Struggling at the moment to come up with a working solution where the end user is NOT permitted local administrator rights on the PC.
See thread Vault Problem
In a corporate environment what permissions do you allow your end users to have on the local PC. I have seen several issues where functions just don't seem to work unless the user is an admin.
All of my end users have local administrator rights to their machines. There really is no reason for users, like engineers, not to have full access to their machines. Having local administrator rights does not elevate any additional rights for the network domain, thus there is no additional threat to the enterprise. When IT restricts the users they are actually creating more burden for themselves and creating problems that would not exist if the user has appropriate permissions on their system. There are many Autodesk applications that simply need admin or power user rights to work properly. My argument for admin rights has always been, if you worry about your users doing something that they shouldn't be doing, then you need a stronger employee policy for discipline, not a IT policy for handcuffing users. As an IT professional myself for years, I have never had to restrict the end users in my domain. Restrictions are meant for network access. I am fully capable of resolving any issues that may arise from the end user having admin rights on their machine. I spend less time worrying about that then it'd take me to resolve permission issues such as this, that would not normally exist if the user had elevated privilege. It's as simple as that. It's by no means an attempt to start a thread war, it's just a fact.
I am currently searching for an answer to this windows permissions issue using the Autodesk Education Suite 2013 for which we have 125 seats. My problem is exactly as Pete Snow describes above only we do not want our pupils to be able to change our computers too much we just want the Autodesk suite to function correctly for them..
We are using Windows server 2003 and Windows XP SP3 computers.
Can you please advise me of the exact network permissions and priviliges that our restricted pupils will require in order to access all the features of the networked education suite from their network logon?
Please also in future could Autodesk include this really important information on the installation disk in a Network Administrators readme document.
An example of some features that do not work is as follows...
Pupils with restricted profiles – Inventor works ok the first time the program is used by the user but after logging off and back on again or rebooting we find that in the Environments section the Stress analysis, Inventor Studio and BIM exchange buttons are inactive.
The product works ok for our network administrators who have full permissions.
Thanks in advance for your response!
Well, for that many students, I can see your plight. On a smaller scale, I'd say add them to the local admin group, launch the software, then put their permissions back to restricted. However, replicating that a hundred times is no fun.
Another thing you can try is to give your students power user local privilege but use Group Policies to restrict what you don't want them to have access to. Alternatively, you can restrict them, but open up the profile, folder, and file locations wide open to the parts that they need.
You can also just reimage your machines if they mess them up or use 3rd party Windows locking software to freeze its settings from changes.
There's a lot of ways to skin this cat. You might just find what works best for you and then make the recommendation here to share.