They were blowing smoke - UNLESS they were saving their projects in "Program Files".
It's arguable that if you are building installers that you need local admin; but these days I shove those users into their own VMs for that task. Five years ago I recommended a separate PC just for that job. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Mayo, Bill [mailto:[email protected]] Sent: Friday, June 18, 2010 8:37 AM To: NT System Admin Issues Subject: RE: Handling Developers I am somewhat on the periphery of it at our location (so I don't know all the details), but our VB/VS developers claimed that they HAD to be local administrators in order to compile. I believe they even indicated that this was supported by documentation from Microsoft. Again, I was on the periphery, so I didn't personally see said documentation. I note that a lot of folks are saying that it isn't necessary, so can anyone advise if there is any kind of special setup to use VB/VS as a non-admin? Or does it "just work" as a regular user and they were blowing smoke? Bill Mayo ________________________________ From: Erik Goldoff [mailto:[email protected]] Sent: Friday, June 18, 2010 8:23 AM To: NT System Admin Issues Subject: RE: Handling Developers 1. There's the way that makes the developers' life the easiest 2. There's the way that makes the environment most secure 3. There's the way provides an optimum balance between the first two I fought this battle at a previous job, where the ENTIRE IT Department had Domain Admin privileges, not just local to their machine. The developers perceived that they needed to be domain admins to properly execute their job. The VP of IT was previously the Application Development Manager, so guess which way he was leaning ... It was a long, hard battle, with precious few victories. PCI compliance helped me to gain some footing, but in the end, I was seen as counter productive to the developers' goals, and obviously unhappy there. Did I mention this was a *previous* employer ? Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: James Hill [mailto:[email protected]] Sent: Friday, June 18, 2010 8:05 AM To: NT System Admin Issues Subject: Re: Handling Developers Thanks Andrew. I have considered your approaches in the past. I think my frustrations have clouded my thoughts somewhat. At the moment they have the ability to run as and elevation as they know the local admin password. But of course complain about having to type it in. One argument was that with their previous and larger employer they did what they wished. Hence why I am after as much opinion from other professionals that I can get. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
