In most cases, users need admin rights to install or update software, such as Adobe Reader, Visual Studio or VPN software.
In essence, the tricky part about revoking local admin rights is to do it in a way that doesn't break your users' productivity, while at
the same time solving your problem of locking down local admin rights. That's what Admin By Request does for you.
When a user starts an install, the process is intercepted and the user has to enter a reason, email and phone number
to continue. You can set to automatically approve for some users and require IT approval for others.
The video link shows the user experience with IT approval on.
The true value of this approach is not a technical one. Users do the same as they have always done, but they don't have admin
rights to change anything on the machine. Because users do the same as they have always done, no users are unhappy
and no re-education of users is needed - it just seamlessly fits into their everyday worklife. Think about the value of being able
to seamlessly revoke admin rights without having to re-educate all your users.