Just to add to the debate, I'll give you my organisations view of this matter. Hopefully it'll fuel the discussion surrounding Negative's comments.
In our organisation (as I guess in many others) users must sign a document of "do's and don'ts" that relate to the network. Where possible, we put technical countermeasures to enforce this, but if we can't, well the users sign up to say that they'll follow the rules. Importantly, the declaration says that users have read, understood and intend to follow the rules. If they don't sign, they don't get an account.
So, while a user may be able to download Kazaa onto their workstation (due to a failing in the configuration/administration of the system), the rules still say they mustn't do it, and they have signed a declaration saying that they wont.
This works well for us. Even if the technology allows a person to break the rules, procedures are in place that still allow us to give them a healthy slap :)