We have the beginnings of a Windows 7 deployment project. As part of that I've been asked to develop a presentation for the director regarding local admin rights.

At our company it seems local admin rights is sacrosanct. On the other hand, I was once told Universities couldn't have firewalls because of academic freedom. Now I understand that is no longer the case.

We last tried limiting user rights under Windows 2000. That involved a limited group of users, mostly secretaries and the corporate division. It fell apart quickly as the helpdesk was able to give users admin rights to get around problematic applications rather than taking the time to fix the application.

Applications and operating system support has improved for limited rights accounts has changed significantly since Windows 2000. Nevertheless it remains a political and technical hot potato.

The Federal Desktop Core Configuration (FDCC) requires the use of limited rights. This process is more about reminding senior management of the problems with users doing whatever they want, and getting them to sign a waiver for the FDCC requirement.

Right now I have what I think is mission impossible.
1. Demonstrate the problems caused by users being able to do whatever they want. Unfortunately our helpdesk is allowed to work without recording tickets accurately. Also virus incidents are not fully investigated so it is impossible to say x virus incidents occurred because the user was an administrator or Y systems were reloaded because the user installed a bunch of crap.
2. Show that our customer (the Federal government) is not giving users local admin rights. I can say what is required. But I really have no connection into the CSO office at each customer to determine their FDCC compliance.
3. Show that companies like us are limiting local user rights. Again, I'm not sure how I can do this. I dont see a Gartner report on this.

I have a month to put this together so we'll see what I can come up with.