[drankula3]

I'm a systems administrator for a small MSP. I've used Linux as my primary OS for 9 years, despise using Windows, and I can tell you with 100% confidence that nothing but Windows is ready for prime time, and for one major reason: _ease of administration_.

Think of the growth cycle of the vast majority of businesses. Almost all businesses are started and run by non-IT people. They buy Windows machines because they're simple(don't have to worry about OS installation, chosing a distro, etc), have Microsoft Office, and work with any and all enterprise software they use. This gives them a key advantage for small businesses. Like it or not, Linux is just relatively hard.

Where Windows _really_ shines, though, is when a small business transitions to being a big-small or medium-sized business. If you have a couple dozen computers and a couple dozen users to manage, do you think it would be worth it to have a linux admin spin up an LDAP server with kerberos and all the bells and whistles needed, then be hired to manage that infrastructure? No, they're going to contract someone to spin up a windows server to manage user logins, create a network share, and call it a day. The infrastructure is super-stable, and when the cost of labor is considered, it is considerably cheaper than letting the system be the plaything of a local Linux zealot.

It's only when you consider big and massive businesses that Linux can really be viable, and even then it ain't cheap. Most big businesses grew in a Windows environment, and switching the core of your IT infrastructure sure as hell better be worth it to warrant the massive labor costs, IT fire fighting, and drop in employee productivity that will result.

No, Linux infrastructure and desktops really only make sense for companies that are either highly technical, need absolute control of their hardware, are _extremely_ price sensitive, are (or hope to become) massive, or a combination of these.

[Silhouette]

FWIW, I mostly operate in the world of small businesses, and in tech and creative sectors.

Anecdotally, the majority of the small businesses I deal with don't fit your characterisation there. For example, MS Office is far from universal in this market now. Online collaboration and document editing tools are displacing applications like Word and Project. We're being forced to switch to online management and accounting systems because of issues with interoperability and government regulation, which makes Excel much less useful. Outlook/Exchange is giving way to Google Mail and similar services. I'm not saying any of these is necessarily an improvement or has no downsides, but it's clearly the way the industry has been moving. The specialists doing things like CAD or DCC still need the 800lb gorilla software in many cases, but those are niche markets.

The biggest problem with Linux on the desktop today is no longer application support, IMHO, but rather the lack of off-the-shelf PCs you can buy that way, with proper tech support and so on. We tried buying one of the Dell laptops that was sold with Ubuntu preinstalled, and it was one of the most disappointing and troublesome purchases we've ever made, largely due to the abysmal support when basic hardware failures occurred. (Also, the hardware itself appears to be pretty poor quality.)

If you could buy decent laptops with Linux preinstalled from the usual big name brands or off the shelf at your local bricks-and-mortar store, I suspect a lot of people would barely notice the difference any more, because so many of their software needs are either very basic or using online systems now.

[ninkendo]

Why do your employee's systems need to be "Administrated" in the first place?

Why do you need Active Directory or LDAP? Why do you need group policy or anything else? Why are your endpoints not as close to vanilla simple desktop/laptops as possible? Is it that employees can't handle using a computer?

I've worked in one of the largest businesses in the world for many years now, and I don't think we even have an IT department that manages desktop installations. I've certainly never interacted with them. You either figure out how to use the computer they give you, or you don't, in which case why should they employ you? Computers are a basic skill.

[drankula3]

> Why do you need Active Directory or LDAP?

Primarily authentication, authorization, and accounting[0]. Setting up a new user account on every single computer that an employee may at some point sit at gets very expensive. Many businesses (if not immediately then eventually) have security concerns that require Administrators have the ability to immediately lock users out of the system or be able to audit recent activity. AD/LDAP facilitates this. It can also automate standard settings like network drives, screen lockout settings, homepages, and all sorts of other settings.

> You either figure out how to use the computer they give you, or you don't

Standardization of processes and training can reduce training time considerably. For industries with high turnover, this can make a difference. You've gotta remember, not everyone is a knowledge worker. Tons of people are more like cogs in the machine of the company, which isn't necessarily a bad thing.

[0] https://www.techopedia.com/definition/24130/authentication-a...

[ninkendo]

> Primarily authentication, authorization, and accounting[0]. Setting up a new user account on every single computer that an employee may at some point sit at gets very expensive

Why are people using more than one machine?

> Many businesses (if not immediately then eventually) have security concerns that require Administrators have the ability to immediately lock users out of the system or be able to audit recent activity.

Why are the network services tied to login sessions on my machine? I mean, login token invalidation is an interesting problem in general, but every place I’ve worked in the past 10 years, my desktop is not the place where secure things are stored, the services I access are. (And those services are increasingly SaaS and use something like SAML with the directory server for the company.) None of which needs a login token associated in any way with my desktop login.

Perhaps a better phrasing of the question is, why is the demarcation line between the untrusted world and the things you’re protecting on the desktop? And not at the services themselves?

> It can also automate standard settings like network drives, screen lockout settings, homepages, and all sorts of other settings.

Sounds like a bunch of solutions to problems you’re creating for yourselves. Why even do any of these things?

Perhaps an analogy would be helpful:

Say you required all your employees to have smart phones so they could (for instance) get email, log into the timecard/accounting service, etc. You’d need a pretty huge justification to require all of the phones to be managed centrally by your company. Why are desktops different?

(Or perhaps you’d defend even the central management of my iPhone too, in which case I think our perspectives are so far off, I don’t think there’s much convincing either of us can do at this point.)

I used to be an AD administrator for a university and had to manage hundreds of lab machines (maintaining a central hardware-independent image, group policy, tons of settings), so I’m aware of what tools are available for Administration, I’m just saying 9 times out of 10, the best way to administer lots of systems is to not administer them at all.

[kyriakos]

> Why are people using more than one machine?

Ever been in a meeting room? Most companies have shared PCs for meeting rooms. Logging in gives you access to your documents so you can hold your meeting and take your notes back to your workstation.

I'm really surprised you worked in a large business and haven't experienced any of this or the need for standardisation. We use a bunch of systems that all work with AD, it's really a solved problem in a Windows based environment.

[Silhouette]

Most companies have shared PCs for meeting rooms.

Are you sure that's not overgeneralising from your own experience? After all, most companies don't even have dedicated meeting rooms, because they aren't big enough. Of the ones that do, I have rarely seen a dedicated PC in there, and that spans the full range of businesses from five guys in a single office through 200+ person medium enterprises right up to some of the largest companies in the world. Most people just take their own laptops, IME. So while I don't doubt that you may have come across this often, it's not necessarily the way everyone else does it.

In any case, basic AAA for organisational user IDs is hardly rocket science, whether you're running on Windows or Linux.

[kyriakos]

The OP mentioned working in one of the largest companies in the world I find it hard to believe they have no conference and meeting rooms. I think you are over-generalizing using startups as a prototype; the enterprise world is a different beast.

[samdixon]

Man you're practically one step away from saying "Why even have a business? It just creates more problems."

edit: I mean are you really asking why not have network shares or screen saver timeouts for your environment? It's a bit hard to take you seriously saying things like that.