We need some assurance end users (who dont have local or domain admin rights) cannot amend local AV or Firewall settings. The AV is system centre endpoint protection. If they dont have local admin permissions over their laptop/desktop - is that 100% compliance they cannot amend these settings, or are there other avenues we need to test - if so what clever workarounds/tricks could a malicious user attempt to amend the firewall/AV? I did read about techniques such as NET STOP but surely for that to work still depends on permissions? these are windows 7 devices.