CAS deployment via group policy problem

From: Kirk Sinnard (kirks_at_NOSPAM)
Date: 11/11/04

• Next message: Chris Mohan: "RE: System.UnauthorizedAccessException"
• Previous message: S. Pidgorny : "RE: using personal signatures for remote authentication"
• Next in thread: Eugene V. Bobukh [MS]: "Re: CAS deployment via group policy problem"
• Reply: Eugene V. Bobukh [MS]: "Re: CAS deployment via group policy problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 10 Nov 2004 17:59:57 -0600

I am trying to use the .Net Configuration 1.1 snap-in to create an
Enterprise Code Access Security Policy Deployment Package. This seems
to be successful in that the appropriate msi is created. I then
attempt to deploy it to a computer by assigning the msi via the
software installation group policy. Again after a few reboots this
seems to be successful.

There seems to be a catch though when I want to REDEPLOY the
Enterprise Code Access Security Policy Deployment Package. I make
changes to the Enterprise Code Access Security Policy and recreate the
msi. I then redeploy it via computer software installation group
policy. All seems to go well but the changes that should be indicated
in the msi aren't actually made. Does anyone know why this is the
case? And can this be corrected?

The following is just a running account of what I have done:

-- The .NET Framework Enterprise Code Access Security Policy msi was
removed from computer software installation group policy and then
reinstalled (to clean up from previous testing)
-- the workstation was then rebooted and the following app event log
entries were observed.

Event Type: Warning
Event Source: Application Management
Event Category: None
Event ID: 101
Date: 11/10/04
Time: 5:13:38 PM
User: NT AUTHORITY\SYSTEM
Computer: PTC-10
Description:
The assignment of application .NET Framework Enterprise Code Access
Security Policy from policy SecDep Group Policy Object failed. The
error was : The group policy framework should call the extension in
the synchronous foreground policy refresh.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Application Management
Event Category: None
Event ID: 103
Date: 11/10/04
Time: 5:13:38 PM
User: NT AUTHORITY\SYSTEM
Computer: PTC-10
Description:
The removal of the assignment of application .NET Framework Enterprise
Code Access Security Policy from policy SecDep Group Policy Object
failed. The error was : The group policy framework should call the
extension in the synchronous foreground policy refresh.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: Application Management
Event Category: None
Event ID: 108
Date: 11/10/04
Time: 5:13:38 PM
User: NT AUTHORITY\SYSTEM
Computer: PTC-10
Description:
Failed to apply changes to software installation settings. Software
installation policy application has been delayed until the next logon
because an administrator has enabled logon optimization for group
policy. The error was : The group policy framework should call the
extension in the synchronous foreground policy refresh.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

-- the workstation was rebooted as somewhat indicated by above log
entries and the following app event log entries were observed and .NET
Framework Enterprise Code Access Security Policy was as expected

Event Type: Information
Event Source: MsiInstaller
Event Category: None
Event ID: 11724
Date: 11/10/04
Time: 5:19:53 PM
User: NT AUTHORITY\SYSTEM
Computer: PTC-10
Description:
Product: .NET Framework Enterprise Code Access Security Policy --
Removal completed successfully.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 43 39 39 34 37 43 43 {C9947CC
0008: 30 2d 36 38 32 35 2d 34 0-6825-4
0010: 36 30 37 2d 39 39 33 32 607-9932
0018: 2d 42 44 31 38 35 30 44 -BD1850D
0020: 31 30 38 31 31 7d 10811}

Event Type: Information
Event Source: Application Management
Event Category: None
Event ID: 303
Date: 11/10/04
Time: 5:19:53 PM
User: NT AUTHORITY\SYSTEM
Computer: PTC-10
Description:
The removal of the assignment of application .NET Framework Enterprise
Code Access Security Policy from policy SecDep Group Policy Object
succeeded.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Information
Event Source: Application Management
Event Category: None
Event ID: 301
Date: 11/10/04
Time: 5:19:53 PM
User: NT AUTHORITY\SYSTEM
Computer: PTC-10
Description:
The assignment of application .NET Framework Enterprise Code Access
Security Policy from policy SecDep Group Policy Object succeeded.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

-- changes were made to a .NET Framework Enterprise Code Access
Security Policy copy and a new msi was created and was redployed via
gp
-- the workstation was then rebooted and the following app event log
entries were observed.

Event Type: Warning
Event Source: Application Management
Event Category: None
Event ID: 108
Date: 11/10/04
Time: 5:32:03 PM
User: NT AUTHORITY\SYSTEM
Computer: PTC-10
Description:
Failed to apply changes to software installation settings. Software
installation policy application has been delayed until the next logon
because an administrator has enabled logon optimization for group
policy. The error was : The group policy framework should call the
extension in the synchronous foreground policy refresh.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

-- the workstation was rebooted asindicated by above log entry and the
following app event log entries were observed but .NET Framework
Enterprise Code Access Security Policy DID NOT CHANGE as expected for
redeployed msi

Event Type: Information
Event Source: Application Management
Event Category: None
Event ID: 308
Date: 11/10/04
Time: 5:36:53 PM
User: NT AUTHORITY\SYSTEM
Computer: PTC-10
Description:
Changes to software installation settings were applied successfully.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

-- for good measure the workstation was rebooted again but .NET
Framework Enterprise Code Access Security Policy DID NOT CHANGE as
expected for redeployed msi

---

• Next message: Chris Mohan: "RE: System.UnauthorizedAccessException"
• Previous message: S. Pidgorny : "RE: using personal signatures for remote authentication"
• Next in thread: Eugene V. Bobukh [MS]: "Re: CAS deployment via group policy problem"
• Reply: Eugene V. Bobukh [MS]: "Re: CAS deployment via group policy problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages .NET Framework CAS Policy Group Policy Deployment ... Enterprise Code Access Security Policy Deployment Package. ... The assignment of application .NET Framework Enterprise Code Access ... (microsoft.public.windows.group_policy) Re: CAS deployment via group policy problem ... We had a known issue with Policy Deployment when the package with a name that has been used before could not be installed if target machine's Windows Installer version is less than 2.00.2600.0. ... I then> attempt to deploy it to a computer by assigning the msi via the> software installation group policy. ... > The assignment of application .NET Framework Enterprise Code Access> Security Policy from policy SecDep Group Policy Object failed. ... (microsoft.public.dotnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.security  > 2004-11