Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How to control desktops: Swap Windows desktop admin rights for iPads

If you want to control desktops, take away users' Windows desktop admin rights. If you want users to get work done, swap those privileges for iPads.

This article can also be found in the Premium Editorial Download: Modern Infrastructure: Can HP, IBM and Dell survive the cloud?

One of the longtime goals of desktop admins has been to get control of users’ desktops. One way to do so is to take away users Windows desktop admin rights, and buy employees iPads.

Getting control of users' Windows desktops means the company’s desktop environment will be cheaper, easier to manage and more secure. This is not lost on desktop virtualization vendors, and virtual desktop infrastructure (VDI) products enabling such control have been part of the marketing push since Day 1.

But getting control of a Windows desktop means that the user has to relinquish admin rights. After all, if users have Windows desktop admin rights, they can simply undo any of the restrictions a company puts in place, which pretty much defeats the whole point of gaining control in the first place.

In the old days (like, 10 years ago) this wasn’t a problem. Companies provided all of the IT capabilities that users needed. But now that we have this whole consumerization thing, users want access to software and services that the IT departments don’t know about.

While many CIOs are on board with that concept in principle, in practical terms it’s not so simple. Really, how is a company supposed to balance these competing needs? If the companies let users do whatever they want, they can use admin rights to remove compliance software, get around security restrictions and install crapware applications that steal sensitive data.

On the other hand, if companies completely restrict and lock down users’ desktops, then we’re back where we started in the pre-consumerization world where users couldn't get their jobs done.

More on Windows desktop admin rights


The $500 solution

But there’s an easy (if unconventional) way to withhold users' Windows desktop admin rights and still allow them to get work done: Give users a centrally-managed, locked-down Windows desktop, plus a tablet or iPad to do all the personal/non-IT-supported things.

This approach is truly a win-win. The IT department is happy because it can provide a simple, non-persistent, locked-down Windows desktop environment. If users aren’t admins, they can’t screw up their devices or data. And because users can’t install their own apps without admin rights, IT can simply refresh if users do screw up. It’s a desktop admin’s dream.

And it’s a user’s dream too. Sure, they can’t install new applications into their Windows desktop environment, but they now work at a cool company that gave them an iPad, and they can install whatever apps they want on it.

The whole concept of trading users’ admins rights for iPads is not exclusive to VDI environments, though most of the iPad apps users want are those that cause a lot of trouble for VDI anyway, such as Web browsing with multimedia, Skype, YouTube, Facebook and games. So if you can “buy” your users admin rights for $500, that’s a pretty good deal for everyone.

Let us know what you think. Write to us at moderninfrastructure@techtarget.com.

This was last published in May 2013

Dig Deeper on Wearable devices and emerging technology

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

crazy article.. i'd like meet a company that gives iPads to 10,000 users.
Why would you want your users playing games and sitting on Facebook all day?
Plus forking out an extra $500 for each user is madness…
What a terribly written, terribly thought out idea. I have never had to give users admin rights and what sort of productivty can be done with out a office software and a usb port? This was written by an Apple sales person
Every organizational has a primary goal to have a better outcome of every individual and i must say it should be applied to your computing needs as well.

Users most often get stuck with issues like installing flash player, chrome, firefox, or a .Net or web based application that might be a freeware or openware.

Most of the time , the developer or Support guy requires more than basic rights to test or check a small issue related to his/her work.

However the solution to this is not giving admin rights and leaving the entire organization data at users discretion either intentionally or unintentionally at his own willingness.

Such issues can be overcome by creating virtual environment.

There are many advantages of going in virtaulization.

1. Software pooling. ( we can create a pool of 100 VM's with licensed software deployed to them and different users can use them on full fledge without any issues.Now with roaming profile and project drive mapped to his VM for accessing user related and project related data is a big win, because he even does not know where it resides to track and download server data. )

2. Identity Pooling: This gives a pool of users access to a pool of virtual machines so that he can do what he is supposed to do. Like Admin can reconfigure app or support to the application with full access to Operating System and Hardware but he wont be able to access Project data because it is not mapped. At the same time Project guy will be able to access whatever the application he has access to this pool of individuals.
3. License Management: Consider we have 100 licenses, we can deploy 100 VM's with licensed application provisioned. Now whenever the pool is having free VM's user gets the free VM to access and do his work.
and if it reaches the limit, no one will be able to get over the license agreement.

and finally Virtualization Majors like VMware and Windows provide an app for android such that these virtual machines can be accessed from any platform and can do their work irrespective of any hardware failures or connectivity issues from anywhere.