If you haven’t already pried away your users’ local-admin rights, now is the time. Yes, I know it’s hard. Laptop users are especially difficult to wean because the help desk can’t walk them through complicated fixes over the phone. But there’s also that “shadow” IT organization—department gurus and admin wannabes who find applications that meet certain tactical needs, then scurry around with thumb drives installing the apps with no regard for interoperability testing. And don’t even get me started on the kind of trash that average users install on their machines when they have local-admin rights. It’s amazing how the most unsophisticated user, incapable of so much as a password reset without help-desk support, can find a way to install complex multi-tiered client-server front-end applications if the reward involves shopping or sports.
Even if you muster the political strength to deny local-admin rights to the majority of users, as soon as you take those rights away, apps start to break. An astounding number of applications insist on writing to protected portions of the file system and Registry.
Windows 7 simplifies the switch to standard-user operation. Background processes redirect changes away from protected areas into user-controlled areas. That alone should resolve many issues that you might have encountered with standard-user operation with XP. There are also some simple but critical improvements that help standard users, such as the ability to change time zones, a task that required local-admin rights in XP and Vista. Ditto for changing screen resolution, doing an ipconfig /refresh to get a new DHCP address and installing optional updates.
The Application Compatibility Toolkit (ACT) contains a Standard User Analyzer (SUA) Wizard to help with vetting your apps. SUA provides an elevated-privilege launch platform for an application. Then, while the app installs and runs, SUA ferrets around inside looking for subtle issues that could keep it from running as a standard user. When it’s done, you receive either a clean bill of health for the app or a list of items that need remediation.
Post a Comment