The correlation to union shop vs. spam. They will not allow me to restrict access and/or lock their desktop so they can't download these programs. Reason being - WE ARE A UNION SHOP. Everytime I try to implement these types of restrictions, I get slack from the union and it gets lifted again. In a way, the prisoners are running the asylum. I am in management but our directors won't back me up on this.
Word to the wise - make management put their directive to you about giving everyone free rein in writing. I will guarantee you that when (not if) your network is trashed because of all the crap you're being forced to allow,
you will be blamed for it, not management, or even the users.
Even if they won't put it in writing, you can send them emails, interoffice memos, etc. You do this in a very non-confrontational way, spelling out the standard "best practices" of the industry and asking them for "clarification" on their directives (quote them if possible) that are different from the standard so you don't "inadvertently" go against their wishes. This is an out-and-out CYA, and management knows it too, but it's a lot harder for them to dump the blame on you when the business grinds to a halt because all the computers are infected. Management might or might not reply to you, but you've got dated emails, memos, whatever showing you were duly dilligent in performing your duties. And keep copies of everything.
You should also attack this from the other direction - user "education". Put out a helpful interoffice memo (and date it) warning people about the viruses, spyware, and other "bad guys" out there and telling what the users can do to avoid being infected. You're just doing your job, trying to help the users, right? But it's in writing now - CYA.
Again, being non-confrontational, you can mention to the Internet offenders what a shame it would be if their computer got infected with the xyz (make up a suitable name) virus since the only way to get rid of it is to completely wipe the computer. You sure wouldn't want to have to do that because of all the work they'd lose, but you'd have no choice because it would infect all the other computers - the person might lose their job, union or not. It's for sure they'd have to redo a lot of work.
And
when PC's get infected with viruses or malware, document the heck out of it and report it to management (in writing), including your diagnosis on what caused it. Your message to them (without saying it in so many words) is:
1) You're doing a super job even with your hands tied by their bonehead policy;
2) The company is losing money right now because of downtime and work that has to be redone and will probably lose a whole lot more if management doesn't get their collective crania out of their rectal cavities;
3) The miscreant must have intentionally tried to screw the company because he/she was shown how to "surf safe" and deliberately did the opposite - if he/she is made an example of, other miscreants will get the message too;
4) I told you so,
and anything else you can think of. Throughout, you've acted in the best interests of the company while trying your best to follow management's directives, even though they clearly were wrong. CYA 100% and who knows, it might even help change things.