IT burden.

Weird, I would never imagine locking down development workstations -- how would you ever get anything done? Just one example would be Docker, having access is equivalent to root so why beat around the bush?

Our office basically treats development boxes the same as BYOD except the company buys the hardware. IT will do best effort diagnostics and recovery on those machines but otherwise you're on your own.

Eh I don't even necessarily mean locking stuff down. But having standardized images to roll out makes things simpler, keeping patches up to date, etc.