NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-MS> 2004-q2

RE: Non Admin Rights + Visual Studio

From: Brian A. Reiter (breiterwolfereiter.com)
Date: Wed Jun 30 2004 - 09:06:25 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The trick to debugging as a non-admin is to realize that while it is a
privileged advanced right to attach the debugger to a process owned by
another user, you can always attach and debug your own processes. So what
you need to do is run aspnet_wp.exe in the user context of the developer
rather than "Network Service".

You need to do three things to enable ASP.NET debugging as a non-admin on
Windows 2000 pro or XP workstations.

1) You need to use an isolated developer model where each developer has an
IIS instance on his/her workstation
2) Each developer needs to have a dedicated workstation that isn't shared
with another developer
3) On each developer box, you need to edit the Machine.config <processModel
/> tag to set the userName and password attributes so that the ASP.NET
worker process to run in the user context of the non-admin developer that
uses that machine.

3b) As a corralary, you will either need to grant the developer rights to
edit the Machine.config so that they can change their passwords or set their
passwords to never expire.

Alternatively if your ASP.NET developers have Windows Server 2003 as their
desktop, you can use the Application Pools feature of IIS 6 to configure the
user context of ASP.NET worker processes on a per-application or per-site
basis.

-----Original Message-----
From: Austin Ehlers [mailto:aehlerscomcast.net]
Sent: Tuesday, June 29, 2004 6:36 PM
Cc: focus-mssecurityfocus.com
Subject: RE: Non Admin Rights + Visual Studio

You only need admin rights if you debug ASP.NET programs (at least, I
haven't found a way to do it without them)

Austin Ehlers

-----Original Message-----
From: Mike Lucas [mailto:mlucasrice.edu]
Sent: Tuesday, June 29, 2004 01:42 PM
To: Gooch, Linnie
Cc: focus-mssecurityfocus.com
Subject: Re: Non Admin Rights + Visual Studio

My users are running VS and VS.net as normal users with no trouble. I did
not have to do anything special to make this work. I did however have to
add the users to the VS developers group and the debugger users group that
VS creates when you install it. I am running this on win2k these systems if
that makes any difference.

Do you have more info as to why your users need admin rights to use VS?

Mike Lucas
Sr. PC Systems Admin
Rice University

Gooch, Linnie wrote:
> I would like to know if anyone knows how to make Visual Studio run on
> a machine that does not have admin rights. We have a few programmers
> that are abusing their privileges, and I need to enable them to do
> their work, but lock them down. Please advise with any suggestions.
>
>
> Linnie Gooch, MCSE MCSA
> Manager of Systems and Technology
> Wescom Credit Union
> (626) 535 1000 x 8801
>
>
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error, please
> delete it immediately and advise the sender.
> WESCOM CREDIT UNION (626) 535-1000
> **********************************************************************
>
>
> ----------------------------------------------------------------------
> ----
-
> ----------------------------------------------------------------------
> ----
-
>

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]