I hear that. :)
*ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * Signature powered by WiseStamp <http://www.wisestamp.com/email-install> On Fri, Jun 18, 2010 at 8:23 AM, Erik Goldoff <[email protected]> wrote: > 1. There’s the way that makes the developers’ life the easiest > > 2. There’s the way that makes the environment most secure > > 3. There’s the way provides an optimum balance between the first two > > > > I fought this battle at a previous job, where the ENTIRE IT Department had > Domain Admin privileges, not just local to their machine. The developers > perceived that they needed to be domain admins to properly execute their > job. The VP of IT was previously the Application Development Manager, so > guess which way he was leaning … > > It was a long, hard battle, with precious few victories. PCI compliance > helped me to gain some footing, but in the end, I was seen as counter > productive to the developers’ goals, and obviously unhappy there. Did I > mention this was a **previous** employer ? > > > > > > *Erik Goldoff*** > > *IT Consultant* > > *Systems, Networks, & Security * > > ' Security is an ongoing process, not a one time event ! ' > > *From:* James Hill [mailto:[email protected]] > *Sent:* Friday, June 18, 2010 8:05 AM > > *To:* NT System Admin Issues > *Subject:* Re: Handling Developers > > > > Thanks Andrew. > > > I have considered your approaches in the past. I think my frustrations > have clouded my thoughts somewhat. > > At the moment they have the ability to run as and elevation as they know > the local admin password. But of course complain about having to type it > in. > > One argument was that with their previous and larger employer they did what > they wished. Hence why I am after as much opinion from other professionals > that I can get. > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
