Re: Code Group Security policy deployment

From: Marcelo Birnbach [MS] (mbirnbac_at_online.microsoft.com)
Date: 06/28/03

Next message: Marcelo Birnbach [MS]: "Re: Custom Principal Permission (non-CodeAccessPermission derived) not working"
Previous message: Michel Gallant: "key container and Certificate to publickeyblob utilities"
In reply to: Shel Blauman [MSFT]: "Re: Code Group Security policy deployment"
Next in thread: Marcelo Birnbach [MS]: "Re: Code Group Security policy deployment"
Reply: Marcelo Birnbach [MS]: "Re: Code Group Security policy deployment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 27 Jun 2003 15:24:21 -0700

Michael,

Don't try to modify these files manually. You can always use the public APIs
exposed in System.Security.Policy namespace.

Thanks,
Marcelo

"Shel Blauman [MSFT]" <sheldonb@online.microsoft.com> wrote in message
news:uC7lbO$ODHA.704@tk2msftngp13.phx.gbl...
> Almost all security info is kept in config files. For a list of the files
> see
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconsecurityconfigurationfiles.asp
>
> Shel
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
>
> "Michael Pucher" <mpucher@vertex.de> wrote in message
> news:O4PpPE7ODHA.1612@TK2MSFTNGP11.phx.gbl...
> > hello Shel,
> >
> > I've been using caspol for testing and development, but want to have a
> nicer
> > solution than run batch files on every system. Is there any way to
figure
> > out which registry entries caspol (or the .net framework configuration
> > wizard) makes? (other than using some tools from sysinternals.com)?
> >
> > thank you,
> >
> > Michael
> >
> > "Shel Blauman [MSFT]" <sheldonb@online.microsoft.com> schrieb im
> Newsbeitrag
> > news:OougTkzODHA.452@TK2MSFTNGP11.phx.gbl...
> > > Take a look at the article at
> > >
> >
>
http://www.msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/entsecpoladmin.asp,
> > > it mentions at least one alternative to MSI files,
> > >
> > > Can I write scripts to change security policy instead of distributing
> > > Microsoft Windows Installer package files?
> > > Yes. Using the Code Access Security Policy tool (Caspol.exe) you can
> write
> > > batch file scripts to affect security policy changes. As the first
> command
> > > in the script, enter caspol -pp off to turn the policy change prompt
> off,
> > > unless you are certain that has already been done on the current
> machine.
> > > You should script against code group names rather than their numeric
> > labels,
> > > since the labels can easily get reordered after a policy change. See
the
> > > .NET Framework SDK for more information on the Caspol tool.
> > >
> > >
> > > Shel
> > >
> > > --
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > > Use of included script samples are subject to the terms specified at
> > > http://www.microsoft.com/info/cpyright.htm
> > >
> > >
> > > "Michael Pucher" <mpucher@vertex.de> wrote in message
> > > news:%23S3dqPyODHA.1552@TK2MSFTNGP10.phx.gbl...
> > > > hello,
> > > >
> > > > I'm currently on the task to deploy a strong named assembly. I want
to
> > > > deploy the security policy either via group policies or by using an
> MSI
> > > > installation package. The strong named assembly is added as an own
> code
> > > > group under the Machine->All Code Node in the .net configuration.
When
> I
> > > > right click on Runtime Security Policy and click "Create deployment
> > > > package", I only have the option to select complete groups
> (Enterprise,
> > > > Machine or User). What happens when I select Machine in that case,
and
> > run
> > > > the installer on another system, where settings of existing code
> groups
> > > have
> > > > been changed or deleted? Will the settings be overwritten? Added
> again?
> > > Will
> > > > existing code groups which are not in the msi package be deleted?
> > > >
> > > > If you know any tools, that let me extract single code groups from
the
> > > > configuration for deployment, please let me know.
> > > >
> > > >
> > > > thank you,
> > > >
> > > > Michael Pucher
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Next message: Marcelo Birnbach [MS]: "Re: Custom Principal Permission (non-CodeAccessPermission derived) not working"
Previous message: Michel Gallant: "key container and Certificate to publickeyblob utilities"
In reply to: Shel Blauman [MSFT]: "Re: Code Group Security policy deployment"
Next in thread: Marcelo Birnbach [MS]: "Re: Code Group Security policy deployment"
Reply: Marcelo Birnbach [MS]: "Re: Code Group Security policy deployment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Outlook Express Read/Create Problem
... Michael, I have tried all that you suggest, except for registering ... > There are some causes for that, but I've not heard of them related to user rights. ... This sometimes fixes the ... > Cannot Type Text in Outlook Express or Internet Explorer ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)
Re: CryptAcquireContext and ERROR_FILE_NOT_FOUND ( 2L )
... This posting is provided "AS IS" with no warranties, and confers no rights. ... "Michael" wrote in message ... > running the application as local Administrator. ... > these particular accounts. ...
(microsoft.public.platformsdk.security)
Re: New ideas for rights organizations
... >>>coincide with Michael Jackson's money troubles? ... >>>rights $$$ goes to him anyway. ... Michael Jackson owning the publishing for some (or all, ...
(rec.music.makers.guitar.acoustic)
Re: "..system32 toskrnl.exe missing or corrupt"
... This posting is provided "AS IS" with no warranties, and confers no rights. ... "Michael" wrote in message ... "Windows could not start because the following file ...
(microsoft.public.windowsxp.general)