locked
Running developers as Standard User accounts in Vista RRS feed

  • Question

  •  I originally posted this question on some of the developer boards, but it dawned on my that it probably makes more sense over here on TechNet, where I may be able to tap into real world experiences.

    I have been given the task of researching Vista and UAC and the feasibility of running developers in an enterprise as standard users (not admins) without an additional set of administrator credentials to elevate to. In other words, if they get blocked by anything in UAC they would not have the ability to elevate themselves. Need to change something in HKLM? Nope. Wanna edit an ini file under \Windows? Nope. Etc.

    My definition of developers would include developers coding for Windows using a tool like Visual Studio, as well as developers coding web apps using a mix of tools such as VS, eclipse, Rational Software Architect, etc. These developers will also have to deal with things like installation scripts, configuration of software installations, etc.

    Research I have found thus far has determined that this will be problematic as you cannot (easily) define all of the 'exceptions' that a developer might need to deal with on a regular basis and configure around these exceptions such that the developer doesn't need to elevate. I would agree with this assessment.

    Anyone else have experience/examples in dealing with this? I am trying to gather enough information/evidence to make a solid decision either way, and would be curious as to other's findings.



    To recap, the question on the table is: "How feasibly can developers perform their normal job duties running Windows Vista or Windows 7 when they are configured as standard user accounts (and do not know the administrator account's password, so they cannot elevate themselves)."



    Thanks in advance,
    Jeff

    Friday, January 23, 2009 9:29 PM

Answers

  • Hi,

    That's an interesting question. If you would ask a developer, he will tell you that he needs "at least" local administrator privileges.I have seen companies (1-2, to be honest) that have their developers under standard users so I believe it is possible.

    There is no definetive answer here, I presume, could you give us a little more detail on your developing enviroment, especially how testing will be done. 

     


    Victor Constantinescu - MVP Security, MCTS
    Saturday, January 24, 2009 2:30 PM