Thanks all, for the replies.

As to the risk for doing this sort of thing, it is pretty minimal. The
IT department is, essentially, one guy. He seems to simply not want to
do this sort of thing. When we asked for unsupported control, he said
no. When we asked for support, he said no also. This is not a new
pattern for him. He really is an OK guy, just a bit odd. This was the
guy who was unreachable (no "reach me here" number, cell phone shut
off, etc) on the opposite coast, for 5 days when our company network
went down. The guy he left in charge was not even given keys to the
server room, so we broke the lock off the door for him, only to find
out that all of the stuff was password protected, and he had not shared
the passwords. Shut down an entire section of the company for 4 days.
he still works here, I think we are OK.

Our experience has been that once we set this up, word will get
around, and then the IT guy will just sort of take it over. That is
fine with us, there is nothing illicit going on here. That was how we
got our web computer in the first place. We sort of "borrowed" an
underutilized one from a neighboriing department, after being refused
one of our own. He takes care of it since.

just seems to be a way to get things done sometimes in one of these
not-big-but-not-small-either-companies. It is a silly way for things to
work, but it does keep life there interesting.

Thanks again for all of the replies. I really do appreciate all of
your advice, technical and otherwise.