How To Develop Code As A Non Admin

Developers should develop code as a non-admin. That's because the best way to build software that can be run by nonprivileged users is to run as a nonprivileged user while you write and test the code. I learned that more than three years ago from Keith Brown's column: Security Briefs. But I didn't develop code as a non-admin until recently. In Keith Brown's book "The .NET Developer's Guide to Windows Security", there is a section detailed on how to develop code as a non admin. Here is a short summary on how I do following his suggestions.

• Create two normal user accounts on Win2k3: WinUser and WebUser.
• Add both accounts to the Debugger Users group. This will allow me to run the debugging mode using VS.NET if I log in as either account.
• Add the WebUser account to the VS Developers group. This will grants me write access to \inetpub\wwwroot if I use the WebUser account.
• I log in my system using the WinUser account if I develop a WinForm app and the WebUser account if I develop a Web app
• Then I run mstsc to bring up the remote desktop and log in it using my domain account. I minimize this window normally. If I need to do something with the admin privilege, then I bring up this window and do things inside the window.

I like Keith Brown's book very much and take it as my bible on security.