Interestingly some of the changes I have made were recently given the big tick of approval from external Auditors.
From: Erik Goldoff [mailto:[email protected]] Sent: Friday, 18 June 2010 10:23 PM To: NT System Admin Issues Subject: RE: Handling Developers 1. There's the way that makes the developers' life the easiest 2. There's the way that makes the environment most secure 3. There's the way provides an optimum balance between the first two I fought this battle at a previous job, where the ENTIRE IT Department had Domain Admin privileges, not just local to their machine. The developers perceived that they needed to be domain admins to properly execute their job. The VP of IT was previously the Application Development Manager, so guess which way he was leaning ... It was a long, hard battle, with precious few victories. PCI compliance helped me to gain some footing, but in the end, I was seen as counter productive to the developers' goals, and obviously unhappy there. Did I mention this was a *previous* employer ? Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: James Hill [mailto:[email protected]] Sent: Friday, June 18, 2010 8:05 AM To: NT System Admin Issues Subject: Re: Handling Developers Thanks Andrew. I have considered your approaches in the past. I think my frustrations have clouded my thoughts somewhat. At the moment they have the ability to run as and elevation as they know the local admin password. But of course complain about having to type it in. One argument was that with their previous and larger employer they did what they wished. Hence why I am after as much opinion from other professionals that I can get. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
