Re: Altering .NET Security policy across domain
From: Trevor Lawrence (TrevorL@ise.canberra.edu.au)
Date: 02/06/03
- Next message: Shel Blauman [MSFT]: "Re: Issue with SecurityPermission"
- Previous message: Shel Blauman [MSFT]: "Re: .net asp web creation"
- In reply to: Sebastian Lange [MS]: "Re: Altering .NET Security policy across domain"
- Next in thread: Shel Blauman [MSFT]: "Re: Altering .NET Security policy across domain"
- Reply: Shel Blauman [MSFT]: "Re: Altering .NET Security policy across domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Trevor Lawrence" <TrevorL@ise.canberra.edu.au> Date: Thu, 6 Feb 2003 11:43:23 +1100
I can follow that up, but can I ask a more general question.
Students in our labs have "My Documents" on a network drive (and of course
their Home Directory is the same place). We would them to be able to build
and execute programs stored on their network storage. Out of the Box .NET
blocks all sorts of things in that environment. (Even an empty WinForms app
prangs when you close it with a security violation.) The alternative of
copying to a local location (on which they have write permission), working,
then copying back is rather ugly. We can't contemplate the student's
roaming profile including My Documents as it would be far too large to copy
down and back as a whole on each logon session. Also, staff regularly
provide ad hoc sample exes for students to look at, and these sit on a
network location.
It seems to me that the only reasonable way to operate is to have the
Intranet zone with the same security settings as the local machine. If
there is something else we can do, I'd love to hear it.
Trevor.
"Sebastian Lange [MS]" <slange@online.microsoft.com> wrote in message
news:#4Wxd8WzCHA.1620@TK2MSFTNGP11...
> If you need to run a specific set of managed apps from the Intranet, it
will
> be more secure to just introduce code groups based on the strong name or
> hash of those assemblies, instead of opening up the permissions for your
> whole intranet.
>
> there is an article on msdn that gives some hints as to your issue:
>
http://www.msdn.microsoft.com/library/en-us/dnnetsec/html/entsecpoladmin.asp
>
> Generally you want to follow the below steps:
>
> 1. Make you policy changes locally on some admin machine
> 2. Use the "Create Deployment Package" Option in the .Net Configuration
Tool
> (found under the administrative tools), you pick the policy level that
> should be deployed and the tool then creates an MSI out of it
> 3. Deploy the MSI via any enterprise wide deployment mechanism available
(GP
> is easiest, you can just drop the MSI on the GP node representing your
> intended deployment scope)
>
> You may also want to have a look at Ch 18 in
>
http://www.awprofessional.com/catalog/product.asp?product_id={DB5E4F2C-979D-
> 4749-9573-5974A50DE104}
>
> hope this helps
> -S
>
> "Trevor Lawrence" <TrevorL@ise.canberra.edu.au> wrote in message
> news:On#ydIWzCHA.2668@TK2MSFTNGP12...
> > I need to lighten up the .NET security settings for the Intranet zone
> across
> > all machines in the domain. Can I do this via group policy? Or is
there
> > some other way?
> >
> > Trevor Lawrence
> > School of Computing
> > University of Canberra
> >
> >
>
>
- Next message: Shel Blauman [MSFT]: "Re: Issue with SecurityPermission"
- Previous message: Shel Blauman [MSFT]: "Re: .net asp web creation"
- In reply to: Sebastian Lange [MS]: "Re: Altering .NET Security policy across domain"
- Next in thread: Shel Blauman [MSFT]: "Re: Altering .NET Security policy across domain"
- Reply: Shel Blauman [MSFT]: "Re: Altering .NET Security policy across domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
