The original post: /r/cybersecurity by /u/Still-Professional69 on 2024-12-27 00:58:15.

We have a number of developers where I work. Last year we removed Local Administrator rights for all users, including the developers. Everyone runs Admin By Request. However, this has caused some issues:

It is common for developer tools/IDEs to making changes to the Windows Firewall; but it’s hard to anticipate when. The problem is that when it tries to make a change to the firewall, windows prompts “is it ok?” and then if they say “Yes”, it prompts them for an administrator user/pass. As soon as it prompts “Is it ok?”, if they try to run “Admin By Request”, it always shows up behind the “Is it ok?” window, and they can’t click the “OK” button on the admin access window or provide justification; it’s hidden and stuck behind the “Is it ok?” window.

In the end, they have to cancel the the “Is it ok” window, and the firewall changes don’t get applied; which may be important/needed. And the tools/IDEs don’t make it easy to figure out how to re-initiate those changes again.

For those with developers without Local Admin rights, how do you deal with situations like this?