The policy was born of Microsoft Windows security deficiencies. Instead of demanding a properly developed and secured operating system, IT managers simply find it easier to essentially disable and handicap Windows users to help resist virus vulnerability and security flaws that are built into Windows by poor design.
The qualifier is that no machine is invulnerable, but you don't put a horse down before it gets sick. Disallowing installation of software crimps off the innovation and flexibility blood supply of the user and I will show, could even lead to physical injury.
Based on many real world scenarios that have come to my attention, here is short story:
Carla wants a portable computer. It would give her new capabilities as a field rep for her company like being able to access office documents and spreadsheets, maps, contracts, pdf field manuals and up-to-date weather info etc. Also very important to her well being, it would allow her some personal access to music, email, instant messaging and entertainment sources while she is on the road. She has not been issued a computer to do her job, but having access to one would make her more capable and efficient. She plans to buy her own laptop, but mentions her plan to her boss.
The Boss promptly sees the benefit of her vision and assures her he would gladly supply the laptop.
One morning she heads into the main office and voila, there it is:
A new laptop with Windows XP installed!! Woohoo! (because Vista is completely useless, but passes the "really pretty" test, sure)
[*Note: For the purpose of my blog I photographed a Dell running Debian/ Gnome because I don't have any crappy Windows machines in my life to even take a picture of.]
Aside: The new Vista commercials should be more realistic..."WOW"..at first then "WTF...???" and "SHIT!"...soon after.
Now she can fulfill her vision of having the benefits she sought. So she immediately seeks to install some widget software to get weather, Google Earth for her work real estate and mapping needs, Apple's iTunes for her iPod and store account to get her favorite music, movies and TV shows etc. She also likes to download her favorite I/M clients and OTR encryption tools (for security!).
Well, she can't install any of that, and the IT (idiotic trance) department is too mortified by Windows' reputed bad security and vulnerability to malware to give her the magic "Admin access" (which on any other machine is "regular user trying to do ANYTHING useful with a computer" access).
What can she do? Of course she could drag around 2 laptops, one for work and one for herself!
That's only 10-20 pounds of machine, carrying case and accessories. She could actually physically injure herself carrying two computers around. It's a ridiculous notion.
No way! That is not a solution!!
Oh I know, she will drive all the way to the home office every single time she even wants to evaluate any new software (or even run an update script for her third-party apps) and plead with a dense Microsoftie IT manager to please just allow her to do her job and have what she needs on the road.
All that driving back for every stupid thing makes Windows machines bad for global warming. Never mind the cost to the environment of the manufacture of a useless device. Now we need 2 machines made for each person because of inherent software flaws and the obtuse policies used to work around them!?
What will she do instead? Buy ONE machine that does everything she could possibly need including run Office software and if absolutely needed, emulate that one stupid app made only for Windows by idiots. And she will have a machine she can actually use, upon which she can install anything and not fear a highly unlikely virus and it will meet all her business and personal requirements with ease. Then she'll only need to carry around just that one lightweight brilliant computer:
The idea that effectively disabling a computer from being used is a "good security model" will utterly fail. This will benefit Apple or Linux or any other platform with a clue. Withholding Administrator Access from a user on their own machine is a failed IT policy which is a blatant direct descendant of Microsoft software flaws. It is a losing proposition in the long run, where better computers with superior operating systems are clearly a preferable option.