"Not to be rude, but the attitude portrayed above is I am clearly incompetent and have no business asking for a solution that isn't the best possible security."
I don’t feel that is the case at all. You asked for alternatives. The folks here are trying to assist with that. If what we are providing is not prudent for your efforts, OK, we get that, but there is no reason to feel insulted / defensive, as that is really not what is trying to be communicated here.
As for …
"You are also implying that you never have had to do a less than desirable implementations because of political decisions."
I am sure we all have, I know, I’ve had to, but even in those cases, I had no issues with voicing my concerns to whomever asked for it. Sure, I did it anyway, but reported it up the chain to whomever I could as well. Primarily because, if what I was asked to do caused problems in the enterprise, then blame would be on me, and that RPE (resume producing event) would be on me. Even in my military career, I’ve had to push back on my leaders / commanders (even generals) for what I felt was an unlawful order(s), based on my command of the military policy / UCMJ / SOP / regulation. Depending on the sensitivity of the action, I still may have done it, after I weighed all the risks for all involved, but I still pushed it up the chain.
So, we all get that position of, because the boss said so, and in those cases, you are asking for alternatives that you’d never be able to use, because that is not what your boss asked for, unless you can convince your boss to accept what you are proposing, which does not sound like you are in a position to do and maintain your position at the company.
So, you few options:
1 - Do exactly as your boss asks (even though you know it is the wrong approach and deal with any an all consequences of such action)
2 - Work the GPO/LPO angle - working the PoLP (Principal of least privilege)
3 - Work the SCCM angle
You are asking for assistance or a solution for a use case that you are saying you can’t / don’t control as per your own statement, ‘because the boss said so’. We too have to live with such things, but it all comes back to how well one can present an alternate view to management and how committed one can / will be to it, to get management to understand the implication of X or Y and why a different approach is needed.