How to tell an XP workstation to trust an exe on a network share, and read envir variables

Posted on 2007-09-30
Medium Priority
Last Modified: 2013-11-07
I have a .net 2.0 app that I developed in VisualStudio2005. It works fine when I run the exe locally on a workstation with WinXP SP2. But if I try to run the same app off of a network share on my local intranet, I get the following error (excerpt):
System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
   at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
   at System.Security.CodeAccessPermission.Demand()
   at System.Windows.Forms.Application.Exit(CancelEventArgs e)
   at System.Windows.Forms.Application.Exit()
I found some info online which recommended that I run the following on the cmd line at the workstation:
C:\>cd c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
caspol -m -cg LocalIntranet_Zone -allcode FullTrust
The above worked although I got a subsequent error (outlined farther below). Even if it had worked completely, Im not sure my data-security department will allow me to run this on all clients that need to access the exe. Id like to limit it to trust just to a particular network share (e.g. \\aserver\ashare$).
Second, even after I ran the caspol on the workstation, my code runs, but then I throw a subsequent error when trying to READ an environment variable. Here is my vb.net code

strFilePath = Environment.GetEnvironmentVariable("AnApp_CONFIG").ToUpper

Using .net 2.0, how do I configure the workstations so that they a) can run an executable on a network share and b) they allow that network-executable to read their local environment variables?
Question by:bobgato111
1 Comment

Accepted Solution

dhwanilshah earned 1000 total points
ID: 19992006
Try this -

%windir%\Microsoft.NET\Framework\v2.0.50727\caspol.exe -m -pp off -ag All_Code -url file://\\network-mac\share-fol\* FullTrust -exclusive on -name "MyTrustedApp"

-m = at machine level

-pp off = no prompting required

-ag All_Code = add a new code-group under All_Code code-group

-url file://\\network-mac\share-fol\* = membership condition of the new code-group should be " any code executing from the mentioned url path "

FullTrust = full trust to be assigned to any code that matches the earlier mentioned membership condition

-exclusive on = apply rights from only this code-group ( if it matches ) ---- do not consider any other code-groups ( normally, there is a union of rights between code groups at same level )

-name "MyTrustedApp" = name of the new code-group

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Integration Management Part 2
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question