Re: Giving windows-based app execute permission

From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 04/22/04


Date: Wed, 21 Apr 2004 23:21:44 GMT

This is the exact solution I would recommend. It also has the added benefit of being able to produce other apps, and not having to modify the
policy. However, if you do this, you need to make sure to carefully guard your key pair, since anyone with access to that ends up with FullTrust on
every user's machine.

-Shawn
http://blogs.msdn.com/shawnfa

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
originated.  
--------------------
>Reply-To: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@removethis.accenture.com>
>From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@removethis.accenture.com>
>References: <938AD48C-92FC-4C38-8D2D-FC8F0C223708@microsoft.com>
>Subject: Re: Giving windows-based app execute permission
>Date: Wed, 21 Apr 2004 12:39:17 -0500
>Lines: 26
>Organization: Accenture
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
>Message-ID: <ePIPXe8JEHA.1312@TK2MSFTNGP12.phx.gbl>
>Newsgroups: microsoft.public.dotnet.security
>NNTP-Posting-Host: launchcenters.accenture.com 170.252.248.207
>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:5799
>X-Tomcat-NG: microsoft.public.dotnet.security
>
>You might consider signing the assembly with a strong name key and giving
>that key the specific permissions required so that you don't need to assign
>permissions based on the exact assembly.
>
>Joe K.
>
>"JKnight" <john.knight@jeyes.co.uk.NO_SPAM> wrote in message
>news:938AD48C-92FC-4C38-8D2D-FC8F0C223708@microsoft.com...
>> Dear All,
>>
>> We have a vb.net windows-based exe which is located on a network location
>and require client machines to be able to run it.
>>
>> The problem we have is that having assigned the assmebly full trust via
>the .Net wizard, when the assembly is modified on the network, i.e. a new
>version is released, the trust is lost on the client. We cannot go round
>each machine resetting trust each time a change is made to the assembly.
>>
>> How can I programmaticlly give the assembly the appropriate level of trust
>on whichever client machine it is to run?
>>
>> Thanks in advance.
>>
>> John
>
>
>


Relevant Pages

  • Re: More on apps, shelf space
    ... The system could trust Spotlight plug-ins and Input Managers that ... even Apple provides installers for their products. ... Carbon apps are out in the cold. ... thing is a very rare case on the Mac platform. ...
    (comp.sys.mac.advocacy)
  • Re: For the AdaOS folks
    ... If you trust the code in a library never to deliberately (and to be unlikely ... code in a separate protection space, so that it is prevented from accessing ... do this is to make the less-than-completely trusted code into a program that ... > you're not using that many apps at any one time. ...
    (comp.lang.ada)
  • Re: How to start a application from Network-Folder?
    ... Be aware that if someone copies unauthorized apps to that share, they get full trust too. ... AppDomainSetup ads = new AppDomainSetup; ... n>> we write a lot of small intern applications using VS 2005 (2.0 ...
    (microsoft.public.dotnet.security)
  • Re: run app from network drive
    ... This will also allow you to distribute multiple apps without having to modify the security config again. ... >assign full trust to all apps with that key pair in the wizard. ... On each client we used the .net framework wizard to trust ...
    (microsoft.public.dotnet.security)
  • Re: Giving windows-based app execute permission
    ... You might consider signing the assembly with a strong name key and giving ... > We have a vb.net windows-based exe which is located on a network location ... and require client machines to be able to run it. ... the trust is lost on the client. ...
    (microsoft.public.dotnet.security)