The powers that be had the great idea of launching a policy of locking down PCs where I work. Which is ridiculous considering that we're a large research university and that, believe it or not, bureaucrats can't predict what researcher X in lab Y will want to put on their computer. Because users were unable to do anything on their own, the IT people were spending a lot of time going from one office to the other installing the software that people needed. It lasted for maybe a week, at which point some "helpful" IT person decided that it was much easier to just give "trusted" users the admin password! However, that was the XP era and people soon realized that they could not easily install
So, eventually, lots of people started using the admin account FULL TIME and leaving the password in plain sight on post-it notes. So, to "improve security", we went from people using regular user accounts, with a small risk of their machine being infected/compromised, to people logging in as admin with full rights on the machine. What a great improvement!
I suppose that white-listing may solve the problem if it's really impossible to do anything. But it's 2014 and you can't predict what people will want to use.