Re: Code Group Security policy deployment

From: Marcelo Birnbach [MS] (mbirnbac_at_online.microsoft.com)
Date: 06/28/03 

Date: Fri, 27 Jun 2003 15:31:54 -0700

Sorry, forgot to mention this class: System.Security.SecurityManager

Thanks,
Marcelo

"Marcelo Birnbach [MS]" <mbirnbac@online.microsoft.com> wrote in message
news:%23cEjcrPPDHA.560@TK2MSFTNGP10.phx.gbl...
> Michael,
>
> Don't try to modify these files manually. You can always use the public
APIs
> exposed in System.Security.Policy namespace.
>
> Thanks,
> Marcelo
>
>
> "Shel Blauman [MSFT]" <sheldonb@online.microsoft.com> wrote in message
> news:uC7lbO$ODHA.704@tk2msftngp13.phx.gbl...
> > Almost all security info is kept in config files. For a list of the
files
> > see
> >
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconsecurityconfigurationfiles.asp
> >
> > Shel
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > Use of included script samples are subject to the terms specified at
> > http://www.microsoft.com/info/cpyright.htm
> >
> >
> > "Michael Pucher" <mpucher@vertex.de> wrote in message
> > news:O4PpPE7ODHA.1612@TK2MSFTNGP11.phx.gbl...
> > > hello Shel,
> > >
> > > I've been using caspol for testing and development, but want to have a
> > nicer
> > > solution than run batch files on every system. Is there any way to
> figure
> > > out which registry entries caspol (or the .net framework configuration
> > > wizard) makes? (other than using some tools from sysinternals.com)?
> > >
> > > thank you,
> > >
> > > Michael
> > >
> > > "Shel Blauman [MSFT]" <sheldonb@online.microsoft.com> schrieb im
> > Newsbeitrag
> > > news:OougTkzODHA.452@TK2MSFTNGP11.phx.gbl...
> > > > Take a look at the article at
> > > >
> > >
> >
>
http://www.msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/entsecpoladmin.asp,
> > > > it mentions at least one alternative to MSI files,
> > > >
> > > > Can I write scripts to change security policy instead of
distributing
> > > > Microsoft Windows Installer package files?
> > > > Yes. Using the Code Access Security Policy tool (Caspol.exe) you can
> > write
> > > > batch file scripts to affect security policy changes. As the first
> > command
> > > > in the script, enter caspol -pp off to turn the policy change prompt
> > off,
> > > > unless you are certain that has already been done on the current
> > machine.
> > > > You should script against code group names rather than their numeric
> > > labels,
> > > > since the labels can easily get reordered after a policy change. See
> the
> > > > .NET Framework SDK for more information on the Caspol tool.
> > > >
> > > >
> > > > Shel
> > > >
> > > > --
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > > Use of included script samples are subject to the terms specified at
> > > > http://www.microsoft.com/info/cpyright.htm
> > > >
> > > >
> > > > "Michael Pucher" <mpucher@vertex.de> wrote in message
> > > > news:%23S3dqPyODHA.1552@TK2MSFTNGP10.phx.gbl...
> > > > > hello,
> > > > >
> > > > > I'm currently on the task to deploy a strong named assembly. I
want
> to
> > > > > deploy the security policy either via group policies or by using
an
> > MSI
> > > > > installation package. The strong named assembly is added as an own
> > code
> > > > > group under the Machine->All Code Node in the .net configuration.
> When
> > I
> > > > > right click on Runtime Security Policy and click "Create
deployment
> > > > > package", I only have the option to select complete groups
> > (Enterprise,
> > > > > Machine or User). What happens when I select Machine in that case,
> and
> > > run
> > > > > the installer on another system, where settings of existing code
> > groups
> > > > have
> > > > > been changed or deleted? Will the settings be overwritten? Added
> > again?
> > > > Will
> > > > > existing code groups which are not in the msi package be deleted?
> > > > >
> > > > > If you know any tools, that let me extract single code groups from
> the
> > > > > configuration for deployment, please let me know.
> > > > >
> > > > >
> > > > > thank you,
> > > > >
> > > > > Michael Pucher
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Modify default replication wait period in ADAM
    ... This posting is provided "AS IS" with no warranties, and confers no rights ... > Use of included script samples are subject to the terms specified at ... >> I am trying to find out how to modify the default amount of time an ADAM ... > instance waits to push a directory change to a member of a replica set. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Modifying data in complex type
    ... Michael, ... syntax incorrect somewhere, or my predicates weren't correct, or something. ... >> modify() ... >>> update the old tree with the new one. ...
    (microsoft.public.sqlserver.xml)
  • Re: SQLXML and column name with hypen (-)
    ... one) from an external system, I need to modify it on my side to solve ... >> Hi Michael, ... Below is my actual xml file with ...
    (microsoft.public.sqlserver.xml)
  • RE: Forms loading slowly
    ... "Michael" wrote: ... "John Germany" wrote: ... Lately my forms have been taking up to 10 seconds to load when I modify or ...
    (microsoft.public.fox.programmer.exchange)
  • Re: working with pointers
    ... Michael wrote: ... Traceback: ... looks like you get an AttributeError. ... So, as you can see, since 'a' and 'b' are both names referring to the same object, when you modify the object referred to by 'a', you are also modifying the object referred to by 'b'. ...
    (comp.lang.python)