I totally agree. I used to work for a gov't agency that had port security turned on at every port. Every time we'd rearrange the office, or even plug in a laptop to test something, the port would shut off. Well, don't try and do something in a lab at 2 in the morning when the LAN guy isn't in the building.

I hated it. It was so annoying. Maybe have port security turned on everywhere, but turn it off in labs, conference rooms, common areas. That kind of thing. That way people have at least a limited area where to plug in their devices.

However, you can also implement some type of tool to monitor the network for unauthroized machines. Mcafee has one, Sourcefire's Realtime Network Awareness (RNA), or other passive awareness technology.