I was thinking about this the other day. Windows 11 is starting to roll out on company laptops and I would love it if we had the choice to install Linux. But I think there are some challenges to that.
Most large companies control what employees are allowed to install on their machines for security reasons. We wouldnโt want any spyware or ransomware or any kind of malware getting installed inadvertently. Most places will use software allow lists through applications like the Software Center and use software detection programs to monitor if any non compliant software is installed.
Thereโs also permission management through group policies on Windows to manage which kind of user can do what on their system.
Finally, I hate to say it, but most companies use the whole Microsoft Office 365 eco system with Microsoft One Drive and SharePoint. I know we can use the web version for some of the apps, but for practicalityโs sake, itโs best to have an installed version. And the cloud sync feature of One Drive is also very important for automatically backing up important work. I doubt they would let that go.
I would love to hear if anyone can offer solutions to these problems.
KDE had a policy editor back in v2.0โฆ honesty I never really followed whether those features stuck around. But the simple version is to lock down write access to folders in $HOME, such as .config or similar. Linux already prevents most users from installing programs over the system directories without root, but Iโm not sure if you can restrict new programs with +x in $HOME unless you write-lock the whole folderโฆ Someone with more network admin experience probably knows this :)
Outlook owa pwa is 99%
The rest of the apps sans access work 99% in wine.
Google docs works great
Run NixOS donโt give em root or nix-shell. They canโt install anything you donโt allow.
Put each users allows softlist into source control. Make the boxes cron and reconfigure on demand.
Tailscale VPN.
Office 365 [โฆ] i know we can use the web version
tbf, this isnโt the only software related problem. a lot of companies also use specially developed software that doesnโt have a linux version because everyone in the company is using windows anyways and adding a different release target would likely add costs and consume more development time for those internal tools
I shouldโve mentioned Iโve been practically only in IT companies. We never really had speciality software of any kind. In fact I couldโve done all of my work in Linux except for a couple of times where I had to develop in c# and .net wasnโt ported to Linux yet.
But the things Iโve mentioned were what was holding the company back from giving me a Linux machine.
tbf i am the other extreme: i work in a material science lab so we work almost exclusively with specialized/custom software
$previous_job allowed us to pick. One of my coworkers had to replace his laptop, and I convinced him to try out Linux this time. I handed him the bootstrap script and he was back to working by the afternoon.
Our CEO got wind of this and said as a matter of policy everyone is switching to Linux unless they have a good reason (needing excel for financial reports is a good reason). The two new hires who had been setting up their dev environment for over a week at that point were the trigger for this.
90% of my work is done in WSL anywaysโฆ I would much rather have KDE as my DE than Windows 11. Please Microsoft, if you love Linux so much now, port Office to it, and maybe my employer would be ok with it.
we not only allow it, we enforce it. windows not allowed in my company
Same at my company.
My favorite bit was when the Microsoft rep sent a PDF explaining how much the company would save from tech support to the CFO, bypassing the CTO they were communicating with.
And the CFO shared the whole thing publicly for the entire company to laugh at.
We donโt even have Firefox at work.
Only options are Edge and Chrome.
Blame their DoH for killing FF deployment in the enterprise. Companies donโt like not being in charge of their DNS traffic. DoT is better from corporate POV as that can all be blocked or redirected based on the port, not so much DoH which uses the same port as normal web traffic.
Nah, companies can just disable DOH if they want using GPOs.
https://github.com/mozilla/policy-templates/blob/v5.8/docs/index.md
