Devs without Admin

Most developers cringe a bit when they first hear that. How are they going to work? How are they going to test code and experiment with new technologies without admin rights?

On the other hand, organizations like ours have hipaa and other security concerns - so giving any users admin privileges can be a problem! So how can we solve this?
Well, that’s where good software deployment comes in - everything they could need should be installable via some self-service mechanism (for me, that’s Munki!). Aside from that, tools like vagrant and VirtualBox (really any virtualization product) are a godsend. Why clutter up your host machine with random test software and toolkits when you can try them out in a virtual machine?

The journey to no admin is a hard one - it means IT really needs to be on top of things! But in the end, it can make things much more secure, easily repeatable, and even simpler for the devs.

Repeatability is a big issue we have been facing recently - our developers have such personalized and individual setups that it can be hard to get a new employee going - what software do they need? What special steps do they need to take to get code in the right places? Right now we are working at getting our android developer configuration ironed out, so that when we get a new one, a computer will be all provisioned and ready for him to work on - no manual steps, no struggling to find a working config. At our company repeatability and automation have been huge focuses for our platform, but nobody had taken the time to apply those same principles to our internal desktop machines. My goal is to make this a viable (and not just ‘viable’ but also a smoother, better) process. Our developers should not need admin on their local machines in order to develop!

I would be interested in hearing from people what their thoughts are on this!