D
Dominick Baier
In general - all VS.NET debugging is done through a gatekeeper mechanism called "Machine Debug Manager" - the mdm requires you to be a) local admin or b) member of the debugger users group.
this will work for console apps, winforms a.s.o.
a exception is, when you want to debug applications which are running in different security contexts (asp.net, nt services, enterprise services) you need to have admin privileges (even SeDebugPrivilege won't help).
When you don't want to run with admin privs you have to start the app you want to debug under the same security context as you are running (asp.net -> processmodel under IIS5, app pool identity under IIS6, es -> interactive user or nt services -> identity).
The VS Developers groups grants rights for non-admins to create vdirs and web applications in IIS
to summarize:
Apps that run in your context : Debugger Users
Apps that don't run in your context : Admin
---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#[email protected]>
Hi all,
I was wondering what local security groups a developer needs to belong
to in order to be able to write, test and debug VB, C# and ASP.net on
Windows XP?
The groups that are in question are Debugger Users and VS Developers. I
wanted to know if a .NET developer has to be in both, or either (not all of
our VS.NET users use the debugging capabilities.
Also, does a VS.NET developer need to be a Local Admin?
Thanks in advance.
David
[microsoft.public.dotnet.framework.aspnet.security]
this will work for console apps, winforms a.s.o.
a exception is, when you want to debug applications which are running in different security contexts (asp.net, nt services, enterprise services) you need to have admin privileges (even SeDebugPrivilege won't help).
When you don't want to run with admin privs you have to start the app you want to debug under the same security context as you are running (asp.net -> processmodel under IIS5, app pool identity under IIS6, es -> interactive user or nt services -> identity).
The VS Developers groups grants rights for non-admins to create vdirs and web applications in IIS
to summarize:
Apps that run in your context : Debugger Users
Apps that don't run in your context : Admin
---
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
nntp://news.microsoft.com/microsoft.public.dotnet.framework.aspnet.security/<#[email protected]>
Hi all,
I was wondering what local security groups a developer needs to belong
to in order to be able to write, test and debug VB, C# and ASP.net on
Windows XP?
The groups that are in question are Debugger Users and VS Developers. I
wanted to know if a .NET developer has to be in both, or either (not all of
our VS.NET users use the debugging capabilities.
Also, does a VS.NET developer need to be a Local Admin?
Thanks in advance.
David
[microsoft.public.dotnet.framework.aspnet.security]