[ajug-members] Do Developers need Administrator rights

Jeremy Haile jhaile at fastmail.fm
Thu Dec 21 11:01:58 EST 2006 

In the companies I have worked for, both big and small, developers were
given Administrative rights in Windows.  It is impossible to install
many software packages in Windows without administrator rights, and
developers need the flexibility to install, test, and work with various
software packages.  

I would definitely segment your internal network from your servers with
a firewall, and enforce that everyone has virus scanners and personal
firewalls installed in Windows.  I think that from a systems
perspective, it is better to assume that no system is trusted than try
to limit what people can do with their computers.  But the way Windows
security model works, it is absurd to think that developers can do their
job without Administrator rights.

Maybe Vista will offer a security model that helps alleviate this
problem (but I'm not holding my breath).  You could always switch to
developing in Linux ;-)



On Thu, 21 Dec 2006 10:44:55 -0500, tooger at bellsouth.net said:
> Fellow Developers
> 
> I need your input on the topic of administrator priveleges. The public
> network is a dangerous place. To protect the interests of the business, a
> network administrator has to put in place significant defenses. One of
> these defenses is to impose a policy that restricts a user from
> installing whatever they want onto their desktop/laptop. 
> 
> In the Windows world, this typically means that the user has no
> administrator priveleges. This policy works well for the typical user and
> certainly prevents them from installing all sorts of rubbish on their
> corporate desktop exposing the business in many different ways. The
> larger the company, the greater the risk, the more restrictive the
> policy. I have found though that this policy doesn't work too well for
> Developers (or is it just me).
> 
> Developers need to be able to install versions of tools and products at
> will. At times, they may need to have access to the registry. They may
> need to install and run desktop editions of some pretty advanced software
> e.g. Oracle XE or SQL Server 2005 Express as part of building their
> development environment. Trying to do our jobs without Administrator
> priveleges is like being forced to paint a room with a toothbrush and
> your hands tied behind your back. (Of course, I would say the Windows
> security model is the root issue - can I do sudo in Windows?)
> 
> However, I also recognise the need for a network administrator to secure
> the network.
> 
> What is the solution to providing a flexible development environment for
> developers without exposing the network? One solution may be to have a
> dedicated development network separate to the corporate network. What are
> your thoughts on this solution? What about other solutions (virtual
> environments)? How do you cope with such restrictive policies
> (personally, I've had to resort to using my own laptop and private
> network at work)?
> 
> Jason
> 
> _______________________________________________
> ajug-members mailing list
> ajug-members at ajug.org
> http://www.ajug.org/mailman/listinfo/ajug-members

More information about the ajug-members mailing list