Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

.NET Zone Security Managed System Wide

Posted on 2006-05-05
4
Medium Priority
?
546 Views
Last Modified: 2013-12-03
I have an application that is already deployed that we are making a change to.  The application needs to have access to a shared directory on the network where there are some .NET configuration files.  In testing we found that unless we adjust the Security Level for .NET for the Local Intranet to Full Trust the application has problems.  We have a Windows 2000 (SP4) network.  Is there a way to change this .NET configuration Globally, through a group policy?  I have not found an ADM template for .NET.  I am not sure how to change this setting in the Registry where I could script a .reg file.  I am anxious to deploy this change, but am not thrilled about running around to every desktop to make the change, additionally we have some hoteling on our desktops, which mean we would have to manually update profiles too.

Thanks
0
Comment
Question by:geschmidtt
  • 2
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
naveedb earned 2000 total points
ID: 16619793
The better approach would be to write .net application in a way that it does not require full trust on the Intranet. You will need to go through the programmers to have them code in a way that is preferred by Microsoft. You can find more information about this on msdn.microsoft.com which coding examples.

If you must change the Local Intranet to Full Trust, you can do it via Group Policy. I am unaware of any ADM that will do it, but here is the summary how to do it using GPO.

Use Microsoft .net Framework configuration (If it is version 1.1, should be installed in administrative tools when you install .net frame work, if it is version 2.0 you will need to install .net SDK from Microsoft to get this tool) to create msi package for machine setting. More information on this the the following article

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/entsecpoladmin.asp

User GPO to deploy this MSI package to all machines where you want to change the setting. Following is an article which will give you instruction how to deploy msi package using GPO.

http://home.fnal.gov/~jklemenc/dl/AD-MSI-for-Dummies.doc
0
 

Author Comment

by:geschmidtt
ID: 16630899
Hi Naveedb,

This is the kind of thing I found too.  I was not wishing to redistribute this app, as there are lots of settings that have to be done locally, and saved to XML files, (the .INI files of the 21st century).  It does seem logical though to me that someone would or MS themselves would provide a system wide tool for managing this kind of situation.

I will consider the question closed and my hopes of an easy solution defeated.

Thanks
0
 
LVL 10

Expert Comment

by:naveedb
ID: 16631013
Well; I have been throught this, and the advise I received was to re-write the application, as MS is trying to move away from Full Trust and likes application to have access only on 'need to have' basis.
0
 

Author Comment

by:geschmidtt
ID: 16631093
I don't disagree with M$'s contention about Full Trust, it just seems backwards that you have to rewrite an applications to set permissions on the OS, rather than have the OS manage the way an application operates in its environment.  

Thanks again
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally Windows/Microsoft Updates will fail to update. We have found a code that will delete all temporary files and re-register all dll's related to Windows/Microsoft Updates! This works 99% of the time to get the updates working again! The…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question