Configuring Security for Visual Studio Analyzer on Windows NT

Visual Studio Analyzer ships with security open. You can increase the security settings to reflect your site's needs. To increase the security settings, you need to complete the following steps:

  1. Set the Visual Studio Analyzer server to run as a domain user.

  2. Restrict access to the Visual Studio Analyzer server to specific users.

  3. Restrict access to the Visual Studio Analyzer client.

  4. Edit the registry on the Visual Studio Analyzer server to enable security checking.

  5. Edit the registry on the Visual Studio Analyzer client to enable security checking.

These steps are described in the following procedures.

Note:   You need to configure security on a per-machine basis for any machine on which you are running the Visual Studio Analyzer server or client.

Before You Begin

Before you begin configuring security, make sure you have a user account on your domain under which the Visual Studio Analyzer server can run. This user account can be your own user ID, a user ID shared by your group, or even a user ID you create specficially for Visual Studio Analyzer. In order to configure security, you will need to know the password for this user account as well as the user ID.

The procedure for setting the Visual Studio Analyzer server to run as a domain user and the procedures for restricting access all use DCOMCNFG, a configuration utility intended for configuring DCOM-specific settings in the registry. DCOMCNFG is shipped with Windows NT but is not added to the Start menu or to any groups. You must start DCOMCNFG using the Run command on the Start menu.

For more information on using DCOMCNFG to configure access and launch permissions, search for "DCOMCNFG" in MSDN Library Visual Studio 6.0.

To set the Visual Studio Analyzer server to run as a domain user

  1. Start DCOMCNFG.

  2. On the Applications tab, select MSVSA Local Event Concentrator Class (scroll down if necessary).

  3. Click Properties.

  4. Click the Identity tab.

  5. Select This user and complete the User, Password, and Confirm Password boxes. In the User box, specify the user ID for the account on your domain under which you want the Visual Studio Analyzer server to run. Use the form domain name\user ID.

  6. Click Apply.

To restrict access to the Visual Studio Analyzer server to specific users

  1. Start DCOMCNFG, if necessary.

  2. On the Applications tab, select MSVSA Local Event Concentrator Class (scroll down if necessary).

  3. Click Properties.

  4. Click the Security tab.

  5. Select Use custom access permissions and click Edit.

    The Registry Value Permissions dialog box appears. This dialog box lists the known users who currently have (or are denied) access to the machine.

  6. Add the specific users to whom you want to allow access to the Visual Studio Analyzer server on this machine, and remove any users to whom you want to deny access.

    • Click Add to add users, one at a time. Make sure you add the SYSTEM account as a user. This is required in order to connect to the machine. Make sure you also add the user ID under which the Visual Studio Analyzer Server is running. This is required in order to see measured events from this machine.

      To add users, you can either select a name from the Names box, or type a specific name (in the form domain name\user ID) in the Add Names box. Use the Type of Access box to allow or deny access. Click OK to add the user to the list.

    • Click Remove to remove users, one at a time. In the list, select the user you want to remove, then click Remove.

  7. When you are satisfied with the list of users in the Registry Value Permissions dialog box, click OK.

To restrict access to the Visual Studio Analyzer client

  1. Start DCOMCNFG, if necessary.

  2. On the Applications tab, select Microsoft Development Environment (scroll down if necessary).

  3. Click Properties.

  4. Click the Security tab.

  5. Select Use custom access permissions and click Edit.

  6. Make sure that the user ID you specified for the Visual Studio Analyzer server to run under is included in the list of users, as well as the SYSTEM account and any users you want to be able to run Visual Studio Analyzer. To add a user ID, click Add and then add the user ID. Repeat until all user IDs are added.

  7. Click OK, then click OK twice more to stop Dcomcnfg.exe.

To edit the registry to enable security checking on the Visual Studio Analyzer server

  1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\6.0\Analyzer and select Analyzer.

  2. Click Edit, point to New, and click Key.

  3. Replace the supplied name of the key with Security and press Enter.

  4. Click Edit, point to New, and click DWORD Value.

  5. Replace the supplied name of the value with Enable.

  6. Double-click Enable to display the Edit DWORD Value dialog box.

  7. Type 1 in the Value data box and click OK.

To edit the registry to enable security checking on the Visual Studio Analyzer client

  1. Start regedit.

  2. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\VisualStudio\6.0 and select the 6.0 key.

  3. Click Edit, point to New, and click DWORD Value.

  4. Replace the supplied name of the value with EnableSecurity and press Enter.

  5. Double-click EnableSecurity to display the Edit DWORD Value dialog box.

  6. Type 1 in the Value data box and click OK.

Troubleshooting Security Problems

If you are having problems seeing particular measured events in the Filter Editor, the user ID under which the Visual Studio Analyzer Server is running might not have the necessary permissions. These permissions vary depending on the type of measured event.