In order to create a stable and productive environment, it's necessary to control the network. Every device connected to it becomes a part of that network. If the device is connected to an internal port not controlled by a highly restrictive firewall or gateway, the network becomes exposed and possibly compromised to any malware, exploit, or virus on this device. Any IT manager who is required to provide a secure stable network infrastructure can't do this without policy and procedure. Of course, some managers out of laziness or ignorance implement broad sweeping policies from templates because they see 'High Security in the label' and probably don't get that more security=less accessibility. You may not get, and are probably not responsible for maintaining a secure stable network. If a virus infects the network it probably isn't your problem. If you take a balanced approach to the issue, you may agree in the final analysis that the people responsible for the network have a good reason for denying unfettered, uncontrolled access to the infrastructure that many organizations can't make money without. It would be like giving you a set of keys and alarm codes to the building and saying, "Hey make a copy for your friends if ya wanna." This analogy, of course, hangs on the sensitivity of the data, and the importance of IT in your organization.