Our IT group rolls out network and desktop policies to our CAD Workstations almost on a weekly basis. Usually to restrict what a user can and cannot do.
For example normal users cannot access Folder Options under Windows Explorer, Nor can users add/remove software, nor can they see C drive. but it goes deeper than this into things such as registry changes by applications, and folder access by applications and the user. Also running VB Scripts.
We have found in the past with V8 that we had to implement adding the local user to the Local Administrators group on the machine they work on.
This would be for Windows XP and Windows 7 with V8i.
So I am wondering if anyone else has had this issue with regards to IT policy restrictions and requiring Local Administrative settings to be added for the user?
IT groups should not be holding back or limiting the abilities\requirements of engineering systems groups. They are there to help deliver a functional, usable, stable system.
I guess nobody has an IT group who pushes network policies onto their CAD users...
I used to be the System & CAD Admin in my last position. I had tried to force all users to Standard or Power User (Windows XP) but this was so difficult I eventually gave up. It was easier to re-image workstations when something went wrong than to manage the security. Of course this does nothing for virus and malware prevention; I just need to rely on endpoint security software for that protection. I know this does nothing to help your situation. When I did have the security locked down on XP, I was able to accomplish this by the creation of a security group for cad users which would give them the write access to the necessary folders and registry keys.
It's not really a case of re-imaging. We have an independent ICT group who keep squeezing the users desktop functionality, slowly locking it down.
What it has done over the years is limit both desktop functionality and our ability to administrate. Our ICT group also has control over desktop imaging, patching and policy control.
The more they squeeze the more difficult it is. So we have added each local user to the Local Administrators group on the particular box they work on to avoid such constraints. But if they demand it be removed then we will loose control of CADministration.
My issue is if I can get a basic charter of the system dependencies that MS needs then I can request to them that they avoid applying policies to these areas...
Does CAD users really need local admin rights on a pc in order to run MicroStation or the likes? Our experience seems to work fine on WinXP boxes - CAD user as restricted Windows user (no admin rights).