@SqualStrife: That. And a lot of company IT departments don't understand that.
However, it does not mean you have to let users install anything they want. Personally I never understood why a previous employer did not block certain entertainment websites or let some users to install iTunes while at the same time complaining when you asked them to install/buy special software needed for work. No, for the latter I had to request a special policy that let me (the user) install anything I wanted locally with IT accepting no support responsibility at all, but not while connected to the internet, out of "security reasons" (any real evil malware can be written to circumvent such limitations). Which of course led to problems when I had to install a program that needed to download its install files from the internet (solution: install to USB-stick at home, then transfer to work PC - which was not blocked 🙄 ).
Likewise, they forced users to "completely change" their passwords every three months, but a) as one user discovered, "completely changing" meant "I can change a single letter and be done with it", b) users routinely pasted their passwords to their screens, which combined with the easy-to-guess usernames..., and c) the "three months"-thing appeared to not apply for off-site (remote log-in) workers 😵 .
So their policies were inconsistent at best and dangerous at worst - as was shown when a clueless user got his system repeatedly rooted by installing malware, which then infected his network partition 😲 . The same company employed IT techies that had very backwards ideas about open source, Unix, and Apple Macs, and a very limited viewpoint when actually bothering to use Linux and the like - they just grabbed the first thing that came under their attention instead of checking whether there were better or more efficient solutions at hand. E.g. using a dedicated code editor instead of Red Hat Linux's standard text editor, which led to whining about "it's not licensed under the only open source license we know!" (then they need to review their nonsensical policies).
Meanwhile I composed my own software suite out of some paid programs and some variously licensed free ones, and ended up with a better combination for less money. All of which could also be run on my work machine from USB, the desktop or by dumping them into my network My Documents folder - awesome but at the same time worthy of a massive facepalm (because executing programs from My Documents etc....ah).
So, have written policies in place. Have sane written policies in place. Enforce them. Enforce them consistently. Enforce them consistently and be able to explain in normal language why things are like that. Also understand that users can't wait three months (or three weeks) before something they need for work is installed. And understand that <insert large vendor/popular choice here> does not always have the best/cheapest solution for a problem.
Additionally, have things vetted by management. Be critical of what management proposes: Microsoft Office might be everything they need, but it certainly can't replace dedicated desktop publishing software meant for pre-press and therefore wouldn't be a good choice for use on the floor in a printing office. Likewise, Google Docs doesn't equal Microsoft Office (however Google would like it).
Oh, and if you think things are out of your league, ask for advice or go on an appropriate course instead of doing things you (and management) may regret later on.