Windows Admin Rights for Software Engineer
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
The last time I came across this I told my manager at the time that development estimates were off by at least 25-50%. When she asked why, I told her - having to ask systems every time we needed to do anything that required those rights could take from an hour to a day or more. We all got local admin rights the next morning. Yes, I exaggerated a little to make the point but so what, nothing worse than being hamstrung.
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
No admin rights here. If I want to install something on my desktop that uses an actual installer, I have to put a request in to IT. Makes a lot of sense for the end users... Less so for us developers, but c'est la vie. You get used to it after a while... And if I was on a project that constantly required admin rights, they'd probably find some way to accommodate that.
Proud to have finally moved to the A-Ark. Which one are you in?
Author of the Guardians Saga (Sci-Fi/Fantasy novels) -
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
We all have local admin rights on our work computers. We also have anti-virus and email spam/virus check which are installed company wide (domain admin-rights)
I'd rather be phishing!
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
I'm actually using my work laptop as personal laptop as well. Full rights, full access :D I'm glad my company has that kind of trust in its developers :)
Visit my blog at Sander's bits - Writing the code you need. Or read my articles at my CodeProject profile.
Simplicity is prerequisite for reliability. — Edsger W. Dijkstra
Regards, Sander
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
Admin rights on my desktop and dev servers. A very locked down (via external policy from the data owners) account on the airgapped secure network. Fortunately that network also comes with an admin who views his job as making sure we can do ours while obeying security policy.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
I have full admin on my box, and I actually don't want it. I want to have a limited user account because then I can truly replicate a user's bug report, which many times can't be repro'd because I have higher sysauth than they do. At home, I run a limited user account, and have a local admin for installations. That's what I'd prefer at my company, but they don't allow that. :confused: The only options are : "limited user + no local admin", or "practically domain admin levels of godliness". If I have a repeated action I need to do that always needs elevation, I find that the vast majority of the time I can accomplish it via command prompt. So I elevate the CMD instance once, leave it open and just kick off the repeat stuff I need to deal with that way.
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
None of our end users have local admin rights. All developers have local admin rights. I even have access to all the servers, although the sys admin will not allow me to make any changes to AD which I respect. We have a decent firewall and good AV software. I am expected/trusted to be very careful and if I need to use a server I am under strict instructions to never user an internet browser on the server without first checking with the sys admin. I think denying developers admin rights shows a lack of knowledge on the part of the sys admin. Developers need to understand security issues, for goodness sake. If the developers don't understand computer security, at least at the level of how to avoid malware and viruses, the company is in deep poop and needs to hire new developers pretty damn quickly.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
I am the admin. But everyone else is having local admin rights.
Wrong is evil and must be defeated. - Jeff Ello
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
First week on the job with this same policy. Can't log in as admin, but can elevate privileges through annoying prompts. I'd say, I've come to love portable "installers" xcopy the files you need and it just works.
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
stgagnon wrote:
Do you have admin rights on your PC?
Yes. If the restriction is truly keeping you from producing work for the company, can't you get your supervisor involved.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
I have local admin rights. I used to work for a company that did not give ANY of the engineers/developers, admin rights - that sucked.
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
I'm very lucky. At work I have all the necessary clearances to be granted a smart-card that gives me admin authorization to install software and such, if needed. But 65,000 of my coworkers have no such luxury. If they want to update something or do anything that requires admin access, they have to open a service ticket and wait. A tech may come the same day to help them, if they are lucky.
-
stgagnon wrote:
Do you have admin rights on your PC?
Yes. If the restriction is truly keeping you from producing work for the company, can't you get your supervisor involved.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
While I have admin rights my manager has to fight for them every year. the same fight, the same argument and the same result... I get my rights approved. A monumental fucking waste of time and effort and they have been doing this for over 10 years. The argument BTW is that we need to support a critical windows service, the fact that the service has not been used in 6 years has not been disclosed to them.
Never underestimate the power of human stupidity RAH
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
Where I am now (and also at my previous job) you could request local admin rights and "I'm a developer" was enough justification. But now they are trying to take it away and have us request it only when we need it. The request, of course, also requires our boss' approval so that would delay the process significantly. Certainly most developers here don't need local rights all the time, maybe only when installing third party software and such. Most stuff we write doesn't get installed locally. But, we few developers (i.e. only me) who actually develop tools and utilities for ourselves do need to install locally whenever we make a change and having to wait even a few hours can be a significant delay. So, when they asked me for justification of why I need local rights I sent screenshots of me trying to use gacutil without rights. And it worked. This week I got an email saying I'd soon have a separate local account that I can use. :( I don't know how that will work out, but I envision having a shortcut that will launch a dos box running under that user.
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
This sounds like a serious case of rectocranial inversion, and the only known cure is to eliminate the individual who invoked the limit on the development team. You have to have admin rights, at least on your own machine, to do the job. And someone in your group needs admin rights to the entire network, in order to implement your solution.
Will Rogers never met me.
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
In my last job they wouldn't let developers have admin rights on their laptops, and we had to request rights every time needed them. I pointed out that we were developing Windows desktop and services with installers and we might need to install/uninstall multiple times a day, still no go. The only answer was to raise about 25 requests in a single day until they caved as we were inundating the requests system with support tickets. In my new job I get full admin.
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
I work at a large global IT consultancy company. I have almost full admin rights. There are some programs that are enforced on all computers. This is usually not the case in smaller national companies here, where u often may chose and order the computer and applications that fits you best. And there are some regulations on which applications we are allowed to install. Butt otherwise I have full admin rights. It would be quite hard to develop otherwise. But as I am a consultant, and every customer has different demands, I always develop in virtual machines where I have the windows and database versions etc. matching the customers environment. So in those I have absolutely no restrictions, since I create them myself. I also use my computer privately at home, but of course I also work from home every now and then. Working for a global company, I have seen that the culture and level of responsibility and trust given to the individual differs quite much from country to country, and some times from company to company. In Sweden, developers are usually given a high level of own responsibility. After all, as developers, we are the ones who have the expertise how to best solve our asignments. The IT-department cant but blocks in our way or we would yell at our bosses who would force the IT-department to remove those blocks so that we can do our job. :-)
-
How many of you software engineers out there are not allowed to have local admin rights on your Windows development system? Our IT guy here has it so nobody has local admin rights. If we need admin rights, we have a separate user account that does not have access to the internet or the company network. This is annoying beyond belief. Anytime I want to peek at the device manager I get that annoying windows dialog that says I can't make changes but I can look. [ Can I get that to go away? ] And of course if I want to make changes, I have to log in with admin account via the UAC window. Imagine how convenient that is when debugging a driver or a driver-related problem? That is not the only problem... If I am working on an installer on another day.. I have to go through that each time I run/test/debug the installer. This has been the policy around here for a few years. I have managed to avoid it because my last PC was installed/set up before the policy. Now that PC is about dead and they gave me a new one today and now it feels like they are making me work with my hands tied together. To them, I think they can't understand why the big deal. To me.. it is a flow disrupter. I feel like I am just going to have to stop trying so hard to be fast. But it is more than speed. It is concentration. I can see them rolling their eyes.. but this is real! The reason cited for this is that all kinds of nasties can come in through email or websites. We've got web blockers for the web and spam blockers for the email and on-access virus scanning... So I ask you: How does it go where you work? Do you have admin rights on your PC? I can't believe that this is the only way to solve the "security threat". What policies/etc are in place where you work? -Suzanne
I'm lucky is this respect, i'm both the software developer and network admin so i have domain admin rights. I have given the other developers local admin rights though as i know how much of a pain a restricted user account can be when you're debugging software. Plus, you'd think a software developer actually knows what they're doing with a computer when compared to the people in sales or accounts, or even those pesky web developers who nag for admin rights just so they can install itunes and other such crap... Personally i know i wouldn't be able to do half of my job if i didn't have admin rights
