I agree with Emmanuel on this front. Although software restriction policies are no doubt a major burden with regards to both maintenance and resources, it is an essential precaution. However, it should be considered that software restriction policies should evolve just as much as the methods to skirt around them. Without an existing system for checks and balances, the company will simply break down from the exploitive employees that work for it.

Controlling what applications are installed on one’s network seems like a no-brainer, but it hasn’t always been embraced with open arms by system administrators. Not only can software restriction policies be time-consuming to create and maintain, they’re frequently easy to circumvent by users. For example, rules based on the publisher of a program can sometimes be defeated by simply renaming a file. Hash rules need to be changed every time a program is updated. Rules limiting application launches to those located only in Windows program files may be effective if users don’t have to run programs from other locations on the network, such as from a server. Those problems make the implementation of software restriction policies challenging.