We have been given the directive to make sure that when we develop we are running out of the administrator and poweruser groups to prevent security holes. What are the steps to take to make this possible, but still be able to debug, code, and install when needed?
We develop ASP.NET as well as VB.NET applications.
Thanks!
Brooke Jackson
Beware, there seems to be a lot of issues with running VS as non-admin.
Seems silly to me. Run VS as admin/power-user locally with whatever minimal rights you need on the network for publishing to the users and whatnot.
Just makes sure that the applications you CREATE with VS still work without those extra rights.
I have been developing a web application in a team of 5+ developers using ASP.NET 2.0 using Visual C# 2005 and Visual Web Developer 2005 for 6+ months. It was an internal application for our client and was targeted at Internet Explorer 6.0. I have been always using a non-administrator account on my machine and have never run into any problems. Specifically, I have not experienced any problems with debugging. Right now I am switching to a Visual Studio 2008 and I hope everything will work just as it does now.
I am using a laptop for development. A the same time I am moving around and connecting to the internet in different places and I use my admin account only when necessary. I really believe that running an admin account for every day tasks is the single greatest security threat, just because it is so common.
Use Vista, and take advantage or UAC, because that's UAC allows you to do. You can give VS full rights when needed, and the application/website limited rights.
I'm running VS2008 on Vista with UAC enabled. I've only had one issue worth mentioning.
I occasionally have weird file permission issues when I've run VS with elevated privileges then later run it without them. VS won't be able to delete the old build files, but if I delete them from Explorer its fine. Again, this only happens when switching between elevated and non-elevated permissions.