VSIP as a Normal User

If you ask people who know much about computer security, they will usually recommend that you perform all your common tasks as a normal user and only run as an Administrator when you absolutely need to. The idea is that even if a hacker or virus exploits something to take over your account, they won’t be able to take over the machine without local admin rights. Personally, I’ve been trying to follow this practice with good success for the past few weeks on my main machine at work and my personal laptop at home. (By the way, MakeMeAdmin is a great little script that has come in very handy.)

 

Naturally, one of the first things I started thinking about was how to use the VSIP SDK on my machine without Administrator rights. After thinking about it for a few minutes and talking to some of the developers here, I’ve come up with the following steps you can take if you’d like to develop a package while minimizing the attack surface of your machine:

 

1.) Log in as a local Administrator

2.) Grant your username full control to the VSIP install directory (and all subdirectories). This is usually “C:\Program Files\VSIP 7.1” on a standard install.

3.) Open regedit.exe and navigate to the HKLM\SOFTWARE\Microsoft\VisualStudio key. Grant your username full control over this key and all subkeys.

4.) Log in as your normal user account.

 

This will be most of what you need; however, there is one more catch. Several of the native-code samples register global COM objects under HKCR which you don’t have write access to as a normal user by default. If you are building any of the following samples, I would recommend launching devenv.exe as a local administrator for building the sample.

· BscPrj

· FigPkgs

· MyCPkgs

· Text Interpreter Sample (Debugging SDK)

· Babel ECMAScript Sample

 

Please let me know if you run into any other problems with this configuration. Happy secure VSIP coding!