We have SCCM in place. The GPO's mainly just automate things during logon (printer mappings, drives etc.)
Are you suggesting it is ok for them to run as local admins and not simply use elevation when required? They are coding in VB6 (aging I know) and Visual Studio for internal applications. None of which need anything special access wise. From: Brian Desmond [mailto:[email protected]] Sent: Friday, 18 June 2010 1:33 PM To: NT System Admin Issues Subject: RE: Handling Developers I'd mandate the a/v and management agent (e.g. SCCM/SMS if you have it) and otherwise let them go at it. Build an exception process for both of these components individually if not having one or the other or both is germane to their testing/development efforts. This is basically the policy at a couple of very large scale software houses I know of and has been the one I've used successfully. Thanks, Brian Desmond [email protected]<mailto:[email protected]> c - 312.731.3132 From: James Hill [mailto:[email protected]] Sent: Thursday, June 17, 2010 8:42 PM To: NT System Admin Issues Subject: Handling Developers I'd love some feedback on what kind of infrastructure is provide for Developers in your environment. My experience has been that developers often feel the need to have full blown admin rights and no gpo's and no AV applied to them etc. They always expect to have the latest and greatest hardware as well. The problem is that they often don't have the full understanding of the rest of the environment so giving them admin rights has ended up with them creating other issues for themselves (suddenly their outlook doesn't work etc). I think the best approach is to provide a normal SOE/MOE desktop and then have them use a VM purely for development work. The VM has no gpo's applied but does have anti-virus and admin right are only permitted by elevation (rather than running as admin). What is the best practice these days? Obviously it will depend on the size of the environment etc. We are 1000+ user shop across multiple locations and have the benefit of good vmware and hardware environments. This issue is causing me a lot of pain at the moment with increasing heat directed at me. Any suggestions would be greatly appreciated! James. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
