RE: Setting CAS policy for a network share

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: v-phuang@xxxxxxxxxxxxxxxxxxxx ("Peter Huang" [MSFT])
Date: Tue, 24 Jan 2006 02:10:17 GMT

Hi Ram,

If we run the mscorcfg.msc and observe the Runtime Security Policy, there
will be three nodes, Enterprise, Machine and User. When the NET Runtime is
trying to calculate the result security policy. It will try to use the
intersection of the three categories.
e.g.
For certain URL, the enterprise level, we fulltrust it, but in the machine
level, we did not trust it. Now even if we set in the user level, we full
trust it, but the result is that we did not trust it.

That is why only set security policy in the user level will not make the
Assembly work, because in the machine level we deny it.

If you still have any concern, please feel free to post here.

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

.

Prev by Date: Re: Security problem with dotnet framework 2.0
Next by Date: Re: XmlDocument.Load using MemoryStream...
Previous by thread: ChildColumn[] assignment does nothing under .NET 2.0 - Bug ?
Next by thread: Re: XmlDocument.Load using MemoryStream...
Index(es):
- Date
- Thread

Relevant Pages

Re: Domain was in the wrong state to perform the security operation
... I should add that changes to security policy will not take effect right away. ... > other being sure that the W2003 domain controllers are also wins clients so that ... > experienced Active Directory people over there that know a lot about trust issues. ... >> unsuccessful because there are current no logon servers ...
(microsoft.public.win2000.security)
RE: Running a .NET exe accross a Network (Repost)
... trust permission to the network share by modifying the security setting. ... Configure the desired security policy on a machine (i.e. change the ... ecuritypolicybestpractices.asp for .NET framework security best practices. ... Deploy the msi package to the targeted machines via ACTIVE DIRECTORY ...
(microsoft.public.dotnet.languages.vb)
Re: Question about strong-name dlls
... > You only want to set trust on ONE assembly, but really, you don't need to. ... check your Security Policy for that OS. ... >>> How about copying and pasting the EXACT error message? ...
(microsoft.public.dotnet.framework.aspnet)
Help with security policy
... I was working on a VSTO 2003 Excel project, ... I tried recreating the Security Policy manually (using the ... Full Trust to each assembly within it. ... in one of the referenced assemblies (to which no security ...
(microsoft.public.vsnet.vstools.office)
Re: SUS/WSUS & Software Restriction Policies
... "Trust" is a word that should never be used - in any context - in any ... security policy. ... >lost his local admin rights, and still manages to do his job... ... a day later and the app is on the computer... ...
(microsoft.public.windowsxp.security_admin)