Google Chrome GPO Best Practice

EDIT: Wow this turned into a rant....

A lot of pretty psychotic stuff gets said on here. I see admins lock shit up just because they can or they have some perverted view that they are saving themselves and the company a lot of man hours and headaches down all while ignoring the huge detriment to employees they create.

Of course on things like Citrix VDA's and what not we'll nuke a profile after a user disconnects, but otherwise something like browser history on terminal server or whatever? We could give a fuck about... and we have an entire group of people who their job is to deal with audits ranging from ISO, to corporate (higher up the food chain than our division), to clients themselves who audit us directly. I'm talking big well known, house hold name, banks and fortune 100's... all up in our shit.... deep in there... shit I had to get a DoD secret clearance for one client... total waste of money too. After we were done we never signed another DoD client.

Anyway a lot of admins are dumb like this. Case in point (long story): We've never ever had employee wireless. Client contracts originating from like 2005, having been re-negotiated, re-signed over the years... always said there could be no wireless on the network. Well it's fucking 2019... on top of that there is so much open wireless bleeding in from all directions, like from the hotel next door. If we didn't provide it, other than threatening discipline which is a dick move, there's nothing stopping employee's from jumping on the hotel wifi next door and VPNing in. So we got corporate to approve another internet connection. The way the language is written, the wireless just can't be on the same network as the client data, and we aren't talking VLANs and routing, we are talking air gap. So we had a shitty 400/20 Mbps spectrum cable modem connection installed and we are setting up some ubiquiti gear. I've been pushing/running the whole thing as a side project until the senior network admin tells me to have a new network admin we just hired, set it up. I'm not a network guy myself, but its ubiquiti for christ's sake... so while annoyed, OK... So I am sort of over seeing it and the dude wants to cap users at 1MB down and 500Kbps up.. I'm like: Are you serous?!? I wouldn't even fucking use it if you did that. The fucking entire idea for this wireless is to be a perk for the employee's so they could use their latop when they move around as well as their mobile devices. Why? because it's an good job market and every fucking dev we have is two steps from jumping ship to somewhere that pays better. It's not critical to our business at all. If someone wants to crush it, let them crush it... but lets set a cap that makes the fucking thing useful and then monitor usage. I finally got the guy to settle for 10/2 for a location with 150ish people who are regularly onsite, and bunch more that visit maybe 2-3 times a week.

/r/sysadmin Thread Parent