That would be the user wearing the boot up his ass. Running unapproved software (e.g. portable FireFox on my locked down machine) would be grounds for immediate dismissal in this org. IE 6 forever (sigh)

Yipes.

Even as an SysAdmin I never had that kind of pull to get a user booted out for something like that.

The most hardcore lockdown I ever did involved reghacking out USB ports on the terminal in the lunchroom.