Solved

Visual Studio 2008 and 2010 Security Issue

Posted on 2010-08-31
14
457 Views
Last Modified: 2012-05-10
Currently working in an Organization that has removed Adminstrator rights to Visual Studio Developers.  Most of the current OS on the developer machines are XP at this time.

Without going into details I am looking for two answers from this question regardless of best practices.

1)  What is the best practice with justfication for providing a Visual Studio developer the local admin and administrator rights to the local pc.

2)  Is there a workaround that works ensuring security is tight but no functionality to the developer is lost.  If any development functionaility is lost.  What is lost?


Thanks!!!
0
Comment
Question by:Robb Hill
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 29

Accepted Solution

by:
nffvrxqgrcfqvvc earned 375 total points
ID: 33574184
Besides debugging you don't lose much, the only concern is when you work with Com Classes, when you build the project the .NET IDE won't be able to automatically register the class on the development machine without administrative rights.
0
 
LVL 9

Assisted Solution

by:richard_hughes
richard_hughes earned 125 total points
ID: 33576173
Hello robbhill

If you are going to be attaching a running process (w3wp.exe for instance) you will require admin rights.

Thanks,

Richard Hughes
0
 
LVL 29

Expert Comment

by:Kumaraswamy R
ID: 33576708
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Author Comment

by:Robb Hill
ID: 33582149
rkworlds - I am not sure how your article is relevent to the question?
0
 
LVL 29

Assisted Solution

by:nffvrxqgrcfqvvc
nffvrxqgrcfqvvc earned 375 total points
ID: 33582282
You can code in the IDE without administrative rights. In fact you very rarely need administrative rights. It's going to all depend what your working on. You will run into some issues especially when debugging , installing services, registering components.
IMHO it's an bad idea to disable administrative rights to developers. It's best to code with the least privileges(user mode) but for developers being able to debug and test your code is just as important as writing the code.
The problem I see with this situation is you won't know exactly when you will need administrative rights until it's to late.
 
 
0
 
LVL 11

Author Comment

by:Robb Hill
ID: 33582362
Are there work arounds when in an XP environment with VS 2008 or 2010 to get around registering COM, Attaching Processes, or Debugging.  Debugging being the most important to me.


Can you think of anything else that gets hosed?
0
 
LVL 29

Expert Comment

by:nffvrxqgrcfqvvc
ID: 33582417
I really don't know how you would do this exactly. The only thing I can think of is making one developer you trust have permissions and allowing the code to run under his supervision OR giving him access to a computer that can be used for debugging.
 
0
 
LVL 11

Author Comment

by:Robb Hill
ID: 33582650
I was reading an article and am not sure without testing.
If a web project was created in the www root directory....and that directory had the necessary permissions could debugging mode work?
0
 
LVL 29

Assisted Solution

by:nffvrxqgrcfqvvc
nffvrxqgrcfqvvc earned 375 total points
ID: 33601098
I don't know specifically about the web project :(
Everything you need know is heavily discussed in here. Take the time to read the entire article and discuss these issues with your company.

Developing Software in Visual Studio .NET with Non-Administrative Privileges
http://msdn.microsoft.com/en-us/library/aa289173(VS.71).aspx 
0
 
LVL 44

Expert Comment

by:AndyAinscow
ID: 33609448
This sounds like the developers aren't trusted to be able to use a PC sensibly in your organisation.  Surreal !

0
 
LVL 11

Author Comment

by:Robb Hill
ID: 33619214
lol...its a government thing
0
 
LVL 11

Author Comment

by:Robb Hill
ID: 33619225
I had already found the msn article above...that is specific to 2003 it looks and we are on Xp machines running 2008 and 2010.
0
 
LVL 29

Expert Comment

by:nffvrxqgrcfqvvc
ID: 33619366
The article is still valid even for the recent versions including 2008 or 2010. It's talking about permissions issues and not specific features related to the IDE or framework used.
If you don't have permissions to do something that requires administrative privileges it doesn't really make a difference. :(
 
0
 
LVL 11

Author Closing Comment

by:Robb Hill
ID: 33793019
Thanks this gave me the reasoning to get the developers the admin access they needed rather the workaround hack..thanks to all
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
checkbox group not updating when none of them is selected 11 44
ASP.NET Built-In Report Creator / Viewer 5 41
asp.net web app 3 58
How does this modal work? 3 33
In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
Introduction This article shows how to use the open source plupload control to upload multiple images. The images are resized on the client side before uploading and the upload is done in chunks. Background I had to provide a way for user…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question