

Hell freezes over: Forrester urges IT to support the Mac - pg
http://tech.fortune.cnn.com/2011/10/27/hell-freezes-over-forrester-urges-it-to-support-the-mac/

======
m0nastic
I find myself agreeing with their recommendation, even though I disagree with
their rationale.

Agreeing to let "HEROES" use Macs in an enterprise (and dear god what a
terrible term, as if us Mac users weren't smug enough) seems to be basically
capitulating to entitlement.

At my last company, when Mac OS X first shipped, I wanted to try it out, so I
bought an iBook (the cheapest entry to the world of Macs, in case I ended up
not liking it). People in my office were horrified, and I was forbidden from
attaching it to our network (lest its cooties infect our other systems).

Over the course of about 6 months, I was eventually allowed to connect it. I
had a coworker who continuously ran a vulnerability scanner against it,
telling me that if it ever found anything, I'd have to remove it from the
network forever (the handful of unpatched Windows boxes on the network weren't
a concern, apparently).

Within a year, there were four or five other Macs in my group. Within two
years, every single person had one.

At my current job, after complaining for two years about how awful my P.O.S.
Dell laptop was I got an email from my boss about a month ago. It said "We're
getting you a new laptop. Do you want a Thinkpad T520 or a Macbook Pro?".

I thought he was messing with me at first, but no, it turns out Macs were now
OK for us to use as testing laptops.

I will say that in 11 years of going on-site to clients to do security
assessments, I have only once encountered a company that had a non-trivial
amount of Macs on their network. Over the years, I'd run into a graphic arts
department here or there that had a few Macs, but in general, they were a
rounding error for the large enterprise clients I deal with.

~~~
famousactress
_...seems to be basically capitulating to entitlement_

Entitlement to use choose your own tools? Gasp.

I think the underlying point the article's taking glancing blows at has plenty
of merit, they just failed to do it bluntly enough. I think there's likely a
high correlation between highly productive employees, and people who could
care less about IT bureaucracy. I don't think it has anything to do with Mac
users.. it's just that Windows users in this position are less affected, and
through this lens.. less visible.

~~~
m0nastic
Entitlement that the rules put in place don't apply to you, because you are
some sort of prima-donna superstar. I find that worrisome. It can bloom into
pretty ugly (and moderately damaging) behavior.

I've worked for clients who have certain divisions which are the super-stars.
I think the better approach is to evaluate why you have all these policies,
and if they are actually doing what you think they're doing.

edit: Rereading this makes it sound like I'm calling the parent a prima-donna,
which isn't what I mean (I'm referring to the people within an enterprise who
decide that because they feel more productive on a Mac, they can just bring
one in from home to do their work and circumvent all of the policies of IT.)

At the risk of forcing a square metaphor into a round analogy, it's really
important in the Army that people follow orders. Even if a small group of them
think they can be totally more productive by doing things their own way.

Enterprises aren't really set up to optimize for increased employee
productivity, they're more likely to be set up to limit decreased
productivity. I think this is one reason that people seem to like working at a
startup, because you get to not have all that dogmatic bureaucracy.

If these HEROES in four or five years now suddenly decide that they'd be even
more productive if they lugged in SGI O2 workstations from home to do their
work, an enterprise has to be able to say "yeah, sorry, you can't do that."

But as to more Macs being deployed in enterprises, I'm all for it. It'd give
me new things to break into.

~~~
famousactress
No worries about it sounding like the prima-donna comment was aimed at me.
I've certainly fallen into the category of people you've applied it to.

At this point I'm sure I'm not remotely fit for The Enterprise, though I've
worked in plenty of them. It's not that I've ever thought that the rules put
in place don't apply to me.. it's that I've placed a higher priority on other
objectives of the company (like getting work done).

IT policy at most corporations I've worked at is completely inarguable. In my
experience it's very difficult to get a reasonable accounting of cost/benefit
when it comes to making almost any change in policy... in part because
productivity benefits like the ones I feel I get from my choice of tools are
hard to measure, and in part because I don't think I've had the experience of
working anyplace where the IT department charged themselves with making other
people's jobs easier/better.

I think job function matters too. Programming is a craft. Good craftspeople
are ridiculously passionate about their tools. If you walk into a nice auto-
mechanic shop, the racks of tools against the wall are owned and paid for by
the mechanics. I imagine that's not the case at the Jiffy-Lube, but you're
we're probably talking about people at a different skill level. Good
craftspeople in any industry end up in a relationship that's closer to
independent contractor, or even peer with the organization they work for.
That's happening in our industry, and I think it makes sense to look at
functions that provide friction for those people, because it will become much
harder to hire them.

~~~
m0nastic
For what it's worth, I totally agree with you. I'm presently trying to
extricate myself from a large enterprise.

I'm not necessarily a gung-ho "startup good/big company bad" kind of person,
but purely from an "asymmetric effectiveness" standpoint, it's easy to see why
people think large enterprises are a relic of last century. In many ways, it
seems like they're designed to just continue treading water until the lake
evaporates, rather than trying to swim to the other side.

~~~
famousactress
Totally. I'm not on one side or the other from an idealogical standpoint.. it
seems like there are some large organizations that do enough good with their
size to make up for the downfalls that come along with it.. I just haven't
been at one of those.

With respect to functions like IT, I'd imagine the department needs to do what
other functions in a large organization do in order to remain effective and
useful... decompose.

It seems like distributing things like risk management, and the security of
assets among parts of the organization effectively gets the organization
closer to looking like a bunch of smaller, more effective organizations who
collaborate... and mitigates risk. The idea of a monolithic IT function in a
giant organization providing more safety than a distributed version of the
same idea seems on it's face a misplaced comfort.

Then again, I'm really not someone who knows enough about what it takes to run
an IT department to be suggesting such a thing.

------
Duff
I work at a large government IT organization. We were way ahead of the curve
on this trend -- we did a POC deployment in late 2008.

There are real issues with Mac vs. Windows in an enterprise for many
categories of user. We found that some Executives and some knowledge workers
LOVED them. All Unix admins and most web-dev types loved them. Why? They
weren't using line of business applications, and either didn't have many
meetings, or had an admin who handled scheduling on their behalf.

We did not end up deploying Macs more widely, but the POC boxes are still in
service. I love my Mac.

Real issues:

1\. Apple is unpredictable with respect to patching. Known, material security
issues may lay dormant for months with no patching. Apple prefers to rollout
lots of fixes at once (ie. instead of a security patch, they roll up to
10.x.y) which often break things. This is a problem if you have to rely on ANY
non-Apple software.

2\. Apple is unpredictable with respect to product lifecycle. Want to roll out
500 iMacs? You had better pray that they don't arbitrarily cancel or (worse)
change your order because they are announcing a new product. When Apple
releases a new product, the old product ceases to exist.

3\. Identity integration is poor. Integration with LDAP/Kerberos or AD is
unreliable and undocumented. Unless you can use tools with a different model
for authentication (ie. Dropbox), simple things like filesharing are
unreliable. 3rd party tools help, but that creates a new problem. (See point
1)

4\. This situation improved when the new MS Office, but Exchange support
sucks. Even with Outlook for Mac, calendar functions suck.

5\. I don't think that Apple takes security seriously. "Viruses" are becoming
increasingly rare, even in the PC world. The types of threats that are out
there are different in many ways. People in the Mac community have a really
bizarre outlook on security.

6\. Apple doesn't give a flying leap about enterprise IT. They know that
Microsoft jumps through hoops to keep Bank CIOs happy, and that keeping those
folks happy comes with a cost (10 year product cycles, IE6, etc). Apple's
ability to tell enterprises to screw off is both an advantage and a
disadvantage. If you're a proponent of large-scale adoption of Macs in an IT
org, you are taking a big professional risk.

Overall, I think that it's great that people are looking at alternate
platforms. But don't pretend that Apple is a silver bullet -- Apple doesn't
love you back, and will make you cry.

~~~
hvs
Very well said. You outlined everything that I've noticed and discussed with
our IT team (who support a large number of Macs). Needless to say, they have
come to despise supporting Macs.

And, yes, Microsoft Outlook for Mac is a horrid POS.

That said, I love Macs but I'm not in IT support and I completely understand
their pain.

------
marze
I've heard in the past one theory for IT departments favoring PCs (besides all
of the pro-PC marketing aimed at them) might be that the Macs are very cheap
to administer and thus don't require much IT support.

I thought this was an interesting response to this news, over at the
AppleInsider forums:

"I work for one of the largest corporations in the world. Surprisingly, they
don't do anything to block access to network services, but they don't
necessarily encourage other platforms either.

I work on a team of 23 people. The company provides Dell or HP laptops running
XP or Vista (Windows 7 is still being 'evaluated'). These laptops would cost a
normal human about $600, but for some reason my company leases them instead.
We pay about $150/month (if memory serves) over the course of a two-year lease
term. You do the math...

Four years ago I paid about $700 for a Mac Mini. I run Office 2011 (and
previously ran 2008 and 2004) for Exchange Server connectivity. I occasionally
use Word and Excel, but generally prefer Pages and Numbers. For presentations
I exclusively use Keynote (PowerPoint is a festering pile of poop). I am a
systems admin who supports applications running on both Unix and Windows 2008
Server machines. For Unix I use iTerm and X11, and for Windows 2008 remote
server administration I use the RDP client that comes with Office.

My computer currently has a monthly ownership cost of (700/48) about $15. One-
tenth that of my laptop. In the past four years I've had exactly zero minutes
of unplanned downtime, while every single one of my 22 peers have had their
machines out for days at a time for reimaging due to OS corruption, most of
them more than once.

The downside is that the $150/month in lease charges covers hardware service.
Still, since over four years the cost of ownership is $7200 vs $700, the
company could replace my Mini six times over four years and still save money,
not taking into account the money saved from productivity.

Executives who don't consider using Macs are simply bad at math."

[http://forums.appleinsider.com/showpost.php?p=1975818&po...](http://forums.appleinsider.com/showpost.php?p=1975818&postcount=44)

~~~
JonWood
> These laptops would cost a normal human about $600, but for some reason my
> company leases them instead.

For some reason the corporate world considers money spent in big blocks to be
a different kind of money to that spent over an extended period of time.
Unless they have a _really_ good interest rate on their bank accounts I have
no idea why, but spending more money in smaller amounts over an extended
period is the holy grail.

~~~
rbanffy
If you buy a computer, it becomes a company asset and, from an accounting PoV,
the money was not "spent". If you lease it (and give it back at the end of the
lease) you only had expenses (and, from accounting's PoV, money spent).

Various factors may make one option preferable to the other. Taxes, executive
bonuses etc.

If part of the yearly bonus is tied to investing less in infrastructure, an
exec may opt for leasing hardware. OTOH, if the bonus is tied to lowering
expenses, the exec may consider buying it.

------
TomOfTTB
I know I (as someone in charge of a campus) and others I know in the same
position are really considering a migration to Mac

The problem with Windows 8 and Metro is Microsoft's upending things to the
point where Windows doesn't resemble its own standard anymore. Windows 8 is as
much a culture shift as the Mac would be.

Beyond that just about every corporate app has gone web based at this point.
Only the oldest code bases are still Windows (and it's so old that it runs
perfectly fine in a virtual box). So there are no apps to keep us on Windows.

So now that the question isn't "should we change" it becomes "which platform
is superior" and I think most would choose the Mac in that comparison. I know
(as the article says) most users feel that way.

As crazy as it seems we might finally be at the end of the Windows era.

------
sbierwagen

      It's quite a turnaround for the voice of Windows in the 
      enterprise. If you're not a Forrester subscriber, you can 
      buy the report for $499 here.
    

_Four hundred and ninety nine US dollars?_

~~~
quink
Their business model is a different one. Instead of giving it away for free,
and going for a million views and thus ad revenue, they're going for a hundred
purchases by Fortune 500 companies. It's the reason there are books out there
that cost $4000.

~~~
gaius
No, they're going for corporate subscriptions (in which case everyone in the
company gets access to everything they write), but if you _really, really_
want to read it, you're welcome to pay a punitive fine for not subscribing.

------
lunchbox
One of the two main cited reasons people prefer Macs was this:

> _Many of today's corporate PCs are saddled with management, backup, and
> security agents that can bog down a PC. Employees want their PCs to boot in
> 10 seconds, not 10 minutes...They're drawn to uncluttered Macs..._

I don't see how this shows superiority of Mac over PC; presumably if the Mac
were running this software it would have these problems too.

~~~
Samuel_Michon
The difference: when you use a Mac, you don't need that software.

\- You don't need to run third party antivirus or antispyware software on the
client, only on your mail server (to protect Windows users if you forward
Windows executables). OS X has built-in malware protection.

\- You don't need third party management software, you can use
NetInstall/NetBoot or ARD.

\- Using NetBoot also solves the backup problem on the client, even though OS
X does have built-in backup and recovery solutions built-in (Time Machine,
Versions).

In other words, there are no add-on services needed that would bog down the
system.

~~~
fname
I'm also pretty sure that once MacOS starts becoming prevalent in the
enterprise, they'll eventually need antivirus, back up agents, and some sort
of management agent as well.

How would an IT organization manage the settings on the OS without some sort
of management agent?

~~~
tomkarlo
At what point are we going to get over the concept that Macs don't have virus
issues because there's not popular enough yet? I feel like I've been hearing
that chestnut for a decade now.

There are already IT management tools for Macs. I've worked at two large
companies in a row (25k+ employees) where a large percentage of the company
was using Macs (~30% or more) and they both had established management
solutions that didn't bork the user experience on Macs. I'm typing this on a
managed Macbook Air right now.

As for backups, those agents exist but they're rapidly growing less relevant
as the majority of documents and work are either web-based or on servers
anyway. If I somehow lost this computer, I'd be bummed to have to do some
preferences setup again, but I wouldn't lose any work.

~~~
WayneDB
Why are Banks known for getting robbed more often than Bakeries? That's where
the money is.

The reason you've been hearing about Mac popularity with regards to viruses is
because it's true, despite the fact that you'd like to think otherwise.

The fact is that Mac market share is still only around ~15% in the US and much
less than that worldwide. That is about triple the market share that they had
ten years ago.

Also - Ever heard of Pwn2Own? The Mac has fallen first every year.

~~~
Samuel_Michon
_"Why are Banks known for getting robbed more often than Bakeries?"_

Because of Hollywood movies? It isn't actually true.

Of all robberies in the US, only 2.1% targets a bank. Shops (including
bakeries) are targeted far more often, 14.3% of the time. Gas stations are
robbed more often than banks, and convenience stores are even 2.5 times more
likely to get robbed. [1]

The number of bank robberies is on the rise, but that's not because "that's
where the money is". It's because the number of bank branches has grown
rapidly, banks have standardized floor plans, and banks have procedures to
deal with robbers (= just give them the money). [2]

To further break down some bank robbery myths: nearly 80 percent of bank
robberies are committed by one person. 70 percent of bank robbers are unarmed
offenders who do not use or even threaten violence. About 60 percent of bank
robbers do not bother with disguises; only 7 percent of robbers in Florida
did. And finally, more than 80 percent of arrested bank robbers have no prior
convictions for bank crime.

[1]
[http://www2.fbi.gov/ucr/05cius/offenses/violent_crime/robber...](http://www2.fbi.gov/ucr/05cius/offenses/violent_crime/robbery.html)

[2] <http://www.popcenter.org/problems/robbery_banks/2>

~~~
WayneDB
It may not be true anymore, but that doesn't mean that Hollywood made
everything up about that! Ever heard of Jesse James? The point is...thieves go
where the money is.

Okay, so fine you don't like my analogy. Let's fix it for you then: If you
found a large oasis in the middle of a desert, would you pass it by in order
to find a smaller one?

~~~
Samuel_Michon
_"thieves go where the money is."_

I'm sure robbers do risk assessment. If a bakery has half the cash a bank has
but no security and a better escape route, they will much rather rob a bakery.

 _"If you found a large oasis in the middle of a desert, would you pass it by
in order to find a smaller one?"_

Alright, let's use that analogy. Which is the large oasis, Mac or Windows?

Windows has a larger installed base. However, most Windows computers have
virus protection and Microsoft puts a lot of effort into improving security.

Mac OS X has a smaller installed base, but practically no one bothers with
virus protection and security doesn't seem to be Apple's number one priority.

That's why I think Mac OS X is a lot more interesting to cyber criminals, it's
an enormous oasis. And yet, there haven't been any attacks of scale -- if
there had been, it would be front page news. Perhaps OS X is safer than you
want to admit?

~~~
WayneDB
No, it's not safer than I'd like to admit just because you don't agree with my
analogy. I am relying on empirical evidence, thank you very much.

Are you one of those people who thinks that the Mac has fallen first at
Pwn2Own because it's a "nicer" computer that all the hackers want? Because
that's not the case at all. It's been shown a number of times that OS X can be
rooted more easily than Windows.

So, no I don't think it's "safer" because of anything technical either. Even
if it were though, that wouldn't matter. Windows is safe, yet it can be hacked
much like any OS.

The only remaining possibility must be true: Hackers don't pay little
attention to OS X because too few targets are using them to make it worth the
effort.

Windows is the larger oasis (quite obviously to the non-obstinate reader).
This is because even with virus protection, you can't protect users from
themselves and more users means more chances to try. If a malprogrammer can
get you to run a binary, you're done. If OS X were the more popular OS and it
were being run by almost every business in the world that utilize computers,
then I have zero doubt that it would have the same problem as Windows in that
regard.

I don't think that it will ever be a problem though for Apple since I doubt OS
X could ever reach the same market penetration within the highly hacker-
targeted business and enterprise market. So, people can go on believing what
they want I guess.

~~~
Samuel_Michon
Wow, so much to respond to...

I'll limit it to what I think is the core of your message:

Why would cyber criminals be more interested in breaking into some empty
business desktop, if they can break into a personal desktop filled with
personal information like credit card numbers and iTunes/Paypal/Bank logins?

~~~
WayneDB
Why don't you just tell me why you think the Mac is safer despite empirical
evidence the says otherwise?

That'd probably be quicker than me trying to explain to you why the Mac is
worthless target. (Actually a no explanation is typically needed for that
since the market share numbers don't lie. I just think you're being extremely
obstinate at this point, so there's no way you'll see that. You might as well
attempt to prove _your_ point to me since there's obviously no way you'll
accept _my_ point.)

~~~
Samuel_Michon
_"Why don't you just tell me why you think the Mac is safer"_

I'll let Pwn2Own winner Charlie Miller answer that for me:

 _"I'd say that Macs are less secure [...] but are more safe because there
simply isn't much malware out there. For now, I'd still recommend Macs for
typical users as the odds of something targeting them are so low that they
might go years without seeing any malware, even though if an attacker cared to
target them it would be easier for them."_

[http://www.tomshardware.com/reviews/pwn2own-mac-
hack,2254-6....](http://www.tomshardware.com/reviews/pwn2own-mac-
hack,2254-6.html)

~~~
WayneDB
Thanks for proving my point. It's not _technically_ safer. It's security by
obscurity.

~~~
Samuel_Michon
A 58 million Mac installed base, more than 250 million iOS devices sold, and
you're still arguing obscurity? That's commitment.

[http://techcrunch.com/2011/10/04/250-million-ios-devices-
sol...](http://techcrunch.com/2011/10/04/250-million-ios-devices-sold/)

~~~
WayneDB
Oh please. Compared to over a billion PCs worldwide? If you are going to build
a bot-net, would you really target the Mac? Gimme a break dude.

Considering the vast difference between Windows and OS X APIs; it's quite
clear why mal-programmers don't waste their time with OS X. You would have to
spend MORE than half your time attacking the Mac for less than 10% of your
total attack surface.

The only other argument that has been made in the face of this fact is from
Gruber who said: If Macs have 10% of the market, why don't they have 10% of
the viruses? That's like saying because I am Nth the size of the sun, I should
have Nth the power of the sun. Reality does not work that way. Everything does
not have to be proportional and in this case it's crystal clear why it is not
proportional.

Would you please kindly concede this point now?

~~~
Samuel_Michon
So by that logic, as long as the Mac market share isn't as high as Windows
market share, the Mac platform will always be safer.

~~~
WayneDB
Yes. Superficial, non-technical safety via obscurity which lasts forever since
OS X will never break 10% worldwide usage market share.

iOS might be another story, but smartphone and tablet usage in general is
still dwarfed by Windows usage. Despite that, within the realm of smartphones
there have been more iOS threats than there have been threats for Windows
Phone 7. Shocker? Nope. It's based on popularity.

Interestingly enough, this year's Pwn2Own left the Android and Windows Phone 7
devices undefeated while the iPhone was one of the first to fall. -
[http://www.wired.com/gadgetlab/2011/03/hacking-android-
windo...](http://www.wired.com/gadgetlab/2011/03/hacking-android-windows-
phone/)

Take from that what you will. Ciao.

------
duncans
> The voice of Windows in the enterprise discovers that Mac users are more
> productive

Because the standard-issue corporate Windows laptops are locked down, running
Windows XP with IE6.

------
thaumaturgy
I'm not sure what their 6 recommendations were for preparing for the
transition, and I'm unwilling to pay $499 to find out, but I hope one of them
deals with the horrible pain in the ass that is Windows File Sharing.

Macs _really_ do not like Windows shares, whether in an AD context or a
workgroup context. While some seem to work without any trouble, others have
frequent issues with logging in, with browsing, with refreshing, with
permissions. It's very frustrating for the users, and frustrating for those in
IT support positions who are faced with annoyed users on one side and
inscrutable black box magic on the other.

~~~
Samuel_Michon
My experience has been that Windows doesn't really like Windows shares either.
Ever tried to create a network with a few Windows 2000, Windows XP and Windows
7 computers? I couldn't get it to work. Instead, now those Windows machines
simply access my WebDAV running on Mac Lion Server.

~~~
smithian
You're kidding right? Windows file sharing is trivial to set up.

~~~
Samuel_Michon
Between different versions of Windows? No, it isn't.

~~~
smithian
Well, certainly between anything that owes its heritage to NT it is. I have
win2000, 2003, XP, and 7 all playing very nicely together, and I cannot recall
any issues with setup or maintenance. Compare that with getting a Mac to print
to any printer that wasn't specifically designed with macs in mind... torture.

~~~
Samuel_Michon
Which printer manufacturers don't make drivers for Macs? I don't know of any.
Even really old printers from the pre-OS X era work fine, because of CUPS and
Gutenprint. It's plug and play, the drivers are downloaded automagically.

<http://support.apple.com/kb/ht3669#Gutenprint>

~~~
smithian
The ones that I have had the most "See Note 7"* moments with have been large
multifunction workgroup printers that you would find in any office - of
varying manufacturers. these printers all claim to have mac drivers, and
generally these claims are terrible, terrible lies.

*Note 7: This will not work.

~~~
yardie
Completely agree. One color laser MFC we recently replaced had a scanner that
could only be used over the USB port for Macs but over ethernet for Windows.
The workaround we found was scan to email which tended to be more reliable for
Mac and Windows.

Now we have a new hotrod HP MFC that does everything and supports iOS and
Android. It was also 1/3 the price.

~~~
Samuel_Michon
Em, parent was talking about printing, not scanning...

I have yet to use a printer that OS X Lion can't find a driver for.

~~~
yardie
The parent was talking about the MF part of a MFC printer being nonexistant
for the Mac. Hell any printer with a USB port will work on a Mac. Any $50
printer can do that. But when you spend $200+ on a network MFC most come up
short on the Mac side.

~~~
Samuel_Michon
I was referring to the following:

 _"Compare that with getting a Mac to print to any printer that wasn't
specifically designed with macs in mind... torture."_

Like you said, printing is not a problem in OS X. As for the other functions
of a MFC, I agree: it's hit-and-miss. But that wasn't what OP was complaining
about.

~~~
smithian
Printing is no picnic either, as any cursory browse through
discussions.apple.com, support.apple.com, or any of the many mac-centered tech
forums will attest. Here's a few examples, by no means exhaustive:

[https://discussions.apple.com/thread/2776655?start=0&tst...](https://discussions.apple.com/thread/2776655?start=0&tstart=0)
[http://ask.metafilter.com/79984/Need-help-printing-to-
work-p...](http://ask.metafilter.com/79984/Need-help-printing-to-work-printer-
from-macbook)
[https://discussions.apple.com/thread/3137602?start=15&ts...](https://discussions.apple.com/thread/3137602?start=15&tstart=0)
[https://discussions.apple.com/thread/3193803?start=0&tst...](https://discussions.apple.com/thread/3193803?start=0&tstart=0)

And any search for "<<printer manufacturer>> mac not working" will produce
scads of results, often taking you to discussions that are dozens of pages
long with people who can't print from their macs to any number of printers.
This is a real problem, not a figment.

~~~
Samuel_Michon
That's proof that there's a lively online Mac community, nothing more.

Guess what? Any search for "<<printer manufacturer>> windows not working" will
also produce scads of results, often taking you to discussions that are dozens
of pages long with people who can't print from their Windows PCs to any number
of printers. The same can be said about most GNU/Linux distributions.

The only support forums where no one complains are those of products that no
one uses.

~~~
smithian
I was responding to this:

> It's plug and play, the drivers are downloaded automagically.

and this:

>Like you said, printing is not a problem in OS X.

This is obviously and clearly not true, but you seemed to need evidence which
I provided. In addition, in my experience the compatibility of macs and
printers is far worse than windows and printers.

------
blehn
My recommendation: Never trust a recommendation from Forrester.

~~~
Natsu
Do they do actual research? I thought they were purely a PR instrument based
on their past recommendations.

------
kokey
I work for one of the biggest corporations in the world, and I can see the
acceptance of Macs creeping in. There is at least active support for using
Macs as terminals for Windows virtual desktops. That said, it's still a long
way to go so it would be nice to see these things speeding up.

The quote "For the same reason they wouldn't wear cheap shoes and a bolo tie
to meet with Lloyd's of London to insure their cargo ships and cranes" gave me
a giggle. Hell is certainly freezing over, because it's now more of a case of
Lloyds of London having to rely on the tax payer in jeans to keep them afloat.

~~~
snorkel
I also worked for a big corp recently where IT would not issue a Mac to anyone
unless they worked in a "creative area". Some of the Intranet tools were
strictly IE-only too, as in changing your user agent to IE didn't help you at
all.

The silly part of the Windows-only IT policy is that it's intended to simplify
IT support when in fact every week IT would broadcast alerts "EMERGENCY:
Everybody must stop what you are doing and run this urgent security update!!!"
That was a weekly ritual. Not to mention "New version of Office! Please
install it!" ... two weeks later "Office update! Please install it" ... and so
on.

So glad to be back in a Mac world.

~~~
smithian
You worked at a company with a dysfunctional IT department. In non-
dysfunctional IT departments, security updates application patches are
installed automatically without user intervention.

------
imroot
I would support OSX more if I could get better support from Apple. I have two
identical MBP's in my office -- and following the same steps, one joins the AD
Domain, and the other one refuses to join the domain. Apple's support?
Clueless, and refers me to the community support -- which doesn't have a
definitive answer or any real help.

------
johngalt
51% allow access to web-based email? 37% allow internet access? 19% native
email?

I've been in IT for 12 years, I've never seen anyone endorse blocking Macs
from any of these. 49% block Macs from _webmail_? Difficult to imagine a
situation where these would be a problem. Maybe super paranoid eavesdropping
management?

~~~
rhplus
I think the key phrase here is "employee owned Macs". They don't say what the
equivalent results are for "employee owned Windows PCs", but I'd bet they're
in the same ballpark. And when they say "owned" they really mean
"administrated", meaning the PC isn't part of the corporate domain and subject
to corporate Group Policy.

~~~
johngalt
Ah so that falls under the umbrella of expectations of IT.

E.G. someone brought a machine from home one day and proceeded to work on it,
then had a failure and lost "business critical" data. Then management chewed
out IT with questions like "How could you allow someone put our data in that
situation!!!", "What could you have done to prevent this!"... Hence IT Policy:
no personal machines in the building.

To anyone else in IT; here's how you avoid that situation, and the resultant
policies. Audit your connections, or have an inventory tool which will let you
know when new MACs (the NIC addresses) are seen. Then follow up with a polite
email to $PersonalDeviceUsers's Boss detailing what you can/can't offer
service wise. So long as everyone understands the situation ahead of time (in
writing), you'll avoid having to write such policies later.

~~~
yardie
And this is why employees hate their IT department. Instead of helping them do
their job better they dictate and put up roadblocks so IT guy has an easier
job.

1\. If business critical data is lost this is your fault because those backups
should have been performed regularly, throughout the day. 2\. Unknown devices
on the network should have automatically been switched to a DMZed network. If
they want it on the corporate network they'll email you and ask how to do it
and probably tell you why as well. People bring in all types of devices not
related to work; cellular hotspots are one example. 3\. Going to the user's
boss is just an asshole move. If they are causing trouble, yes by all accounts
go ahead. But from an outsider it looks petulant.

~~~
johngalt
I think we have a tone mismatch here. For instance if a user brought in a Mac
the email would be something like "Hey, just saw $newdevice connected to
corpLAN. Remember that all company data needs to be saved to a share in order
to be properly backed up. Also here's what you'll need to connect to email
etc..."

1\. Backups are performed regularly on devices I have control over. If someone
stores their info on a personal usb flash drive and loses it what should I do?

2\. So you're advocating an automatic kill of any unknown devices and then
calling me a obstacle? "If they want it to work then they will call me". Does
that sound helpful?

3\. It's not a complaint, just information. The boss is responsible for that
employee and would expect me to know when devices change. If the manager
doesn't approve of personal devices that's between you and him. Most bosses
don't have a problem.

I'm trying to be helpful towards other IT people with methods I've learned to
allow the users to BYOD while still managing expectations. Your response is
"this is why everyone hates you! Because you won't do things the way I think
you should have!"

~~~
yardie
Sorry I might have been mistaken then. I've been both user and admin of the IT
department and the amount of bullshit handwaving that comes from some of them
is infuriating. I honestly believe that 25% get their jobs through nepotism
because there is no way that IE6 should still be a requirement for any PC.

1\. I share the same view. Once it leaves the network you're on your own. I
encourage our users to backup to our servers because storage is cheap and if
they are going to be using it for work might as well.

2\. DMZ doesn't mean killing it just means your unknown device has a
connection to the internet and that is all. Some users just want to bring in
an iPad and aren't looking to get 802.11x certificates, 26-character WPA
passswords, etc.

3\. Unless someone is being a nuissance on the network I try not to get
involved and even then I fire off an email directly to shut them up.

I work for a software company so most users are really computer competent so I
haven't encountered the "problem" user that most IT workers love to make fun
of.

------
k7d
Most enterprises have a very strong culture of maintaining status quo as
extensively as possible. Especially in IT departments. Even big software
enterprises rely on 5-10 year old infrastructure software (such as Exchange
2003) which was released during the era of Windows domination. It doesn't help
that some of the software is web based because even that is often made for
Internet Explorer only.

Nevertheless Mac's are actually spreading in enterprises. Not from top but
from bottom. Officially unsupported, but with a help of VM software such as
VMWare Fusion there are no problems using legacy stuff.

------
chris_dcosta
The biggest barrier to entry for the Mac in the corporate world is SAP. SAP
GUI and the additional products it runs like the reporting tools (Bex) just
cannot be run on Mac. The SAP GUI only works on Windows and in theory is
supposed to be supported on Mac through Java and HTML equivalents, but in
practice they don't work.

SAP is so ingrained into corporate IT that unless SAP themselves decide to
rewrite everything (unlikely) I can't see PCs being replaced any time soon.

------
rdl
I wonder how much of the advantage of startups vs. BDCs is using Macs as
desktop/laptops, vs. windows. Probably not as much as using Linux vs. Windows
for servers, but still a big advantage.

I'd have a hard time working anywhere which required a windows desktop and
blackberry. I could tolerate it as a consultant if I had a consultancy-
provided iphone/android and mac, with client-provided onsite windows stuff,
but that's about the limit.

------
_pius
Damning.

Upon seeing this, I thought pg had editorialized the "Hell freezes over" bit
of the headline, but no ... that's the actual CNN headline.

------
TorgoGuy
The reality isn't as bad as it sounds here. According to the same source
(Forrester) 32% of personally owned PCs aren't allowed on the networks either
(vs 41% for Macs).

So an only 9% difference seems pretty reasonable. It may not be what we want,
but given limited company IT resources, it's almost surprising the delta is
that low.

------
saturdaysaint
I'd kill to have Mission Control, Spotlight and Quicksilver at work. I haven't
found great Windows equivalents.

------
rplst8
Uh, hey Forrester, the real "HEROs" are the ones that take a couple of hours
on their own time to streamline a bloated Windows install rather than wasting
company resources to get a Mac working in a primarily Microsoft based
infrastructure.

~~~
mkopinsky
In The Enterprise, there's often no way of streamlining your own install.
Users often a) don't have the administrative access necessary to remove the
bloatware, and b) wouldn't dare uninstall "critical security applications"
installed by IT. Sometimes the only way to escape the protocols is to put
yourself in a situation where they can no longer be applied to you.

------
Hitchhiker
Mac Bauer. Power hour. Could'nt help the JB joke. Microsoft has bit of a Fort
Knox within enterprises.

