Skip to main content

 none
Win10 Development Mode Security RRS feed

  • Question

  • Can anyone tell me the security implications of turning on development mode on Windows 10 such as:

    Can the developer create his own local login? If so, how can this be mitigated?

    Can the developer alter GPO?

    Can the developer install whatever they want? Can this be controlled?


    Tuesday, April 10, 2018 5:12 PM

Answers

  • do the developers need to debug code under a different account (e.g. windows service)? because that requires SE_DEBUG_NAME which is basically admin. 



    Visual C++ MVP

    • Marked as answer by cruiserbill Thursday, April 12, 2018 12:13 PM
    Tuesday, April 10, 2018 6:52 PM
    Moderator
  • "Developer mode" does not add administrative privileges.  Anything controlled by admin privileges (like user creation) is not affected.  It really doesn't affect very much.  It lets you run self-signed store-type applications without going through the stor, and it lets you run the Unix subsystem.

    It's really designed to protect novice users from themselves.


    Tim Roberts, Driver MVP Providenza & Boekelheide, Inc.

    • Marked as answer by cruiserbill Thursday, April 12, 2018 12:13 PM
    Tuesday, April 10, 2018 5:22 PM
  • It doesn't need developer mode all the time. If you install Visual Studio 2017 with only the desktop related development then it won't enable developer mode.

    If anything, the only thing that users can get access to with developer mode enabled that they couldn't with it turned off is symbolic links, but it is questionable that symbolic links should be locked behind admin privileges on Windows in the first place, because they are available to regular users on Linux.


    This is a signature. Any samples given are not meant to have error checking or show best practices. They are meant to just illustrate a point. I may also give inefficient code or introduce some problems to discourage copy/paste coding. This is because the major point of my posts is to aid in the learning process.

    • Marked as answer by cruiserbill Thursday, April 12, 2018 12:13 PM
    Tuesday, April 10, 2018 5:40 PM

All replies

  • "Developer mode" does not add administrative privileges.  Anything controlled by admin privileges (like user creation) is not affected.  It really doesn't affect very much.  It lets you run self-signed store-type applications without going through the stor, and it lets you run the Unix subsystem.

    It's really designed to protect novice users from themselves.


    Tim Roberts, Driver MVP Providenza & Boekelheide, Inc.

    • Marked as answer by cruiserbill Thursday, April 12, 2018 12:13 PM
    Tuesday, April 10, 2018 5:22 PM
  • Thanks Tim.

    Windows 10 evidently needs to be in developer mode for Visual Studio to be installed and run. This is why I am asking, because we do not want the developers to have any type of admin rights and to mitigate vulnerabilities as much as possible.

    Tuesday, April 10, 2018 5:29 PM
  • It doesn't need developer mode all the time. If you install Visual Studio 2017 with only the desktop related development then it won't enable developer mode.

    If anything, the only thing that users can get access to with developer mode enabled that they couldn't with it turned off is symbolic links, but it is questionable that symbolic links should be locked behind admin privileges on Windows in the first place, because they are available to regular users on Linux.


    This is a signature. Any samples given are not meant to have error checking or show best practices. They are meant to just illustrate a point. I may also give inefficient code or introduce some problems to discourage copy/paste coding. This is because the major point of my posts is to aid in the learning process.

    • Marked as answer by cruiserbill Thursday, April 12, 2018 12:13 PM
    Tuesday, April 10, 2018 5:40 PM
  • do the developers need to debug code under a different account (e.g. windows service)? because that requires SE_DEBUG_NAME which is basically admin. 



    Visual C++ MVP

    • Marked as answer by cruiserbill Thursday, April 12, 2018 12:13 PM
    Tuesday, April 10, 2018 6:52 PM
    Moderator
  • I appreciate all the replies. That helps a bunch.
    Tuesday, April 10, 2018 9:11 PM
  • Hi,

    Thank you for posting here.

    If your issue has been resolved, please mark useful posts as answer.  The operation will help some people with same issue.

    Best Regards,

    Hart


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Wednesday, April 11, 2018 8:34 AM
    Moderator