I was thinking about this the other day. Windows 11 is starting to roll out on company laptops and I would love it if we had the choice to install Linux. But I think there are some challenges to that.
Most large companies control what employees are allowed to install on their machines for security reasons. We wouldn’t want any spyware or ransomware or any kind of malware getting installed inadvertently. Most places will use software allow lists through applications like the Software Center and use software detection programs to monitor if any non compliant software is installed.
There’s also permission management through group policies on Windows to manage which kind of user can do what on their system.
Finally, I hate to say it, but most companies use the whole Microsoft Office 365 eco system with Microsoft One Drive and SharePoint. I know we can use the web version for some of the apps, but for practicality’s sake, it’s best to have an installed version. And the cloud sync feature of One Drive is also very important for automatically backing up important work. I doubt they would let that go.
I would love to hear if anyone can offer solutions to these problems.
KDE had a policy editor back in v2.0… honesty I never really followed whether those features stuck around. But the simple version is to lock down write access to folders in $HOME, such as .config or similar. Linux already prevents most users from installing programs over the system directories without root, but I’m not sure if you can restrict new programs with +x in $HOME unless you write-lock the whole folder… Someone with more network admin experience probably knows this :)
Exactly. I once had a computer with Linux where I had no root access, but was able to install, or at least unzip or build, pretty much whatever I wanted in my $HOME directory. And I wonder if it isn’t possible to installs Snaps or Flatpaks without root permission?
selinux or alternative is your friend here.
Outlook owa pwa is 99%
The rest of the apps sans access work 99% in wine.
Google docs works great
Run NixOS don’t give em root or nix-shell. They can’t install anything you don’t allow.
Put each users allows softlist into source control. Make the boxes cron and reconfigure on demand.
Tailscale VPN.
90% of my work is done in WSL anyways… I would much rather have KDE as my DE than Windows 11. Please Microsoft, if you love Linux so much now, port Office to it, and maybe my employer would be ok with it.
$previous_job allowed us to pick. One of my coworkers had to replace his laptop, and I convinced him to try out Linux this time. I handed him the bootstrap script and he was back to working by the afternoon.
Our CEO got wind of this and said as a matter of policy everyone is switching to Linux unless they have a good reason (needing excel for financial reports is a good reason). The two new hires who had been setting up their dev environment for over a week at that point were the trigger for this.
The company i work with allow any OS to be installed. With a caveat, because we are heavily invested in the Windows eco system using office 365 and Microsoft Dynamics Nav and sql server, Ms AD. With that said, if you use that software for more than 50% of your work time we recommend Windows. But otherwise it is still the employees choice and if you are completely comfortable running windows in a VM, go for it. IT won’t give you endless support if you have too many issues with your VM. If we loose to much time and you are not proficient enough in macOS or Linux then we just give you a windows machine.
My employer allows Linux - only a customized version of Fedora that’s preconfigured to handle our environment, including certificates (802.1x, browser client certs, etc) with automated renewal, endpoint management software, deployment of settings using Chef, etc.
We have a few internal apps built using React Native though, which is only available on Windows and MacOS. There’s been some Github repos trying to port React Native to Linux but nothing that’s production-quality yet.
A long time ago I was required to use Windows. So I converted my computer using VMware P2V and just ran Windows in a VM. I swear it ran better and faster. Want really Linux freedom but it was fun.
I have reinstalled Ubuntu 22 today and I hate it. Only supported release (you can have derivates). And after that, Chrome is the only supported browser, Workspace One for maintenance, Carbon Black as spying blackbox. Evrything what makes Linux the best is crippled for me by incompetence of the admins. My loophole is that Guix is in distribution :)
we not only allow it, we enforce it. windows not allowed in my company
Same at my company.
My favorite bit was when the Microsoft rep sent a PDF explaining how much the company would save from tech support to the CFO, bypassing the CTO they were communicating with.
And the CFO shared the whole thing publicly for the entire company to laugh at.
It’s simple, cost. Supporting multiple DE’s is expensive. And provides little or no benefit to the company.
It may work at a small company with tech savvy users (like the ones commenting here). But ultimately at a normal large business, is nothing but a hassle that at best makes a few employees happy.
Cisco now supports developers running Linux feiw
Yes because developers don’t call tech support when they’ve accidentally deleted the Outlook icon from their desktop.
Those few employees are probably going to all be developers, and despite there being a bunch of mathematics and engineering involved, being a developer is very much a creative process. Similarly, I wouldn’t begrudge a digital artist for wanting to use a Mac to do their work.
If a developer is asking for a thing, they’re not asking for it because they’ve suddenly developed a nervous tic. There’s typically a reason behind it. Maybe its because they want to learn that thing to stay relevant, or explore it’s feasibility, or maybe it’s to support another project.
I used to get the old “we don’t support thing because nobody uses thing” a lot. The problem with that thinking is that unless support for whatever thing immaculates out of nowhere it’ll just never happen. And that’s a tough sell for a developer who needs to stay relevant.
I remember in like 2019 I asked for my company to host git repos on the corporate network, and I got a hard no. Same line, there wasn’t a need, nobody uses git. I was astounded. I thought my request was pretty benign and would just sail right through because by that point it was almost an industry standard to use git. I vented about it to some devs in another department and learned that they had a system with local admin attached to the corporate network that somehow IT didn’t know about. They were using that to host their repos.
I guess what I’m trying to say is that if keeping employees happy is too expensive, then you gotta at least be aware of the potential costs of unhappy employees.
My last employer had several thousand employees. Some of the IT guys knew Linux, but it wasn’t anywhere in the organization. I managed to convince them to let me install Linux on my desktop. They said sure, with the provision that I was not allowed to have a single issue. If I had an issue, they’d format it back. It was a fantastic last 8-9 years at work, as far as computer use went.
We don’t even have Firefox at work.
Only options are Edge and Chrome.
Blame their DoH for killing FF deployment in the enterprise. Companies don’t like not being in charge of their DNS traffic. DoT is better from corporate POV as that can all be blocked or redirected based on the port, not so much DoH which uses the same port as normal web traffic.
Those are definitely acronyms.
I don’t have windows allowed on my job, thanks god
