Re: Trust An Assembly (With Updates)

From: Dave Jefferson (david.jeffersd_at_REMOVETHISkbcfp.com)
Date: 10/30/03

• Next message: Roge: "ASP.NET Directory Error"
• Previous message: Crirus: "Assambly dll over internet"
• In reply to: Jason Garland \(Secure Access Pty Ltd\): "Re: Trust An Assembly (With Updates)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

To: "Jason Garland (Secure Access Pty Ltd)" <Jase@SecureAccess.Com.Au>
Date: Thu, 30 Oct 2003 09:29:17 -0000

On Fri, 24 Oct 2003 08:42:20 +1000, Jason Garland (Secure Access Pty Ltd)
<Jase@SecureAccess.Com.Au> wrote:

I don't know of any way of pushing this out from a server except:
1. Use Group policy to install the msi package which you can generate from
the management console.
2. All this really does is edit the file
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Config\security.config. So if
you simply distribute this file to all your client PCs then you will be
fine. This is an XML file and it is quite easy to read and see what is
changing.

As for caspol I havn't tried this but it definitely looks like this should
be possible. I havn't done this, but I guess something along the lines of:
caspol -machine -addgroup MyGroup -strong -file MySignedAssembly.dll
MySignedAssembly -noversion Everything

Where MySignedAssembly.dll is an assembly signed with your key.

I you already use Group Policy on your servers to deploy software then the
MSI route is probably the easiest to go for.

Dave

> Thats Great
>
> 2 Quick Questions.
>
> a) Do you know of away of doing this via CASPOL or some other scripting ?
>
> b) Do you know if this can be pushed out in Dot Net Security (from
> Server to
> Clients)
>
> With THanks
>
> Jase

-- 
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

---

• Next message: Roge: "ASP.NET Directory Error"
• Previous message: Crirus: "Assambly dll over internet"
• In reply to: Jason Garland \(Secure Access Pty Ltd\): "Re: Trust An Assembly (With Updates)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: GPO error no appropriate rights ... Thank you for posting in the SBS newsgroup. ... Install the Windows Small Business Server 2003 Update for Windows XP ... go to Group Policy Management -> ... DomainName.local -> Small Business Server Client Computer ... (microsoft.public.windows.server.sbs) Re: "Windows cannot access the file gpt.ini for GPO" - Events 1058 and 1030 on XP client o ... fails (client independent). ... I can open the gpt.ini file on both server via SYSVOL share with notepad. ... Remote Registry and TCP/IP NetBIOS Helper services aren't running but their ... failed to open the group policy object ... (microsoft.public.windows.group_policy) RE: My documents synchronization. How to stop? ... a new domain on the full server2003, some of the old client machines still ... try to synchronize with the SBS server. ... 2.Restart the problematic client computer to take the group policy effect. ... 6.Make sure that folder redirection group policy have listed in applied ... (microsoft.public.windows.server.sbs) Re: Client Synchronization errors after new install of server ... The clients will have to regenerate SID's, as the reloaded server is considered to be a different domain. ... The second error is with the Group Policy. ... The client workstations seems to still have some of the old policy. ... USERENV07:26:06:354 UnloadUserProfileP: Didn't unload user profile ... (microsoft.public.windows.server.sbs) RE: GP in Terminal server ... If the client uses Windows XP, please run Regedit to change the permissions ... >correct DNS server address. ... >Resource Kit) to troubleshoot group policy issues. ... (microsoft.public.windows.group_policy)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2003-10