The screen showed sixty-seven active sessions and the license server was only supposed to handle sixty-four. It was a small gap and it was the kind of thing that happens when a company hires a few more people than the budget office predicted or when a project runs late and the contractors stay on the system for another week.
Visualization of the three-user discrepancy that transformed a technical oversight into a compliance crisis.
I sat there in the quiet of the server room and I watched the numbers tick up and down and I thought about the silver SUV that took my parking spot this morning. The driver saw me waiting and he saw my blinker and he just pulled in and he looked through the windshield like I did not exist and he walked away.
That same feeling of cold dismissive power was in the new compliance memo that sat on my desk and it had a red border and it used words like audit and penalty and immediate termination for any unauthorized access. A year ago I would have seen those three extra users and I would have sent a quick note to the finance lead and we would have bought the seats and the gap would have been closed by lunch. Now the stakes were different and the memo turned a small technical oversight into a confession of a crime.
The Death of the Informal Fix
I did not report the three users and I did not ask for the budget to buy the seats. I just closed the monitoring tool and I looked at the beige wall of the server room and I realized that the system was now officially a secret. When you tell people that any mistake is a moral failure and a legal risk they do not stop making mistakes but they do stop telling you about them.
This is the death of the informal fix and it is the most dangerous thing that can happen to a network environment. The informal fix is the grease that keeps the gears of a large company turning because it allows for honesty without the threat of a noose. When the culture shifts toward a crackdown the admins start to behave like the driver of that silver SUV and they just take what they want and they look through you and they pretend the rules do not apply because the rules have become too heavy to carry.
We used to have a rhythm where we would check the Remote Desktop Services logs every and we would balance the books and we would stay clean. It was a point of pride to have the right number of User CALs and Device CALs and we understood the difference between them like a baker knows the difference between flour and sugar.
We knew that a User CAL was for the person who moves from a laptop to a home desktop and we knew that a Device CAL was for the shared kiosk on the warehouse floor. It was a simple system and it worked because the goal was actual compliance and not the theater of enforcement. But the new memo changed the goal from being right to being safe and being safe meant never admitting that the numbers were out of alignment.
The Psychology of Procurement Friction
The crackdown assumes that people are lazy or that they are trying to steal from the vendor but the truth is usually much more boring. Most gaps happen because of a busy Tuesday or a sudden influx of seasonal staff or a server migration that didn’t go exactly as planned. In a healthy company an admin sees the gap and he fixes it.
He goes to a place where he can get what he needs without a month of meetings and he gets the keys and he installs them and the risk is gone. If he can access the
and get his licenses in then there is no reason to hide the problem because the solution is faster than the lie. But when the procurement process is a gauntlet and the compliance officer is a predator the admin will choose the lie every single time.
The Healthy Path
Access to keys in 20 minutes. Gaps are closed instantly. Data remains accurate.
The Hostile Path
Procurement gauntlet. Months of meetings. Admins forced into concealment.
This concealment creates a layer of rot that stays under the surface for years. You might have a Windows Server 2022 environment that looks perfect on paper but the actual usage is a ghost map of sessions that nobody wants to talk about. The gap grows from three users to twelve users and then it grows to twenty and the admin is now too deep to ever come clean.
He has to keep the secret to protect his job and he has to build workarounds and he has to hope that the auditor never looks at the specific port traffic. The company thinks they are being tough and they think they are protecting their assets but they are actually just blinding themselves to the reality of their own infrastructure. They have traded a three-hundred-dollar license fee for a million-dollar risk and they did it because they wanted to look strong in a PDF memo with a red border.
Kerning: The Space Between Things
I spent as a typeface designer before I moved into the technical side of the house and I learned that the space between things is just as important as the things themselves. If you get the kerning wrong on a word then the word becomes hard to read even if the letters are perfect.
Crushed Kerning: Unreadable and Aggressive
A licensing environment is the same way and it needs the right amount of space to breathe. You need the ability to scale up and you need the ability to fix a mistake without feeling like a thief. When the company tightens the screws too hard they are essentially crushing the kerning until all the letters overlap and the whole story becomes unreadable. The silver SUV in my parking spot was a perfect letter with no space and it was an act of aggression that broke the social contract of the lot. A zero-tolerance compliance policy is the silver SUV of the corporate world.
The people who write these policies think they are being rational and they think they are following the law. They look at a spreadsheet and they see a number and they think that a threat will make that number move in the right direction. But they do not understand the psychology of the person who has to manage the server at two in the morning when the pressure is high.
That person is not thinking about the legal department and they are not thinking about the quarterly earnings. They are thinking about making the system work and they are thinking about surviving the night. If the path to being legal is paved with broken glass and traps then they will find a path that is illegal but smooth. It is a natural human reaction to a hostile environment and no amount of memos will change the way a brain responds to a threat.
Lowering the Friction
We need to return to a state where the fix is easier than the concealment. This requires a shift in how we think about the procurement of things like RDS CALs for Windows Server 2019 or 2025. It should not be a monumental event to buy ten more seats for a growing department. It should be as simple as buying a cup of coffee or a new mouse.
When the friction of buying is lower than the fear of being caught the honesty returns to the system. An admin who can get a pack of licenses delivered to his inbox in under is an admin who will stay compliant because he has no reason to be anything else. He can close the gap and he can update the records and he can go back to his real work without looking over his shoulder.
The red border on the memo did not create a better network and it did not make the company more money. It just made us all better at keeping secrets and it made the air in the office feel heavy and thin. I still think about that silver SUV and I think about how easy it would have been for that driver to just wait thirty seconds for me to move.
But he wanted the spot and he wanted it now and he did not care about the cost to the rest of us. A company that treats its IT staff like potential criminals is doing the same thing. They are taking the spot they want and they are ignoring the fact that they are breaking the very system they claim to protect. The gaps are still there and they are just harder to see now and one day they will come to light and the crash will be much worse because we were not allowed to fix it when it was small.
Emergent Compliance
True compliance is an emergent property of a culture that values the truth over the appearance of the truth. You cannot beat a system into being honest and you cannot threaten a network into being secure. You have to provide the tools for people to do the right thing and you have to make those tools accessible and fast.
If a team is running a terminal server for forty-two employees and they only have forty licenses then the solution is to get the two licenses and move on. It is not a crisis and it is not a crime and it is not a reason to call in the auditors. It is just a part of doing business in a world that changes faster than a budget cycle can track.
When we stop punishing the messenger for the message we might finally start to see the real state of our systems again and we might find that the cost of being honest is much lower than the cost of being afraid. I will find a different parking spot tomorrow but I will not forget the look on the driver’s face and I will not forget the way the numbers on my screen looked before I hit the delete key on the log entry.
We are all just trying to fit into the spaces we are given and sometimes those spaces are just a little too small for the reality of the work. If we cannot grow the space then we will eventually break the walls and that is a debt that no memo can ever truly pay. In the end the only thing that matters is that the users can log in and the work gets done and the lights stay green and if we have to hide the truth to make that happen then the policy has already failed and the red border was just a warning of a collapse that we all saw coming but nobody was allowed to stop.