As we've added and removed products using Zen such as Patchlink, various
antivirus products, etc we have noticed that under non PNP device
drivers that all these old removed products (through Zen) still have
their device drivers on our PC's. We've found this to cause some
performance issues.

By default, local administrators have the rights in secpol.msc to
load/unload device drivers. But Zenworks runs under SYSTEM, right?,
which doesn't have rights to do this. So is this the reason why the
device drivers still exist? Should we be adding SYSTEM to this
security policy?