The more and more we push and get dependent on BigFix - the more critical it becomes to make sure that users cannot simply stop the service/uninstall it or tamper with it.
Now for service i know there is BigFix client helper. But is there a tamper protect/pass protect functionality that we can implement?
FYI - the admin concept doesnt really work for us 
A lot of ppl have privs.
I’d recommend taking a look at the, “Hide BES Clients from the Add/Remove Programs List - BES Client >= 8.0” fixlet in the BES Support site!
This will hide it from the control panel > programs list.
In addition i’d recommend some persistence mechanism:
I use this script https://github.com/strawgate/C3-Platform-Kickstart/blob/master/Helpers/BigFix%20Client%20Health/ClientHealth.ps1
Run as a daily scheduled task. If BigFix is missing or becomes broken, force an install
You said it won’t work in your case, but the best bet is definitely to not have admin rights for most users.
Another thing to consider is to lessen the impact of BigFix on laptop battery life using something like: Automatically adjust BESClient settings when on battery power
I also think it might be possible to use ACLs to only allow modification of BigFix stuff with SYSTEM privs, which would make it a tad harder to tamper with.
Thank you. This is very useful. Will try these and update how it goes;