[maccard]

I use a company managed machine. If my machine is compromised even in user space, my AWS credentials (which AWS stores in %UserProfile%/.aws) are hosed. Source code? Gone. Cookies from chrome? Gone. Files on the network share that everyone has mounted? Compromised.

If someone can run a python script on your machine, it’s game over whether it’s running as admin or not.

[bongodongobob]

Yeah, that's why you don't do it that way. You're making my point.

[maccard]

In your original comment you said:

> they all expect local admin and admin access to everything

It practically doesn't matter on a single user system. You're screwed whether you're running as an admin or not. My machine has credentials in AppData stored to basically every internal service of my company. On a linux machine, they're all in my home dir - even my ssh keys are compromised.

[lelanthran]

>>> I've done IT support for a number of devs across multiple companies and they all expect local admin and admin access to everything.

>> If someone can run a python script on your machine, it’s game over whether it’s running as admin or not.

> Yeah, that's why you don't do it that way. You're making my point.

I have to admit, I don't get your point here. If I am correct (and, if I am not, I welcome a correction):

1. Your original point was "Devs want local admin or admin access to everything.

2. GP's response was that even without any admin access of any type, he's hosed if his machine is compromised.

How does #2 above support or prove #1 above?

[bongodongobob]

IT does things that piss off devs like not allow python to be installed on the laptop because, yes, having python installed can be exploited. So we lock down the laptops and have isolated dev envs that you use instead.