RE: Permissions Questions

From: Shawn Farkas [MS] (shawnfa_at_online.microsoft.com)
Date: 01/25/05

  • Next message: Shawn Farkas [MS]: "Re: sn.exe -Vr assembly" 
    Date: Tue, 25 Jan 2005 22:30:09 GMT

    The CAS security model does not fit in anywhere on the OSI stack. The DNS
    permission you're referring to actually only determines if an application
    is allowed to resolve DNS addresses, it doesn't have anything to do with
    the actual DNS resolution itself. CAS permissions actually sit on top of
    NT permissions as well.
    (http://blogs.msdn.com/shawnfa/archive/2004/12/15/315992.aspx for more
    information on that). In fact, an application that runs in the CLR and
    uses the CAS system may never access the network at all!

    -Shawn
    http://blogs.msdn.com/shawnfa
    --
    This posting is provided "AS IS" with no warranties, and confers no rights.
     

    Note:
    For the benefit of the community-at-large, all responses to this message
    are best directed to the newsgroup/thread from which they originated.
    --------------------
    > Thread-Topic: Permissions Questions
    > thread-index: AcUDDAb3Lu8C7z6lQoCkQa5qaeNVPw==
    > X-WBNR-Posting-Host: 208.248.162.220
    > From: =?Utf-8?B?c2F2YW50ZWQxQGhvdG1haWwuY29t?=
    <savanted1hotmailcom@discussions.microsoft.com>
    > Subject: Permissions Questions
    > Date: Tue, 25 Jan 2005 10:31:04 -0800
    > Lines: 8
    > Message-ID: <63641FB6-D17A-47DC-92BA-7ED717267EDE@microsoft.com>
    > MIME-Version: 1.0
    > Content-Type: text/plain;
    > charset="Utf-8"
    > Content-Transfer-Encoding: 7bit
    > X-Newsreader: Microsoft CDO for Windows 2000
    > Content-Class: urn:content-classes:message
    > Importance: normal
    > Priority: normal
    > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    > Newsgroups: microsoft.public.dotnet.security
    > NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
    > Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
    > Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:8840
    > X-Tomcat-NG: microsoft.public.dotnet.security
    >
    > Dear, Microsoft Corporation
    >
    > Would the Permissions architecture be considered to operate at the
    Session
    > Layer of the OSI model? The reason I state this is due in part to the
    fact
    > that it has DNS incorporated within its confines.
    >
    > Regards,
    >
    >

  • Next message: Shawn Farkas [MS]: "Re: sn.exe -Vr assembly"

    Relevant Pages

    • Microsoft Secure DNS and Authenticated Users group interdependencies
      ... I would really appreciate anyone who considers themselves DNS experts to take a good look at this post. ... Only if Authenticated Users group has a write access will the record update. ... If the a record is set with default permissions and Authenticated Users has elevated permissions set, after the client's successfully updates the record, the client is added to the ACE with WRITE permissions and Authenticated Users permissions get reset. ...
      (microsoft.public.windows.server.dns)
    • Re: External Trust - unable to assign permissions
      ... I have resolved the unable to assign permissions problem. ... security authority cannot be contacted", and no objects can be found. ... I was reluctant to get into the DNS configuration due to the fact they we ... DNS servers. ...
      (microsoft.public.windows.server.networking)
    • Re: Microsoft Secure DNS and Authenticated Users group interdependencies
      ... I really like to understand how MS secure DNS process works and WHY does MS DNS in such an interesting relationship with Authenticated Users group. ... If the a record is set with default permissions and Authenticated Users has elevated permissions set, after the client's successfully updates the record, the client is added to the ACE with WRITE permissions and Authenticated Users permissions get reset. ...
      (microsoft.public.windows.server.dns)
    • Re: appears to loose authentication
      ... For the original OP certainly check the permissions on the folder the user ... Active Directory domain make sure that ONLY domain controllers that are DNS ... fact that the wrong DNS server is being used, such as an ISP DNS server that ...
      (microsoft.public.security)
    • Re: .NET CAS vs OS security
      ... CAS won't come into play if your assembly is installed on the local file ... absolutely no interaction between CAS permissions and OS permissions. ... is layered over the top of the OS security and they are based on two totally ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
      (microsoft.public.dotnet.security)