VS Run As Admin Requirement

[spottedmahn]

What is up with the run as admin for deploying to my local cluster from Visual Studio? This feels like a through back to when UAC was first introduced. Surely there has to be something that can be some to remove this requirement, no?

Reference: Service Fabric Application throwing Powershell Script Error while Local Cluster deployment

[masnider]

It is only required for debugging the services if those services are running as something other than your local user. Since SF launches services as Network Service by default, the debugger needs to be running as admin to attach. Lots of times when I just need to change code and package I don't bother launching VS as admin. For times when I know I'm going to be attaching the debugger a lot I modify the VS shortcut to launch as admin by default so I don't forget and run into it on F5.

[spottedmahn]

Since SF launches services as Network Service by default

That has me thinking, if it is the default, perhaps I can change this? Is this configurable?

What controls launching new services under Network Service?

[spottedmahn]

Hello - any updates on this?

What controls launching new services under Network Service?

[dbreshears]

Well, I don't have a good answer really at the moment. You can add this to your application manifest, however you won't get far with F5 because the VS tooling will block you from debugging and require VS running as admin. It just isn't a scenario we have looked into or tested yet, however I'll add an work item to look into.

<Principals>
    <Users>
      <User Name="SfUser" AccountName="Domain\UserName" AccountType="DomainUser" Password="pass" />
    </Users>
  </Principals>
  <Policies>
    <DefaultRunAsPolicy UserRef="SfUser" />
  </Policies>

[yinseny]

Any updates? We are also trying to build our services using SF, but our dev machines don't have admin permission, is there any tweaking we can do to bypass all the admin requirements (for both local cluster manager & VS debugging)? this is quite a blocker issue to us.

[spottedmahn]

TIL: I can change my taskbar shortcut to always open VS under admin context.

[tazdevilnl]

Any updates? We are also trying to build our services using SF, but our dev machines don't have admin permission, is there any tweaking we can do to bypass all the admin requirements (for both local cluster manager & VS debugging)? this is quite a blocker issue to us.

Is there new information about this issue, I have the same issue

[kevinhoelscher]

I realize this is considered low-priority, but it feels like consideration is lacking for what seems to be a fairly common developer story. Often in enterprise settings, developers do not have administrator privileges (and, ideally, they should never need them except when updating/reconfiguring software—even that is avoidable in some cases). Also, "you can do everything except debug" is not reassuring from the standpoints of productivity and quality control.

As for the benefit of a platform such as Service Fabric: my infrastructure team (like many I've encountered throughout my career) would just as soon spin up a VM in Azure for each one we currently have on prem, port over our aging legacy software, and call it a day. That would be easy, but it would fail to realize many of Azure's benefits, such as scalability and maintainability. It is already hard enough to overcome the "if it ain't broke" mentality and cultivate buy-in to a modern cloud architecture. Meanwhile, I have to tell infrastructure that they'll also need to make an exception in their security policy (which they would rightly say is anything but modern) and let all our developers be local administrators on their machines, just so they can debug these modern apps. It is not going to go over well.

(One final note: in my case, a workaround like runas /savecred will not work, because we use a rolling password for local administrator accounts).

[spottedmahn]

closing as stale / no activity