The decree that the system administrator is relieved of responsibility for unauthorized installation of unlicensed software by the authorities and the court is interpreted against the admin, because such a document confirms the fact that the admin is aware of the possible installation of unlicensed software, which means it is no longer ice. Read more here: habrahabr.ru/company/itarena/blog/118686/

We sit in the domain of an organization to which we treat as a 100% subsidiary, but everyone has administrative rights (software development), therefore, in the Security Council of the parent corporation, they developed a mechanism for taking responsibility, i.e. some documents will soon be handed out for signature, but so far I have not seen them, apparently, they are shaking something.

a) Clean up.
b) Internal order "On increasing the stability of it-subsystems".
c) Notify everyone, it is possible against signature, with constant disclosure in a public place.
d) Do not forget to follow orders and control the situation.
The appointment of specific responsible entails the stupid work of changing names in the event of layoffs-transfers. Enter general provisions in job and internal instructions, without personal binding.

Да, можно, но необходимо указать в этом документе, что конкретно с Вас, с системного администратора снимается ответственность за установленное пользователем ПО, обозначается, что пользователь несёт полную ответственность. Можно указать список программ, за которые несёт ответственность системный администратор.
Подписать этот документ должен каждый пользователь и получить копию документа.
Помимо этого должен быть соответствующий приказ руководителя о таком положении, т.е. самолично, без руководителя подобное мероприятие будет незаконным.
И ещё должны быть внесены по необходимости корректировки в служебные обязанности. У системного администратора необходимо обратить внимание на пункт о мониторинге установленного ПО.
Despite such difficulties, with adequate leadership, such a thing can be organized. A colleague at work, a system administrator, organized this and passed checks.

Many suggest that the user subscribe to the fact that he is responsible for installing other programs on the working computer. Will the user agree to this? I got a job, they gave me a computer, you never know what is installed on it, you never know what can be installed on it while I'm away (I got sick, or just someone does something with the computer, including the admin, after hours) . And if I quit, someone is obliged to give me this piece of paper or destroy it?

Just one question, why do people work under the administrator?
You configure group policies in the domain and the problem with the left software is solved once and for all.

1) take away administrator rights everywhere, where possible
2) regularly check all computers for installed software (you can even use WMI)
2.1) if you find any pirated software, immediately delete it, and the user - for lynching, preferably with financial punishment (loss of bonus, etc.) .p.)
3) familiarize any new user with article 146 of the Criminal Code of the Russian Federation, as well as (if any) with stories about punishments in the past of other employees
and yes, for paragraph 2.1, there must first be an order or instruction from the heads of target users

Let's apply the ancient principle of divide and conquer.
The first issue is obtaining administrator access by employees.
The second is managing the installation of software in the company and acquiring licenses.
The third is the participation of the system administrator in these two processes.
On the first question: The problem is not in admin access as such, but in the fact that it is not " received ", but " distributed ""According to the job description, admin access should be with the admin. The most important factor is to prevent lack of control. The rest get it only on a memo, in which the employee himself must formulate why he needs admin access. And secondly, before obtaining admin access, the employee signs a number of papers, such as, for example, an agreement on non-disclosure of confidential data, and on full liability. The connection itself is important - extended powers - extended responsibility. Got admin access - pretending to be rags will no longer be possible: the client base has leaked - answer, the company has received material damage because of your actions - answer. Of course, the fact that the employee wrote in the SZ "I need admin access because the XXXX program only works from under the admin"should not cancel the general formalization procedure i.e. signing non-disclosure and liability agreements.
On the second question: Each employee has a well-defined list of job duties (because if this is not the case, then this is called a mess). To perform these duties within the framework of business processes, an employee needs a certain toolkit, which includes both “physical objects” and software. And the most important thesis that I want to convey is that there is no need to share.
On the third question: Why am I saying this? Why do users install software bypassing the sysadmin ?
There are two options (see the second question): either they need some tool to perform their duties (then the question is quite appropriate), or this is a whim for personal needs (then the employee rightly goes through the woods).
Let's look at it this way:
What happens if, for example, a secretary needs a fax to do his job? That's right, she motivatedly says that she needs a fax for this and that, and the fax will eventually be purchased.
What if the designer says that he needs, for example, a 21-inch monitor instead of a 19-inch one? It won't be a problem either, right?
So what is the real difference between a monitor and software? What is the difference if, for example, a layout designer writes that he needs, for example, Adobe Photoshop for his daily work? Why wouldn't the company acquire a license (fortunately, it's cheaper than crap from the presence of non-licensing).
But, for example, an accountant aunt is unlikely to be able to justify why she needs Photoshop for work (to compress photos for uploading to VKontakte?), but she can easily justify why she needs 1C version 8 instead of 7.
Manager Vasya Pupkin will go to a well-known address if he will say “put a cool video card in my computer so that I can play online games”, but for example, DBA will easily justify why a raid controller is needed in an office database server. With software, exactly the same approach. You need some toy buy yourselfpersonal laptop and put whatever you want on it. And at work you have to work.

It is possible to bring an administrator to criminal liability for illegal use of software (Article 146 of the Criminal Code of the Russian Federation, parts 2 and 3), if you believe the presumption of innocence, only if he used it (in particular, installed it) and there is evidence of this (and not “there is a left soft - admin is to blame"). Or if he was slandered (employees / superiors said that he installed it, although they themselves) or fabricated other evidence. Or he confessed. Even “voluntary” taking responsibility (under an employment contract, familiarization with a job description under a signature, etc.) for the licensed nature of software in general is insignificant, just as taking responsibility “under a contract” for murders committed by employees is insignificant.
Further, legal or illegal use of software by default is not within the competence of the administrator - he is not a lawyer! Doesn't have the required knowledge! Whether the company paid or not, and even more so how much, to whom and for what - also, usually, they should not know, even if the software was purchased on the basis of a memo. He wrote - received a blank. An employee initiated the installation - he writes a service one, and the admin is given a blank. If they give a disc that is clearly unlicensed (100 in 1, etc.) - the administrator must refuse, just as the director’s driver should refuse to drive a clearly stolen car (the criteria for “obviousness” are determined by the court guided by law and conscience, naturally, the court will have conscientious requirements for the administrator higher than to the “lamoyuser”, but there is always a backlash between obviously unlicensed and possibly unlicensed).
If the issue of releasing the company from civil liability for illegal actions of employees is being considered, then, IMHO, it is enough to issue an order for the organization “it is forbidden to install any software without the consent of the legal department” (or who else in the company is paid money so that there are no problems with the law) and any unauthorized action of employees will be interpreted precisely as unauthorized. Which, however, does not cancel the option that the software will turn out to be "nobody's" if access to the PC is not regulated, say, by domain security policies (not only technically, but also by the "Information Security Policy of Horns and Hooves LLC" or "Computer Operation Rules in LLC "Horns and Hooves"), and, as a result, the company will still be liable as the owner of the PC.
By the way, the indication in the “Rules for the operation of computers, computer systems and their networks at Horns and Hooves LLC” of a ban on unauthorized installation of software is a good way to stimulate employees does not apply to these rules in general, and such an installation in particular, as a formality, especially If we explicitly mention criminal liability under Art. 274 of the Criminal Code of the Russian Federation for their violation and a way to at least partially (if the rest of the "excuses" do not work) to remove the burden of civil liability from the company through regressive risk to the criminal on the basis of Art. 1081 of the Civil Code of the Russian Federation.

I’ve been interested in this question for a long time… although I work as an incoming admin, it’s annoying that I put open source everywhere, and users manage to slap a crooked Nero, etc.

IMHO, the responsibility will still be on the admin.
And what for necessity to work under the administrator in XP?
You know, it's very dangerous.
Permissions of normal user'a are not enough? In this case, put it on its own will not. and if the employees really need this program, then let them write a memo to the IT department - to consider the need to purchase software and, accordingly, install it.

Of course, you can write any internal instruction, but if it comes to checking and detecting pirated programs, then almost any user will say “I'm not me, the horse is not mine. The pirate wound up on the computer herself, I don’t even have the competence necessary to install programs. ” And who has the competence? Aha! Well, it’s clear that it’s more interesting for law enforcement officers to convict one administrator for damages of 51 thousand than to chase 10 users for 5 thousand each.
There is only one way out - to increase the legal awareness of workers. It seems that people should be reasonable and if you explain to them, they will not substitute the company and the administrator.

Oh, what did they write here ... And that's all, IMHO, about nothing.
Let's go to the other side, shall we? To whom is the responsibility? If before the authorities - then it entirely depends on the trust in the administrator. There are such bosses to whom you present as much "evidence" as you like - and the responsible administrator "palyubasu".
If we are talking about responsibility before the Law, then it is a little more complicated. Option 2.
1: They took the boss by the ass and he appointed a switchman. In fact, a rarity is great, I actually came across only once. The rest - "one grandmother said." There's nothing you can do about it, because in domestic legal proceedings, witnesses are everything. Just a couple of witnesses are enough (the director and the accountant, as criminally responsible persons and, in theory, directly interested),
2: Some verification. Yes, it happens. But here, according to garlic, the admin is not very threatened, since in this case all employees go into silence (I don’t know, I don’t understand, etc.). Nothing will be established for certain, since the task of such checks is usually either a "stick" or a "candy".

but how do you like the option when the bosses verbally say that you need to install a program that should be, say, at least 4 computers, the program is needed, but it is expensive and they are not going to buy it, but you need to put it and put it before the fact, and the option is that it’s impossible they don't shake them.