Never worked for a place that locked down and one of my jobs is in healthcare tech.

Enjoy being crippled and use the time to be mediocre and just collect checks.

This is standard, especially when the size of the company grows. Actually, Microsoft might be a rare exception.

Extensions are full of malware of various sorts, so it makes sense that they take them away. Allow list vs. block list makes sense as a block list is impractical to maintain.

Only thing you can do is complain to management and prove with real #s how this is impacting productivity.

But if you're a webdev, it's super unlikely today that you need local admin and cannot work within an allow list of applications. If you're a driver dev, sure I can see how it might be a blocker.

At $DAY_JOB our Windows laptops are locked down and supported.

Linux & macOS people have zero support (outside hardware, corp VPN) and the password to the local admin account (thankfully Jamf does not reset sudoers file)

As more developers/operators opt for Linux or macOS I'm surprised support hasn't been expanded.

This is basically a requirement for certain types of security certifications and for liability CYA reasons in the context of evolving laws about stuff like data breaches.

Sounds like it's time for some malicious compliance. I have been enjoying the freedom I get on my machines ever since I left Fortune 500 but even there I had enough permissions to install the software required to do my job. You might not get some conveniences back but I hope that after a few days of "I'm waiting for IT to let me do my job" standup reports they'll reassess.

Devices are completely locked down users do not have admin rights and must make a request for anything to be installed or executed. They cant even use a USB without getting approval. Software must come from our internal software repo and we run updates so often that known mac haters beg for macs to escape the win11 hell we've created. Its awful and I feel gross helping manage such a user hostile environment. Yesterday our update tool shutdown someones computer in the middle of a important action. It prompted him 3 times with 15min intervals then shut down his pc. He was going berserk as he lost a lot of progress.

Most of this is because of the strict compliance requirements our security team enforces on us. But some of it is done because we dont know how to implement the stuff in a way that is strict but lenient. Mac is way better because we dont have as much invasive tooling that supports it.

Totally standard / "normal" at BigCo (fortune 500, banks, etc.).

At MegaCorp, there is a never ending arms race between security/compliance teams locking things down, adding approval and surveillance checks, and everyone else just trying to do their job.

Usually there are workarounds and backdoors available to people in the know. If you kick up a fuss, you'll be seen as "difficult". A key part of the job is finding tricks to get things done _despite_ all of the rules / checks in place trying to protect you from yourself.

It is hard for IT departments to continue to allow that freedom as the company grows and compliance requirements creep in. I am in the weird position of being responsible for Risk & Compliance while also directing the IT policy for personal machines. I've managed to hold on and grant everyone local admin access, but I get a LOT of push back every year from auditors and customers running their own audits. I'm hoping that continues, but it's probably 50/50.