For more information on how to remove administrative rights for teams download our latest white paper, The CISO’s Guide to Managing Risk for Privileged Access & Credentials in Windows Environments get it now
So, technically speaking, why do developers need administrative rights?
- Application development tools like Visual Studio and XCode need administrative rights to compile the code.
- Third party add-ons and plugins for development tools require administrative rights to operate and perform specific functions like creating or using certificates.
- The installation or removal of software typically requires administrative rights on Windows or a Mac for testing an application.
- Any third-party extensions, drivers, or modifications to key system files, including the Windows registry requires administrative privileges
- Kernel extensions on MacOS and Accessibility Functions used as workarounds (for functions like right-click menus) need administrative rights to enable.
Here's how the PowerBroker Endpoint Least Privilege solutions accomplish these goals:
- PowerBroker allows for the local elevation on an application, not the user, and child processes to have the proper privileges required for the development or testing of an application.
- PowerBroker rules provide the ability for specific applications by path, publisher, hash, or other criteria to execute as an administrator for testing, debugging, installation, or software removal. These tasks can be performed by a developer, programmer, or quality assurance personnel to maintain a secure workflow or even instantiate a DevOps process.
- When remote administrative credentials are needed for network authentication, PowerBroker for Windows integrates into PowerBroker Password Safe to seamlessly retrieve credentials and apply them using a “RunAs” command. This occurs without the end user’s visibility to elevate the application and allows it to operate with real domain credentials, with any privileges, to satisfy use cases where local elevation alone is not sufficient.