nihil .... your argument in both posts are well put and I could not have said it better myself.

However, the problem here is that the client requires the users to have full access to their workstations in the even that apps need to be installed and I am not able to do so. In most cases I can do this remotely but there is always that odd chance that I am not able to.

I am the outsourced IT dude and I have the task of ensuring that things run smoothly at the client. It makes my job a nightmare as I don't have the control I really want to manage this network effectively.

I have tried discussing this before but just the fact that admin rights are required this is always where the discussion comes to an abrupt end.

I would like to know how I can "subtly" propose a more secure solution.

I have managed to secure the router and wifi he has with some resistance but I showed him how easy it was for me to hack it from the neighbour's place and sniff the traffic leaving his network for the net.

This guy has been my client for about 12yrs now and is responsible for the bulk of my income. I am looking to perhaps have a situation where the user has "superuser/power user" access which allow him to install but not uninstall and no access to change any windows settings.

Cider - There is no need for a DC...too much work...too expensive and not needed. Client want a "keep it simple stupid(KISS)" environment. I would love to have an AD with roaming profiles .....gives me more control ...but it ain't gonna happen

Moving along....back to the drawing board...

I came across this application - Security Administrator. Any know / heard of it?

http://www.filesland.com/companies/I...nistrator.html