Re: Giving windows-based app execute permission

From: Shawn Farkas (shawnfa_at_online.microsoft.com)
Date: 04/22/04


Date: Wed, 21 Apr 2004 23:21:44 GMT

This is the exact solution I would recommend. It also has the added benefit of being able to produce other apps, and not having to modify the
policy. However, if you do this, you need to make sure to carefully guard your key pair, since anyone with access to that ends up with FullTrust on
every user's machine.

-Shawn
http://blogs.msdn.com/shawnfa

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Note:  For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they 
originated.  
--------------------
>Reply-To: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@removethis.accenture.com>
>From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@removethis.accenture.com>
>References: <938AD48C-92FC-4C38-8D2D-FC8F0C223708@microsoft.com>
>Subject: Re: Giving windows-based app execute permission
>Date: Wed, 21 Apr 2004 12:39:17 -0500
>Lines: 26
>Organization: Accenture
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
>Message-ID: <ePIPXe8JEHA.1312@TK2MSFTNGP12.phx.gbl>
>Newsgroups: microsoft.public.dotnet.security
>NNTP-Posting-Host: launchcenters.accenture.com 170.252.248.207
>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:5799
>X-Tomcat-NG: microsoft.public.dotnet.security
>
>You might consider signing the assembly with a strong name key and giving
>that key the specific permissions required so that you don't need to assign
>permissions based on the exact assembly.
>
>Joe K.
>
>"JKnight" <john.knight@jeyes.co.uk.NO_SPAM> wrote in message
>news:938AD48C-92FC-4C38-8D2D-FC8F0C223708@microsoft.com...
>> Dear All,
>>
>> We have a vb.net windows-based exe which is located on a network location
>and require client machines to be able to run it.
>>
>> The problem we have is that having assigned the assmebly full trust via
>the .Net wizard, when the assembly is modified on the network, i.e. a new
>version is released, the trust is lost on the client. We cannot go round
>each machine resetting trust each time a change is made to the assembly.
>>
>> How can I programmaticlly give the assembly the appropriate level of trust
>on whichever client machine it is to run?
>>
>> Thanks in advance.
>>
>> John
>
>
>