Everybody knows that developing as an admin on the local box is inherently evil, however, most people continue to do so because there is always something that you need to do with elevated privileges. Well, twice over the weekend I read about developing as a non admin and now feel convinced that this is viable. The first piece was by Keith Brown in his excellent book The .NET Developer's Guide to Windows Security. Secondly, over on Aaron Margosis' Blog.
Both Keith and Aaron suggest great techniques for elevating your privileges when needed and also how to temporarily make your LUA account an admin account for all those times when you need to install a piece of software with admin privileges. Aaron even recommends having a local administrator account without a password in some circumstances(bet that makes you go read his blog)! With this information in hand, we can all avoid LUA bugs when we deploy our newly minted software to users. So do it now!
***UPDATE***
There is one gotcha that caught me out for a second, my surname is quite long and is used as part of my laptop machine name, this made the total length of the machine name over 15 characters. If you are in the same position and you are trying to use a local account for admin privileges, then only put in the first 15 characters of the machine name as follows:
for the computer myverylongmachinename I have the account root which is the admin user that I want for elevated privileges...A suitable runas command would be:
runas /user:myverylongmachi\root