Hi I'm Dennis! I love Jesus, my family, running, and coding! I love diving deep into a language and building things with it :D. Thanks for stopping by!
Location
Memphis, TN
Work
Software Development Engineer at St. Jude Children's Research Hospital
I expect that the security decisions were made for all of the company based on the fact that the number of people that should have local admin is a subset of the people with AD accounts. I agree that most office personnel shouldn't have local admin, but if you trust someone to write code for your production servers and to be able to execute application code on said servers then MAYBE you should trust them to not nuke their primary means of employment/productivity.
Hi I'm Dennis! I love Jesus, my family, running, and coding! I love diving deep into a language and building things with it :D. Thanks for stopping by!
Location
Memphis, TN
Work
Software Development Engineer at St. Jude Children's Research Hospital
Absolutely agree. And the separation of powers at bigger institutions can make things difficult. I think for the general user at the institution admin rights should be restricted. Here, for example, I had to put in a service ticket to gain admin rights, but it is only because they know me. Security vs Productivity is just an interesting dynamic to me. Information services tends to hedge more towards security at the cost of productivity while developers tend to edge towards productivity at the cost of security, from my experience.
I do enjoy the way that Windows has evolved to handle this over the way that it used to be. Just because you have local admin doesn't mean that you run everything from that privilege. Having the prompt before you run something as admin is a real benefit.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
That first part in Old Busted is an interesting discussion. What is the balance between productivity and security?
I expect that the security decisions were made for all of the company based on the fact that the number of people that should have local admin is a subset of the people with AD accounts. I agree that most office personnel shouldn't have local admin, but if you trust someone to write code for your production servers and to be able to execute application code on said servers then MAYBE you should trust them to not nuke their primary means of employment/productivity.
Absolutely agree. And the separation of powers at bigger institutions can make things difficult. I think for the general user at the institution admin rights should be restricted. Here, for example, I had to put in a service ticket to gain admin rights, but it is only because they know me. Security vs Productivity is just an interesting dynamic to me. Information services tends to hedge more towards security at the cost of productivity while developers tend to edge towards productivity at the cost of security, from my experience.
I do enjoy the way that Windows has evolved to handle this over the way that it used to be. Just because you have local admin doesn't mean that you run everything from that privilege. Having the prompt before you run something as admin is a real benefit.