Recently I was debugging custom SharePoint-based application and timer jobs. Unfortunately and although my account was member of the local administrator’s group on my development server, Visual Studio refused to attach to the process I wanted to debug throwing out the error Unable to Attach the Process. Visual Studio has insufficient privileges to debug the process. To debug this process, Visual Studio must run as an administrator to my face.
The root cause is fairly simple to find: in environments where Windows (Server) high security is a concern, the privilege Debug Programs (SeDebugPrivilege), granted by default to the Administrators built-in group, is removed in order to prevent admins from getting their hands on passwords from other users (as well as other data stored in memory) or service accounts using tools similar to LSADUMP to name juste one.
Unfortunately, the consequence of this is the inability for an administrator to attach to a program in order to debug it live. The problem is not typical to VS but to any debugging program willing to attach to a live process.
3 possible solutions/workarounds:
- Get your security administrator to restore that privilege. This it can be done on a per computer-basis, it should not be too harmful on a dev computer
- Run your server application with your own user account (the one you log on with). Obviously against best practices and not always possible in highly secure environment since other privileges might not be granted (log on as service, log on as batch…)
- Try running Visual Studio through the PSEXEC tool with parameters –s –I and –a. really tricky, has some limitation and, like the workaround above, not always possible in highly secured environments…
To list the privileges your account has been granted, just use the command whoami /priv.
- MS KB Article: How To Use the SeDebugPrivilege to Acquire Any Process Handle
- MSDN Blog: VS 2003 Tip #14: What are the requirements to debug a managed application?
- Least Privilege Blog: SeDebugPrivilege and Debugger Users (older yet still up to date)
- Ultimate windows Security: Debug Programs