government job?

    Strange how we can look on the government job search site at a non-government job

  • 5

    What about your sysadm removing write permission to /tmp ???


    No admin access! I have to use my VMware machine for everything!

    Cant download any exe, dll or scripts :(

    Cant use Twitter

    No video streaming


    Dumb firewall rule that only allowed HTTP to destination port 80, so any server running HTTP on a non-standard port (e.g. PGP key servers) would be dropped.


    At my Scottish secondary school:

    • Being forced to use IE6.
    • Not letting you use the Address Bar in IE or Windows Explorer!
    • Forcing every folder in Explorer to open in a new window
    • Half-trying to organise the Start Menu, but failing completely
    • Being restricted to Visua Basic 6 Learning Edition for programming. Even in Standard Grade/Higher Computing.

    A second monitor for a developer is "too expensive". Even for a year long project where productivity is critical.


    Over agressive firewall virus scanning software that rewrote Java jar files on the fly as they were downloaded with constant "Are you sure you want to do that?" dialogs. Kinda makes sense for browser Java applet security, but is a huge pain when applied to everything downloaded by maven on the continuous integration server, which is used to build the web site deployable artifacts.

    Constantly getting callouts from IT ops because some web server process hung in the middle of the night because no one was there to click the "OK continue" dialog button to allow some thread to continue whenever it tried to access the file system or access a system environment property


    Let's see...

    • Disabled Run.
    • Disabled usage of address bar in Explorer to access local folders/files.
    • Disabled cmd. Used command.com for a while before I did some Googling and found that cmd could be fixed by changing the registry entry that the executable looks at.
    • Disabled ability to change file type properties (eg. what to open them with). Could be worked around by setting default action using right click + Open With.
    • C drive invisible from My Computer. Took me less than a second to figure out a workaround, but four years have not been sufficient for me to figure out how anyone thought this would be a good idea.
    • Memory hoarding anti-virus program that's seemingly installed everywhere. On the ancient machine that I had until a couple of months ago, it ran from 9-6 every day and caused such lovely effects as 5 second lag on Start Menu, 10 second lag on opening Windows Explorer and refresh times from 10 to 40 seconds for windows that I hadn't accessed for a while. These are no longer problems for me now that I have a better machine. The other issue with anti-virus is that every so often, it gets set to kick off in the middle of the night when our batches are running. We had a failure earlier this week because the anti-virus locked some files that were supposed to be written to by our batch jobs.

    Restricting remote access to company network for developers - in case you wanted to work from home.

    I'm not talking about not being able to connect to work remotely from home (what would you otherwise do at home, watch tv?). I'm talking about making it as difficult as possible.

    • company had strict policy on what can be running on the box that you use for remote access company PC (from home -> work PC -> development server so it's not home -> dev server). They required to 'sanitize' the box that you want to use from home, meaning that you had to bring it to work, let sys admins clean it up, install all kind of antiviruses and so on ... most ppl I know just got another hard drive for they laptops so they swap them in when they wanted to connect to work

    • using third party tools for remote access that don't run on anything else but Windows with IE ... most of us don't own Windows OS at home, mostly Macs/Linux so would you run to pay for Windows OS to have it installed on your Mac/Linux box to be able to remotely connect to work ... nah thanks


    Disabling the USB ports. We had to revert back to floppy disks and CDs.


    10 minutes screensaver start, with user unable to change this. To put it mildly, users complained a lot and it was finally changed. Or at the beginning, a default wallpaper was set and users could not possible change it either. IT depts a refull of "interesting" policies these days.

    Oh I forgot forcing mac users to have an anti-virus, just to be able to protect windows PC from themselves.


    I would say blocking access to development Wikis, forums and blogs when tasked with learning something new or you have a development question. Kinda hard to ask the other developers when I am the only one that knows the technology. Thankfully they haven't blocked Stack Overflow... yet.


    Not being allowed to (officially) use Java 1.6 without going through a byzantine internal approval process (and even then not being allowed to use it in production because it's still "under evaluation").


    Once, when I was a student, our sys-admin disabled "ps" command on our unix mainframes because "you can use to spy other users" (his words).


    Considering how I'm still a student, the worst thing the school's IT department did to me was either:
    A) Sticking with a Mac-only system, which was extremely easy for them to lock down (the applications whitelist didn't include Terminal, but they -cough- fortunately -cough- left me with TextEdit) or...
    B) Setting up a firewall that blocked almost everything on Earth. Programming forums and blogs are blocked. Wikimedia is blocked. The bright side is that all ads are blocked. The bad news to the bright side is that each element that's blocked is replaced by a really ugly, generic image.

    To sum it all up, I guess one should never expect to get any real work done in a high school computer environment.


    Filtering traffic from Amazon's S3 service, so every now and then, content would be missing in websites... for example all avatars on Twitter.


    After viruses started creeping in on our client's corporate network, it was decreed that no USB mass storage devices (i.e. flash drives) would be allowed. You can plug a flash drive into the USB port, but it never becomes visible to Windows. And instead of using Group Policy to set this, they used Sophos (yes, it has such an option).

    I'll leave you to consider the implications for the IT contractors (me) who have to transfer code between this client and our head office. And in case you were wondering, any email attachments sent in an archive (even .tar) are silently nuked. So theoretically, the only way to transfer code is to bring along a laptop... which then has to be vetted by the IT department... they then have to make a network point available (since all of them are locked down unless in use) and allow you through the firewall.

    This would have been a problem, except that for some reason the Sophos blocking is flaky... some computers happily accept any flash drive, others refuse all of them, and others allow drives from one manufacturer but not another. It's a WTF of note.


    They gave us new PC's with Windows 2008 Server and set up a group policy to remove all network users except the help desk staff from the local admin group. Every time my PC is rebooted or I log off I have to log in as the local admin and add my network account back into the local admin group. (Yes we have access to the local admin account, making the group policy all the more frustrating)


    Supporting web-based email, but only if we're on the company intranet.


    How about a small private university that determined that any applications developed by the one in-house developer (me) would have no support from the desktop support area because they were not part of the application development process. I had to continue development project and provide all support for applications used by every student in the university.


    They made me use Windows 2000 as my OS, `nuff said :(


    That there was no network communication between my main machine and my test machine. To copy a file from a machine to the other I had to "illegally" bring from home my USB pendrive. The other option, would be to ask to system administrator to write a CD with the file.


    Monthly hard disk usage warnings on linux server home directory.

    In every job as far as I can remember I develop on linux but I get Windows box (because you have to be able to read emails in outlook on windows ...) and I have to log into linux server to code.

    Each of our personal windows boxes has few hundreds of GB of space so if I'm developing on windows nobody cares if I'm using 60GB of space (like my current dev box has 75GB, btw compared to my mac book pro at home with 'only' 120GB because newer mac laptops now come with ~500GB ...).

    For some reason we don't get standalone Linux box, and our disk quota on our home directory is usually around 8-10GB. When I check out code from repository and build with all external libraries it takes approximately 2-4GB of space (especially after compiling). If I have 4+ workspaces and 5+ projects I run out of 10GB quota pretty fast.

    I've been getting hard disk usage warnings once a month for as long as I can remember, telling me that I should delete all unnecessary stuff. This is pretty annoying, how can anyone possibly believe that with 75GB of space on my local windows box I would go to trouble of storing huge amounts of 'private' files on linux server ...

    It never cease to amaze me that I am once a month disturbed to deal with these kind of issues when the price of hard drives is so cheap these days. I'm sure it costs companies more to distract me and question me about disk usage then it would be to buy the cheapest box with decent hard drive, put linux on it and dump it next to my windows box so I can do my work properly.


    We had our own, personal(!) notebooks but were forced into a network domain. Restrictions were simply: Change password every 20 days and a stupid screensaver which you can't turn off. Second is very nice if you want to watch a movie at home on your notebook.

    In addition, loggin in on a differnet location took 2 minutes with your domain account. That was really annoying.


    When we got active directory there were a new set of policies roled out.

    • We had NO Right click ability for a while
    • We were stuck at 1024x768
    • We couldn't write to most of the C drive
    • Mcafee was scanning all the Java .jar files (15 mins to open/run some tools)
    • Most development bloggs and forums blocked
    • Still can't create scheduled tasks (it's just greyed out, no one knows why)
    • Every time you set the home page in IE it reverts back to the default

    It's nice to know we all feel the pain of the IT police. The power of having the admin password!!


    I once (briefly) worked at a company where there was no development environment, and we weren't allowed to create or modify database objects without DBA permission.

    I was being employed as a datawarehouse developer.

    Oh, and they wouldn't allow us to drink coffee at our desks, either.


    How about having to wait for my machine to arrive and be set up on my first day of work? I had one place where I was coming in as a contract-to-hire and I spent 6 hours on my first day waiting for my machine to come to the office and be able to work. Thus the restriction is having to either read books I brought from home or intrude on someone else's work and watch them do whatever it is that they do.


    They use Smartcard which make using a Mac is not an option due to lack of driver. And by the way, they don't support Mac. Sigh :(

    The smartcard is used to connect to the WiFi, to encrypt the emails, to connect to VPN. Basically all things you need to work.


    Installed tracking software, e.g. websense.


    Using a BMC Remedy installation from 2002 as a company-wide development platform (not just Help Desk ticketing, but custom-written ticketing systems for everything from warranty calls to purchasing processes to historical field installation records), and being told that I needed to take over development when the company fired the previous administrator without notifying IT.


    Disabling RUN Command in Windows


    I've recently got my developer machine replaced. Since I forgot to copy a few files from the old one, I just switched it on to the network, having looged off from the new one of course. The old machine overwrote some settings in the domain which now wouldn't let the new machine in.

    I didn't understand the concept what happened but found this organization to be utterly stupid.

    Lost an hour while the admin (which I'm sure responsible for that) was reenabling the new machine.