Re: HOWTO Run CASPOL for full trust on UserControl.

From: "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com>
Date: Tue, 7 Feb 2006 16:49:17 -0500

"ATS" <ATS@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4C5AB90F-59DC-4495-A144-17DF040EE881@xxxxxxxxxxxxxxxx

How would most organizations apply CASPOL at machine level?

Exactly the same way as automating enterprise-level CAS policy modifications
(e.g.: network login script).

That is, without
physically going to each machine (or term serving to each machine one at a
time) and running "CASPOL -machine ~~~~", how would they do it?

Then, how would administrators be able to "verify" that ALL machines in
their enterprise had the CASPOL set? That is, without going to each
machine,
or term serving to each machine, one at a time, how would they be able to
confirm that a "CASPOL -machine ~~~~" setting was still set?

Why are you worried about changes to machine-level CAS policy but not to
enterprise-level policy? Both policy files are covered by the same DACLs,
and any changes a user might choose to make to the machine-level policy
could just as easily be made to the enterprise-level policy. In either
case, if you really want to monitor the policy on any given machine, it
would be possible for a network admin to either run caspol via a script or
simply grab the policy XML files.

.

Follow-Ups:
- Re: HOWTO Run CASPOL for full trust on UserControl.
  - From: Dominick Baier [DevelopMentor]

References:
- Re: HOWTO Run CASPOL for full trust on UserControl.
  - From: Nicole Calinoiu
- Re: HOWTO Run CASPOL for full trust on UserControl.
  - From: Nicole Calinoiu

Prev by Date: Re: HOWTO Run CASPOL for full trust on UserControl.
Next by Date: Re: HOWTO Run CASPOL for full trust on UserControl.
Previous by thread: Re: HOWTO Run CASPOL for full trust on UserControl.
Next by thread: Re: HOWTO Run CASPOL for full trust on UserControl.
Index(es):
- Date
- Thread

Relevant Pages

Re: HOWTO Use CASPOL for Full-Trust
... > HOWTO Use CASPOL for Full-Trust ... Assuming the machine policy level is still at its original default, ... > 2) Add a new code group that grants full trust to all trusted web sites ... you shouldn't need to touch either the enterprise ...
(microsoft.public.dotnet.security)
RE: Security Policy
... it seems you have to be administrator to execute the command. ... >> Tells me I need to change my secority policy so I write a batch file as ... I run it on a colleagues who is not admin of his own machine ... So I try caspol -s off on his machine ...
(microsoft.public.dotnet.languages.vb)
RE: Security Policy
... succeeded message but when i do it on another machine whether logged in as ... > Tells me I need to change my secority policy so I write a batch file as ... I run it on a colleagues who is not admin of his own machine ... So I try caspol -s off on his machine ...
(microsoft.public.dotnet.languages.vb)
Re: HOWTO Run CASPOL for full trust on UserControl.
... The policy deployment story is sub-optimal - so ppl had to be creative - SMS is one of the results ... in their enterprise had the CASPOL set? ...
(microsoft.public.dotnet.security)
Re: HOWTO Run CASPOL for full trust on UserControl.
... While overriding in this way is certainly possible, ... as a first choice general solution since it can make CAS policy management ... SDK and get the GUI version of CASPOL, and play with it until I could find ... meets the membership criteria for the code group. ...
(microsoft.public.dotnet.security)