/build/static/layout/Breadcrumb_cap_w.png

How to effectively eliminate PC admin rights in the developers' environment?

Developers need source code compiling, downloading / installing tools / obtaining updates from the programming sites, registering software (within the tool), running profiling tools (performance and memory profiling), running Visual Studio, modifying PC system settings, etc.

I would like to see your views on how IT administrators can effectively manage developers' access to their PC. Thanks.

 

Posted 11 years ago 3664 views

Comments

  • MY current employer uses PowerBroker to manage rights. Additoinally, something likea virtual machine hosted on an ESX sever should also allow rights to do all that without opening up their workstation to them.

    Personally, I find locking down developer machines to be more trouble then it's worth. However, before anything gets released, I make sure that it's tested in a lab against a standard build. And when I hear "it works fine on my PC" I remind the developer that they have all the rights they claim they need to do their work and they need fix this before it can be released, since it doesn't work in our environment. - Arminius 11 years ago
  • Right now I have our developers as admin, but I'm looking for a better solutions. So far I've got the following ideas:

    1)Deep Freeze http://www.faronics.com/products/deep-freeze/enterprise/
    2) Virtual Machine on their local desktop
    3)Privilege Manager http://www.quest.com/privilege-manager/

    Cheers,

    m - ms01ak 11 years ago
    • I've been in an environment where we used Deep Freeze. That turned out to be a real pain, since we needed to unlock it every 30 days for patching. A VM is a good idea - have full rights on your VM to develop all you want and then you can't mess up your desktop. I'd give them 2 VMs - one with full rights for them to do what they want, and one with standard rights to see how their work works. We use PowerBroker where I am right now, and it's good for those requests for Admin rights because something won't run due to privilege issues. PB has been a good solution for us with respect to rights. - Arminius 11 years ago
  • Currently our company is looking into using Viewfinity Privilege Management for Endpoints. But no matter what solution you use it will require more backend administration, but should, if done right, be well worth the trouble. We had Conficker Worm rape our entire network in a matter of hours because all 1,200 users have local admin and network shares. - aaronr 11 years ago
This post is locked

Posted by:

alex.woo@clsa.com White Belt
Ninja since: 11 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login
Blog

View More Blogs from alex.woo@clsa.com

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ