My thinking on this..
Maybe one of these could work, but it'll depend on if they're willing to undergo the expense, either of your time or the extra equipment or setups in #2.
1) Warn them if everyone has a free-for-all that it may require whatever they have installed or important data not backed up to be "hosed" if it's just too much trouble and fuss to clean it up, particularly if a nasty is caught that makes significant or critical changes, such as the file system. Sometimes, time is of the essence unless your management has the Devil May Care attitude about things. Keep mirror images of a clean system and be prepared to ghost.
2) Perhaps having alternate computers, a kind of community computer(s) also networked could help you drive home your argument. Lock down the important machines as you suggest, yet have the alternate ones as those free-for-all's so they will see what happens, and document it whenever anything is required of any computer for A->B comparison including installation of all apps. Hopefully the overall network can support the extra bandwidth demanded by this solution, although I worry if these share the same network that a nasty may still propagate regardless, so a separate subnet separating these two classes would better prove the case, albeit even more expensive! Each to their own I say, but do be careful with the politics that they cannot be allowed admin access on the important or lockdown machines. Especially when dealing with non-tech sales, this can quickly become problematic and make the validity of your results as invalid. If you are to conclusively prove your point, the above can't be violated, NOT EVEN ONCE!
3) As an in-between, have the company approve a policy of requiring approval of any and all program apps, regardless of one's standing or position. That would be ideal in my opinion. In your favor, you'll be able to review if installation of apps on the company's workstations or network is legal or requires licenses in the environment - a perfectly appropriate role for any attentive admin to attend.
