Comment Re:Not News!! (Score 1) 843
When you have little or no say in what software gets selected for use but are required to maintain local support for the same software as well as maintain the security of the network, it is not a waste of time at all. You do not give users Admin privileges. You give them the permissions they require to do their job and no more. That's basic best practice.
It's really not even that difficult to figure out. Nine times out of ten, the program either wants to write to HKLM\Software\$appname or wants to write to two or three configuration or log files in %programfiles%\$appname. About a quarter of the time (IMX) the documentation contains detailed information about what permissions are necessary. After that it's merely a case of using the various SysInternals monitors to figure out what's causing the problem. Between Xcacls and regini it's not difficult at all to script the changes. I typically maintain a single script which checks for the presence of each application and, if found, applies the necessary permissions changes.
^^ This ^^. 99.9% of users (special case exceptions being IT and software engineers/developers) should be on locked down User access with special cases made for applications they need to have installed that are specifically approved and setup by the administrator. End of story.
If you are in IT and on one hand complain about having to setup user's access and field calls for software installs and on the other hand complain that Windows is too insecure then you are a fucking baby who needs to get a new job, since securing and installing software IS your job.