Re: Permissions

From: Andreas Håkansson (andreas.hakansson_at_nospam.com)
Date: 10/08/04


Date: Fri, 8 Oct 2004 14:38:56 +0200

Please correct me if I'm wrong. But can't permissions be set at an
enterprise level?
If so then wouldn't it be possible to provide custom evidence for the
assembly, such
as a strong-name, and grant code with the evidence higher permission ?

//Andreas

"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> skrev i meddelandet
news:%23jjWV7SrEHA.2856@TK2MSFTNGP10.phx.gbl...
> The problem lies with your application requiring permissions that are not
> granted by default to code running from the intranet zone. You'll need to
> alter the local CAS policy settings on each client machine in order to
> allow your application to run from the network share. The first step is
> deciding what policy modifications to make. The usual approach is to sign
> your assemblies (authenticode or strong name), then add a code group to
> either the machine or enterprise policy levels (as appropriate to the
> target environment) in order to grant elevated permissions to code signed
> in the selected manner.
>
> Once you've decided on the policy changes, you'll need to deploy them.
> The two simplest methods are:
>
> 1. Create a policy MSI package. See
> http://blogs.msdn.com/shawnfa/archive/2004/09/07/226530.aspx for
> instructions.
>
> 2. Run caspol.exe
> (http://msdn.microsoft.com/library/en-us/cptools/html/cpgrfcodeaccesssecuritypolicyutilitycaspolexe.asp)
> with appropriate arguments.
>
> In either case, domain login scripts or other infrastructure tools may be
> available to aid with the deployment. Your network administrator(s)
> should be able to help you choose the least-effort approach.
>
> HTH,
> Nicole
>
>
> "J.MOUZAKIS" <JMOUZAKIS@discussions.microsoft.com> wrote in message
> news:B3336EA8-9AD7-4669-9F1A-3CF899864041@microsoft.com...
>>I install my application on one machine (backdesk)
>>
>> I create a shortcut pointing to \\backdesk\c:\...\...exe on another
>> machine
>>
>> When I open a form that uses oledb connection I get the message that
>> "Request of permission of type OledbPermission for public key token ....
>> failed
>>
>> Is there a way I can
>> "Nicole Calinoiu" wrote:
>>
>>> How is your assembly being deployed to these machines?
>>>
>>>
>>> "J.MOUZAKIS" <JMOUZAKIS@discussions.microsoft.com> wrote in message
>>> news:0114879F-1921-43B1-9997-BB1409DCE086@microsoft.com...
>>> > How can I grant my assembly the required permissions for it to work on
>>> > enery
>>> > machine of a local network
>>> > --
>>> > J.MOUZAKIS
>>>
>>>
>>>
>
>



Relevant Pages

  • Re: [RFC][PATCH] Privilege dropping security module
    ... dpriv.c contains the struct security_operations hooks for dpriv. ... You're masking file permissions. ... And stick with your namespace, ... * Parse policy lines one at a time. ...
    (Linux-Kernel)
  • [RFC][PATCH] Privilege dropping security module
    ... dpriv.c contains the struct security_operations hooks for dpriv. ... * under the terms of the GNU General Public License as published by the Free ... * Parse policy lines one at a time. ... * Open file descriptors and their implied permissions based on @policy ...
    (Linux-Kernel)
  • Re: Access to Network and Dial-Up Connections blocked
    ... John John wrote: ... if a NoPropertiesMyComputer policy exists: ... I re-enabled Remove Network Connection from ... If this is a permissions issue check and make sure that you have ...
    (microsoft.public.win2000.general)
  • Re: Automated logoff using Winexit.scr
    ... New OU - New Policy ... Settings: Configure this key then Propogate inheritable permissions to ... Permissions granted: Authenticated Users: Read/Special ... test GPO linked to it trying to accomplish that and move a couple computers ...
    (microsoft.public.windows.group_policy)
  • Re: Trouble with Win2003 Folder Redirection Policy
    ... giving NTFS permissions to that group. ... From what information you've given me the policy is correct as long as ... The user's home folder in the profile section of the AD has been ... updated to the new server as well. ...
    (microsoft.public.windows.server.general)