What can you install on a work computer?

Question

I don't have a whole lot of experience yet working for companies, and I'm trying to plan ahead for what my tool flow might be like when I do and what the approval process might be like for installing tools.I'm sure the exact procedure varies from place to place, but let's say for example that the work computer is Linux and I want to build & run the latest emacs on it. But to do that I first need to install libsXYZ.deb/rpm. Do I need approval first to install emacs, as well as for each lib that is installed (even if I can install them without using sudo)?Do I need approval for every proceeding emacs minor mode, Linux lib, Python package, etc. that are installed? I currently tend to install many open source tools and libs to aid me and that would seem like a hassle getting approval for each one. That also seems like it would slow down debugging what packages are missing when resolving Linux dependency issues etc.

PaulHoule · Accepted Answer

It depends on the company.I work for a massive employer; my unit issued me a Windows laptop which is remotely managed but because I am a software dev they give me the "keys to the jeep" to log in as admin. There was that time they took away my Oracle JDK and told me to run Coretto but other than that I can install what I want.People who work at Bloomberg on the other hand can't install anything that isn't on a short list.On the other hand, I know somebody who works at a megabank in New York City who got permission (with some effort) to use an open source library that I posted to Github and pypi.

raxxorraxor · Answer

From my experience with corporate IT departments is that if you ask nicely, you can install what you want if you explain the usage and that doesn't collide with any tool that is already in use. If you get a linux machine, you probably even get administrative rights, but that depends a bit on the company. But many IT departments only provide rudimentary support and you are responsible for the system working.
Of course IT is wary of users installing random software because that is their job. But if you communicate your intend it didn't ever pose a problem for me.
If you have a windows machine you should be aware that there are portable apps, which don't require administrative privilege. So you could just download Firefox, 7zip or any editor you would like to use. I would still communicate it to IT, but you wouldn't need to bother them.
If I had to ask for every package I need or just want to test, IT wouldn't have any free minute anymore. But they might want to check if you are responsible about your downloads.
Corporations often disallow SSH, so if you want to login to any remote systems, IT might need to build a tunnel for you. They generally dislike that because of the security risks, so developers often get placed into their own subnet to limit any fallout in case of security breaches.

rantallion · Answer

Even if you end up working for a business that has pretty locked-down systems, you'll find that developers often end up with admin privileges on their machines. Otherwise, you'd end up calling IT every 5 minutes to install updates to your tooling and dependencies.
The corporation I work for is almost anal about locking down machines to the point where you can't even install a browser yourself. I had admin access on day one as a developer and have no idea how I'd work without it.
Their safety net is that they'll almost definitely have monitoring tools installed. If you install something that triggers an alarm or they detect suspicious usage patterns, they'll be in touch. Otherwise, you're good.

deejaaymac · Answer

Not sure what kind of company you work for, but where I work, I am the approval process, so I mostly do whatever I want, as long as it doesn't compromise my network. I would assume that "can I install X?" also means "X + it's dependencies"

nukemaster · Answer

Pretty much nothing (including emacs!) We're only supposed to use our work computers for IM, email, and ssh to the VMs (hosted by the VM team) where we do the actual work. IMO: this is the optimal way to do it. The engineers know how to build decent machines and it separates our work from the mess corp IT creates and also decouples our capabilities from the PC hardware which has many other competing constraints.