I have no idea how to title this post. Oh well.
A few years back I worked somewhere that had a large breach. Many practices changed in the wake of it. Developers actually had admin access prior to the change which was very nice. In an effort to restrict access but also let folks do their jobs they deployed some tool that would start all programs that “needed” admin access as an admin. This included cmd for the devs. So every time I opened cmd I had to be careful not to break something since there was no way to launch it without admin access after that change.
I worked for a company that removed admin access on our dev machines. To be admin, we had to send an email to a foreign country and wait an hour to get a token that could only be used once.
Since I was the most productive employee (lazy bastards), I needed to be admin ten times a day. They quickly changed their decision and gave me full access to my computer again after I flooded them with admin requests and comments like “I can’t work.”
The company fired everyone later because humans cost money but that was fun while it lasted.
But… with cmd running as admin, you can spawn any application with admin permissions. That whole concept sounds horrible…
