+2
*ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * Signature powered by WiseStamp <http://www.wisestamp.com/email-install> On Fri, Jun 18, 2010 at 9:09 AM, Michael B. Smith <[email protected]>wrote: > They were blowing smoke – UNLESS they were saving their projects in > “Program Files”. > > > > It’s arguable that if you are building installers that you need local > admin; but these days I shove those users into their own VMs for that task. > Five years ago I recommended a separate PC just for that job. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > *From:* Mayo, Bill [mailto:[email protected]] > *Sent:* Friday, June 18, 2010 8:37 AM > > *To:* NT System Admin Issues > *Subject:* RE: Handling Developers > > > > I am somewhat on the periphery of it at our location (so I don't know all > the details), but our VB/VS developers claimed that they HAD to be local > administrators in order to compile. I believe they even indicated that this > was supported by documentation from Microsoft. Again, I was on the > periphery, so I didn't personally see said documentation. I note that a lot > of folks are saying that it isn't necessary, so can anyone advise if there > is any kind of special setup to use VB/VS as a non-admin? Or does it "just > work" as a regular user and they were blowing smoke? > > > > Bill Mayo > > > ------------------------------ > > *From:* Erik Goldoff [mailto:[email protected]] > *Sent:* Friday, June 18, 2010 8:23 AM > *To:* NT System Admin Issues > *Subject:* RE: Handling Developers > > 1. There’s the way that makes the developers’ life the easiest > > 2. There’s the way that makes the environment most secure > > 3. There’s the way provides an optimum balance between the first two > > > > I fought this battle at a previous job, where the ENTIRE IT Department had > Domain Admin privileges, not just local to their machine. The developers > perceived that they needed to be domain admins to properly execute their > job. The VP of IT was previously the Application Development Manager, so > guess which way he was leaning … > > It was a long, hard battle, with precious few victories. PCI compliance > helped me to gain some footing, but in the end, I was seen as counter > productive to the developers’ goals, and obviously unhappy there. Did I > mention this was a **previous** employer ? > > *Erik Goldoff*** > > *IT Consultant* > > *Systems, Networks, & Security * > > ' Security is an ongoing process, not a one time event ! ' > > *From:* James Hill [mailto:[email protected]] > *Sent:* Friday, June 18, 2010 8:05 AM > *To:* NT System Admin Issues > *Subject:* Re: Handling Developers > > > > Thanks Andrew. > > I have considered your approaches in the past. I think my frustrations > have clouded my thoughts somewhat. > > At the moment they have the ability to run as and elevation as they know > the local admin password. But of course complain about having to type it > in. > > One argument was that with their previous and larger employer they did what > they wished. Hence why I am after as much opinion from other professionals > that I can get. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
