Home
Join

140 Replies

  • I never worked as an admin for a school, but I'm very good friends with a guy who's been running a network for a K-12 school district. In short - no.

    It's a licensing nightmare ("oh, I just reused this copy of Microsoft Office...") and since there are shared folders/drives, any malware a teacher would get, would be immediately passed on to other machines (especially ransom-ware). On top of that, improperly installed or configured software will end up on your line of support in the end.

    Spice (41) flagReport
    Was this post helpful? thumb_up thumb_down
  • Thanks for expressing your thoughts. I was feeling as a Sheriff over here, but it looks like this is the correct route to follow (at least for safety)!

    Thanks

    Spice (8) flagReport
    Was this post helpful? thumb_up thumb_down
  • No no no no no no no no no.

    No.

    Nope.

    Nonononononononononononononononononononononono.

    Spice (77) flagReport
    Was this post helpful? thumb_up thumb_down
  • Err nope......licensing is an issue. If there is a requirement for them to install software on an ad hoc basis, if you have SCCM you can advertise what software they are allowed.

    Spice (14) flagReport
    Was this post helpful? thumb_up thumb_down
  • Never ever. EVER.

    Spice (13) flagReport
    Was this post helpful? thumb_up thumb_down
  • I would imagine that not allowing anyone but the School's IT group to install anything is the only way to go for school PCs/Laptops. The liability and licensing precludes any other approach, IMHO.

    Spice (11) flagReport
    Was this post helpful? thumb_up thumb_down
  • Letting teachers onto PCs is dangerous at the best of times, nevermind allowing them to install software.

    Spice (36) flagReport
    Was this post helpful? thumb_up thumb_down
  • Letting ANY "non-admin" install software on computers is asking for trouble. They may install something that violates the license, something that they downloaded illegally, something that causes problems on the network or introduces virus/malware, causes the system or network to be unstable, etc...

    I have worked in a K12 environment since 2000. We have never allowed the end user to install anything. At first, they were able to (we had just started with a central IT staff and had to gain control of the computers), but that only caused issues. Software licenses were out of compliance, computer labs were "imaged" using OEM versions of OS instead of the correct Enterprise versions, shareware galore, non-standard setups,  the list goes on.

    Part of the IT person's job is to make sure the systems are stable and software is properly licensed. If you have an "Academic license" agreement with Microsoft, you should be able to use 95% of the MS software. If so, look into SCCM for software distribution and system management.

    Spice (17) flagReport
    Was this post helpful? thumb_up thumb_down
  • When i was working in a school we didnt let them install software.. not necessarily to avoid dodgy software, but more because whatever they did install they would then expect us to maintain... and with us trading/swapping PCs that need to be fixed and such, it would just be a nightmare. 

    ..and of course once you start giving out access rights, the students inevitably get that access.

    Spice (8) flagReport
    Was this post helpful? thumb_up thumb_down
  • How, exactly, would you manage licensing issues?

    Why would you allow unknown software on your network?

    I work for a law firm and I had an attorney complaining to high heaven that he needed admin rights on his PC.  Upon investigation I discovered what he wanted to do was put an education licensed copy of Power Point on his PC (it was a version newer than what we had).  He was very indigent when I explained it was not legal to put that software on our PC, but in the end, I won out.

    Spice (4) flagReport
    Was this post helpful? thumb_up thumb_down
  • Contrary to all these post I work for a very large district, 106 schools 83K users. 55+K computers.

    The school I work at has 1300 computers, 102 teachers- on 110 computers for teachers.

    I let them be admin on their computers- Why? I could not keep up with it if I did not.  A tech at a smaller school took the admin rights away from their teachers and it was a nightmare. 

    Concern 1- virus- we have AV installed all though non are perfect and will stop everything if a user gets infected they lose everything because I wipe and reload, they are trained not to install anything without checking with me first. They know that I install all the needed software.

    Concern 2- Un licensed copies of software- since I install all the district approved software they should not be installing it.  I use Spiceworks inventory to run scans and report any new software installed, I research it and if need be I uninstall it notify Principal and district way they did.  If it continues then I remove their rights on the computers.

    Educate them on what to do and what not to do. If they cannot be educated and follow the rules then take it away on a case by case basis.  But to blank say no is very short sighted, not being admin may work at a small elementary school but would not work at a large high school.

    Spice (10) flagReport
    Was this post helpful? thumb_up thumb_down
  • I was Net Admin for a local college for 5 years and while I was there we did not let anyone outside of the IT department install software. If you ever get audited it won't matter who installed the software, the school will be responsible for any fines. We didn't grant Admin privileges to anyone which inherently blocked software installation.

    There were over 2500 users and 650 computers (210 of which belonged to faculty). We used Deep Freeze to lock down the lab machines so they were never an issue.

    Spice (7) flagReport
    Was this post helpful? thumb_up thumb_down
  • I tend to agree with JohnABarbuto on this one. I think it depends on your goals for the computers. Does your school have any kind of aggressive ed-tech plan or program or do the teachers just use the computers for word processing, web access and PowerPoint? If it is the former, then I think they need to feel as much ownership of the computers as possible, within the bounds of supportability and legality. Students, too, though of course there are lots of other factors at play there.

    I oversaw 1-1 Tablet PC programs (the original name for the digital ink enabled Windows computers) at my last three schools over about 13 years and in each case we encouraged faculty especially and students as much as possible to consider the computer their primary device. This was crucial to the success of the programs. (Well, at least the two that were successful. The attempted program was ahead of the technology the first time around.) That said, I did *not* have anyone running as admin on their computers, but we did provide a second admin account to faculty to allow them to install software with the caveat that we only supported school-issued software and if a reimage was required for any reason (especially if their software screwed up the computer) we would not reinstall their stuff, only the default image. We would do installs for students, within reason and as time allowed.

    If teachers (and students) cannot do what they need to do on the school computer, they will only use it for what they must and will revert to a different device for most things. I think this stifles programs. They aren't familiar with the school computer. They don't experiment with the software on it because they only get on it when they have something they have to do. They resent having to use it. (Over-generalization, but I have seen it.) All counter-productive to a solid ed-tech program.

    Education about safety and good practices is key, as are clear ground rules for what happens if they hose the system, and then expect them to be responsible.

    Spice (5) flagReport
    Was this post helpful? thumb_up thumb_down
  • One thing to note, you did not say if you were in public education or private education.  Huge difference.  Public Education you have many hurdles, Teachers Unions, Principals, District rules, DOE-Department of Education rules. to follow and abide by, it is a tightrope for IT or ET at best.  No matter what "best practice" maybe sometimes it comes down to what the teacher wants or needs to do his or her job and educate the student and that one statement rules supreme for the Principles and District School Board.  I have been at this school for 5 years, I have seen only 3 infections- twice by the same teacher, she lost her admin privileges.  I have found 1 piece of improper licensed software which was promptly removed and the teacher was given a verbal reprimand and I explained it and it has not happened since.

    Yes Microsoft best practice is to only give admin access to those who need it, but many of the vendors assume that teacher are admin on their computers and write software to run as such.  So in the end it is needed, although maybe not best practice.

    Spice (5) flagReport
    Was this post helpful? thumb_up thumb_down
  • Allowing teachers to install software on machines will (eventually) lead to stuff being installed that you don't want to have on those machines. In the best case scenario, you'll eventually have unsupported and outdated software on machines. In the worst case scenario, well, you'll end up with licensing violations, pirated software, malware, ransomware... I'll let your imagination do the rest.

    In any organization, the safest (and recommended) route is to enforce UAC and disable admin access on all workstations for every user. Yes, even IT. IT should use non-privileged accounts for their day-to-day tasks and elevate privileges when and where needed. To be extra safe, deploy an application white-list policy and allow only specific apps to run on workstations.
     
    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • I like the idea of allowing the teachers to be the admin however the same computer may be used by others, staffroom is good example so allowing them to scramble the computer is not good as it may affect other people work. Moreover teachers have access to department folder on the server, hence each teacher may disrupt other same-department teacher's work over the shared folders if a delete-everything malicious software is being inadvertently run.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • used to work for a school district and this answer is easy....NO NEVER NOT HAPPENING

    Spice (5) flagReport
    Was this post helpful? thumb_up thumb_down
  • I currently work for a small school district. 500+ Staff, 1500+ computers. Before I arrived all the staff had admin rights. Needless to say I clamped down on that quickly. Out of the 500+ staff only about 10 have local admin rights and that's only because of some old poorly written programs require it. We try to practice the least permissions principle were we can. After the first few weeks after implementing this change everyone pretty much quieted down. Overall I'd say our management and control over the district pc's is markedly improved since the change. We've also gotten very strict on having them put in tickets when they have issues, outside of emergencies of course.

    Spice (4) flagReport
    Was this post helpful? thumb_up thumb_down
  • I work for a Public K12 District and I say hell no.  In our district I am in charge of software deployment, inventory, and licensing/copyright compliance (as well as other duties).  Our district is ~315 staff, 1300 students, 1400 Windows devices, and 700 Chromebooks.  All of our users (outside of IT) have standard permissions and we have no issues.  In past years I have installed any non-standard software by hand over Summer (when we re-image all our computers).  This year, I am implementing user-specific deployments through SCCM.  This will allow me to "advertise" software through Software Center and let users choose to install it.  This way the software will still need to be vetted by me and we won't have any issues with licensing because too many staff are using limited software.

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • JohnABarbuto wrote:

    I let them be admin on their computers- Why? I could not keep up with it if I did not.  A tech at a smaller school took the admin rights away from their teachers and it was a nightmare. 

    Concern 1- virus- we have AV installed all though non are perfect and will stop everything if a user gets infected they lose everything because I wipe and reload, they are trained not to install anything without checking with me first. They know that I install all the needed software.

    Concern 2- Un licensed copies of software- since I install all the district approved software they should not be installing it.  I use Spiceworks inventory to run scans and report any new software installed, I research it and if need be I uninstall it notify Principal and district way they did.  If it continues then I remove their rights on the computers.

    I'm curious what your users need admin rights for?  You noted that software still needs to go through you.
    EDIT - Also, how do you effectively run Spiceworks scans on that many computers?  It taxed our server quite a bit when we ran it on more than 500 PCs.
    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • Absolutely not. 

    For a couple of reasons: licensing - as mentioned before, ownership - who is responsible for the upkeep of these randomly installed apps. If a teacher jeopardises the use of a machine\s with a dodgy app the tech is always held responsible for its downtime, not the teacher who invariably will not hold their hands up when questions are asked. The downtime can impact a lot of other lessons the said teacher will not realise - they usually have only a (quite rightly) narrow focus on their own subject\projects.

    We insist on a quick evaluation of any apps and set them up in SCCM where possible for deployment so we can keep control of where and when the are installed.

    We have also had to limit printer install access as teachers were hogging the large reprographics dept. printers, for even small jobs, at the expense of huge mail-outs to parents etc. yet again causing huge time delays and inconvenience to others.

    Also beware of data usage - teachers love "sharing" (duplicating) teaching videos whilst keeping their own copy as well - we had a 42% space savings rate after deduplication evaluation due to "shared resources" across the high school.

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • No.

    It's not just risky software. It's about retaining control of the systems, software and compliance. Once there is unwanted software, that may well cause all sorts of compliance and licensing issues, as well as introducing technical problems. The computer belongs to the school and is there to help them do their job. If there are too many PCs to manage, then implement systems to streamline management - opening all of them up so every system is different does not reduce TCO or help management and troubleshooting in any way. How can I confidently test and deploy a new application or upgrade to 100 or 1000 systems if they are all different?

    There may be a handful of staff that require a special approach, maybe even admin rights (if an app demands it, not them), but do not give admin access to anyone or without consideration and justification. Heck, I'm the SysAdmin and I don't have it.

    Privacy and data protection. How much do you want that data secured? It's not just about installing software, but admin rights allowing all sorts of other unauthorised changes to take place. How much do you want that user's entire music collection replicating to the network and opening copyright issue because they 'needed to install itunes'. How much do you want to explain those dodgy copies of Autocad or Office when you next get audited?? How much do you want that torrent software on your network downloading who knows what? I couldn't get my software to install properly so I disabled the anti-virus, just temporarily, y'know...

    Who is responsible for these systems? The school, yes. And you.

    Just no.

    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • Prior to my time here at a non--profit, there were "admin" users added to each PCs Administrators group. I was told they needed this access so they can install school software etc. It turned out they would send a ticket for any installation they needed anyway and ended up installing all kinds of junk on their PCs like toolbars and other crap. I bought PDQ Deploy and took away this "privilege" that they abused.

    Spice (5) flagReport
    Was this post helpful? thumb_up thumb_down
  • JohnABarbuto wrote:

    ...but many of the vendors assume that teacher are admin on their computers and write software to run as such.  So in the end it is needed, although maybe not best practice.

    Yes we've come across this with a lot of the 'garage-developed' apps that are common in the Education world. We don't use those vendors any more (notwithstanding the fact that many of the apps that fall into this category were developed in 2003 and everyone expects them to carry on working forever).
    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • No no no no no no no no no.

    No.

    Nope.

    Nonononononononononononononononononononononono.

    No no no no no no no no no.

    No.

    Nope.

    Nonononononononononononononononononononononono.

    No no no no no no no no no.

    No.

    Nope.

    Nonononononononononononononononononononononono.

    No!

    Spice (6) flagReport
    Was this post helpful? thumb_up thumb_down
  • My Biology 2 teacher had Redneck Rampage installed on 3 of his PC's back in the day. Those were good times.

    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • Admin at a K-8 school for 12yrs and they had admin rights to begin, but took away after an increase of browser hijackings and viruses.  AVG can't catch them all.

    Also, now the PDQ Deploy is out there...That's a great option as I now use it at my new job.  It's fantastic and not all bloated like SMS or SCCM.

    My .02

    Spice (4) flagReport
    Was this post helpful? thumb_up thumb_down
  • Letting ANY end user, Educational setting or not, as part of BEST practice, they should never have admin priv's on any box ever period.  Unless you like mental pain...... then by all means.....  

    Giving end users admin rights....   and I like to punch myself in the junk.......  

    To be clear, an end user, should never have administrative rights on any PC unless you want to have a bad time.

    sure you can do it, sure you may have a decent staff that doesn't muck things up from go.  but this is just a bad bad bad bad idea.  

    Spice (4) flagReport
    Was this post helpful? thumb_up thumb_down
  • Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • Unless you want to find out what "Coupon Printer" is, I suggest you not. The best thing we ever did where I work, was eliminate the ability to run .exe's and msi's without admin privileges. The honest truth is that without control, your network will run amuck and you will constantly be rebuilding pc's.

    Spice (4) flagReport
    Was this post helpful? thumb_up thumb_down
  • I don't understand the question. What is it about a teacher that would make and admin handle permissions any differently that they would with any other user?

    Was this post helpful? thumb_up thumb_down

  • https://shop.theoatmeal.com/collections/mugs/products/nope-beer-steins

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • It depends on the situation.

    On laptops that are issued to teachers, they are local-admins.  But that also comes with the proportionate risk as well as reward, and there have been many cases where a teacher loaded on something they shouldn't have, and the consequence was total data loss, as we wiped their machines.

    A teacher only has to lose their personal data once to get the hint (as well as reinforcement of "don't rely on your work laptop to archive your entire music collection or personal photos like wedding, births, etc.").

    For desktop computers in classrooms and labs, no.  Those are managed centrally by us.

    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • ummmm.


    Spice (7) flagReport
    Was this post helpful? thumb_up thumb_down
  • Would you allow anyone, especially people with no IT background, to install things on your personal computer?

    Spice (4) flagReport
    Was this post helpful? thumb_up thumb_down
  • Absolutely not. It takes two seconds for I.T. to respond and install software when needed.

    If software demands were high enough we would use the SCCM Software Center for deployment.

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • https://www.youtube.com/watch?v=N493CQgQ_Hk

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Of course not.  In a nicely managed network scenario of any size; do no allow end-users to install anything.  Everything must be through a vested and tested procedure.  Lock those machines down tight.  Never allow any local admins in your network.  They may have super user accounts with local admin rights for authorized scenarios only.  In my regard.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Hahahahaha. No. 

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Yes and no. This is due to how the program here started. One COE doing tech for 4 districts. Such little IT support that there was no time to install software that was non standard. You want Boardmaker? Go for it. You bought Adobe Photoshop? go for it. Eventually this started to cause the few techs to chase their own tails to remove malware. As the districts got their own tech teams the districts have gone to standard accounts. At the COE level we do admin accounts for nearly everyone. These people have admin rights to their machines for 10 years and hasn't caused much of an issue. W have SCCM to install software and remote machines to install user licensed software for them. In any case, the culture is such that even with admin rights the users want the tech team to install their software. 

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Simple answer:

    Never give user accounts admin rights to any work PC. Doesn't matter if they are are Secretary, CEO or a teacher..... Lock it down like a high security prison.

    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down
  • Nope with a side of Heck NO !!

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • No. The potential financial liability should easily justify not allowing this. 

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • As a previous school tech administrator I never let anyone install on a computer except me.  The main reasons were to prevent licensing issues and some of the software that they wanted to install was less than trustworthy.  

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Spiceworks inventory scan- we isolate the teachers computers on their own vlan, so I scan them that way.  I do multiple vlan scans through out the week,  Yes it will have issues if you scan 500 at once, but with teachers on vlan say 1 I scan them (110) with no issue and it sends me a report.  Same with school administrators, office staff, etc.

    Software- yes some of it is kind of Garage grown, unfortunately for us if the District Curriculum heads go to a seminar and they buy software we have to make it run.  Some of the software,  even large companies require admin rights to do updates that are sync'd thru pushes and for teachers to update student databases.

    Most of you miss the point of Education and the use of computers., I have worked at large mega churches, police departments and now education.  Education is in a class all itself.  The teachers are here to teach students, my job is to support that- I install all the software before they get here.  However if a company upgrades or updates on the fly and ET does not get notified the teacher suddenly cannot teach, for school systems that is a bigger issue than any virus.  Some testing software that the teachers administrate the administrator has to run as the admin of the local pc. Students do not have the ability to do anything but run the software already installed.  Yes there will be problems.  Yes teachers install coupon printers, they get promptly uninstalled.  With Sccm I can wipe and reload a computer in less than an hour.  I have a couple spares I can put in place so they can continue to teach.

    Remember teaching is priority 1, regardless what we want. Yes Best Practice is not to let them have admin rights. But Best Practice does not cover every scenario.  You have to know your environment and you have to know the purpose of the environment is the point I am making.  If everyone from all the department heads to district super's were on the same page and ET vetted every piece of software out there that would change it dramatically.  But you cannot put all scenarios in the same basket. 

    One thing to remember even though the teacher has admin rights on that pc, they don't if they leave my campus and goes to another school, at that school they are a user.

    If this were a private school or college I would not have them be admin on the local pc.  But it is the nature of the beast so to speak.  Remember this is an extremely large environment, with very specialized needs.  If your environment is not the same it is hard to compare the two.  My recommendation to the poster of the article is to start with no admin rights and see what issues you encounter, if all your software is well written and they don't need it then great.  Some tools that will help you are Spiceworks, PDQ, LanSchool will help you administrate your environment.

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • I worked for ten years in K-4 schools made up of four elementary schools. Teachers simply should not have the ability to install software. Period. Licensing aside they simply don't understand the ramifications of installing programs on their PCs. I had a speech pathologist bring me her laptop and told me that the Internet was simply unusable. When I fired up IE there were no fewer than ten toolbars and an ungodly amount of associated spyware. It's just not worth it.  

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • JohnABarbuto wrote:

    ... However if a company upgrades or updates on the fly and ET does not get notified the teacher suddenly cannot teach, for school systems that is a bigger issue than any virus...  


    Let's just wait till you get hit by Cryptoware and all your teacher computers get crypto locked, or worse yet your teachers workstations and all the file shares.  Then we will see which is a bigger issue (then none of your teachers will be able to teach).
    If there are specific apps that 'require admin permissions to run' then you find out why and you grant user permissions to those files, directories, registry entries...  I had accounting software that 'required admin permissions' but when I was done a regular user could run it just fine without special permissions.  I spent about 3 days getting it to be happy running without admin rights, but I slept better for like 7 years so it was well worth it.

    Under NO CIRCUMSTANCES is ANYONE running as an admin.  I don't even run as an admin, I elevate privileges as required.  If for some strange reason they get a permissions elevation prompt they call me, I remote in and verify what is going on and provide the elevated credentials.

    I would argue that in an education setting best practices are even more critical.  You have students that will take any advantage they can, and teachers who are being pulled in 30 directions at once.  Not a great situation to be in and certainly not a situation to be in with admin credentials.

    In short, in my experience, granting end users admin rights is only done to make your job easier.  If you take the time to figure out why an app requires admin rights then you can eliminate that requirement and in the process, increase the security of your workstations and networks.  
    Spice (5) flagReport
    Was this post helpful? thumb_up thumb_down
  • We allow teachers to install software on their own computers because we have too many teachers running too many different programs to have them put in a ticket and get IT to install it.

    For licensing, we have SCCM and push out or make available these packages, rather than just supplying them with an MSI or EXE installer.

    We do this with Adobe CS, Microsoft Office, Smart Education Suite and many other smaller software packages.

    We also allow the teachers to use MacBook Pro's, and use a combination of DeployStudio and ARD to install software that is licensed.

    We allow the teachers to do NOTHING on student used computers and labs though.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • reexneex wrote:

    As a manager in a school, do you allow your teachers to install software on a school's computer?


    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down

Read these next...

  • Snap! Maggie malware, Bring Your Own Driver, Win11 remote desktop issues, & more

    Snap! Maggie malware, Bring Your Own Driver, Win11 remote desktop issues, & more

    Spiceworks Originals

    Your daily dose of tech news, in brief. Welcome to Thursday, October 6, 2022. If we roll back the calendar 39 years to 1983, today is the day that it went public after recording revenues of $12.8 million for the previous 12 months. It was over a de...

  • What does your IT team use for password management?

    What does your IT team use for password management?

    Security

    I use BitWarden for my own personal password management and it's fantastic. In the past, I've used a handful of different password managers in the workplace, including KeePass v2​, Secret Server​, LastPass​, and even just *cough* Excel.... 🥸Currently, we'...

  • Upgrade Exchange 2013 to Exchange 2019

    Upgrade Exchange 2013 to Exchange 2019

    Collaboration

    As the  Exchange 2013 is going to be end of life in April 2023, we will be upgrading / migrating our current setup to Exchange 2019.We are currently using MS Exchange 2013 Standard CU23 with Latest SU. We have 2 CAS servers in NLB and 4 Mailbox servers in...

  • Spark! Pro series - 6th October 2022

    Spark! Pro series - 6th October 2022

    Spiceworks Originals

    Today in History: 1866 -  The Reno brothers carry out the first train robbery in U.S. history On October 6, 1866, the brothers John and Simeon Reno stage the first train robbery in American history, making off with $13,000 from an Ohio and Mississ...

  • IT Site -Network Survey Tools

    IT Site -Network Survey Tools

    Software

    Hello,Need advice on any free forms or software to use to assist in doing IT site surveys of small business 50 users max with 4 different locations.Any not so expensive software that you have used let me know. We will be going onsite to each site first ti...