We don't really control user desktop machines
Here is something important: regardless of what people in IT like to think, we don't really control user desktop machines if the users feel strongly about it. We can try to dictate hardware and software standards and we can often get away with it for a while, but in the end if the users want something badly enough they are going to win.
This has really been the case for quite a while, but it is especially acute these days with desktops; the ultimate issue is that the users just have too many alternatives to whatever you supply, and thus too many ways around your limits. At the extreme, not only is perfectly capable desktop hardware available for a price that is almost within reach of the petty cash budget but many people have personal laptops that they can bring in and work from, basically ignoring your desktop.
Yes, you can start making policies and enacting technical barriers to keep these 'unapproved' machines off the network. That's the path to a scorched wasteland, where everything that IT provides is stacked up in a corner with a dustcloth thrown over it and the actual work all gets done entirely off your pristine network in whatever anarchic environment the users have built.