Do your developers have local admin rights?

plover writes: I work as a developer for a Very Large American Corporation. We are not an IT company, but have a large IT organization that does a lot of internal development. In my area, we do Windows development, which includes writing and maintaining code for various services and executables. A few years ago the Info Security group removed local administrator rights from most accounts and machines, but our area was granted exceptions for developers. My question is: do other developers in other large companies have local admin rights to their development environment? If not, how do you handle tasks like debugging, testing installations, or installing updated development tools that aren't a part of the standard corporate workstation?

Yes

[Vrtigo1]

A developer without admin rights won't be able to do much development. As you've said, they need to be able to install software, keep their systems up to date, access/modify system files, etc. If an organization tried to force developers to develop without admin rights, they wouldn't be able to keep that policy in place very long when they see productivity plummet. A key distinction to point out is that developers should always test their software without admin rights to ensure it'll work on an end-user'

It depends...

[garg0yle]

Technically, a developer may not NEED admin rights, depending on what they are developing and how. Web development versus (say) Visual C++ requires different rights. The installation testing often does, but that should be handled by your test team, which should be a distinct entity. Of course, on a mainframe (you remember those things, right?) the developers do need special access to be able to write code, but that should be in a sand-boxed environment, not the "live" one.

As for "non-standard" developmen

Re:

[Thinboy00]

As for "non-standard" development tools, I do hope those have gone through the proper channels for purchasing (if necessary) and the licenses have been studied by your lawyers. Nothing like being forced to release your internal application code due to a GPL violation from an over-exuberant developer who can't read a license before he clicks "Accept" on the installer.

Personally I wouldn't be so concerned about that if you're using Eclipse, NetBeans, or something relatively mainstream, but the legal department would probably have a fit.

IANAL.

Re:

[emeraldd]

As for "non-standard" development tools, I do hope those have gone through the proper channels for purchasing (if necessary) and the licenses have been studied by your lawyers. Nothing like being forced to release your internal application code due to a GPL violation from an over-exuberant developer who can't read a license before he clicks "Accept" on the installer.

If you're talking about a code library, then not having admin rights won't save you anything here. I haven't run across an IDE that would lead to a GPL violation as yet. (Doesn't mean there isn't one just that I haven't seen one) Most library's that I've dealt with don't have an installer to begin with. So unless you are going to prevent your developers from saving being able to write files, you have to deal with GPL via policy and review.

Nope

[tempest69]

Though we did leave them with enough rights to thoroughly hose their own box anyway. The developers had a habit of changing the admin password to their personal one. Making it a hassle to log in and fix a box. So the users could do most anything except change the admin password and system time. Mostly this was due to PHB power struggles, and some unprofessional behavior.