Hi everyone, we have a multi-campus church with its own AV-Production department which handles music & services, including sound & lighting during the week for classrooms, etc. There is an ongoing discussion in which this department wants to have full control over any computer in use in at least the sound booths & video/audio production rooms, laptops, etc., with a specific desire to remove antivirus and to have full local admin privileges so that making a sudden, on-the-fly change at any time is possible. It’s been stated that the direction they feel they should go is to get all of the computer management for these machines completely out of IT.
From an AV-Production & musician’s perspective, these aren’t computers, but dedicated pieces of hardware dedicated to their one purpose and nothing else. On a more specific note, as a whole, these computers are primarily geared toward Waves Central, Dante Virtual Soundcard, Dante Controller, ProPresenter, Blackmagic, QLab, Ableton Live, and so on, each with their own combination of these functions. There is also some Yamaha-specific chatter to soundboards via Yamaha CL Editor, StageMix, and MonitorMix. A small handful of people have VPN access, which is primarily used for connecting to ProPresenter machines.
From an IT perspective, I’d say that there is a bit of a misconception whenever anybody says that something is isolated and cannot impact other devices around it; these “isolated” computers are on the network and can be controlled remotely, so therefore they are note truly isolated. There is also a misconception around just how dedicated a computer is; while it’s true any given computer might be put in place with the intention of serving a particular purpose, each machine does have additional capabilities. It’s much less like a musical instrument (an analogy which has often been used) and more like the computer it actually is.
We do have a desire to support everyone in these areas as fully as we possibly can, within reason, but we are in disagreement as to what “best practices” are in this case. When someone tells me that a “best practice” includes removing antivirus, that directly conflicts with IT best practices. How do others of you handle these sorts of requests in your respective environments? Are there anything specific practices you already have in place regarding computers and/or network infrastructure arrangements?