views:

556

answers:

4

We have been given the directive to make sure that when we develop we are running out of the administrator and poweruser groups to prevent security holes. What are the steps to take to make this possible, but still be able to debug, code, and install when needed?

We develop ASP.NET as well as VB.NET applications.

Thanks!

Brooke Jackson

+1  A: 

Beware, there seems to be a lot of issues with running VS as non-admin.

Xavier Nodet
So I have heard and it only gets worse in 2008 from what I have heard. I am hoping someone will come up with a scathing answer that will give me some arguments to stop this idea from coming to pass. :)
Brooke Jackson
actually it is best practise to develop as a non admin, debug as a non admin and test as a non admin.
Anonymous Type
+1  A: 

Seems silly to me. Run VS as admin/power-user locally with whatever minimal rights you need on the network for publishing to the users and whatnot.

Just makes sure that the applications you CREATE with VS still work without those extra rights.

Kevin Fairchild
A very good way to check that your app does not need admin rights is to not have them when you test it...
Xavier Nodet
@Xavier Nodet: exactly. developing with Admin in a corporate environment, is just counter intutitve to whatever corporate security policy is in place. (unless there is none).
Anonymous Type
+2  A: 

I have been developing a web application in a team of 5+ developers using ASP.NET 2.0 using Visual C# 2005 and Visual Web Developer 2005 for 6+ months. It was an internal application for our client and was targeted at Internet Explorer 6.0. I have been always using a non-administrator account on my machine and have never run into any problems. Specifically, I have not experienced any problems with debugging. Right now I am switching to a Visual Studio 2008 and I hope everything will work just as it does now.

I am using a laptop for development. A the same time I am moving around and connecting to the internet in different places and I use my admin account only when necessary. I really believe that running an admin account for every day tasks is the single greatest security threat, just because it is so common.

ballofmud
+1  A: 

Use Vista, and take advantage or UAC, because that's UAC allows you to do. You can give VS full rights when needed, and the application/website limited rights.

I'm running VS2008 on Vista with UAC enabled. I've only had one issue worth mentioning.

I occasionally have weird file permission issues when I've run VS with elevated privileges then later run it without them. VS won't be able to delete the old build files, but if I delete them from Explorer its fine. Again, this only happens when switching between elevated and non-elevated permissions.

Eric Haskins