In an attempt to stop spyware/adware installations on our end user's PCs, as well as other installations of software by end-users, we have decided to remove administrator and power user status on all Windows XP workstations.
I have been told by many administrators that because this stops users from installing software, that spyware/adware can't be installed if the user does not have these rights.
My only problem is proxy settings for laptop users. When a field user is at a hotel they need to be able to get to the internet without a proxy. When they are at our site they need to put in a proxy setting to get to the internet. How can we have users be able to change proxy settings while at the same time locking down the workstations to other installs and changes?and keep them as a restricted user? Some background - at this time we are not on Active Directory. Workstations are windows XP pro.