RE: Non Admin Rights + Visual Studio

From: Dominick Baier (db_at_die-lounge.com)
Date: 06/30/04

  • Next message: Thor: "Re: Article Announcement: Redmond's Butterfly Effect" 
    To: "'Austin Ehlers'" <aehlers@comcast.net>
Date: Wed, 30 Jun 2004 18:43:35 +0200

    Hi,

    you definitely don't need admin rights for your day to day work in VS.NET.

    in a default setup you can't debug any programs that don't run under your
    account, e.g. asp.net

    with iis 6 this is easy to solve - create a app pool that runs under the
    account of the user - so your web apps/services get started with the same
    account as the programmer and voila - you can debug them

    prior to ii6 this is a little bit harder - you have to change the process
    account of asp.net in machine.config - I wouldn't recommend that.

    as someone else said - you could give the developer the SeDebugPrivilege -
    but this is nearly as powerful as running as admin....

    some other stuff that won't run under a user account are tools like

    caspol
    gacutil
    regsvc

    and the like...

    check this excellent article from keith brown
    http://www.pluralsight.com/keith/book/html/howto_runasnonadmin.html

    Dominick Baier
    ERNW / DevelopMentor

    www.leastprivilege.com

    -----Original Message-----
    From: Austin Ehlers [mailto:aehlers@comcast.net]
    Sent: Mittwoch, 30. Juni 2004 00:36
    Cc: focus-ms@securityfocus.com
    Subject: RE: Non Admin Rights + Visual Studio

    You only need admin rights if you debug ASP.NET programs (at least, I
    haven't found a way to do it without them)

    Austin Ehlers

    -----Original Message-----
    From: Mike Lucas [mailto:mlucas@rice.edu]
    Sent: Tuesday, June 29, 2004 01:42 PM
    To: Gooch, Linnie
    Cc: focus-ms@securityfocus.com
    Subject: Re: Non Admin Rights + Visual Studio

    My users are running VS and VS.net as normal users with no trouble. I
    did not have to do anything special to make this work. I did however
    have to add the users to the VS developers group and the debugger users
    group that VS creates when you install it. I am running this on win2k
    these systems if that makes any difference.

    Do you have more info as to why your users need admin rights to use VS?

    Mike Lucas
    Sr. PC Systems Admin
    Rice University

    Gooch, Linnie wrote:
    > I would like to know if anyone knows how to make Visual Studio run on a
    > machine that does not have admin rights. We have a few programmers that
    > are abusing their privileges, and I need to enable them to do their
    > work, but lock them down. Please advise with any suggestions.
    >
    >
    > Linnie Gooch, MCSE MCSA
    > Manager of Systems and Technology
    > Wescom Credit Union
    > (626) 535 1000 x 8801
    >
    >
    >
    >
    > **********************************************************************
    > This email and any files transmitted with it are confidential
    > and intended solely for the use of the individual or entity to
    > whom they are addressed. If you have received this email
    > in error, please delete it immediately and advise the sender.
    > WESCOM CREDIT UNION (626) 535-1000
    > **********************************************************************
    >
    >
    > --------------------------------------------------------------------------
    -
    > --------------------------------------------------------------------------
    -
    >

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Thor: "Re: Article Announcement: Redmond's Butterfly Effect"

    Relevant Pages

    • Re: Removing Local Admin Accounts - What do you think?
      ... people the necessary admin rights on the workstations, ... The local admin account poses a high risk in terms of workstations ... Does this pose a security risk to have a local administrator account on ... Is this a general best practice, from a security point of view? ...
      (Security-Basics)
    • Re: Using Same Account as both Admin and Limited User
      ... I don't think I want to make it too easy to switch the account back ... and forth between LUA and Admin rights. ... There's no time pressure to ... Well, I do buy into the whole security thing: run as a LUA account, ...
      (microsoft.public.windowsxp.security_admin)
    • Re: msn messenger hacked
      ... Admin rights were of course needed to install the keylogger ... a machine that someone with Admin rights hadn't logged off of. ... but had installed a keylogger. ... You used someone else's computer while logged on with an account that others ...
      (microsoft.public.security)
    • Re: E2k7 eventsink identity prerequisits?
      ... You need to be careful if a user has been assigned admin rights they will be ... denied access to any other account other then there own so don't use the ...
      (microsoft.public.exchange.development)
    • Re: Recovery Storage Group error: "There is no such object on the server"
      ... Could you confirm that the account that you are logged in with has Domain ... Admin rights?, if it does not give the account Domain Admin rights or logon ... > I right-click the Recovery Storage Group, select Add Database to Recover, ...
      (microsoft.public.exchange.admin)