One chestnut from my history in lottery game development:
While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.
Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.
Took away Admin rights, so everytime you wanted to install something or do something in general that requires higher privileges, we had to file a ticket in the helpdesk to get 10 minutes of Admin rights.
The review of your request took sometimes up 3 days. Fun times for a software developer.
We worked around this at my old job by getting VirtualBox installed on our PCs and just running CentOS or Ubuntu VMs to develop in. Developing on windows sucks unless you’re doing .NET imo.
Oh shit, you just reminded me of the time that I had to PHONE Macromedia to manually activate software because of the firewalling. This was after waiting days to get administrative permission to install it in the first place.
“Thank you” for helping resurface those horrible memories!
I don’t miss those days.
3 days? That’s downright speedy!
I submitted a ticket that fell into a black hole. I have long since found an alternate solution, but am now keeping the ticket open for the sick fascination of seeing how long it takes to get a response. 47 days and counting…
Nobody wants to take it because it will mess up their KPIs.
Any ticketing system set up like that is just begging for abuse. If they don’t have queue managers then the team should share the hit if they just leave the ticket untouched
I too know this pain
During those 10 minutes of admin rights:
net user secretlocaladmin * /add net localgroup administrators secretlocaladmin /add
There’s likely a GPO cycling and removing all the admins.
We used Intune Portal for a list of approved desktop apps
Let me guess, the list is about 6 items long with no provision for getting any added
No, it was quite extensive (20-30?) and we (I) kept expanding it. I even added icons for each app so it looked nice.
All published software was approved by Cybersecurity. We allowed people to request apps and evaluated each case.
deleted by creator