UAC / VS / W2K8: Why won't VS start with administrative privileges when I am in the Administrators group?

Server 2008 with Service Pack 1 (SP1), Visual Studio 2008 with Service Pack 1 (SP1). My user; The developer is in the local Administrators group. However, some of the things I do in Visual Studio (use the properties window of the web application to call create a virtual directory in local IIS) tell me that administrator privileges are required. This is more annoying than anything else, I can just start VS with a right click (Run As Administrator) to perform an action - but I was curious if anyone knows why this is happening?


source to share

3 answers

This is not how it works on Vista with UAC. Your user being in the admin group means that this user can perform admin tasks. Let's say you have a regular user and that user is logged in and is trying to perform an admin task. This user will not be able to complete such a task because it is not in the admin group. He will need to provide an administrator username / password to perform such a task. But if your user is an administrator, you will be given access to complete the task.

What you are talking about is basically how Windows XP works, and we all know how it came to be with all the security issues. In XP you are an administrator with administrator rights, you can do whatever you want on the system. It is not very secure. In Vista you are in the Administrator group, but this does not mean that every task must / will be performed with administrator rights. You are an administrator, you can change anything you want on the system, but by default everything will run with less administrator rights to prevent any security issues. You need administrator rights, run the application with administrator rights.

It's just how it works and how it should work.

What I see anyway :)



Since this works, I guess ... It doesn't matter what group your user is in, what matters is whether the application is running with administrator privileges or not. If so, you will be able to perform admin actions, otherwise you will not.

All applications that use UAC to perform administrator actions (when you see the security icon), they either a) restart the application with administrator rights or b) start a process with administrator rights to perform the corresponding action. They can never give you administrator rights without running a process with them.

This is how it works. As far as I know, this is how it works ...



Nazgulled: Your first statement indicates that processes are started in a security context other than the one they inherit from the current user. My curiosity stems from this basic understanding that a process is working with my token. If my user is in the admin group, won't he be running with administrative privileges? Perhaps my basic understanding of this is wrong - it is possible that user rights / security and process security context are not as closely related as I understood them ...



All Articles