The workplace has changed a lot over the years. People used to run everything locally on the desktop or laptop. Then we moved to the client-server model, and now many applications run in the cloud. What does that mean for your Windows workstations today? Do your IT administrators still need to customize them fully? How do you manage the workstation?
Times change, and sometimes that requires a different IT strategy. Within most organizations, the endpoints (laptops, desktops) run in a network domain. This domain comes with a central login and management. This allows the IT administrator to run patches, install/update applications and unleash policies on the system. The strictness of those policies varies by organization. Over the years, many organizations have made them less strict.
In larger organizations or specific industries, such as the financial market or government, workstations are provided with strict policies, and the user has little freedom. The organization determines which applications you can use or install through a special application portal. In the SME sector, we see that organizations are somewhat more flexible. Users often still receive local admin rights to download and install applications themselves. Both IT administrators and the user then do workstation management.
Security is not less important
If we approach this topic from the cybersecurity angle, there is no reason to make policies less strict, it’s more the opposite. Cybersecurity becomes more critical by the year. Therefore, every endpoint must be secured to the maximum extent possible. Corporate data today often resides not on endpoints but in the cloud, on file servers or with SaaS solutions. In general, little damage can be done on a local endpoint anymore. However, a local endpoint can be the gateway to an organization’s crown jewels elsewhere.
Usability vs security
A strict security policy limits the user’s freedom. Younger employees are used to fixing things with apps. They quickly search for an app, install it, and perform tasks to complete their work. Usability and, therefore, freedom are very important to them, but with a strict security policy this isn’t possible. Which can create frustration for the user.
Since much of Today’s data is no longer on local systems but in the cloud or on file servers, organizations dare to give users a bit more freedom over the local system. That way, it does not come at the expense of usability. It does make workplace management more challenging.
Boosting productivity
Organizations used to use about a dozen applications, but today, the average organisation uses hundreds of applications. Combining that with a lot of freedom in a system does create other problems. With the number of applications growing rapidly, users are having more trouble finding the best application for the task at hand. Offering so many applications doesn’t make it easier.
As an organization, you want your employees to be as productive as possible. Simply installing applications does not work. The user must be guided towards the best application or the applications must be offered in an attractive (or prominent) way. Too many applications and too many choices do not make an employee more productive.
So, as an organization, it is vital to manage the workspace and have control over what your employees’ workspace looks like. Which icons are in the start menu, taskbar or desktop, which applications are prominently offered and which are not? You can control this with profile management solutions. You do need third parties solutions because Microsoft has never developed good profile management tooling in all these years. We do see that the choice of external suppliers is decreasing.
Choice in profile management
Organizations that virtualize many workstations with Citrix or VMware may be familiar with their profile management solutions. Those tools focus primarily on virtualized workstations and not on physical endpoints. Both parties also seem to have little focus on these applications. Citrix has not exactly been a beacon of innovation in recent years. Omnisa (former VMware EUC division) also has other priorities.
Then there is Ivanti; they have Ivanti Workspace Control (former RES Workspace), which has a significant market share in profile management. RES Workspace was originally from a Dutch company but was acquired by Ivanti. However, Ivanti has announced that Ivanti Workspace Control will go end-of-life as of Dec. 31, 2026. They have an alternative product called Ivanti User Workspace Manager that offers roughly the same functionality. There are doubts, however, about how long that product will remain because Ivanti is revising its portfolio and betting primarily on the new Ivanti Neurons, which is cloud-based only. That again includes profile management.
Finally, there is ProfileUnity from Liquidware. We understand they have developed a migration tool from Ivanti RES to ProfileUnity. This allows organizations to migrate virtually all of their configurations with them, and it would only take a few hours.
Liquidware ProfileUnity can be hosted in the customer’s own cloud or on-premises data center.
Profile management useful tool
We can imagine organizations wanting to get less involved in setting up the user’s workspace and leave personalization primarily to the employee. However, as an organization, you will have to come up with a plan for guiding employees towards the right set of applications as well. This can be done in other ways, but control over the user environment does help.
Furthermore, we see direct added value for profile management in certain industries, mainly in industries where you can work in kiosk mode, such as healthcare, hospitality, hotels, and the like. Also, a profile can be loaded on multiple devices with the same layout and visual appearance everywhere.
Finally, in highly regulated industries such as finance and government, profile management is a useful tool for gaining more control over environments where the user has few rights. IT administrators can then use profile management to continue optimizing the user experience.
Tip: Negligent patch policies lead to massive exploits Ivanti hardware