Don’t run with Local Admin rights. Instead, use PolicyPak Least Privilege Manager to remove local admin rights, and elevate applications only as needed. See this video for a quick demonstration on how to enforce the practice of Least Privilege and get back your endpoint security for Windows machines.
This video shows the one-two combination. Start out by finding where you have local admin rights, then remove the source using in-box GPpreferences. Then use PolicyPak to elevate your now-standard-users to keep doing the (admin like) things they always have.
You might want to link policies to a gaggle of computers, but then dole out elevations by USER or by USER GROUP. See how in this video. (PP CSE 1434 and later).
Need Standard Users to install their own applications? We've got some preconfigured knowledge for that, and it's a simple drag and drop to get started. Let users install iTunes or any software you like.. using PP Least Privilege Manager.
Why would you want people using domain joined or non-domain joined machines to have local admin rights? Is this 1998? No, and with PolicyPak Cloud and PolicyPak Least Privilege manager you can remove local admin rights, but ensure that Standard Users can do key tasks to keep doing their jobs and get into the places you need them to in the operating system.
Once PPLPM and SecureRun is on, users are blocked from running unwanted stuff. But how can you create some rules automatically to ALLOW or ELEVATE applications and installations? Check out this free tool from PolicyPak !
Use your own MDM solution to deploy rules which enable Standard Users to do things that only admins can. See three "base hit" examples here.