FUIT: Take control of your corporate PC--reformat it!

The situation: Dennis is set to receive a new laptop, and when he walks by the IT guy's cubicle he can see it sitting there, taunting him.


I'll grant you that this FUIT concept is taking the assumptions of the end users to a new level, but bear with me. My motto is "it only takes one," and by that I mean that it only takes one person who knows what they're doing to give everyone the ability to FUIT (is it a verb now? I'm making it one).

The situation:

Dennis is set to receive a new laptop, and when he walks by the IT guy's cubicle he can see it sitting there, taunting him. 

"You have to wait," say The Powers, "because we have to join it to the domain and install apps."

To Dennis, this is unnecessary. The ONLY reason he's in the office is to pick up his new laptop, otherwise he's never there, never on the network, and never needs to have his machine joined to the domain. He may not know that, but he does know that he doesn't use most of the apps that are installed as part of the standard laptop image, and that fingerprint authentication BS that The Powers make him use means his wife can't just pick up his laptop and use it to look up something.

Even though Dennis is on his own most of the time, he doesn't have all the rights he needs on the laptop to do the things that he needs to do to be self sufficient out in the field. The Powers own his PC, of course, and they've locked him out of many features that he would find useful as a member of the new, enlightened workforce. He can't access the command prompt, he'd like to edit the registry because he knows he can delete half of the things that are configured to start up automatically that he doesn't use.

During downtime, he'd like to be able to screw around on the laptop, but controls put in place by The Powers have negated all but solitaire, and that only works when he's online because The Powers stripped out all the games from the master image.

Requests he makes fall on deaf ears or are met with some official excuse from The Powers, such as:

"In compliance with the mandated corporate policy enacted by The Powers in 2008 as part of our regulatory duty, it is against the corporate policy to install personal applications of any kind or to make any changes to your system that have not been sanctioned by The Powers."


What that official excuse really means, at least to Dennis, is:

"We, The Powers, believe that you do not know what it takes to do your job as well as your managers, the IT department, and the other members of The Powers do."

Dennis, valuing both his job and his sanity, decides to take matters into his own hands by simply reformatting his laptop. He has a copy of Windows and Office from his home computer, and since most of the apps he uses are browser-based anyway, he won't be missing much, if anything from his corporate image. Installing Windows and Office are easy, and Google can answer almost any question he has.

Sure, there's risk involved breaking apps or getting in too deep, but Dennis is pissed off by now, so what the hell? If he fails, he just says his computer stopped working. He gets a new one from IT, and the cycle repeats. He could even crack open the case and put in a new hard drive so that he could fall back to the old one. The bottom line is that nothing IT does can physically stop him from doing it.

The Powers Should…

The Powers in any organization are pretty helpless to prevent this, actually. They rely on the fact that the users view this as complex process, but it's not exactly difficult to install anything anymore. Hell, I'd bet if I sat my 3 year old son down in front of a computer, put in the Windows 7 disc, showed him a picture of the Next button, and waited an hour, he'd have Windows 7 installed just by clicking the buttons (if I could capture his attention for that long). 

The other way The Powers try to prevent this is by incorporating it into a policy, which serves as a deterrent, if the user even knows the policy.

In this case The Powers should be more receptive to what the users are trying to do while also educating the users as to why things are done the way they are. If one user figures out how to reformat their laptop and get the apps to work (RoH for Outlook, for example, but that's another FUIT article), he or she can tell the other users.


Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

One way that companies could stop this would be to use the Intel chips with the trusted boot thing.. Though I don't know how difficult that is to configure or which laptops support it.

For me I guess this is another reason to deploy critical apps via the datacenter on terminal server or something, and then just ignore the rest--if they reformat, so be it?


Or you can just inform the users that if they do that and manage to get crapware on the corporate network as a result, it's on them. So if it costs the corporation a couple of million to fix, they'll just bill that to the saboteur. I mean, worker.

For every knowledgeable Dennis you find a total moron who thinks he knows how to run a computer and he's probably just capable enough to break things. I don't know how long you've been out of the trenches, but the ratio of knowledgable people to what appears to be genetic experiments crossing chimps with livestock is very low.

I can see the allure of consumerization, but there's consumerization and consumerization. An iPad is inherently locked down and under corporate control - it's just not the same corporation, it's Apple in this case. I would have no major compunctions about iPads on the local net, for instance, because there have been no real malware published on those yet. When the majority of computers are built in similar fashion and are far less prone to malware and such, there will be no problem with this.

But some yahoo's laptop PC that hasn't had a virus blocker running on it since -04 and has been used to surf for porn every night since? Yeah.. no, thanks.

Consumerization cannot mean total anarchy to do anything you want with corporate equipment, at least as long as the IT staff is going to be held responsible for any consequences. Responsibility without authority is just not acceptable, in my view, and the laptop issued to Dennis is a work tool, it's not supposed to be used by his wife to surf for porn. Or clothes shop, whichever takes her fancy. If Dennis wants to do that, he can bloody well buy his own computer to use for that and keep it off the corporate network - or else be held responsible for any business disruption his bad habits cause.


I understand why people are skeptical of this, but these things that we post are real things that are actually happening that we've either gathered from our own experiences or have heard from the people that we have conversations with.

IT has spent the last 20 years knowing that it was on the high side of the knowledge gap between them and the users, but that gap is narrowing. I'm not saying all the users in every org are doing this...just that they can, and an increasing number of them know they can. All it takes is one person, and then the rest know, too.

And, if this doesn't work, they'll find another way.


Are the employees supposed to be doing their job or running their own departmental IT? I don't understand who you are trying to appeal to with this site. The guys like Dennis or IT professionals? If it is IT professionals this is a major fail. How can you treat IT professionals as Mordac the Preventer, as if they are so stupid and think we'll be interested? Really "if he fails, he just says his computer stopped working. He gets a new one from IT . . ."??? As if most IT people wouldn't know Dennis screwed up his laptop?

I used to read Brian's site I could learn so much. Now, not so much. With the swearing and the general "snarkiness" in most articles it reminds of the old Operator from Hell series from '90s. The difference is BOFH was funny.


To test this I am going to try it w/ my 11 year old. I am going to hand here a Windows 7 CD and her laptop that needs to be rebuilt...

Will test today/tomorrow and report back.


I would love to know :) You can just click through the product key screen, right? I think you have to type a name, too, so maybe it's beyond my son at this point. Your daughter should pull it off no problem, though!


This trend has started, it's mainly people who work in I.T. but dont deploy the laptops that are regaining control (Installing own OS's or getting PC removed from domain). But it is a reality that the next generation will produce a middle finger to the power hungry I.T. guy who shares a name with a yellow cartoon character.

This site tells it like it is and lays a smack down that like it or not things will change.


Thanks for sharing your thoughts @Frost and @Homer on this. Since ConsumerizeIT is only two weeks old, we're definitely still trying to figure out exactly what we write about.

The FUIT series idea actually came from a similar idea I had about ten years ago in the Terminal Server / Citrix MetaFrame space. At the time a lot of people were using MetaFrame to publish seamless applications, and in doing so they (incorrectly) assumed that they didn't have to lock down the desktop since the user couldn't get to the desktop.

My position was that they still had to lock down the desktop because some users at some point will land there (whether purposeful or not), and having a wide-open desktop would be a risk. So I wanted to create a single big list of techniques that users could do to end up on a desktop from a published app. (For example, launch task manager, new task, explorer. Or if task manager is blocked, go to Word, help, system info, launch ms help, new process, explorer. Or if that's blocked, run explorer.exe from your home drive. Etc, etc…

So that's the idea with the FUIT series. If I'm ever in a situation where people think it's not a risk, I want to point them to a single series of articles that shows the different ways that users can do whatever they want. But they are targeted at educating IT Pros, not the end users.

As for other stuff on this site, we're open to suggestions. I met with both Good Technologies and OpenPeak this past week--I'll get a rundown of each posted next week. And we're still trying to get all the consumerization issues on the table too. But seriously, if you have ideas, we want to hear them. At this point I don't even think we know what we don't know! But we intend to find out.


It's almost pointless to even care that "Dennis" could do this.  If his laptop's not on the domain he doesn't have access to hardly anything on the corporate network.  At some point he's going to have to ask IT a question about why his laptop doesn't let him do something that everyone else can.

At that point this incident becomes a small HR/IT crapstorm, and at the very least his laptop gets re-imaged to corporate standard, and he possibly gets some kind of negative at his next review.  If something like this were to happen multiple times with someone in a regulated industry, they should be fired.

Most of the things that were listed as reasons why Dennis would want to do this are laughable in one way or another.  His wife shouldn't be able to get on his corp laptop.  There's almost no legitimate reason that a non-IT worker would need to be at the command-line or poking in regedit.  If there were some highly-technical users who needed that (engineers?), they'd probably have local-admin rights on their device, and could do it.

Not that IT depts don't sometimes do dumb things on their master images (and I feel bad for the users when it happens), but that doesn't give any legitimate justification for doing anything like this.

I'm not that worried about stopping a corner-case like this with tech, because it's more of an HR problem.

Or just replace all devices with thin clients connecting to terminal services / VDI instances.  HEW HEW, take that! </Snark>


I'm actually for a fairly laissez faire approach to IT, locking stuff down too much will definitely make the knowledgeable workers chafe. But as long as you do your best to get everything working and keep the restrictions as minimal as possible then you can usually sell the notion that the corporate IT equipment is a work tool that is used for work.

Now, that gets much more challenging in a very IT savvy shop - say if you'd be working in the IT dept of a company where using and/or programming computers were involved and where all the employees were geeks of some kind or another. In that situation, consumerization might stand a chance since you'd basically have a company full of IT pros who actually are knowledgeable. That hasn't been my experience in any "regular" workplace, most people don't care how things work or how polished it all is as long as they can do their actual jobs - and only some are even issued laptops, laptops are for people who legitimately work on the run, and that leaves just management and sales. The rest can do fine with desktops.

Smartphones and pads on the corporate Wifi may be an issue, but even there any slightly sanely designed corporate wifi is subdivided into multiple separate SSID:s and the public one is walled off from the sensitive stuff, so let people surf. Or, if they want to bring their own computers and put those on the public net, by all means, just keep it off the domain network and things are good.


Good work guys on this blog. FUIT is real and we see it every day in some form or other. We need to stop protecting the network and start protecting the information. We in IT forget that it is about Information. The business only cares about productivity and information, security should be an enabler and not Mordac the Preventer.


Consumerization of IT? meh, it's the democratization of the users that you are seeing.  My mother reimaged her own machine by "Googling" it, so if she can do it, anyone can do it.  It's power to the people these days and this trend is only going to continue.  IT pros that don't recognize this and still demand to maintain dictator-like control will only perpetuate the issue.  Find a way to limit the access of untrusted devices whether they are truly consumer devices (iPad, Android tablets, etc.) or devices that the "Dennis'" of the world have created.


1- He has a copy of Windows XP or 7 hes paid for?

2- He had a copy of Office with key?

3- He can connect to his office via VPN now not insalled on his computer and only connects with specific MAC or Rules?

4- He has no Contact management system or letterhead or macros that are updating?

5- He has No no remote management software on his desktop for support?

Why not just give the scenario that he bought an identical laptop to his works?!

Many DO this and remote in via citrix or remote office, - that is NOT an issue for those companies that provide that feature.

Thats not a FUIT, thats a FUU ( FUUser). They simply should have asked IT for that ability, - usually IT provides this. Instead now he has to try and explain why he cant connect to the coroporate network or hasnt received the latest update for the system that connects to the database that the company uses from his laptop.

The FUIT never really works because you give examples of people who dont really have a real IT department. And none is really needed if there are no server/collaborative apps required.

But - in saying that, yes IT is starting to play with this like XenClient  ( ok - I am) - so see if there can be 2 sandboxes : The companies, and the users. Let them use itunres on their own image - we dont care. :-)


Success! Way to go, Ron's daughter:

(From twitter)

@GabeKnuth Yes!. sorry, with the Bears loss I forgot. She did it during the game, Though she fat fingered the lic key 3x. Time 1:45



No offense because I'm a big fan of both you guys, but this website is pretty corny.  You're assume that today's workforce is made up of Brian's and Gabe's and the readers of this site.  The fact is, the majority of users know enough to be dangerous and that includes this new college grad workforce that think because they can work a Mac and download apps from iTunes, think they know how IT works.  The workforce isn't made up of techtarget.com employees that have experience in IT.  Go find the smartest person in HR and see if they can download and install the Citrix Receiver.  By our standards its a simple process, I bet it takes 20 minutes for the HR user to even find the download and they end up downloading the Linux version by mistake the first time.