RE: Non-Admin, ASP.NET, debug problem.

From: Claudio Pacciarini (ClaudioPacciarini_at_discussions.microsoft.com)
Date: 12/07/04

  • Next message: jlconley: "Re: There is no source code available for the current location" 
    Date: Mon, 6 Dec 2004 20:09:02 -0800

    Arthur: many thanks for your very detailed response. The articles you sent me
    describe several solutions to do what I wanted to do. Many thanks.

    Let me share with you some other interesting discoveries. During my research
    to solve this, I found this article:
    http://www.codeproject.com/buglist/dbgfix.asp

    This visual studio add-in, with some minor modifications, solved my problem
    very well.

    Now I can log on to the machine as a non-admin and remain non-admin most of
    the time, opening visual studio as admin only when I need to (for instance,
    when I need to debug ASP.NET), without logging off.

    I use a very useful script called MakeMeAdmin:
    http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx

    I prefer this approach instead of
      - running ASP.NET using my own unprivileged user credentials,
        - OR -
      - being admin all the time.

    Hope you find this as helpful as I did.
    Many thanks.

    Claudio Pacciarini

    "arthur Wang [MSFT]" wrote:

    > http://support.microsoft.com/default.aspx?scid=kb;en-us;319842
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;817034
    >
    > More info (case study):
    > See the following article for more information:
    >
    > Developing Software in Visual Studio .NET with Non-Administrative Privileges
    > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vstechar
    > t/html/t
    > chDevelopingSoftwareInVisualStudioNETWithNon-AdministrativePrivileges.asp
    >
    > A) Here are some first things to check:
    > 1. Install IIS on the machine
    > a. Click Start, point to Settings, and then click Control Panel.
    > b. Double-click Add/Remove Programs, click Configure Windows, and then
    > click
    > Components.
    > c. Follow the instructions on the screen to install, remove, or add
    > components
    > to IIS.
    >
    > 2. Add the ASP.NET file extensions to the IIS MetaBase.
    > a. Open a command prompt (Start -> Run -> cmd)
    > b. Run the following command:
    > C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe -i
    >
    > 3. Create the wwwroot$ share if it is not present
    > a. Using the Windows Explorer, browse to the C:\Inetpub folder
    > b. Right click the \wwwroot folder
    > c. Select the Sharing tab
    > d. If the folder is not shared, share it and for the share name us
    > wwwroot$
    >
    > B) We made the following changes in DCOM:
    > Go into dcomcnfg (Select Start -> Select Run -> Type dcomcnfg -> Select OK)
    > and set
    >
    > the following up:
    >
    > 1. On the Default Properties Tab
    > a. Make sure that Enable Distributed COM on this computer is checked
    > b. Set default authorization level to Connect
    > c. Set default impersonation level to Identify
    >
    > 2. On the Default Security Tab
    > a. Edit Default for the Default Access Permissions
    > b. Add the following accounts if they are not present
    > 1. MachineName\Administrators
    > 2. MachineName\Debugger Users
    > 3. System
    > c. Edit Default for the Default Launch Permissions
    > d. Add the following accounts if they are not present
    > 1. MachineName\Administrators
    > 2. MachineName\Debugger Users
    > 3. System
    >
    > 3. On the Applications Tab, locate and select the Just-In-Time Debugging
    > Handler
    > and CLR Remote Host application
    > a. On the General Tab, make sure that the Authentication level is set to
    > connect
    > b. On the Security Tab, select Use Custom access permissions and select
    > the Edit
    > button
    > c. Add the following accounts if they are not present
    > 1. MachineName\Administrators
    > 2. MachineName\Debugger Users
    > 3. System
    > d. On the Security Tab, select Use Custom launch permissions and sleet
    > the Edit
    > button
    > e. Add the following accounts if they are not present
    > 1. MachineName\Administrators
    > 2. MachineName\Debugger Users
    > 3. System
    > f. On the Identity Tab, make sure that the interactive user is selected
    > g. Click OK until you are back to the Distributed COM Configuration
    > Properties
    > dialog.
    >
    > 4. On the Applications Tab, locate and select the Machine Debug Manager
    > application
    > a. On the General Tab, make sure that the Authentication level is set to
    > connect
    > b. On the Security Tab, select Use Custom access permissions and sleet
    > the Edit
    > button
    > c. Add the following accounts if they are not present
    > 1. MachineName\Administrators
    > 2. MachineName\Debugger Users
    > 3. System
    > d. On the Security Tab, select Use Custom launch permissions and sleet
    > the Edit
    > button
    > e. Add the following accounts if they are not present
    > 1. MachineName\Administrators
    > 2. MachineName\Debugger Users
    > 3. System
    > f. On the Identity Tab, make sure that The System Account (services
    > only) is
    > selected
    > g. Click OK until you are back to the Distributed COM Configuration
    > Properties
    > dialog.
    >
    > C) Next we gave the SeDebugPrivilege to the Debugger Users group
    >
    > 1. Open the Local Security Policy Settings from (Control Panel ->
    > Administrative
    > Tools -> Local Security Policy)
    > 2. From the right-hand side select expand Local Policies
    > 3. Select User Rights Assignments
    > 4. Double click the Debug Programs privledge and add the Debugger Users
    > group
    >
    > D) Next we gave your <DOMAIN>\Developers goup the following NTFS
    > permissions:
    >
    > 1. C:\WINNT\Temp
    > <DOMAIN>\Developers goup -> Full control
    > 2. C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CONFIG
    > <DOMAIN>\Developers goup -> Read&Execute, List Folder Contents, Read
    > 3. C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files
    > <DOMAIN>\Developers goup -> Full control
    > 4. C:\Inetpub
    > <DOMAIN>\Developers goup -> Read&Execute, List Folder Contents, Read
    > (added)
    > 5. C:\Inetpub\wwwroot
    > <DOMAIN>\Developers goup -> Read&Execute, List Folder Contents, Read
    > (added)
    > 6. C:\Inetpub\wwwroot\<application>
    > <DOMAIN>\Developers goup -> Read&Execute, List Folder Contents, Read
    > (added)
    >
    > E) Next we changed the <processModel> section of the machine.config file to
    > run as
    > the user that will be logging on to the machine.
    > 1. Open the machine.config file from the
    > C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CONFIG folder
    > 2. Press CTRL-F to open the Find dialog and type <process and select Find
    > Next
    > 3. Change the userName attribute to be <DOMAIN>\<DomainUser>
    > 4. Change the password attribute to be the users password.
    >
    > F) Next we made the following changes to the Local Security Policies:
    > 1. Open the Local Security Policy Settings from (Control Panel ->
    > Administrative
    > Tools -> Local Security Policy)
    > 2. From the right-hand side select expand Local Policies
    > 3. Select User Rights Assignments
    > 4. Add the Developers group to the following policies.
    > a. Access this computer from the network
    > b. Logon as a batch file
    > c. Logon as a Service
    >
    > G) Finally we took the following steps to ensure that the FrontPage Server
    > Extensions were installed correctly on the machine.
    > 1. Configure FrontPage Server Extensions on the Default Web Site if they
    > are not
    > there.
    > a. Open the IIS MMC (Start -> Run -> inetmgr)
    > b. Expand the tree on the left-hand side until you can see the Default
    > Web
    > Site
    > c. Right Click the Default Web Site
    > d. Select All Tasks
    > e. Select Configure Server Extensions
    > f. Follow the prompts.
    >
    > 298158 HOW TO: Configure FrontPage Server Extensions in Internet Information
    > http://support.microsoft.com/?id=298158
    >
    > 2. Check Server extensions on the Default web site.
    > 272289 HOWTO: Troubleshoot Connectivity Issues in Visual InterDev 6.0
    > http://support.microsoft.com/?id=272289
    >
    > Check that FrontPage Server Extensions are installed properly:
    > FrontPage 2000 Server Extensions
    > Open Internet Service Manager, right-click Default Web Site (or the
    > appropriate Web
    > site), and then select All Tasks.
    >
    > If you see the option Configure Server Extensions, the Web site does not
    > have the
    > server extensions enabled. Choose this option to start a wizard that will
    > help you
    > to enable the server extensions.
    >
    > If you see the option Check Server Extensions, the Web site has the server
    > extensions installed. Choose this option to start a diagnostic program that
    > analyzes the Web site and fixes common issues.
    >
    > If you do not see an All Tasks item when you right-click the Web site, the
    > FrontPage 2000 server extensions either have not been installed on the
    > computer, or
    > the server extensions' snap-in to the Microsoft Management Console (MMC)
    > was not
    > enabled during setup.
    >
    > To enable the server extensions' snap-in, go to the Microsoft Internet
    > Information
    > Services (IIS) Manager, and then click Console.
    >
    > NOTE: If your computer is running Microsoft Windows 2000, close the IIS
    > Manager,
    > right-click the Internet Services Manager icon in the Administrators group,
    > and
    > then select Author to enable the Console menu. Click Add/Remove Snap-In
    > menu item.
    > On the Extensions tab, make sure that FrontPage Server Extensions box is
    > checked.
    > You should now be able to both configure and check the FrontPage Server
    > Extensions.
    >
    >
    > CAUSE:
    > Visual Studio .NET is Windows Logo compliant, so you would expect that it
    > runs as a
    > restricted user. However, even though the vast majority of all
    > functionality works
    > in constrained permissions, there are a few tasks that are slightly more
    > difficult
    > in this model, either because of operating system limitations or the
    > fundamental
    > nature of the tasks being performed. The above solution provides simple
    > workarounds
    > for all of the difficult tasks in a development process; in future versions
    > of the
    > integrated development environment (IDE) we hope to build this
    > functionality
    > directly into the shell and reduce the requirements wherever possible. We
    > are
    > working hard in future versions of both the operating system and
    > development tools
    > to make it easier to perform these actions in equivalent ways that do not
    > require administrative privileges.
    >
    > ****************************************************************************
    > ***********
    >
    > You were unable to debug your ASP.NET web applications.
    >
    > ERROR:
    > You received the following error message when trying to debug your ASP.NET
    > web
    > application:
    >
    > ---------------------------
    > Microsoft Development Environment
    > ---------------------------
    > Error while trying to run project: Unable to start debugging on the web
    > server. You
    > do not have permissions to debug the server.
    >
    > Verify that you are a member of the 'Debugger Users' group on the server.
    > ---------------------------
    > OK Help
    > ---------------------------
    >
    > <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
    > <>
    > *** Resolution ***
    >
    > To resolve this we made the following changes to your web server
    > Run the DCOM Configuration Manager
    > 1. On the Default Properties Tab
    > a. Make sure that Enable Distributed COM on this computer is checked
    > b. Set default authorization level to Connect
    > c. Set default impersonation level to Identify
    >
    > 2. On the Default Security Tab
    > a. Edit Default for the Default Access Permissions
    > b. Add the following accounts if they are not present
    > 1. MachineName\Administrators
    > 2. MachineName\Debugger Users
    > 3. System
    > c. Edit Default for the Default Launch Permissions
    > d. Add the following accounts if they are not present
    > 1. MachineName\Administrators
    > 2. MachineName\Debugger Users
    > 3. System
    > 4. Interactive
    > 5. IWAM_MachineName
    > 6. IURS_MachineName
    >
    > 3. On the Applications Tab, locate and select the Just-In-Time Debugging
    > Handler
    > and CLR Remote Host application
    > a. On the General Tab, make sure that the Authentication level is set to
    > connect
    > b. On the Security Tab, select Use Custom access permissions and select
    > the Edit
    > button
    > c. Add the following accounts if they are not present
    > 1. MachineName\Administrators
    > 2. MachineName\Debugger Users
    > 3. System
    > d. On the Security Tab, select Use Custom launch permissions and select
    > the Edit
    > button
    > e. Add the following accounts if they are not present
    > 1. MachineName\Administrators
    > 2. MachineName\Debugger Users
    > 3. System
    > f. On the Identity Tab, make sure that The interactive user is selected
    > g. Click OK until you are back to the Distributed COM Configuration
    > Properties
    > dialog.
    >
    > 4. On the Applications Tab, locate and select the Machine Debug Manager
    > application
    > a. On the General Tab, make sure that the Authentication level is set to
    > connect
    > b. On the Security Tab, select Use Custom access permissions and select
    > the Edit
    > button
    > c. Add the following accounts if they are not present
    > 1. MachineName\Administrators
    > 2. MachineName\Debugger Users
    > 3. System
    > d. On the Security Tab, select Use Custom launch permissions and select
    > the Edit
    > button
    > e. Add the following accounts if they are not present
    > 1. MachineName\Administrators
    > 2. MachineName\Debugger Users
    > 3. System
    > f. On the Identity Tab, make sure that The System Account (services
    > only) is
    > selected
    > g. Click OK until you are back to the Distributed COM Configuration
    > Properties
    > dialog.
    > h. Click OK and restart your machine.
    >
    > Ensure that the FrontPage Server Extensions have been configured on the
    > application
    > that you want to debug.
    > 1. Select Start -> Run -> inetmgr
    > 2. Locate the application in question
    > 3. Right click and select All Tasks
    > 4. Select Configure Server Extensions or Check Server Extensions
    >
    > Because you are debugging on a Domain Controller, make the following change
    > to your
    > machine.config file (located in
    > C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CONFIG)
    > 1. Search for the <processModel> tag
    > 2. Set the userName attribute to SYSTEM
    > 3. Save the file
    > 4. Select Start -> Run -> iisreset
    >
    >
    > --------------------
    > >Thread-Topic: Non-Admin, ASP.NET, debug problem.
    > >thread-index: AcTXusOk7upGrk8bTAWB9yrH6bXRDQ==
    > >X-WBNR-Posting-Host: 216.68.140.162
    > >From: =?Utf-8?B?Q2xhdWRpbyBQYWNjaWFyaW5p?=
    > <ClaudioPacciarini@discussions.microsoft.com>
    > >Subject: Non-Admin, ASP.NET, debug problem.
    > >Date: Wed, 1 Dec 2004 07:31:01 -0800
    > >Lines: 29
    > >Message-ID: <2BEE0941-5C5E-49CF-8ADF-51446D0E2C90@microsoft.com>
    > >MIME-Version: 1.0
    > >Content-Type: text/plain;
    > > charset="Utf-8"
    > >Content-Transfer-Encoding: 7bit
    > >X-Newsreader: Microsoft CDO for Windows 2000
    > >Content-Class: urn:content-classes:message
    > >Importance: normal
    > >Priority: normal
    > >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    > >Newsgroups: microsoft.public.vsnet.debugging
    > >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
    > >Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
    > >Xref: cpmsftngxa10.phx.gbl microsoft.public.vsnet.debugging:6730
    > >X-Tomcat-NG: microsoft.public.vsnet.debugging
    > >
    > >I log on to my machine as a normal, non-admin user. To debug ASP.NET
    > >applications, I need to be member of the administrators group. So I launch
    > >VS.NET as local administrator using runas.
    > >
    > >Everything works fine until I try to debug the ASP.NET app. The problem is
    > >that when I start debugging the web application, Internet Explorer does
    > not
    > >appear.
    > >
    > >But Internet Explorer is started, I can see it in the Task Manager Process
    > >List (running as my admin user). Seems to me that VS starts it
    > >non-interactively.
    > >
    > >How can I solve this? I hate the idea of logging on as an administrator
    > and
    > >run everything as admin just because of this.
    > >
    > >My machine is XP Pro SP2, part of a Windows Server 2003 domain; both my
    > >non-admin and admin user accounts are part of "VS Developers" and
    > "Debugger
    > >Users" groups.
    > >
    > >Many thanks.
    > >
    > >Claudio Pacciarini
    > >
    > >PS: In the following link, I thought I found the solution to this problem
    > >but it didn't work for me and for others. Any clues?
    > >
    > >http://www.codeproject.com/buglist/dbgfix.asp?df=100
    > >
    > >
    > >
    >
    >

  • Next message: jlconley: "Re: There is no source code available for the current location"