Visual Studio Remote Debugger Service user account requirements

I was asked today -- Why does the Visual Studio Remote Debugger Service need to be run as an administrator?

Since it doesn't appear that this information is documented, I figured I would provide an answer. Running the remote debugger service as an administrator is really a recommendation rather than a requirement. The actual requirement is:

1. Account must have the 'logon as service' privilege
2. Account must be able to connect 'backwards' to the Visual Studio computer over the network. For this reason, on a domain, its easiest if the service is running under Local System, Network Service, or a domain account.  If you want to run it as a local account see: https://blogs.msdn.com/greggm/archive/2004/10/04/237519.aspx
3. Account must have rights to debug the target process. This means the service needs to either run under the same account as the process to be debugged, or the service needs to run as an administrator. 

We recommend running the service as an administrator because:

1. The service only allows connections from administrators, so there is no security reason why running it as an administrator is bad.
2. Running it without administrative privileges may put the user in a situation where the Visual Studio user has access to debug a particular process, but since the remote debugging service lacks these rights the Visual Studio user is not allowed to debug the process.
3. It’s a  lot easier to setup this way, and there is enough that can go wrong with remote debugging already.