RE: Impact of removing administrative rights in an enterprise running XP


We have gone through the exercise of completely standardizing and
locking down end-user desktops here at the Georgia Medical Care
Foundation. We are not by any means a large enterprise, (150+ seats),
however our experiences should "scale up" to that level.

As a result of our efforts, support calls have gone down measurably,
spyware and viruses are unable to get a foothold on the machines. Our
user community, after a short teathing period, has accepted and embraced
the locked down configuration. Yes, we have to manually install some
software on machines, but as a result of the standardization this is the
exception, not the rule.

We have 2 folks dedicated to desktop support, and two others that pitch
in when required.


Anthony Mabes
Georgia Medical Care Foundation
IT Consultant

-----Original Message-----
From: Drew Simonis [mailto:simonis@xxxxxxxxxx]
Sent: Thursday, July 27, 2006 9:54 AM
To: Focus-MS
Subject: Impact of removing administrative rights in an enterprise
running XP

Hello all,
I wonder if anyone on the list who might work for a good sized
enterprise (10,000+ seats) has gone through the excercise of removing
administrative rights from the user community?

Aside from the effort to inventory all applications and ensure that they
work with restricted permissions, I forsee that such an effort would
likely require changes to the entire support model. Instead of relying
on users to install their own software, it would need to be done for
them. New hardware would require intevention, etc.

If someone has completed this, was support a major new burden, or was it
not as difficult as it might be? If it was, how much of a burden was it
(+ desktop support headcount? +helpdesk calls?)?