The key word is enforce. Often, restrictive policies (sometimes even good ones) are written by management, for reasons that have more to do with auditing requirements than anything related to the actual functioning of the system. I've never encountered management that was technically current. Some USED to be (old DBA types) and THINK they still are, and these are worse in my book than the "I don't know anything" type. Either way, they've received orders from on high to conform to some crazy outside auditor's vision, and this often leads to support having to enforce policies they know are bad, with no opportunity to explain why to anyone that can change it. Pretty demoralizing.It is amazing to see the same people who rail for freedom, openness and against stupid, arbitrary laws like those created in service of the RIAA/MPAA and then turn around and get their rocks off by enforcing similarly stupid, arbitrary and unnecessary rules in their job.