Re: Creating MSI for installing .NET security policies

Probably the most reliable method would be to create a custom action that
calls caspol.exe with the proper arguments to add your policy to the current
policy. You'll probably want to use a search of some sort to find the
appropriate .NET framework directory to use to call caspol so that you
configure for the correct framework version.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"David++" <David@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EA689966-00ED-4B4D-A577-38776F91A1C6@xxxxxxxxxxxxxxxx
Hi folks,

I'm deploying my app to a network share and I need the security
permissions
installed on the client. AFAICT I cannot use ClickOnce because ClickOnce
deployment doesnt allow user to specify install location i.e. Network
share.
So I have gone down the route of creating a Strong Name key and signing my
assemblies with that key, creating a new Code Group in the Microsoft .NET
configuration Tool which assigns full trust to my Strong Name key, and
then
finally creating a deployment package MSI to allow users to install the
Security Policy easily.

Now, this all works ok, but I find it a bit sas that the security policies
are over written in the Code Groups with the new settings i.e. they are
not
merged with the existing groups. Luckily my clients have a clean slate of
policies anyway so I wasnt overwriting anyone elses, but what if some
other
vendor had written an app for the client and had used the same approach, I
would scrub there policies, or vice versa someone could quite easily scrub
mine. Is this correct?

Of course policies could be manually added in, but this might be a pain if
there were a lot of users.

Or is there another way I have missed?

Thanks again,
David


.

Relevant Pages

  • Re: Log files on site server (c:smslogs)
    ... Advanced Client log Files ... CertificateMaintenance - Retrieving certificates for management point ... DataTransferService - Download of policies from management point ... PolicyAgent - Retrieves policy assignments and policies from management ...
    (microsoft.public.sms.misc)
  • Re: 2003 GPO not working on win2000 client
    ... The Group Policy Settings Reference also comes in quite handy in telling ... which policies are good on which O/S's, and since it's in excel format you ... 2003 GPO not working on win2000 client ...
    (microsoft.public.windows.group_policy)
  • Re: unload/remove group policy from XP Client
    ... the new policies will be applied to the client automatically. ... if the domain policy doesn't configure ... |>> Anybody know how to unload a group policy from a machine. ...
    (microsoft.public.windows.group_policy)
  • Re: Missing Advanved Client Policies
    ... policies such as Advertisements? ... Microsoft MVP - SMS ... > and Advanced Clients installed, but the client do not recieve any ... Machine Policy Retrieval and user ...
    (microsoft.public.sms.inventory)
  • Re: GPO causing client security logs to fill?
    ... a virus in play. ... settings to be applied on your client workstations. ... Group Policy is a complex and often misunderstood beast. ... I modified the account ...
    (microsoft.public.windows.server.sbs)