Debugging ASP.NET as non-admin (LUA)

See my previous post about LUA, and why it is a good idea.  Today
I managed to get ASP.NET 2.0 to debug correctly, using Visual Studio
.NET 2005 under LUA.  Thanks to Andrew Duthie’s post.  I needed to tweak my system a little, here are my steps in digest (II6 only):

1. Create a new user group (Control Panel, Administrative Tools, Computer Manager, Local Users and Groups), called ASPNETDebug.
2. Add the LUA user to the ASPNETDebug group.
3. Add the LUA user to the IIS_WPG group.
4. Modify the following local account policies (Control Panel,
Administrative Tools, Local Security Policy, Security Settings, Local
Policies, User Rights Assignments):

  • “Adjust memory quotas for a process” – add the ASPNETDebug user group.
  • “Replace a process level token” – add the ASPNETDebug user group.

5. Modify the NTFS permissions on the following directories, and add the ASPNETDebug group with modify permissions:

  • %windows%temp
  • %windows%Microsoft.NETFramework%framework version%Temporary ASP.NET Files

6. Create a new application pool in IIS 6 (not based on any other app pool).
7. Change the identity of the newly created application pool to the LUA.
8. Change the app pool of ASP.NET web site application being debugged to the newly created app pool.