[foepys]

We are using Defender at work, too. There is a group policy that lets Defender do a full system scan once a week.

To not interfere with the user there allegedly is a group policy setting to limit the CPU usage and it is set to 15%. The thing is, it simply does not work. Every week my fans spin up to max, Defender hogs all my CPU cores, 25% of my GPU according to the Task Manager. Even typing becomes laggy.

The only way to stop it is to open Task Scheduler and end the scheduled task from there.

[nix23]

Wait...your are local Admin on your machine?

[tallanvor]

Outside of highly regulated environments, technical staff usually have local admin rights. Is it a risk? Yes, although one that can be minimized. Letting people do what they need to do with minimal interference is an important part of keeping employees happy.

[causi]

Even if they're not supposed to, most people do, or at least they know an admin login. All it takes is one frustrated person who knows someone higher up and the login is on a sticky note in a drawer. Technical security measures are not and will never be a substitute for proper training.

[brokenmachine]

> Technical security measures are not and will never be a substitute for proper training.

What would proper training achieve to solve GGP's problem of his machine becoming unusable every week?

[nix23]

And proper training is never achievable in non IT Enterprise...because no one cares, whats left are technical restrictions.

[AnIdiotOnTheNet]

Everyone at the company I work for has local admin on their machines. It is not the big deal people make it out to be.

1) Malware doesn't care. It is happy to eat the user's personal data or anything they have access to on the network.

2) The OS is easily replicable if it gets damaged or destroyed thanks to imaging.

3) Whitelisting applications is a bitch to implement properly and causes a lot of friction for users.

4) There is one PC per user, so there's absolutely no reason to protect the PC from it's user.

[gspr]

I'd quit my job if work didn't let me be root on my work machine.

[nix23]

That's exactly the one single reason why no one should give a developer a Windows machine in a enterprise environment ;)

[formerly_proven]

Well that and the shitty dev tools on Windows in general ;)

[mszcz]

Care to elaborate? I'm using Windows as a primary dev machine for years and I've encountered no problems aside from the infuriating update-related restarts.

What am I missing? This is an actual, emotionless, genuine question? Always looking to find new ways to procrastinate by trying out new tools ;)

[rovr138]

Ultimately it depends on what you need and what you develop for.

If you’re developing for the Linux kernel, I bet you’re missing out on some stuff.

If you’re building web, it doesn’t matter. If you’re building docker images, you can do it on Windows/Mac, but there’s just better performance on Linux if you’re ever debugging speed.

Java? Doesn’t matter either.

[causi]

You don't use Windows Update Manager or timed firewall rules to make sure Update doesn't ever interfere with your work?

[antihipocrat]

I'm a relative beginner to development and have found no issues with WSL2 so far. Any pitfalls to be aware of?

[mikeyjk]

When I was using wsl1 I ran into ocassional nuisances: needing to specify a windows mount point and having a problem with phpstorm connecting to it (iirc I had to use a docker for windows setting which was referred to as legacy or insecure maybe).

It wasn't too bad though honestly.

I ended up swapping to debian after my workplace rolled out some insane MDM policies / forced application installs. It is much nicer to dev in *nix

[ocdtrekkie]

And anywhere with a good IT department would say "bye". From my experience, people with reasonable technical skills are the most likely people to defy IT policies, even without admin rights.

[gspr]

Then hold me responsible if I do.

[ocdtrekkie]

Often by the time the violation is noticed, the damage is done. And when you're cleaning up a million dollars worth of ransomware damage, you rethink whoever thought anyone should ever be operating with admin rights to their machine.

[nix23]

>people with reasonable technical skills are the most likely people to defy IT policies

Absolutely true...aka "i know computers since the C64 nothing bad will ever come from my machine...bumm ransomware...but my Antivirus never said anything"

[DangitBobby]

Less to do with that and more to do with it being infuriating that you can't install or do tiny things you need. It can be less frustrating to hop jobs.