this post was submitted on 19 Sep 2024
462 points (96.4% liked)

Technology

59605 readers
3438 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] raspberriesareyummy@lemmy.world -2 points 2 months ago

But they don't have to make any OS "office-wide". All they have to do is

  1. move from a centralized micro-management of every workstation to a scenario where users can be provided a prepared workstation, but may configure one themselves
  2. transition to a security policy that assumes every single workstation is insecure, and regulate the network traffic to allow only those protocols that are required for the business, protecting each machine from the next (this would prevent so many major security incidents where a single machine gets compromised and then the whole network is affected)
  3. provide central infrastructure as open protocols - IMAP (or POP3/SMTP), HTTPS, FTPS + file & printer sharing as desired
  4. enforce open formats within the enterprise

If necessary (assuming you have really irresponsible users), before authorizing users to set up their own machine, they can do a qualification check - or have the user's line manager approve the "individual setup".

This would enable power users productivity and even if you don't change anything for the vast amount of users, it would pay off rapidly. If you can move regular workstations away from the bloatware that is Windows, you would boost the overall productivity immensely.

Specifically, what I am arguing against is:

  • locking users into an eco-system for any kind of service (e.g. MS Exchange servers, MS Active Directory)
  • outsourcing your IT competences to Microsoft (because let's be real, that's the actual reason IT departments go for Microsoft: corporate IT is outsourced as a service, this means lowest bidder, and the lowest bidder will happily take Microsoft's offer to take care of any "real" issues and only provide a really, really dumb and helpless first level support)
  • having tons of services listening on every workstation that no one ever needs (just open your windows control panel (while it's still around) and check out all the running services, of which you could disable > 50% if Windows would let you, without impacting the operational state of your machine) and each one presenting a vulnerable interface to the network