Re: question about caspol.exe and strong names
From: Michael Pucher (mpucher_at_vertex.de)
Date: 07/02/03
- Next message: Shaun Wilde: "security and code groups"
- Previous message: Phanidhar: "How to get the username from the Certificate"
- In reply to: Shel Blauman [MSFT]: "Re: question about caspol.exe and strong names"
- Next in thread: Shel Blauman [MSFT]: "Re: question about caspol.exe and strong names"
- Reply: Shel Blauman [MSFT]: "Re: question about caspol.exe and strong names"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Jul 2003 12:13:23 +0200
hello Shel,
thanks for the reply. The code works, but do you think it's a good idea to
distribute executables via SMS or group policies to the local machines just
to add a code group to the machines security configuration? I don't know
much about SMS or group policies, how are files run by one of those tools
after login threated? Do they run as local programs? Are they trusted enough
to add code groups to the security configuration?
Again, do you think this is best practise to deploy a code group?
regards,
Michael
"Shel Blauman [MSFT]" <sheldonb@online.microsoft.com> schrieb im Newsbeitrag
news:eISHGI%23PDHA.2832@TK2MSFTNGP10.phx.gbl...
> You could set policy programmatically. I'm attaching code which creates
> custom permissions and code groups and adds them to the machine policy
> level. This would not affect preset policy on the machine, merely adds
new
> policy for the application you want to run.
>
> Shel
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
>
> "Michael Pucher" <mpucher@vertex.de> wrote in message
> news:O2%23FXA6PDHA.2160@TK2MSFTNGP11.phx.gbl...
> > hello world,
> >
> > I think I have to make some thing clear here. I should have been even a
> bit
> > more specific on wht I'm trying to achieve.
> > We have developed a smart document solution (Office 2003). The solution
is
> > an assembly, which is only loaded by the VSTO loader (Visual Studio
tools
> > for Office) of Office 2003 if the assembly is granted FullTrust. I do
not
> > want to bypass security checking. In that case,
> >
> > caspol.exe -security off
> >
> > would do just fine.
> >
> > Because I do not want to run around in the large enterprise of our
> customer
> > to set up a security policy on every machine. There are two ways to do
> this,
> > either using MSI-packages or runing batch files.
> >
> > MSI packages generated by the .net configuration console is the most
worse
> > option. Because it fully replaces the given group, this option is pretty
> > much useless. Imagine you develop a .net solution and replace the
machine
> > configuration on the target machine. Another company made changes to the
> > machine node, because their app required it. Their changes are lost and
> > their app no longer works correctly. Bad situation, do you think they
will
> > be happy?
> >
> > The other option is using batch files. But as I described, the -strong
> > switch of caspol requires -file too. As I don't know where the file will
> be
> > stored, the assembly may not even be on the target machine at that time,
> > caspol is also useless.
> >
> >
> > Doas anyone know how to get by that problem?
> >
> > thanks,
> > Michael
> >
> >
> >
> >
> > "Michael Pucher" <mpucher@vertex.de> schrieb im Newsbeitrag
> > news:uwiXw1xPDHA.2768@tk2msftngp13.phx.gbl...
> > > hello,
> > >
> > > I want to deploy a batch file that runs caspol to give FullTrust to my
> > > assembly on the machines across the enterprise. As caspol.exe wants
> > > the -file flag passed to the -strong flag, e.g.:
> > >
> > > caspol.exe -pp off -m -ag 1.1 -strong -file
> > > "C:\MySolution\Solution.dll" -noname -noversion FullTrust -d "Some
> > > description"
> > >
> > > but I don't know where Solution.dll will be on the client machines. I
> > would
> > > prefer something like:
> > >
> > > caspol.exe -pp off -m ag 1.1 -strong -KEY
> > > 0024000004800000940000000602000000240000525341310004000001000100493C
> > >
> >
>
0EF90F0AD7848B70F8914426CA80F5F9974B23F6B5F3DBE667E820A995F140F47B5246CC9BC7
> > > 58867AC3F994E9C162
> > >
> >
>
56D988B16C285B0CD310163F564F1FABC28161F06CAA2D53271E98AABFFCC1163034D0AB1D1B
> > > 8ED5992C171D4769
> > >
> >
>
935A8FB8E2B2A4EF16B57B8B909282351BA55A14FEE793564C88F79872F33108AC -noname -
> > > noversion FullTrust -d "Some description"
> > >
> > > this gives me an error because the -KEY argument is not correct. The
> .net
> > > configuration snap-in for MMC does the same, when you import the
public
> > key
> > > from the assembly. Please note that using the MMC-snap-in and the
> > > MSI-packages generated by the snap-in are not an option for me. Does
> > anyone
> > > know how to get by this?
> > >
> > > thanks,
> > >
> > > Michael
> > >
> > >
> >
> >
>
>
>
- Next message: Shaun Wilde: "security and code groups"
- Previous message: Phanidhar: "How to get the username from the Certificate"
- In reply to: Shel Blauman [MSFT]: "Re: question about caspol.exe and strong names"
- Next in thread: Shel Blauman [MSFT]: "Re: question about caspol.exe and strong names"
- Reply: Shel Blauman [MSFT]: "Re: question about caspol.exe and strong names"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
