.NET Zone Security Managed System Wide

Posted on 2006-05-05
Last Modified: 2013-12-03
I have an application that is already deployed that we are making a change to.  The application needs to have access to a shared directory on the network where there are some .NET configuration files.  In testing we found that unless we adjust the Security Level for .NET for the Local Intranet to Full Trust the application has problems.  We have a Windows 2000 (SP4) network.  Is there a way to change this .NET configuration Globally, through a group policy?  I have not found an ADM template for .NET.  I am not sure how to change this setting in the Registry where I could script a .reg file.  I am anxious to deploy this change, but am not thrilled about running around to every desktop to make the change, additionally we have some hoteling on our desktops, which mean we would have to manually update profiles too.

Question by:geschmidtt
    LVL 10

    Accepted Solution

    The better approach would be to write .net application in a way that it does not require full trust on the Intranet. You will need to go through the programmers to have them code in a way that is preferred by Microsoft. You can find more information about this on which coding examples.

    If you must change the Local Intranet to Full Trust, you can do it via Group Policy. I am unaware of any ADM that will do it, but here is the summary how to do it using GPO.

    Use Microsoft .net Framework configuration (If it is version 1.1, should be installed in administrative tools when you install .net frame work, if it is version 2.0 you will need to install .net SDK from Microsoft to get this tool) to create msi package for machine setting. More information on this the the following article

    User GPO to deploy this MSI package to all machines where you want to change the setting. Following is an article which will give you instruction how to deploy msi package using GPO.

    Author Comment

    Hi Naveedb,

    This is the kind of thing I found too.  I was not wishing to redistribute this app, as there are lots of settings that have to be done locally, and saved to XML files, (the .INI files of the 21st century).  It does seem logical though to me that someone would or MS themselves would provide a system wide tool for managing this kind of situation.

    I will consider the question closed and my hopes of an easy solution defeated.

    LVL 10

    Expert Comment

    Well; I have been throught this, and the advise I received was to re-write the application, as MS is trying to move away from Full Trust and likes application to have access only on 'need to have' basis.

    Author Comment

    I don't disagree with M$'s contention about Full Trust, it just seems backwards that you have to rewrite an applications to set permissions on the OS, rather than have the OS manage the way an application operates in its environment.  

    Thanks again

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Introduction How to create multiboot configuration with XP\Vista and Windows 7 on it? And most important question - how to do this correctly so not to have any kind of nightmares we get when system gets screwed? First of all one should realize t…
    #Citrix #POC #XenDesktop #vCenter #VMware #ESX
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now