Free security
Once again, we have an example of policies and standards being made wthout a thought given to the cost of sustaining them.
Certainly, if I write a policy absolutely forbidding IM or admin rights on a user's platform, a teensy percentage of my user base will notice it and a teensy percent of those who notice will "do the right thing". If I invest a little money in an education program and tell the users why our poicy says what it says, those percentages will go up - a little.
Now, if I invest more money in an ongoing, monitored education program, more money in tools and procedures to monitor and enforce my policy and more money in a framework to support my policy then the percentages are going to rise again.
But chances are that I won't. I'd rather have a couple of public hangings a year or complain about 'bloody users' because I can't be bothered cost-justifying the money I'd need to spend on a more effective approach.