I'm a software developer who works on a variety of projects, especially with RTOS devices, and we have a lot of specific code tied to our NICs. Our team's toolkit ranges from compiled languages like C and Go to Python for some web apps aimed at internal customers. We use tools that help flash updates to our devices when testing at home, while the rest are mainly for logging and library management. Traditionally, we've operated as a Windows shop that allows us admin accounts on our PCs, which might be controversial.
Recently, they've proposed using separate admin accounts with a CyberArk vault for rotating passwords. While this sounds secure, the UAC prompt doesn't let us paste the complex password, meaning we have to type it out each time. I can't help but wonder how anyone manages to stay efficient, especially during urgent incidents when we're on call.
Additionally, many of the package managers output files to our home folders, so using the separate admin account complicates things since it creates files in the admin account's home directory, which we don't have access to. This is tricky because we also have a lot of our scripts stored in OneDrive, so when switching accounts, we lose access to those as well. My question is, is there a better way to manage my workflow with this setup?
6 Answers
Most organizations solve this by implementing some sort of credential provider to manage UAC. Maybe check with your IT team if they can adjust UAC settings or use something like CyberArk more effectively for easier credential injection. Also, making sure your scripts are accessible by creating a shared folder that both your accounts can access could help a lot!
You don't have to input credentials at the UAC prompt every time. If you set up a scheduled task or a script to run with elevated permissions, you can streamline access. Using something like PowerShell allows you to call the credentials without being prompted to type them repeatedly. You just need to set it up properly.
Good point! I’ll look into setting up a task like that to avoid typing the passwords.
Just a heads up, in admin accounts, most tools and scripts might behave differently than your regular user account due to user context issues. You might want to look into running scripts from an elevated command prompt. This would let you access your files and tools without diving into the discrepancies of home directories.
It sounds like you're looking for ways to simplify the UAC experience. Instead of the rotating passwords, consider requesting a smartcard or Yubikey setup for easier access. This could eliminate the need to type in long passwords for UAC prompts and streamline your workflow during critical situations.
Totally agree! A Yubikey could make all the difference, especially since you can use it with modern laptops. It just means one click to elevate instead of typing passwords all the time.
It seems like you might be looking at your setup in too limited a way. Talk to the team that implemented these admin accounts and present the challenges you’re facing. They might have solutions or suggestions that could make your workflow a lot more painless!
Definitely! I noticed the same issues early on and creating a shared folder made everything smoother with permissions.