I recently picked up a client with about 200 users. They have a Windows 2012 R2 network and mostly windows 7 clients. I'm told by their software provider (that they run every aspect of their business through), that the users require elevated access to the workstations to run the software. The previous admin just gave local admin rights to Domain\users on every system. I can only imagine that he has had to reinstall systems quite often when a virus got into the network as nothing would stop it from installing on other sytem.
My question to the group is, have you come across a similar situation and how do you handle it? Trying to manage individual users having local elevated rights on just their system is a pain because users move around. I understand why the previous admin just gave it to the group but there must be a better way to keep...