On Tue, 08 Mar 2005 18:47:25 -0500, Admiral Q wrote:
>
> I'll reinforce what Scott said, if they are developing, especially Windoz
> apps, whether web based or PC based, they'll need "local" admin rights -
> developing requires access to parts of the OS that only an Admin can reach.
> Now the app they are developing may not need to access, but the process of
> developing itself requires it. No third party software is going to be able
> to help - it is just the way it is.
> Now, provided you are running AD on your domain, you can prevent certain
> access via Group Policy, but you have to be careful with developer machines,
> the wrong change can completely cripple the development software.
We have a developers network inside the local network. All developers sit
behind a simple NAT router and their systems are part of their own domain
or local workgroup. By putting them inside a subnetwork with their own
systems and keeping them out of the company network domain/security it
allows them to manage all sorts of things that you would not want them
managing on your network.
As an example, you can setup several SQL servers and several web servers
as QA and then Pre-Production and give them access as Administrators
without those servers belonging to your company network - same with their
workstations. The only thing you need to make clear is that they get
quality AV software on their machines.
Also, by putting them inside the company network in their own subnet
behind a router, it lets them access company email services, and lets you
filter their web access.
You can use the DMZ of your company network to setup SQL and Web servers
that they can push to from their LAN, but that DMZ area is where the
customers review the work/projects. Keeps the need for external
connections to the developers network eliminated.
--
(E-Mail Removed)
remove 999 in order to email me
Similar Threads
