Configure your Development Environment with the user having least privilege other than administrator.

The most common objection developers hold against using a non-admin account is that they can’t develop software with a lesser privileged account. Standard user accounts do not have the sufficient privileges to debug applications or create web applications on Microsoft Internet Information Server. To configure your development environment correctly, you’ll need a good understanding of what privileges are required to perform different tasks.

Most of the permissions needed to perform different tasks are already granted to different user groups defined on your computer.

1.       Members of the debugger users group are allowed to use Visual Studio .NET to debug processes, both locally and remotely. It is critical for all developers to have this permission, but it should not be granted to everyone because it can be exploited to gain elevated privileges.

  1. Members of the VS_Developers group can create new web applications on Microsoft Internet Information Server. Despite the name, membership in this group is not needed to do other Visual Studio .NET development, such as creating Windows Forms applications or similar.
  2. If you want to debug web applications on either Windows XP or Windows Server 2003, your user must be a granted the Log on as batch job” privilege. This privilege is already granted to the IIS_WPG group on Windows Server 2003, so if you don’t have to explicitly give users this privilege if you add them to this group. Windows XP hasn’t got an equivalent to the IIS_WPG group, so you’ll have to grant users this privilege in Windows XP environment.

Below are guides to how you can configure your Windows XP or Windows Server 2003 development environment. Both guides require Visual Studio .NET to be installed on the development computer.

Windows XP (Service Pack 2)

  1. Log on as an administrator.
  2. If you already have a regular user account you can skip to 7
  3. Open the control panel in category view and click “User Accounts”. When instructed to pick a control panel icon, click “User Accounts” again.
  4. In the “User Accounts” dialog, open the “Users” pane and click “Add…”.
  5. In the “Add New User” wizards fill in the fields in the first step and click “Next >”. On the second pane choose the “Restricted user” option and click the “Finish” button.
  6. Change to the “Advanced” tab and click the “Advanced” button in the “Advanced user management” section.
  7. In the “Local Users and Groups” dialog, locate and double-click your user in the “Users” folder.
  8. In the “User Properties” dialog, open the “Member Of” tab.The user should be a member of the “Users” group, not the “Administrators” or “Power Users” groups.
  9. Click the “Add..” button and type in “Debugger Users; VS Developers;” in the text box below “Enter the object names to select (examples):” caption.
  10. Click “OK” and close the “Local Users and Groups” dialog.
  11. Open the “Local Security Policy” console.
  12. Expand “Local Policies” and click “User Rights Assignment”
  13. Double-click “Log on as batch job”.
  14. From the “Log on as batch job Properties” dialog click the “Add User or Group…” button.
  15. In the “Add User or Group” type in name of your user account.
  16. Click “OK” and close the “Local Security Settings” console.

Windows Server 2003

  1. Log on as an administrator.
  2. Open the “Computer Management” console and expand “System Tools”.
  3. If you already have a regular user account you can skip to 7
  4. To create a new account, expand “Local Users and Groups”.
  5. Right-click “Users” and choose “New User”.
  6. In “New User” dialog fill in the required details and click “Create”.
  7. Double-click your existing or new user account in the “Computer Management” console.
  8. From the “User Properties” dialog, open the “Member Of” tab. The user should only be a member of the “Users” group, not “Administrators” or “Power Users”.
  9. Click the “Add” button and type in “Debugger Users; VS_Developers; IIS_WPG;” in the text box below “Enter the object names to select (examples):” caption.
  10. Click “OK” and close the “Computer Management” console.


With Regards,

UVN PardhaSaradhi




What is with the combination of Response.redirect and Try catch block?

Well, most of you who have tried out the combination must have been stuck with a weird error of "Thread was being aborted" and must have wondered what has a thread got to do with Response.redirect?

Well, to answer your question here goes:-

A thread is executing your application in terms of ASP.NET worker process , when you call Response.Redirect(URL);

In your code then to redirect to the new URL specified by you ASP.NET framework must be told to stop the current execution of the page and to transfer the execution to the URL page specified in the method call.

This is done in a 2 way step :-

1)       Response.End() is called internally by Response.Redirect to stop the current execution and the ThreadAbortException is thrown.

2)       .NET framework will call catch “ThreadAbortException” and stop current execution and start executing the new page. 

Now during the Step #1 Response.End will throw out a  “ThreadAbortException” to let .NET framework know that the current execution needs to be stopped and the execution of new should begin. framework catches the Redirect method’s exception, aborts the thread and use a new thread for execution of to be redirected page.

Solution :- The way to get over this problem is to specify Response.Redirect(URL,false) , this will tell .NET framework not to stop the execution of the current thread and hence the error will be resolved. 

ThreadAbortException” is a special kind of an exception even if you catch it in a catch block even then it will be raised again at the end of the catch block. When this exception is raised, the runtime executes all the finally blocks before killing the thread.

 – UVN Pardha Saradhi