• Cyborganism
    link
    fedilink
    309 months ago

    I was thinking about this the other day. Windows 11 is starting to roll out on company laptops and I would love it if we had the choice to install Linux. But I think there are some challenges to that.

    Most large companies control what employees are allowed to install on their machines for security reasons. We wouldn’t want any spyware or ransomware or any kind of malware getting installed inadvertently. Most places will use software allow lists through applications like the Software Center and use software detection programs to monitor if any non compliant software is installed.

    There’s also permission management through group policies on Windows to manage which kind of user can do what on their system.

    Finally, I hate to say it, but most companies use the whole Microsoft Office 365 eco system with Microsoft One Drive and SharePoint. I know we can use the web version for some of the apps, but for practicality’s sake, it’s best to have an installed version. And the cloud sync feature of One Drive is also very important for automatically backing up important work. I doubt they would let that go.

    I would love to hear if anyone can offer solutions to these problems.

    • Troy
      link
      fedilink
      89 months ago

      KDE had a policy editor back in v2.0… honesty I never really followed whether those features stuck around. But the simple version is to lock down write access to folders in $HOME, such as .config or similar. Linux already prevents most users from installing programs over the system directories without root, but I’m not sure if you can restrict new programs with +x in $HOME unless you write-lock the whole folder… Someone with more network admin experience probably knows this :)

      • Cyborganism
        link
        fedilink
        39 months ago

        Exactly. I once had a computer with Linux where I had no root access, but was able to install, or at least unzip or build, pretty much whatever I wanted in my $HOME directory. And I wonder if it isn’t possible to installs Snaps or Flatpaks without root permission?

    • @linearchaos@lemmy.world
      link
      fedilink
      English
      69 months ago

      Outlook owa pwa is 99%

      The rest of the apps sans access work 99% in wine.

      Google docs works great

      Run NixOS don’t give em root or nix-shell. They can’t install anything you don’t allow.

      Put each users allows softlist into source control. Make the boxes cron and reconfigure on demand.

      Tailscale VPN.

    • @knorke3@lemm.ee
      link
      fedilink
      49 months ago

      Office 365 […] i know we can use the web version

      tbf, this isn’t the only software related problem. a lot of companies also use specially developed software that doesn’t have a linux version because everyone in the company is using windows anyways and adding a different release target would likely add costs and consume more development time for those internal tools

      • Cyborganism
        link
        fedilink
        39 months ago

        I should’ve mentioned I’ve been practically only in IT companies. We never really had speciality software of any kind. In fact I could’ve done all of my work in Linux except for a couple of times where I had to develop in c# and .net wasn’t ported to Linux yet.

        But the things I’ve mentioned were what was holding the company back from giving me a Linux machine.

        • @knorke3@lemm.ee
          link
          fedilink
          29 months ago

          tbf i am the other extreme: i work in a material science lab so we work almost exclusively with specialized/custom software

          • Cyborganism
            link
            fedilink
            29 months ago

            Oh yeah. That’s even worse because sometimes the machines outlive the computers and software and then you’re stuck maintaining a Windows 95 machine because the software was developed for that OS and the company has since came up with new machines with new software and they don’t support your machine anymore.

            • @knorke3@lemm.ee
              link
              fedilink
              29 months ago

              Depending on the company you work at you can actually still encounter testing equipment built during WW2 because “it still works”