7

I’m an app developer and my company wants to take away admin rights on everybody’s PCs (Windows). I won’t even have the right to adjust my computer’s clock time. I’ve been working there for over a year and a half. There haven’t been any issues whatsoever, and now this. To be frank I’m a bit pissed about it. Nothing is on premise, the projects I’m working on are apps hosted with Azure / gitlab.
I’d be curious to hear about your experiences related to this topic. Also if you have any opinons against or for such measures, if be happy to hear.

Comments
  • 5
    My first employer did have certain things monitored and controlled by admins on our machine but one could easily bypass or override them without tweaks or much hassle.

    My current employer has some similar admin control setup. But a lot more things are controlled by admins. What's annoying is that one cannot bypass or override anything.

    I can't even change basic settings and it kinds of bothers me.

    Funnily, when the laptop shipment arrived last week, the IT team called me for remote setup. As the Indians are dumb, the girl on other side asked me to login via some credentials she shared.

    Now, I immediately realised those were admin credentials and easy to remember.

    I memorised them and now play around with settings as and when I need. Since I am new and not aware of risk factor or tracking mechanism, I ain't risking much but once I get to know the smartness if the IT team, I will use it for my advantage.
  • 2
    Every time I get company laptop, first thing I do is erase hard drives clean and reinstall everything. Not sure if it helps, but I like to think It does.
  • 4
    Just annoy them about every little thing that’s in your way and they will eventually give away because you have so much downtime.

    Worked in 3 companies so far.
  • 2
    Bro.. We have autocheck every month, it runs through the whole system and deletes everything what is not downloaded through the company's software center. Admin password is just a dream here. I have to call IT for change the host file. :D
  • 5
    @yehaaw And the MOMENT you do that, it will generate a "RED WARNING" alerd in Device managment systems.

    And if AFTER reinstalling OS you can connect to entreprise network with your loging ? loooool, security is shity there
  • 2
    .... 🤷‍♂️

    Wipe, and install linux.
  • 3
    Not granting admin to non-IT-savy employees is highly recommended for security reasons.

    The IT staff power users should be able to get local admin though. They often like to heavily customize their work environment and normally know to not open spurious invoice PDFs...
  • 4
    Locking down machines of non-IT and non-dev employees? Absolutely necessary. If you don't you're gonna find these dumbfucks installing all sorts of malware-infused shite and watching all the pornography they can muster thinking that connecting to a personal wi-fi router keeps them off the company grid.

    IT and devs should be granted admin access to their machines, or have specific policies where they're allowed to install and run anything with admin rights. I don't need to customise my wallpaper as much as I need to be able to install the software I need on-demand.

    Alternatively, the company machine can be locked down for all BUT IT and devs should be given VMs where they do have admin access to do their work. Not ideal but it does get around all the legal bullshit.
  • 1
    @NoToJavaScript

    Nah, I’m working from home full-time.
  • 1
    @molaram that’s extreme. So beyond security reasons, there’s also lack of trust, as in you’re afraid people aren’t doing their job?
    In my experience the more trust there is, the more you’ll have employees that are motivated and willing to take initiatives. If people are too tied down they’ll only do the bare minimum and their morale won’t be great
  • 1
    @AtuM @burntoutnoodle
    Thing is though, the projects I’m working on are entirely the property of the client, not my company. They already control accesses to their resources. I don’t have access to prod databases, the source code is on GitLab. We literally have nothing of our own on premise, which means there’s nothing that’s really exposed to attacks. Sooo, other than monitoring what we’re doing / lack of trust, I don’t really see what else they’re trying to do. It’s been a year and half and the project is going super well. I really don’t see what the problem is and why they feel like they need to control us now.
  • 2
    I have two choices:
    - windows: plenty of technicians can support so no admin
    - mac: 1 support technician so admin for me

    Its an easy choice
  • 3
    @black-kite speaking as a veteran sysadmin for companies and government environments, my experience is that, the moment you give even the slightest form of freedom to people who have no feeling whatsoever with the operating system and it's intrinsics, you will invite pain and misery in.

    A clear policy and responsibility with elevated rights is essential.
    The person receiving this grant should be aware of this and know what power and what damage it can do.

    I will not go over the details but there was one time a major incident causing severe losses to the brink of bankruptcy because an employee from the sales department was able to install malware hidden as a 'cleaner tool' which was recommended to him by a close friend...who worked for the competition. A strong example of social engineering combined with a lack of security scrutiny in that enterprise.
  • 1
    @NeatNerdPrime you’ve done a better job "raising my awareness" about the issue than my company has. In any case I’m gonna have to suck it up and get used to being more limited. In return they’re going to have to accept that we won’t be getting as much done if there are too many restraints on what we do
  • 2
    @ostream
    Sounds more like a three letter agency to me...
Add Comment