Re: Automating the roll-out of permission sets & code groups

Fixed! The problem is that caspol -listgroups doesn't display the
zone names that you need to use with caspol -addgroup. To find out
the correct zone names, use the Microsoft .NET Framework 2.0
Configuration Administrative Tool.

E.g. caspol -listgroups displays
:
1.3. Zone - Internet: Internet
1.3.1. All code: Same site Web
1.4. Zone - Trusted: Internet
1.4.1. All code: Same site Web
:

But if you want to modify the Trusted zone, you can't use "Trusted" as
the zone name. Instead, you have to use "Trusted_Zone". E.g. this
command line works:

caspol.exe -addgroup Trusted_Zone -url http://webserver1/* NewPermSet -
name NewCodeGroup -description "Additional permissions required by the
webserver1 IE component"

Displays "Trusted" but requires "Trusted_Zone". What was the
developer thinking?

SSG

On 25 Jun, 11:07, ssg31415926 <newsjunkm...@xxxxxxxxx> wrote:
Thanks for the reply. I did see that in the help but I couldn't get
it to work. It wasn't clear from the help if it applied to this
specific command. Are you sure that it does?

On 21 Jun, 17:42, "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT

com> wrote:
Caspol allows groups to be referenced by names as well as by numeric id
(even if there are no relevant examples in the docs).

"ssg31415926" <newsjunkm...@xxxxxxxxx> wrote in message

news:1182351214.633209.85920@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I need to roll out a permission set and add a url to the Trusted zone
group. I was planning to use caspol.exe but I'm getting inconsistent
results with zone numbers. Specifically, caspol -listgroups returns
this on my PC (I've removed the strong name key):

Code Groups:
1. All code: Nothing
1.1. Zone - MyComputer: FullTrust
1.1.1. StrongName - <removed>: FullTrust
1.1.2. StrongName - <removed>: FullTrust
1.2. Zone - Intranet: LocalIntranet
1.2.1. All code: Same site Web
1.2.2. All code: Same directory FileIO - 'Read, PathDiscovery'
1.3. Zone - Internet: Internet
1.3.1. All code: Same site Web
1.4. Zone - Trusted: Internet
1.4.1. All code: Same site Web
1.5. Zone - Untrusted: Nothing

On another PC, 1.4 and 1.5 are reversed. I was planning to use this
command line to roll out the addition:

caspol.exe -addgroup 1.5 -urlhttp://serverName/*NewPermSet

If they're not consistent, how can I roll out my addition?

SSG


.

Relevant Pages

  • Re: Faillure to run .NET 2.0 app from UNC
    ... I've done a CASPOL -rsg 'assemblyname' on my machine, ... Copyright Microsoft Corporation. ... Code Groups: ... Zone - Intranet: LocalIntranet ...
    (microsoft.public.dotnet.framework)
  • Re: Automating the roll-out of permission sets & code groups
    ... Zone - MyComputer: FullTrust ... All code: Same site Web ... Zone - Internet: Internet ... command line to roll out the addition: ...
    (microsoft.public.dotnet.security)
  • Re: Automating the roll-out of permission sets & code groups
    ... Caspol allows groups to be referenced by names as well as by numeric id ... Zone - MyComputer: FullTrust ... All code: Same site Web ... Zone - Internet: Internet ...
    (microsoft.public.dotnet.security)
  • Re: AD DNS naming
    ... my e-mail and Site Internet." ... infrastructure (mostly with respect to DNS and VPN). ... If you do not select this option and go with scenario 2 ... Each DNS zone is authoritative for the zone of that ...
    (microsoft.public.windows.server.dns)
  • Re: How many Global Catalog Servers are needed?
    ... make for an AD DNS FQDN domain name, ... external Internet you need scenario 1, although it is the most DNS-intensive ... Each DNS zone is authoritative for the zone of that name so ...
    (microsoft.public.windows.server.active_directory)