I still have to fight this occasionally. :| In one instance, I ended up just telling the antivirus software at a company to flag Chrome as a virus and block it from executing. Software installation requiring admin rights is by design, and circumventing it is unethical as heck.
If you rely on the lack of admin rights to prevent unauthorised software from being run you’re doing it wrong. You should be using whitelisting (e.g. AppLocker in Windows) which also prevents “portable” applications (without an installer) from being used.
The eternal conflict between lowly workers trying to get their job done and the IT department trying to prevent them from doing their jobs to make their own life easier, based on the notion that if users can't use the infrastructure, they can't break it.
Obviously, Chrome is not needed to do their jobs. If it was, it'd be provided. Browsers, especially Chrome, are a massive malware ingress point, it makes zero sense for end users to install them.
IT actually exists to help ensure people can do their job, and do their job faster. As a general goal, I like to learn about people's business processes for the exact purpose of seeing how our IT environment can be improved to expedite their work.
And having five browsers on a PC doesn't make it easier for end users. I have no problem dealing with five browsers, but I get a lot of complaints from people when they open link A in browser B and link C in browser D and don't understand why things don't work.
You may have experienced poor IT departments in the past, or thought you experienced poor IT departments because you didn't understand the other considerations in play, but that's hardly an excuse to assume any given IT choice is some sort of attempt to prevent employees from doing their jobs.
That's a faulty assumption right there. Usually, people providing workers with their computers and software have limited idea what those workers actually need to work efficiently. This works out fine when workflows are defined so well a trained monkey could do the job, and fails miserably when the worker needs any sort of creative control over their workflow or work output (programmers, designers, all sorts of engineers and technicians, etc.). Most corporate work is probably closer to monkey level than to creative level, but enterprises love to do company-wide policy changes, making all work conform to lowest common denominator.
> You may have experienced poor IT departments in the past, or thought you experienced poor IT departments because you didn't understand the other considerations in play, but that's hardly an excuse to assume any given IT choice is some sort of attempt to prevent employees from doing their jobs.
I've experienced one competent IT department in my life, and their best quality was helping shield our programming team from policies like application whitelisting or limiting admin access, that they were forced to deploy company-wide. For other IT departments I dealt with, most of their actions were explainable if viewed through the lens of caring about the infrastructure to the extreme - that is, "if no one uses it, no one will break it" approach.
> That's a faulty assumption right there. Usually,...
You accuse me of making a "faulty assumption" about my own environment, and then proceed to assume that you can speak for most/all IT environments.
When I state "if you need Chrome, we'll provide Chrome", that's true of my environment. It's also true of my environment, if we don't provide Chrome, and you find a way to install it yourself, you'd be violating policy, and barring the casual mistake of not knowing that, potentially referred to HR. Obviously, in the ideal "don't need to involve HR" case, we just make sure you can't install it.
Now, what isn't just true of my environment, but true of all environments, is that users installing random web browsers is incredibly dangerous, and something every IT department should be preventing if they own the hardware. I don't think that's even a controversial statement, I'm confused why it's being treated like one.
Installation requirements are mostly a hangover from the days when Windows PCs weren’t locked down and anyone could write to the system folders and admin rights were just assumed.
Software developers often didn’t bother testing or ensuring that their software would install (or even run properly) without admin rights.
Not necessarily. Byod is commom. And quite frankly even if it is my employers box im not gonna put up with restrictions against installing a web browser. Or deal with some paperwork request, I'll work around it and just do it.
Who would bring their own equipment to work in software unless they are a founder? That's like paying to work. Especially when employers like to claim ownership rights to all data generated by their employees in the course of business.
Mechanics bring their own tools frequently but their employers don't try to repo their personal vehicles just because the mechanic used the same tools at home and at work
I don't have work slack on my personal phone on principle. If the company wants to require me to be available on their systems they need to provide the hardware
Are you running your personal hardware (without the security) on the internal network? Please tell me you don't have the same level of access with personal hardware as you do with the corporate equipment.
Even in a BYOD environment, an organization should be ensuring any devices granted access to resources are appropriately patched and secured.
I can understand that. I just don't want to have a reason why my employer could call me in off hours, nor for them to claim ownership of stuff I've done.
