Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer II

Best Practices for privileged account on laptops

At our company we've implemented a new security policy for our engineers. The engineers use their laptop as a Swiss army knife, the develop code install software and read their company mail on the device.


In the days where the domain account of the engineer was also a local admin, our engineers where happy and content with the policy. Due to mal- and ransomware we started a proof of concept where we changed to a local named admin account to do the programming and installing, and a domain account to access e-mail, ERPand office via Citrix.


In my opinion this is an acceptable solution, this is our normal 'modus operandi' at the IT department, if we need to install something we use the 'runs as...' command.


But you guessed it: Our engineers are not happy with the new policy. So what do you recommend? Have you encountered the same issues and how did you resolve those?

21 Replies
Influencer II

> metasploit (Viewer II) posted a new reply in Tech Talk on 11-27-2018 08:09 PM in

> CyberArk EPM can easily fit your needs.  
>   Email:

Should we even *pretend* that this isn't just a big sales machine?

====================== (quote inserted randomly by Pegasus Mailer)
We learn from experience that men never learn anything from
experience. - George Bernard Shaw


Other posts:

This message may or may not be governed by the terms of or
Newcomer I

Why would your devs be writing and testing code on their personal systems? They should be doing this in a dev environment. How would you control versioning, test, release if everyone's doing their own thing?