"All my business users want to install [insert name here] software should I just let them do that."
Firstly you are probably only getting this question because the users can't actually do the install otherwise they would have already done it (most likely). Normal users should not be administrators on their business PC's so that they can't just install whoever software they want and effect the integrity of their nice clean windows install and windows profiles.
Adding to the base windows system setup adds more software to maintain and one more possibility for system compromise or data leakage. For example is a user wants to install dropbox think through the implications of this?
If sensitive business files are going up on drop box is that OK company policy wise?
- Who are they being shared with?
- What if that person leaves or is terminated?
- Is it OK legislatively to store these files offshore (based on Australian privacy law).
There is also the productivity aspect as well obviously software not required for business usage isn't typically installed on a business PC.
Now I know this can get a bit sensitive staff wise especially if you have demoted people from what they were used to and it possibly sounds over the top but I need to give you an idea about "best-practice".
My opinion is that "best practice" dictates a process whereby the user puts forward the "use-case" for whatever software they would like beyond the standard setup to their manager and then if approved at that level it its run that by IT support and finally someone either installs the software (depending on the software) or just enters the administrator password for that user to allow them access for a one time install, sounds like a big deal but should only take 5 or 10 mins to approve a well-known bit of software if it's a good fit.
Alternatively if you really need to you could just give a certain user (and an accounts person is a good example of someone who needs specialised software see my other blog about MYOB) varying degrees of administrative permissions on their computer so that they can do what they need to.
However you need to consider the implications of that, for example even though the manager/director/CEO has the highest level of authority in the organisation and has the administrator passwords anyway they should still not be an administrator on their own PC for safety reasons (malicious software, virus, social engineering etc.).
I know its a lot to think about but its a "plan now or pay later" thing.