No offense, Mike. It's so true. Where I work, I am no longer the network administrator, but instead more of a hardware local hands-on tech. I like this a lot better because I don't have to deal with the 24/7/365 on-call issues, no holidays, schedule. If I wanted to continue that, I could have become a freight conductor. At least then I would have more fun!
Anyway, I have to deal with exactly what you say here. The global IT group makes decisions for the majority that make absolutely no sense, but it's their decisions and we have to either find workarounds, or work within the limits. A good example is the policy of disabling the admin account on the local desktops. This makes no sense because if a user is locked out, how can we unlock them without resorting to boot discs and extra work? We've discussed this issue more than once, but they won't change their mind, so now I've gone about enabling the admin accounts after I've reset a user's password. At least I know that the next time I visit the same person, which is usually the case, I'll be free and clear to reset their log in.
John