The most annoying instance of this is installers in Windows that just assume you want to go into `C:/Program Files`, which nowadays requires admin to be modified
This is very annoying on company machines where you may not have admin, since now there's red tape with your IT because the installer was poorly written.
Half the reason I use the WSL is because you at least get "root" on it, so permissions are never an issue
Edit: there may be something lost in translation. This post is in reference to software your IT already approves, which happens to only install to program files.
It's a feature. You shouldn't be installing software on your work computer. Your IT department should be vetting it, deploying it, and keeping it up-to date for you.
Maybe you can tell the difference between report.pdf and report.exe, but too many people can't, so unfortunately we can't let everyone install anything.
> Your IT department should be vetting it, deploying it, and keeping it up-to date for you.
There are not enough IT staff at my organization to do this. They have an approved list of software that may be installed. Some common installations are automated, others are niche-enough that it's DIY.
We don't live in a perfect world where the IT staffing ratio is 1:20 (or whatever arbitrary number you would consider "good"), so this is how my organization does it.
> unfortunately we can't let everyone install anything.
> Your" IT department should consider giving you your own admin account. But it's their call.
Seems like a bit of an extreme solution for one-off installations that are rare enough to not be worth bothering to automate.
Good example of this is scientific software like Gaussian (a "common" quantum mechanics package): needs admin, expensive and strict license that gets audited. It's approved, but we have a single digit number of people using it. It's just not worth the time to automate a script around an install that only happens once every year or so on average, when they can just temporarily elevate the user.
> You shouldn't be installing software on your work computer. Your IT department should be vetting it, deploying it, and keeping it up-to date for you.
If I actually had to depend on IT to do all that, it would take forever to get anything done.
In a Windows environment this can be managed with AppLocker, or an endpoint management solution, or 3rd-Party tool like Threatlocker.
It becomes less about controlling the users and more about stopping any bad guy dead in their tracks. If nothing but what has been implicitly authorized can execute, then 99% of ransomware attacks will be stopped immediately even after the user clicks the link.
Your company software procurement process shouldn’t be so onerous that people turn to Shadow IT. You have to work with people where they are.
No, that's the default behavior in Windows. If you install to, say, app data it's fine. If you install to program files, you need admin because it is a protected folder.
> The company does NOT want you installing random crap on their machines.
Why do you immediately jump to the conclusion that the post is about installing "random crap?"
Where did I write that it was not approved in advance...?
The post is about requiring admin to install to Program Files. Even if it is an approved piece of software, you're still going to need admin to install it.
This is very annoying on company machines where you may not have admin, since now there's red tape with your IT because the installer was poorly written.
Half the reason I use the WSL is because you at least get "root" on it, so permissions are never an issue
Edit: there may be something lost in translation. This post is in reference to software your IT already approves, which happens to only install to program files.