|
My workstation was just upgraded to windows 7, which is great. However, they are locking down all the windows 7 computers to allow only 'user' access. If there is a need for more access then we can request it and it may be allowed for up to 90 minutes. I am a developer and am writing programs as the rest of you do. Have any one else run into this issue and how have you dealt with it?
|
|
|
|
|
I have first hand experience of this issue. I did a project a few years back where we all had two accounts, one user account and one admin account. The admin account would log you out after an hour no matter what you were doing. I took this issue to anyone who would listen but to no avail. Then they all wondered why we couldn't meet any deadlines.. in the recrimination meetings all I could do was reiterate the fact that we needed proper admin access to do our jobs properly and making us work in restricted accounts was akin to giving a delivery driver one of those two wheeled granny shopping cart things to deliver sofas in.
my sympathies. some people don't think about the consequences of their decisions. this is one such case.
|
|
|
|
|
The norm is to give developers local admin rights.
Panic, Chaos, Destruction. My work here is done.
Drink. Get drunk. Fall over - P O'H
OK, I will win to day or my name isn't Ethel Crudacre! - DD Ethel Crudacre
I cannot live by bread alone. Bacon and ketchup are needed as well. - Trollslayer
Have a bit more patience with newbies. Of course some of them act dumb - they're often *students*, for heaven's sake - Terry Pratchett
|
|
|
|
|
I've never worked at a place where developers didn't have administrative access to at least their own development systems. Once the tools are installed, you can actually do a lot of work without administrative access, though when you need it, you usually really need it.
At one recent company, the IT guys delivered new systems without local admin access, but quickly rectified it once we explained the situation.
|
|
|
|
|
You do not have administrator rights!?
I don't know what your job is but for me, it is required. I can do whatever I want locally.
"Bastards encourage idiots to use Oracle Forms, Web Forms, Access and a number of other dinky web publishing tolls.", Mycroft Holmes[ ^]
|
|
|
|
|
Ah aaaah, so 't is not so easy to be in the user's place, huh ? HUH ?
On a serious note, I feel your pain. I have to ask for admin rights (up to 1 day to wait) and reboot (which is the part of the annoyance I hate the most).
~RaGE();
I think words like 'destiny' are a way of trying to find order where none exists. - Christian Graus
Do not feed the troll ! - Common proverb
|
|
|
|
|
Put in a request for admin access for every 90 minutes covering the next 12 months, its only 1300 requests and then makes sure you go home after you have done the 7.5 hours per day that the access covers
You cant outrun the world, but there is no harm in getting a head start
Real stupidity beats artificial intelligence every time.
|
|
|
|
|
This is the first time I have not had Admin rights. A bit of a pain. Like I cannot get an html editor, and it has delayed work when stuff had to be installed. Also get these stupid notices that upgrades are available, and cannot upgrade, so they just pop up. The most irritating one is "New CollabNet Desktop version is available" which pops up everytime a start a project in source control. Also, cannot read a USB drive, so have to send things through email, and cannot send exe's.
|
|
|
|
|
Well, as a developer, you DO need admin permissions to do certain things, like install tools.
But, you should be developing your code as a normal user. This is because admin accounts will let you do things that a normal user running your completed app cannot do. For example, as an admin, you can write your code to write to a Access database under Program Files. As a user, you can't do that. Everything under Program Files is ReadOnly by default.
I can't tell you how many times little security bugs like this have crept through Repackaging because the developer has said "It works on my machine!"
|
|
|
|
|
IMO, that is what QA is for.
CPallini wrote: You cannot argue with agile people so just take the extreme approach and shoot him.
:Smile:
|
|
|
|
|
No, that's what UAC is for!
Seriously, it's much better to find this sort of bug when you're writing the code than having to wait for QA to find it, write up a bug report, and send it back to you to be fixed. Especially if you can't reproduce the bug locally because you're running as administrator.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
By that time, you've already invested a ton of time writing bad code that isn't going to work for a user.
Better to find it before it gets to QA som you don't have to rewrite large swaths of code.
I've found many dev's really don't know how to test their apps anyway because they don't understand the security constraints Windows puts on users.
|
|
|
|
|
I can agree and disagree with this. I think my development machine should be setup in whatever way allows me to work the most efficiently. If I need a more restrictive environment to test on I think that should be a separate environment setup to more closely replicate a users environment, perhaps a VM.
CPallini wrote: You cannot argue with agile people so just take the extreme approach and shoot him.
:Smile:
|
|
|
|
|
That's what VMs are for. I even have a whole domain setup in my VMs when I need to test some of the weirder settings created by admins (three VMs running to use it, the server, the client, and a third to play router).
And VS doesn't even run properly on my machine without admin rights (my file permissions are screwy for some reason).
|
|
|
|
|
No, not really. Would you want to write a bunch of code that works fine under admin just to find out in a VM test that it's not going to work for a user? Now you have to go back and rewrite that code.
I'd rather write it as a user and write it ONCE.
|
|
|
|
|
Generally you only run into problems with stuff like writing files, and that generally is no where near the majority of what a program does, and those can usually be avoided anyways (like writing to places that always have low security settings, like AppData, whenever possible). I'd rather have to go through the extra step of testing the rare bit of code like that on a VM than have to elevate permissions every time I want to do something on my machine.
I could see the point if the application was mainly things that could run into permission issues, but for the majority of applications I just don't see this being the case. Plus, I've seen some seriously screwy permissions set up on client domains, there's no way to account for every possible security configuration and still have useable machine.
|
|
|
|
|
lewax00 wrote: I'd rather have to go through the extra step of testing the rare bit of code
like that on a VM
You'd be surprised as how common code like this is. It's not rare at all to have developers do something stupid that only an admin can do. I see it quite frequently around here.
Look. I'm not the only one who thinks like this. There are articles out there that discuss this very thing and explain why it's a bad idea to write your code while your running as an admin.
For one example -> http://msdn.microsoft.com/en-us/library/vstudio/ms173360(v=vs.100).aspx[^].
This concept goes back a long way. I think I read about it a book called "Writing Secure Code".
I've also seen blog posts on the topic. I believe it was Keith Brown who also wrote about the topic, though I can't seem to find a link to it.
|
|
|
|
|
Is there any leeway in your opinion to accommodate embedded developers? It's really inconvenient to have to ask IT for permission every time I have to change out an IDE (AVR Dragons and Microchip hockey-pucks are particularly frequent pains) just because they lock down your privileges. And we don't get any benefit from testing under user permissions, only issues when the debuggers won't work properly.
|
|
|
|
|
I didn't say that you can't have an admin account on the machine. I did say that it is still very useful to have it.
What I did say was that writing code under a normal user account results in better quality code as you will only be able to write code to do the stuff that your users have permissions for.
Yes, you still need an admin account to do other stuff, like repacking the app, debugging situations, profiling, ..., blah, blah, blah.
|
|
|
|
|
Dave Kreskowiak wrote: But, you should be developing your code as a normal user. This is because admin accounts will let you do things that a normal user running your completed app cannot do. For example, as an admin, you can write your code to write to a Access database under Program Files. As a user, you can't do that. Everything under Program Files is ReadOnly by default.
I can't tell you how many times little security bugs like this have crept through Repackaging because the developer has said "It works on my machine!"
Unless you screw with the default settings this shouldn't've been an issue since Vista because when your IDE launches your app it will be running without admin rights.
If you do change the defaults to give yourself the full unrestricted XP admin experience you deserve to be beaten senseless by your teammates/testers/users the first time you commit code that won't work under a default account.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
Not everyone uses the very latest Visual Studio.
Hell, I've still got VB6 running around this place! I've got dev's running VS2005, 2008, and a few running 2010.
Lucky me, I'm one of 3 people running 2012 around here!
I can't tell you how many times I've had developers hand my group "finished" code just to have it go through Repack and fail miserably in QA because the dev's are doing stupid things like writing to Program Files or saving reg info under HKEY_LOCAL_MACHINE, or trying to punch a temporary hole in the Windows Firewall from their app, or have the app automatically download files from a server location to update the local application under Program Files, ... There are plenty more examples of this where it could have been caught had they just wrote the code while they were running under a normal account.
I am NOT saying that you have to do EVERYTHING under a normal account. Just write and F5 test the code to see what happens. It's that simple. Everything else you can do under an admin account because a user isn't going to be doing these things, like building as installer for the app, ...
|
|
|
|
|
Dave Kreskowiak wrote: Hell, I've still got VB6 running around this place! I've got dev's running VS2005, 2008, and a few running 2010.
VB6 IDE only works if ran in admin mode? I'd say I was surprised; but I'd be lying. I am disgusted though.
My MS IDE stack is 2003 (theoretical legacy support - app with controls that barf with 2.0 framework), 2008 (theoretical legacy support - winphone 6.x), 2010 (most work - bean counters are balking at a new version of resharper), and 2012 (experimental). For Java I have both Eclipse and InteliJ installed.
Aside from the 2003SP1 installer not being elevated automatically and not generating an error message that indicated that was the problem it's been smooth sailing with everything running by default with user rights. If I ever need to do COM programming again I suppose I'll need to use the Run As Admin context menu item (to write the magic registry keys COM requires); but I won't change the VS default to elevate itself because that way leads to works on my machine madness.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies.
-- Sarah Hoyt
|
|
|
|
|
I was in a similar situation a couple of years ago - our SQL Server DBA left and I was the most experienced person left, so took it upon myself to ensure backups were working, maintenance was done etc.
The bloke in charge of the IT infrastructure refused to give me sysadmin passwords and rights on the servers etc - in a meeting with him, my boss and his boss, I loudly stated that if I did not get the access I would go straight to the managing director and say that the business was in severe danger as I could not guarantee that the main order processing system, which handled £25m+ worth of orders each year, would not fall on its arse. I soon got te access required
====================================
Transvestites - Roberts in Disguise!
====================================
|
|
|
|
|
|
"Give me full-time administrator access to my development machine, or I walk."
It's that simple. I can't do my job with only user-level permissions. Part of my job is to create our installers, and they require administrator privileges.
Software Zen: delete this;
|
|
|
|