Epoxying the USB ports and locking in the network connection settings with Group Policy are par for the course in the kind of organization that would implement TLS interception.
Nope, they don't. Most organizations I call the 'casual creeps'. They buy some badly made security appliance or software suite, install the certificate through some active directory policy and call it a day as their IT staff snigger behind the scenes at whatever their employees are doing. If they made their creepy behavior more public, they will rightfully so start getting higher employee turn over.
Even very sophisticated large tech companies don't epoxy their USB ports on their employee macbooks.
// EDIT: They also cover their asses with some 'network use policy' that is the vaguest possible thing and which even most software engineers don't understand the full extent of what is done. It's pretty disgusting, and I can't wait until some combination of GDPR style informed consent and what is law in austria[1] is put into employment law.
Yeah how could they sell their used laptops when they upgrade, if there were epoxy in the ports? I've never heard of any named non-military organization doing that. You're totally right about the network creepers, too. They're easy to spot: just point out some of the problems with proxy shitboxes or the ridiculous EULAs that come with them and see who gets pissed off.
So true, I've worked in tons of places with proxies but zero with epoxied usb ports or locked down network configuration. The only thing these proxies ever achieved was lower productivity due to hours of configuring custom software or not being able to browse useful information on legit sites like stackoverflow. It's just a play from IT so they can add a tickbox saying their network is secure when in fact it's a big fat joke as these proxies usually act on a blacklist basis and not whitelist.
