Modern Infrastructure

Can HP, IBM and Dell survive the cloud?


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How to control desktops: Swap Windows desktop admin rights for iPads

If you want to control desktops, take away users' Windows desktop admin rights. If you want users to get work done, swap those privileges for iPads.

One of the longtime goals of desktop admins has been to get control of users’ desktops. One way to do so is to take away users Windows desktop admin rights, and buy employees iPads.

Getting control of users' Windows desktops means the company’s desktop environment will be cheaper, easier to manage and more secure. This is not lost on desktop virtualization vendors, and virtual desktop infrastructure (VDI) products enabling such control have been part of the marketing push since Day 1.

But getting control of a Windows desktop means that the user has to relinquish admin rights. After all, if users have Windows desktop admin rights, they can simply undo any of the restrictions a company puts in place, which pretty much defeats the whole point of gaining control in the first place.

In the old days (like, 10 years ago) this wasn’t a problem. Companies provided all of the IT capabilities that users needed. But now that we have this whole consumerization thing, users want access to software and services that the IT departments don’t know about.

While many CIOs are on board with that concept in principle, in practical terms it’s not so simple. Really, how is a company supposed to balance these competing needs? If the companies let users do whatever they want, they can use admin rights to remove compliance software, get around security restrictions and install crapware applications that steal sensitive data.

On the other hand, if companies completely restrict and lock down users’ desktops, then we’re back where we started in the pre-consumerization world where users couldn't get their jobs done.

More on Windows desktop admin rights


The $500 solution

But there’s an easy (if unconventional) way to withhold users' Windows desktop admin rights and still allow them to get work done: Give users a centrally-managed, locked-down Windows desktop, plus a tablet or iPad to do all the personal/non-IT-supported things.

This approach is truly a win-win. The IT department is happy because it can provide a simple, non-persistent, locked-down Windows desktop environment. If users aren’t admins, they can’t screw up their devices or data. And because users can’t install their own apps without admin rights, IT can simply refresh if users do screw up. It’s a desktop admin’s dream.

And it’s a user’s dream too. Sure, they can’t install new applications into their Windows desktop environment, but they now work at a cool company that gave them an iPad, and they can install whatever apps they want on it.

The whole concept of trading users’ admins rights for iPads is not exclusive to VDI environments, though most of the iPad apps users want are those that cause a lot of trouble for VDI anyway, such as Web browsing with multimedia, Skype, YouTube, Facebook and games. So if you can “buy” your users admin rights for $500, that’s a pretty good deal for everyone.

Let us know what you think. Write to us at

Article 12 of 12

Dig Deeper on Wearable devices and emerging technology

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Modern Infrastructure

Access to all of our back issues View All