IT insists on centralized management and lockdown of Windows PCs to the point where any minor problem becomes a time consuming, difficult-to-solve issue. I've seen PCs slow to a crawl because SCCM is repeatedly failing to push down software. At other times, important software updates continually fail to install due to excessive policy restrictions. In all, it's just a continual battle of the IT support team versus the very own management infrastructure they put in place.
When our head support guy (6K users supported) was telling me how much less problems they had with Mac deployments, I asked him how his team manages the Macs. Guess what? No centralized management or lockdown at all.
Essentially, the difficulties of managing the Windows based PCs is entirely IT's own doing.