I work at a Fortune 500 company as a Windows software developer in R&D. Corporate IT is currently gearing up for a company-wide Win7 deployment and as a part of it they are looking to completely lock down admin rights on all boxes (including our dev workstations).
I've been tasked to work with them to make the transition as smooth as possible. Lucky me.
I'd like to know if there are any published or other highly respected resources out there that I can use to:
- figure out where to draw a line in the sand
- back up my position.
Personally, my take is that we're R&D and our job is to do things that are 'out of the box'. Thus we need admin rights. However, having started my career as a Windows Admin, I'm aware of their goals and what they need to achieve. What I need to figure out and back up is a way to build the environment in a way that both IT and R&D can live with it and continue to perform their jobs productively.
Development VMs with local admin rights will definitely help a lot, but not in all cases since we interface with lots of custom hardware.
The CIO pushing these changes is definitely a 'pure IT' kind of guy with limited knowledge of the development process so I need some references that would be appropriate to share with someone like that.
I'm not looking to gather a lot of personal opinions (a lot of which have already been shared here), I really need whitepapers, magazine articles, scholarly works, etc to use to make a strong case to upper management.
Best Answer
Because you are going specifically to Windows 7, you should push hard to be admins on your own boxes. There are two really good reasons to keep developers from being admins:
With UAC, neither of these things will happen, since apps you launch won't run as admin unless you deliberately ask them to. Thus there is little risk to letting you have an admin account.
Some bosses have a third reason - I don't want you installing games or unauthorized tools. Without discussing the merits of this reason, I will observe that it usually remains unstated. You need admin access to install the stuff you're writing, to configure IIS, to reconfigure your machine for various kinds of testing (eg editing your host file) and the two "real" reasons for avoiding admin access no longer apply for Windows 7. Therefore, you should be admins.