I have a dilemma, I have searched the threads but not found something that matches my exact problem.
We are implementing Windows 7 and Bitlocker as encryption. While this works brilliantly, I am now worried that our offsite engineers if they are given Local admin rights, can disable bitlocker. They need to install software onto there machines and this cannot be taken away from them. Problem is company policy also states that they are not allowed to disable the encryption, which is where my dilemma lies.
I can lock down bitlocker through Grou Policy, but the offsite engineers are software developers so it wouldn't take them long to disable it if they do have local admins.
Is there anyway at all I can give them access to install software without Local admins?