It’s highly recommended to avoid assigning to ordinary user excessive rights. A such limitation considerably reduce that workstation maintenance time and efforts, creating more stable and predictable work environment.
But on other hand it’s very common that many sysadmins provide LocalAdmin rights justifying themselves that legacy programs stop working without elevated rights. It’s one of the main reasons when Active Directory implementation projects misstep.
In fact there are several resolutions for a such situations. One example is demonstrated below:
Monuni v1.0 program.
Purpose: to convert old style win1251 encoding text (created by Monkey, Monwin and others) to Unicode text directly from Office programs (as i understand development is stopped, so MS Office addon works only for old versions of Office 2007, 2010)
Problem: Program distributive/install process creates addon menu in MS Office programs only for admin user (only for user who installed program). Other users on the same computer don’t have chance to use this program.
How to solve (sorry for poor video, it was recorded as a test video long time ago) :
Later i’m planning to write post to explain how to ease above problems and avoid providing LocalAdmin rights to users. To help you to trace file system and registry changes made by application installer for example you can use Ashampoo. After this you can fix NTFS (for example for MTA vatentry program – give full NTFS access to c:\program files\…\vatentry folder for current user with limited rights – this user cannot write changes into DB file because “Users” group has only read-only rights in system folders by default) or registry permissions or missing registry records(for example for above MonUni). If you have problems with digitally signed drivers, program exe, dll files (for example for popular in Mongolia ZKteco apps), then you can use free tool runasspc http://www.robotronic.de/runasspcEn.html
If any developer is reading now this post please try to write your programs keeping in the mind all above mentioned recommendations so that end-users (your customer) never meet with above problems. Active Directory and IT policy restrictions slightly but steady become “must have” requirement for any enterprise solution.