Re: Code Group Security policy deployment
From: Michael Pucher (mpucher_at_vertex.de)
Date: 06/26/03
- Next message: Bat'on: "IPrincipal hack?"
- Previous message: Michael Giagnocavo [MVP]: "Re: Windows Authentification against a list of users"
- In reply to: Shel Blauman [MSFT]: "Re: Code Group Security policy deployment"
- Next in thread: Shel Blauman [MSFT]: "Re: Code Group Security policy deployment"
- Reply: Shel Blauman [MSFT]: "Re: Code Group Security policy deployment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Jun 2003 09:07:03 +0200
hello Shel,
I've been using caspol for testing and development, but want to have a nicer
solution than run batch files on every system. Is there any way to figure
out which registry entries caspol (or the .net framework configuration
wizard) makes? (other than using some tools from sysinternals.com)?
thank you,
Michael
"Shel Blauman [MSFT]" <sheldonb@online.microsoft.com> schrieb im Newsbeitrag
news:OougTkzODHA.452@TK2MSFTNGP11.phx.gbl...
> Take a look at the article at
>
http://www.msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/entsecpoladmin.asp,
> it mentions at least one alternative to MSI files,
>
> Can I write scripts to change security policy instead of distributing
> Microsoft Windows Installer package files?
> Yes. Using the Code Access Security Policy tool (Caspol.exe) you can write
> batch file scripts to affect security policy changes. As the first command
> in the script, enter caspol -pp off to turn the policy change prompt off,
> unless you are certain that has already been done on the current machine.
> You should script against code group names rather than their numeric
labels,
> since the labels can easily get reordered after a policy change. See the
> .NET Framework SDK for more information on the Caspol tool.
>
>
> Shel
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
>
> "Michael Pucher" <mpucher@vertex.de> wrote in message
> news:%23S3dqPyODHA.1552@TK2MSFTNGP10.phx.gbl...
> > hello,
> >
> > I'm currently on the task to deploy a strong named assembly. I want to
> > deploy the security policy either via group policies or by using an MSI
> > installation package. The strong named assembly is added as an own code
> > group under the Machine->All Code Node in the .net configuration. When I
> > right click on Runtime Security Policy and click "Create deployment
> > package", I only have the option to select complete groups (Enterprise,
> > Machine or User). What happens when I select Machine in that case, and
run
> > the installer on another system, where settings of existing code groups
> have
> > been changed or deleted? Will the settings be overwritten? Added again?
> Will
> > existing code groups which are not in the msi package be deleted?
> >
> > If you know any tools, that let me extract single code groups from the
> > configuration for deployment, please let me know.
> >
> >
> > thank you,
> >
> > Michael Pucher
> >
> >
>
>
- Next message: Bat'on: "IPrincipal hack?"
- Previous message: Michael Giagnocavo [MVP]: "Re: Windows Authentification against a list of users"
- In reply to: Shel Blauman [MSFT]: "Re: Code Group Security policy deployment"
- Next in thread: Shel Blauman [MSFT]: "Re: Code Group Security policy deployment"
- Reply: Shel Blauman [MSFT]: "Re: Code Group Security policy deployment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
