Re: Code Group Security policy deployment
From: Shel Blauman [MSFT] (sheldonb_at_online.microsoft.com)
Date: 06/25/03
- Next message: Tom Johnson: "Re: Windows Authentification against a list of users"
- Previous message: Michael Pucher: "Code Group Security policy deployment"
- In reply to: Michael Pucher: "Code Group Security policy deployment"
- Next in thread: Michael Pucher: "Re: Code Group Security policy deployment"
- Reply: Michael Pucher: "Re: Code Group Security policy deployment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Jun 2003 09:44:40 -0700
Take a look at the article at
http://www.msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/entsecpoladmin.asp,
it mentions at least one alternative to MSI files,
Can I write scripts to change security policy instead of distributing
Microsoft Windows Installer package files?
Yes. Using the Code Access Security Policy tool (Caspol.exe) you can write
batch file scripts to affect security policy changes. As the first command
in the script, enter caspol -pp off to turn the policy change prompt off,
unless you are certain that has already been done on the current machine.
You should script against code group names rather than their numeric labels,
since the labels can easily get reordered after a policy change. See the
.NET Framework SDK for more information on the Caspol tool.
Shel
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Michael Pucher" <mpucher@vertex.de> wrote in message news:%23S3dqPyODHA.1552@TK2MSFTNGP10.phx.gbl... > hello, > > I'm currently on the task to deploy a strong named assembly. I want to > deploy the security policy either via group policies or by using an MSI > installation package. The strong named assembly is added as an own code > group under the Machine->All Code Node in the .net configuration. When I > right click on Runtime Security Policy and click "Create deployment > package", I only have the option to select complete groups (Enterprise, > Machine or User). What happens when I select Machine in that case, and run > the installer on another system, where settings of existing code groups have > been changed or deleted? Will the settings be overwritten? Added again? Will > existing code groups which are not in the msi package be deleted? > > If you know any tools, that let me extract single code groups from the > configuration for deployment, please let me know. > > > thank you, > > Michael Pucher > >
- Next message: Tom Johnson: "Re: Windows Authentification against a list of users"
- Previous message: Michael Pucher: "Code Group Security policy deployment"
- In reply to: Michael Pucher: "Code Group Security policy deployment"
- Next in thread: Michael Pucher: "Re: Code Group Security policy deployment"
- Reply: Michael Pucher: "Re: Code Group Security policy deployment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
