As a "Developer" (and recently the dev group manager) who uses his own equipment on the company network (and we probably deal with more critical data than you do, CC data being the _least_ important of it) -- their are reasons for exceptions to the rules. Rules should never be the end all answer -- they should be the guidelines and should be used to give you the intent of the law, not stifle user productivity.

And a laptop (which I and most of my developers use) is much more productive than a desktop machine. In the above issue you presented If "my" machine was faster than the companies; then I would want to use it. If the company was only going to give me a desktop I would lobby for allow me to use my laptop. I am far more productive on a laptop because inspiration can strike at 11pm at night. I've used a laptop for development work for over 15 years now.

In most developers cases; real debugging is a lot harder (and in some cases impossible) to handle in a locked down account -- and since debug rights basically give you the "keys" to the machine (any developer with real debug rights on W2k/XP (not sure about vista) can take over the machine anyways).

However, I'm not saying give the guy "network" admin rights -- "local" admin account rights is imho pretty much needed for any programmers who programs in any true compiled languages. Not only are the majority of developers pretty picky about their "setup" of the machine; but letting them setup their machine the way they want improves their productivity quite a bit for the minor security possibilities. (Emacs vs VI debate anyone?)

We assign the proper "network" rights based on the areas of responsibility.

Just to make your day (cringe <g>) since you seem to be very security paranoid -- My machine is NOT a member of the domain; nor does it run the company wide standard "virus" scanner, nor does it run the standard IM client. Hmm, thinking about it, I don't even run the standard browser nor the standard email clients. Hmm, standard.... Not sure their is much of anything "standard" on my computer. Technically, a sys-admins worst nightmare. <g>

However, as so eloquently phrased, with great power comes great responsibility. I run better (yes, imho & based on research) software than the company does. I do have AV, and run several other security related stuff that would be "overkill" for normal uses (software firewall, etc). I also read several different security mailing lists (and rss feeds to others -- so I often know long before IT if an issue might be something that they will need to be aware of).

Since we do deal with "critical" information -- I've introduced encrypted partitions/disks, source code control, build control, etc; to the company since I've been here. And at the end of the day if a problem that IT can't solve occurs, it lands on my desk as its last stop. ;-)

Now, if you tried to "handcuffed" me; I would be pretty upset too. My .02c from the other side of the fence.


As long as you have it keep itself up to date; adding a linux server is good for the company. Having different "genes" in the gene pool helps promote stability. Having all the same genes gives birth defects. Guess what the computer industry suffers from.

Nathan.