30 points

I was thinking about this the other day. Windows 11 is starting to roll out on company laptops and I would love it if we had the choice to install Linux. But I think there are some challenges to that.

Most large companies control what employees are allowed to install on their machines for security reasons. We wouldnโ€™t want any spyware or ransomware or any kind of malware getting installed inadvertently. Most places will use software allow lists through applications like the Software Center and use software detection programs to monitor if any non compliant software is installed.

Thereโ€™s also permission management through group policies on Windows to manage which kind of user can do what on their system.

Finally, I hate to say it, but most companies use the whole Microsoft Office 365 eco system with Microsoft One Drive and SharePoint. I know we can use the web version for some of the apps, but for practicalityโ€™s sake, itโ€™s best to have an installed version. And the cloud sync feature of One Drive is also very important for automatically backing up important work. I doubt they would let that go.

I would love to hear if anyone can offer solutions to these problems.

permalink
report
reply
8 points

KDE had a policy editor back in v2.0โ€ฆ honesty I never really followed whether those features stuck around. But the simple version is to lock down write access to folders in $HOME, such as .config or similar. Linux already prevents most users from installing programs over the system directories without root, but Iโ€™m not sure if you can restrict new programs with +x in $HOME unless you write-lock the whole folderโ€ฆ Someone with more network admin experience probably knows this :)

permalink
report
parent
reply
4 points

selinux or alternative is your friend here.

permalink
report
parent
reply
3 points

Exactly. I once had a computer with Linux where I had no root access, but was able to install, or at least unzip or build, pretty much whatever I wanted in my $HOME directory. And I wonder if it isnโ€™t possible to installs Snaps or Flatpaks without root permission?

permalink
report
parent
reply
6 points

Outlook owa pwa is 99%

The rest of the apps sans access work 99% in wine.

Google docs works great

Run NixOS donโ€™t give em root or nix-shell. They canโ€™t install anything you donโ€™t allow.

Put each users allows softlist into source control. Make the boxes cron and reconfigure on demand.

Tailscale VPN.

permalink
report
parent
reply
4 points

Office 365 [โ€ฆ] i know we can use the web version

tbf, this isnโ€™t the only software related problem. a lot of companies also use specially developed software that doesnโ€™t have a linux version because everyone in the company is using windows anyways and adding a different release target would likely add costs and consume more development time for those internal tools

permalink
report
parent
reply
3 points

I shouldโ€™ve mentioned Iโ€™ve been practically only in IT companies. We never really had speciality software of any kind. In fact I couldโ€™ve done all of my work in Linux except for a couple of times where I had to develop in c# and .net wasnโ€™t ported to Linux yet.

But the things Iโ€™ve mentioned were what was holding the company back from giving me a Linux machine.

permalink
report
parent
reply
2 points

tbf i am the other extreme: i work in a material science lab so we work almost exclusively with specialized/custom software

permalink
report
parent
reply
26 points

$previous_job allowed us to pick. One of my coworkers had to replace his laptop, and I convinced him to try out Linux this time. I handed him the bootstrap script and he was back to working by the afternoon.

Our CEO got wind of this and said as a matter of policy everyone is switching to Linux unless they have a good reason (needing excel for financial reports is a good reason). The two new hires who had been setting up their dev environment for over a week at that point were the trigger for this.

permalink
report
reply
5 points

keep spreading the good word!

permalink
report
parent
reply
22 points

90% of my work is done in WSL anywaysโ€ฆ I would much rather have KDE as my DE than Windows 11. Please Microsoft, if you love Linux so much now, port Office to it, and maybe my employer would be ok with it.

permalink
report
reply
1 point

Office is a cloud application, didnโ€™t you get memo?๐Ÿ˜ต

permalink
report
parent
reply
20 points

we not only allow it, we enforce it. windows not allowed in my company

permalink
report
reply
13 points

Same at my company.

My favorite bit was when the Microsoft rep sent a PDF explaining how much the company would save from tech support to the CFO, bypassing the CTO they were communicating with.

And the CFO shared the whole thing publicly for the entire company to laugh at.

permalink
report
parent
reply
4 points
*
Deleted by creator
permalink
report
parent
reply

We donโ€™t even have Firefox at work.

Only options are Edge and Chrome.

permalink
report
reply
8 points

Blame their DoH for killing FF deployment in the enterprise. Companies donโ€™t like not being in charge of their DNS traffic. DoT is better from corporate POV as that can all be blocked or redirected based on the port, not so much DoH which uses the same port as normal web traffic.

permalink
report
parent
reply
13 points

Those are definitely acronyms.

permalink
report
parent
reply
3 points
*
Deleted by creator
permalink
report
parent
reply
4 points

Nah, companies can just disable DOH if they want using GPOs.

https://github.com/mozilla/policy-templates/blob/v5.8/docs/index.md

permalink
report
parent
reply

linuxmemes

!linuxmemes@lemmy.world

Create post

Hint: :q!


Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules
2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of โ€œpeasantryโ€ to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
4. No recent reposts
  • Everybody uses Arch btw, canโ€™t quit Vim, and wants to interject for a moment. You can stop now.

Please report posts and comments that break these rules!

Community stats

  • 6.5K

    Monthly active users

  • 1.3K

    Posts

  • 71K

    Comments