How to elevate the Visual Studio Debugger for standard users

Owned by Anonymous
Last updated: Oct 14, 2015 by Max Pinion (Deactivated)
4 min read

Issue

In Windows 7, only Administrators have the Windows privilege to debug programs. If standard users try to debug programs, those users have to first provide administrator credentials via the UAC prompt shown in the following screenshot.

Solution

You can elevate Standard Users so they have the ability to debug programs by doing the following steps:

Create a custom Add Administrator Rights action

Back to top

Cloning an existing Add Administrative Rights Action is the simplest way to create a custom add administrator rights action. This can be done by doing the following steps:

  1. In the Arellia Security Manager, click the Policies tab.
  2. In the file library in the left pane, navigate to Policies > Arellia Solutions > Application Control > Actions > Process Rights.
  3. Right-click Add Administrative Rights Action and then click Clone.
  4. In the Clone Item dialog box, enter the name Add Administrative Debug Rights.

     
     
  5. Click the link to the right of Windows privileges.
  6. In the Select Resources dialog box, click the Unselect All button.
     
  7. In the Available Resources pane on the right, scroll down the list and click Debug Programs and then click the Select button.
  8. Click OK.
     
  9. Select the Use user's unrestricted token check box.
     
  10. Click Save.

Create an executable filter

Back to top

Create an executable filter by doing the following steps:

  1. In the Arellia Security Manager, click the Policies tab.
  2. In the file library in the left pane, navigate to Policies > Arellia Solutions > Application Control > Filters > My Filters.
  3. Right-click My Filters and then click New > Dynamic File Filters > Blank Win32 Executable Filter.
     
  4. Name the filter vsjitdebugger.exe Executable Filter.

     
     
  5. In the Filter Settings, set the File name to vsjitdebugger.exe.
  6. Set the File path to %windir%\System32.
  7. Change the File version to 11.0*. (or the current version of Visual Studio you are targeting)
  8. Click Save.
     

Create an Application Control policy

Back to top

Create an Application Control Policy by doing the following steps:

  1. In the Arellia Security Manager, click the Policies tab.
  2. In the file library in the left pane, navigate to Policies > Arellia Solutions > Application Control > Policies.
  3. Right-click Policies and then click New > Blank Application Control Policy.
  4. Name the filter vsjitdebugger.exe Executable Filter.

  5. In the Filter Settings under the Applications to Control tab, click the Select applications to control link.
  6. In the Select Resources dialog box in the Available Items pane on the left, use the search bar to find the vsjitdebugger.exe Executable Filter.
  7. Click to highlight the vsjitdebugger.exe Executable Filter and then click the Select button.


     
  8. Click OK.
  9. Click Application Actions tab.
  10. Click Application action and then click the Select link.
  11. In the Select Resources dialog box in the Available Items pane on the left, use the search bar to find Add Administrative Debug Rights.
  12. Click to highlight Add Administrative Debug Rights and then click the Select button.
  13. Click OK.
  14. Under Child applications click Same as parent.
  15. Click the Policy Enforcement tab.
  16. Change the Policy Priority to 10.
  17. Select the Continue enforcing policies after enforcing this policy check box.
  18. Click the red Off button to activate the policy.
  19. Click Save.

 

Update the client and then the policy will take effect and the debugger will run with administrator rights for standard users.