I want to take away admin rights from all of our users. It's not just about security. It's about ignorance/stupidity
One of our field engineers came to us for the 3rd time in a little over a week, with a laptop that was borked. The accounts had been deleted, the machine was no longer joined to the domain, the local administrator account had a blank password and most of the settings were gone. The first two times I wasn't there, and our helpdesk guy had rebuilt the machine. This time, I was there, and we had a quick discussion. He's mentioned that he was trying to stand up multiple VMs under hyper-v, and was ruining his machine in the process. He just didn't understand how. (He wants to stand up multiple VMs, because our customers use a plethora of VPN clients that like to step all over each other, and it would make life a *lot* easier to have a dedicated VM per VPN client type/version - it's a good idea, surprisingly) So I had him describe to me what he was doing. (I had to slow him down, and focus his conversation - he *loves* to talk and digress) It turns out that he was building a VM, then doing a sysprep before copying the VM to stand up a new one. Of course, he was sysprepping his host machine, and not the VM. What I later learned from the helpdesk guy is that the field engineer thought that dragging the cmd box on top of the VM and then running sysprep in it would be sufficient for sysprep to know that it should be sysprepping the VM, and not his laptop. *FACEPALM* Kurt
