In a Windows environment this can be managed with AppLocker, or an endpoint management solution, or 3rd-Party tool like Threatlocker.
It becomes less about controlling the users and more about stopping any bad guy dead in their tracks. If nothing but what has been implicitly authorized can execute, then 99% of ransomware attacks will be stopped immediately even after the user clicks the link.
Your company software procurement process shouldn’t be so onerous that people turn to Shadow IT. You have to work with people where they are.
No, that's the default behavior in Windows. If you install to, say, app data it's fine. If you install to program files, you need admin because it is a protected folder.
> The company does NOT want you installing random crap on their machines.
Why do you immediately jump to the conclusion that the post is about installing "random crap?"
Where did I write that it was not approved in advance...?
The post is about requiring admin to install to Program Files. Even if it is an approved piece of software, you're still going to need admin to install it.
