I didn't mean to imply you did. The "you" in "you have to give your key back" wasn't "you" specifically.

In my scenario there are many sites, the clean room approach is call center specific, and doesn't apply to corporate or any of the support sites. I brought up the cleanroom and physical security because in the midst of getting attacked by neckbeards it was implied that keeping rogue machines off the network was step one of one in securing it.

I wouldn't call it a nightmare scenario at all. All I was trying to say (in spirit of the original post) was that in my line of business (BPO), introducing any potential unknowns isn't acceptable to the clients so we just can't do it. There are contractual fines for all sorts of stupid things and, being accountable, it ain't worth it. We've even seen the effects of it (the last worm was because someone in facilities brought in a laptop and plugged 'er in). This is not incompetence by the IT department (brand new worm, wasn't known yet.), as Linuxrebel said, it was a problem with people. I was happy that it was just ignorant (I don't use that word in a bad sense) users rather than a developer with a sense of entitlement.