General discussion


Unified XP Desktop Build

By SparkieIT ·
I have been in the early stages of planning a move to a corporate unified build for our desktop systems. Currently, uers are local admins and have free reign over their systems - excluively WinXP. This causes a good amount of greif for our help desktop support folks - viruses, licensing, supporting the unknown...

But I've been hearing a lot of grumbling about taking away local admini prividliges from the users. "We will need to make every little change" "People will hate the loss of authority"

But I can't help but think that these things would only be temporary hudles to solving our long term problems.

Can you provide any insight or experiences that might help me?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by ReWrite In reply to Unified XP Desktop Build

OK, here's my 2 cents worth. I've worked with a number of large companies over the years and have seen the issues caused by having users as local admins and having no local admin permissions given to users. My opinion is that you should see a drop in help desk/support issues by taking away admin privaleges. For the most part (but definitely not in every case), the average user can cause more harm than good with admin privalges. They read something in an article or hear something in a conversation and change settings on their machines without really knowing what the impact will be. And then there's the issue of approved software (if you have such a policy in place). The list can go on and on.

A good way to justify the action of taking away local admin privaleges is to document the time spent by help desk/support people when dealing with any issue caused by having users with local admin privaleges. Keep track of this for a month or so and you'll get a good feeling for the cost vs benefit of having users with these privaleges. In almost every case I've seen the results have been eye-opening.

You will certainly have users that will complain if you implement this strategy. But when you think about it from a management standpoint, why would a user really need admin privaleges? If the technology dept sets the machines up properly and maintains them properly, what else does a user really need? It usually boils down to a state of mind. The user thinks that they are no longer in control and it hurts their pride. The best thing to do is commnicate throughly and dispel any and all questions which the users might have. The first little while after implementing a policy like this is the worst because every issue that comes up will be a point of contention with some users who will use it as an example of a bad decision on your part. But, after some time things will smooth out and most users won't even notice.

Nuff said.



Collapse -

by SparkieIT In reply to

Poster rated this answer.

Thanks ReWrite. I agree that I will need to set up that justificaiton to help make the decision.

Collapse -

by p.j.hutchison In reply to Unified XP Desktop Build

WE give users the minimum needed to do their job. We do NOT give users admin rights by default and most are happy with the rights they have.
I users need admin rights, then they have to sign a form stating what happens if they mess up their computer. If the problem is not fixable then their PC is re imaged from standard PC image and loose what they have. We can also remove rights if it becomes an serious issue.

If you have procedures in place for those few that need admin rights then you can reduce support calls. Our system seems to work fine at present, giving full rights to everyone is a nightmare waiting to happen, so avoid that whenever you can. For XP systems, we have given everyone Power User rights as that has got round some application problems we have with some software.

Collapse -

by SparkieIT In reply to Unified XP Desktop Build

This question was closed by the author

Related Discussions

Related Forums