Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Developing as a non-Administrator

Wednesday, December 10, 2003 Comments

 .NET  Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Google+    Share on Facebook   

Lars Bergstrom wrote an article for MSDN a few months ago called “Developing Software in Visual Studio .NET with Non-Administrative Privileges” and it looks like it has been updated this month.  Do yourself a favor, and read this article.

Over the last few years, I have been a big believer in developing software as a non-Administrator.  I followed Keith Brown's excellent advice on how to set up your machine correctly, and have continued to do so with each new OS or machine.  The key is to only run as Administrator (using the “Run As“ feature) when you need to install software or various other administrative (hence, the reason why the user is called “Administrator”) tasks.

On my laptop, I run two OSs, Windows 2000 Server and Windows Server 2003, plus a Virtual PC with Windows XP Pro, and in all cases, I set up strong passwords, rename the Administrator, and run with an everyday normal, non-privileged user.  With this mode, I have found, like Lars and Keith above, interesting ways to do secure tasks, especially with distributed .Net application development lately.

As Keith mentions, its a “lifestyle choice“ to develop this way.  You make a decision to run as a normal, non-privileged user to help yourself learn about security on the platform as well as how to write better, secure code.  Most users who work with our software are usually running as non-Admins, and can hit the security wall hard if we are not careful. 

Plus, a big question for developers I always want to ask:  “Do you need to be an Administrator to check email in Outlook?”.

Share:   Share on LinkedIn    Share on Twitter    Share on Google+    Share on Facebook