Am i bitter? Nah
> I believe they don’t get it/don’t care.
You’re right, anything that’s not obstructive is never worried about.
To me that says you’re doing a good job giving permissions, it’s also your job to manage those permissions, not the developers..
> It's just not their wheelhouse.
Your absolute bang on. And I can say from experience, it’s good you guys are there.
If someone can run a python script on your machine, it’s game over whether it’s running as admin or not.
> they all expect local admin and admin access to everything
It practically doesn't matter on a single user system. You're screwed whether you're running as an admin or not. My machine has credentials in AppData stored to basically every internal service of my company. On a linux machine, they're all in my home dir - even my ssh keys are compromised.
>> If someone can run a python script on your machine, it’s game over whether it’s running as admin or not.
> Yeah, that's why you don't do it that way. You're making my point.
I have to admit, I don't get your point here. If I am correct (and, if I am not, I welcome a correction):
1. Your original point was "Devs want local admin or admin access to everything.
2. GP's response was that even without any admin access of any type, he's hosed if his machine is compromised.
How does #2 above support or prove #1 above?
