Developers have local admin rights on their workstations. All workstations have AV installed, no exceptions. The problem we had is that some developers would fiddle around with the workstation until they broke it, then sent it to the PC Specialist to fix it. We then said that if the user was savvy enough to have admin rights, they were savvy enough to fix or rebuild the system. Funny how careful you become when you have to fix your own problems. We do have base images of the workstations to get them started. We're not totally heartless.
-Paul From: James Hill [mailto:[email protected]] Sent: Thursday, June 17, 2010 8:42 PM To: NT System Admin Issues Subject: Handling Developers I'd love some feedback on what kind of infrastructure is provide for Developers in your environment. My experience has been that developers often feel the need to have full blown admin rights and no gpo's and no AV applied to them etc. They always expect to have the latest and greatest hardware as well. The problem is that they often don't have the full understanding of the rest of the environment so giving them admin rights has ended up with them creating other issues for themselves (suddenly their outlook doesn't work etc). I think the best approach is to provide a normal SOE/MOE desktop and then have them use a VM purely for development work. The VM has no gpo's applied but does have anti-virus and admin right are only permitted by elevation (rather than running as admin). What is the best practice these days? Obviously it will depend on the size of the environment etc. We are 1000+ user shop across multiple locations and have the benefit of good vmware and hardware environments. This issue is causing me a lot of pain at the moment with increasing heat directed at me. Any suggestions would be greatly appreciated! James. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
