I was thinking about this the other day. Windows 11 is starting to roll out on company laptops and I would love it if we had the choice to install Linux. But I think there are some challenges to that.
Most large companies control what employees are allowed to install on their machines for security reasons. We wouldn’t want any spyware or ransomware or any kind of malware getting installed inadvertently. Most places will use software allow lists through applications like the Software Center and use software detection programs to monitor if any non compliant software is installed.
There’s also permission management through group policies on Windows to manage which kind of user can do what on their system.
Finally, I hate to say it, but most companies use the whole Microsoft Office 365 eco system with Microsoft One Drive and SharePoint. I know we can use the web version for some of the apps, but for practicality’s sake, it’s best to have an installed version. And the cloud sync feature of One Drive is also very important for automatically backing up important work. I doubt they would let that go.
I would love to hear if anyone can offer solutions to these problems.
KDE had a policy editor back in v2.0… honesty I never really followed whether those features stuck around. But the simple version is to lock down write access to folders in $HOME, such as .config or similar. Linux already prevents most users from installing programs over the system directories without root, but I’m not sure if you can restrict new programs with +x in $HOME unless you write-lock the whole folder… Someone with more network admin experience probably knows this :)
Exactly. I once had a computer with Linux where I had no root access, but was able to install, or at least unzip or build, pretty much whatever I wanted in my $HOME directory. And I wonder if it isn’t possible to installs Snaps or Flatpaks without root permission?
tbf, this isn’t the only software related problem. a lot of companies also use specially developed software that doesn’t have a linux version because everyone in the company is using windows anyways and adding a different release target would likely add costs and consume more development time for those internal tools
I should’ve mentioned I’ve been practically only in IT companies. We never really had speciality software of any kind. In fact I could’ve done all of my work in Linux except for a couple of times where I had to develop in c# and .net wasn’t ported to Linux yet.
But the things I’ve mentioned were what was holding the company back from giving me a Linux machine.
Oh yeah. That’s even worse because sometimes the machines outlive the computers and software and then you’re stuck maintaining a Windows 95 machine because the software was developed for that OS and the company has since came up with new machines with new software and they don’t support your machine anymore.
I was thinking about this the other day. Windows 11 is starting to roll out on company laptops and I would love it if we had the choice to install Linux. But I think there are some challenges to that.
Most large companies control what employees are allowed to install on their machines for security reasons. We wouldn’t want any spyware or ransomware or any kind of malware getting installed inadvertently. Most places will use software allow lists through applications like the Software Center and use software detection programs to monitor if any non compliant software is installed.
There’s also permission management through group policies on Windows to manage which kind of user can do what on their system.
Finally, I hate to say it, but most companies use the whole Microsoft Office 365 eco system with Microsoft One Drive and SharePoint. I know we can use the web version for some of the apps, but for practicality’s sake, it’s best to have an installed version. And the cloud sync feature of One Drive is also very important for automatically backing up important work. I doubt they would let that go.
I would love to hear if anyone can offer solutions to these problems.
KDE had a policy editor back in v2.0… honesty I never really followed whether those features stuck around. But the simple version is to lock down write access to folders in $HOME, such as .config or similar. Linux already prevents most users from installing programs over the system directories without root, but I’m not sure if you can restrict new programs with +x in $HOME unless you write-lock the whole folder… Someone with more network admin experience probably knows this :)
Exactly. I once had a computer with Linux where I had no root access, but was able to install, or at least unzip or build, pretty much whatever I wanted in my $HOME directory. And I wonder if it isn’t possible to installs Snaps or Flatpaks without root permission?
selinux or alternative is your friend here.
Outlook owa pwa is 99%
The rest of the apps sans access work 99% in wine.
Google docs works great
Run NixOS don’t give em root or nix-shell. They can’t install anything you don’t allow.
Put each users allows softlist into source control. Make the boxes cron and reconfigure on demand.
Tailscale VPN.
tbf, this isn’t the only software related problem. a lot of companies also use specially developed software that doesn’t have a linux version because everyone in the company is using windows anyways and adding a different release target would likely add costs and consume more development time for those internal tools
I should’ve mentioned I’ve been practically only in IT companies. We never really had speciality software of any kind. In fact I could’ve done all of my work in Linux except for a couple of times where I had to develop in c# and .net wasn’t ported to Linux yet.
But the things I’ve mentioned were what was holding the company back from giving me a Linux machine.
tbf i am the other extreme: i work in a material science lab so we work almost exclusively with specialized/custom software
Oh yeah. That’s even worse because sometimes the machines outlive the computers and software and then you’re stuck maintaining a Windows 95 machine because the software was developed for that OS and the company has since came up with new machines with new software and they don’t support your machine anymore.
Depending on the company you work at you can actually still encounter testing equipment built during WW2 because “it still works”