Martijn @ opensource

Very recognizable! Thank god I am able to run an install I configured myself.

About your VPN problem:
How about using their image in VMWare? That will let you run the VPN in VMWare so you can do stuff from home.

Strange choice from the IT-dept, in my opinion. At my company, you have 2 choices: be an employee, get a laptop and be local administrator (but don't call IT-Support for problems) or not be a local admin and settle with the default installation from IT-support.

In worst-case scenarios; IT-Support still has the possibility to revoke the local rights or disconnect the "unmanaged laptop" from certain shares but all in all, 99% of the employees choose to be local admin and no problems have arisen from that.

Maybe it's a good thing for you and some co-workers, to send out the same email to the IT-Manager at your company to make a plea for your case and see if a compromise can be made for field-operations and "general employees".

Very recognizable.

I can see your point, but also the point from the IT department.
You use your non standaard image to connect to the network.
They can't guarantee that your notebook meets the security demands(firewall/anti-virus/security updates). This is a major security risk and a good reason to keep you from the network.

They option Max3400 gets form the it department is good one.
An standaard image with localadmin rights and no-support.

And I think that if you want, you can let them adjust the behavior of Winows Update to not force a reboot. It can be easly done with Group policies

If most of your department use their own image with their own (legal) choice of software you probably should as a department put your manager on the task to get this image the official image. Just telling him it will take you more time to do the same tasks with the official (IT department approved) image should do the trick, but be sure to be able to back up your figures!
I understand the reasons for picking a single image for everyone, but everyone should not be everyone in a company, but everyone within a department, par example why should a developer have the same image as an administrative person...
The IT department is there to help you do your work. They're not there to tell you how to do your work. You're supposed to be the expert, so you tell them what you need and not the other way around.
And you should never ever be forced to run windows update during working hours...
Doing a very fast and rough estimate: 100 consultants at an average rate of €200 an hour being offline because of windows update for half an hour a month costs in total roughly €10000 per month... That's €120000 a year... I doubt the IT department can justify that....

There is ALWAYS a way to remove stuff from the 'startup' list. (to make the image use less RAM)

Although I'm not sure how "they" are going to react to hacking your own laptop/their Windows distro/image...

You could always change te local administrator password of the standard image.
There are several bootdisks capable of doing that (hyren f.e.). Then in start run type control userpasswords2 and you can make your network account a local administrator.
Though i dont think your admin office wil like it if you do that.

If you find another solution for using the vpn @home without using their image im interested.

The security updates have to be applied a.s.a.p.

Since when are these security updates released at 15.00hrs... This sounds more like: "The updates will take a while to run and if somebody runs into trouble it probably will be past 17.00hrs and then we're already gone/at home with our cellphone turned off..."
The customers have to be served as soon as possible, that's where your company is making profit... not in the IT department.

I seriously have considered applying for a job at that admin department... They need to learn how to build an efficient image that runs on a minimum amount of RAM...

Nope, that's not the problem. The problem is the mentality of the IT department itself.
Are they working for the company or is the company working for them? IMNSHO the situation at your company tends to look like the second possibility.

if you bother,...go work somewhere else...:)
you have to work with the company image and not your own,...quite simple,...if everybody is doing that IT departments increases with 100% to support everything....also you can ran your own applications and creates bandwith from internet and. and. and...

so,...except windows updates at 1500 hour i think the it department is doing ok.....

I have experienced these kinds of situations from both sides (as being a customer, and also as being the administrator from the IT dept.). This struggle is going on for years in many companies. :-(

Certainly the IT department should be working for YOU. BUT the IT department simply gets its orders from higher management and they are forced to enforce these rigid rules. The IT department has the overall task of maintaining a stable, secure, cost-effective network. (which unfortunately means heavy standarization!). This is in conflict with a lot of individual requirements of individual users.

It is almost impossible to support non-standard machines with all kinds of company applications. Because in case someone gets into troubles (e.g. a support specialist is not able to file his report about a high-level customer into the company's CRM system) and the IT department is unable to help or resolve within a reasonable amount of time, they get the blame. And nowadays managers only look at statistics. People at helpdesks are trained to close cases as quickly as possible. It is not important that the customer is REALLY helped with his/her problem. Just the ticket must be closed asap; otherwise stats will 'warn' the manager that the helpdesk is not 'performing'. But that is the big issue with a lot of those stats-idiots; they only look at the pie-charts and dashboards, not the real problems. They don't care, because they (= IT managers) only think about cost saving, standards, and downgrading everything to a anonymous figure in a spreadsheet cell...

Imagine the other way round: Everyone can use their computers in any configuration they like. And the number of support resources is unlimited available for any kind of individual anomaly. That would be heaven for everyone (unlimited flexibility for users and very difficult and specific problems to solve for IT-people. And everyone knows, routine work is killing...)
So: get rid of managers and statistics! :-)

For every problem there is a solution.
Some support groups in our organization need tools that can't be installed on a standaard workplace image.

Most of the time a special management system is created, which they use through RDP or Netsupport. An other option is to provide these special application through Citrix.
This way they can still use the standaad image and still use there special application.

For testing software with vm, we have a couple of vmware servers with a lot of memory and cpu power. So multiple users can use there images on it.

Don't know if vm/citrix is avaible in your organization, but I think it's a decent solution to this kind of problems. Only problem is getting the budget to realize it and the will to follow standard RFC procedures.

Here we say can get almost every thing they want, as long they want to pay and follow the correct procedures.

If you are a system operator you should make a exception for yourself. I am the only one in my company to run custom software. Thats for a reason. Just complain u cant do ur work. They will rethink if the server is down.

I think this is an ongoing battle between IT and the rest of the company . For different groups there are different possible security policies. IT must have it's security policies which the company must comply, but also has to make work as easy for the users.
The creation of a good image is difficult, for desktops and laptops. Don't use all the vendor tools and software delivered with the system, mostly Windows can do the same without all those tools. Install Windows with the necessary drivers, antivirus, antispyware tool, maybe some standard tools with just the necessary option and install the rest of the software from the domain.
Allthough it is an extra implementation but Cisco NAC or Windows NAP could be handy to force some security policies before a user can access the network.
So maybe the following:
The normal users must use a company made image with policies, no local admin rights. For windows updates it could be best the force the installation and reboot, maybe with a delay so users can chooce when within x minutes they reboot, as soon as a users logs on to the network. They allways drink coffee and make talks with collegues, so another coffee and a longer talk (mostly) once a month is not that bad, some do that anyway
You could say download updates and let the user chooce when to install the updates, but for most users it's allways anoying and they could delay the installation from security point of view to long. So just force it for users, but chooce the right time.
Developers could use a company made installation with local admin rights. So they can do whatever they want. I don't really like that developers can use their own made image because there are some developers that download all kinds of tools, cracks and virusses from the internet. You can still force some policies, like antivirus policies, firewall policies, change the startup account from those two so a local admin cannot disable them. For windows update you can still force it or let them choose. If NAC/NAP used you can still force them to update after X days.
Administrators could install their own image and customize it as they want, adds it to the domain to an OU without policies. Maybe some basic policies like for the developers. Download the Windows updates but let them chooce when to install them. I assume administrators know the importance of updates. I demand responsability from them, so give them more freedom to show I trust them. I known this goes sometimes wrong, but ok.
Again it's a difficult discussion what to do for which users, this is just an example.