News Stay informed about the latest enterprise technology news and product updates.

Why desktop admins can't ignore 'user-installed' apps

Desktop administrators used to be able to ignore user-installed apps, but the virtualization requires more formal strategies to properly secure networks.

While people disagree about many aspects of desktop virtualization, one thing is universally accepted: Desktop virtualization will require us all to "formalize" our desktop strategies.

In the past, we've been able to image a new box, drop some apps on it and let the user run wild. Sure, we patch it and make sure it's not infested with viruses, but most of us are in the dark when it comes to what's actually happening on our desktops.

For years, that's been fine. However, now that we're virtualizing (ergo, "formalizing") our desktops, we can't be in the dark anymore, because anything users do will be on our servers instead of their desktops – and that's not good.

So, how do we address this? Simple! We lock down the desktops.

When I say "lock down," I don't mean we restrict everything. Instead, we use things like roaming profiles and workspace management tools to let users configure their own themes, wallpapers, etc. But we don't allow our users to install their own applications!

The main reason we don't allow users to install apps is that we're not sure how user-installed apps might break everything. While one could argue this has always been the case, in the old days, a crazy user-installed app would screw up only the desktop of the user who installed it. Now such an app could break everything for everybody.

At this point, some readers are probably thinking, "Sure, but who cares if we don't let users install their own apps? I don't want my users running TweetDeck and iTunes anyway."

Fair enough, but in today's world, "user-installed apps" aren't always "personal nonwork-related apps."

Think about your IT environment. I'm sure your company or you support a certain number of apps, and I'm sure we have a lot more apps installed on our laptops than what our organizations officially support. In your case, it's probably things like network sniffers, FTP clients and custom search plug-ins for

Therefore, if you need nonsupported apps to do your job, there's a good chance that at least some of your users legitimately need such apps to do their jobs.

Now that we're moving to virtual desktops, we're being forced to address this security issue, which we've been ignoring for the past decade.

Which route do you take?

  1. If a user needs an application for work purposes, then IT needs to know about it so they can test and support it.

  3. We recognize we will always be behind the curve with respect to what apps users need, so instead of creating more work for ourselves, we build a system where users can safely install their own apps.

Can you guess which option I'm voting for?

So there you have it. User-installed apps can't be ignored anymore.

Take some time this week to think about what that could mean for your environment. In next week's column, I'll discuss how we can actually support these things in a virtual desktop environment -- and how it'll be even easier than supporting them today!

Brian Madden, Independent Industry Analyst and Blogger
Brian Madden is known throughout the world as an opinionated, supertechnical, fiercely independent desktop virtualization expert. He has written several books and over 1,000 articles about desktop and application virtualization. Madden's blog,, receives millions of visitors per year and is a leading source for conversation, debate and discourse about the application and desktop virtualization industry. He is also the creator of BriForum, the premier independent application delivery technical conference.

Dig Deeper on Virtual desktop management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.