Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 409
  • Last Modified:

.net framework security policy, network configuration

I've written a login script in VB.net, runs fine on local system and off network share when I use the framwork wizard to give intranet unrestricted execute premissions (I know this isn't the best solution as it can be signed etc). The problem is that to get it to run on the 300 odd computers we have here I would need to go to every one and run the framework wizard to give intranet full rights which I don't really have time to do!

I've read there is an adminUI program which will generate a .msi which can be distrobuted to put this in place but google/etc doesn't seem to know where it can be found?!

Any suggestions?
0
x4h
Asked:
x4h
  • 3
  • 3
1 Solution
 
Bob LearnedCommented:
Is 300 the maximum for the Enterprise, or is it just a sub-set of a larger organization.

Bob
0
 
x4hAuthor Commented:
300 computers total, more being added as we go along.
0
 
Bob LearnedCommented:
You can define a trust at the Enterprise level, rather than the Machine level in the .NET Framework Configuration Wizard.

Bob

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
x4hAuthor Commented:
Can you point me in the right direction to do this?

The only zones that come up for me through the 'security adjustment wizard' are 'my computer, local intranet, internet, trusted site, untrusted site'.
0
 
Bob LearnedCommented:
.NET Framework Enterprise Security Policy Administration and Deployment:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/entsecpoladmin.asp


Follow these steps:

1. Open Control Panel.

2. Open the Administrative Tools folder.

3. Double-click Microsoft .NET Framework Configuration.

4. In the Microsoft .NET Framework Configuration tool, open the Runtime Security Policy node.

5. Open the Enterprise policy node.

6. Open the Code Groups folder.

7. Right-click the All_Code code group and select the New option.

8. Enter the name and description of your new code group, and click Next.

9. Select the Strong Name or Publisher membership condition type, and click Import to select the assembly that you want to have a high level of trust across the enterprise. If the assembly is not signed, you can use the Hash membership condition instead. If you want all assemblies by the respective publisher to receive high levels of trust across the enterprise, uncheck the Version and Name properties for Strong Name membership conditions, or simply use the Publisher membership condition.

10. Click Next, and then select or create the permission set you want the assembly or assemblies to receive. For unhindered access to all resources, select the FullTrust permission set.

11. Finish the wizard.

12. Right-click the newly created code group.

13. Select the Properties option.

14. On the General tab, select This policy will only have the permissions from the permission set associated with this code group to make this code group exclusive with respect to all other code groups of that policy level.

15. On the General tab, select Policy levels below this level will not be evaluated to make this code group a LevelFinal code group, preventing evaluation of the machine and user policy if this code group applies.

16. Right-click the Runtime Security Policy node.

17. Select the Create Deployment Package wizard, and use it to create a deployment package of the Enterprise policy level.

18. Deploy the .msi file using either Group Policy or Systems Management Server (SMS). See Question #3 for more details on deployment.

Note   Step 15 bypasses the FullTrust permission set grant from the All_Code code group in default policy by making your new code group exclusive. This excludes any permission contribution from other code groups at that policy level. You should never introduce additional exclusive code groups if you know that two or more exclusive code groups will apply simultaneously to an assembly or set of assemblies.

Note   Step 16 will cause the machine and user policy levels to be skipped if your new code group applies. Do not use this attribute too widely in enterprise policy, because when you do, policy customizations that the machine administrator or user may have done will not be effective.


Bob
0
 
x4hAuthor Commented:
Works perfectly, many thanks :)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now