Re: .Net security for shared network driver

"david.kao@xxxxxxxx" <davidkaoopcocom@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:BC90720A-2A34-4274-8A3D-0D85E1ACAD7F@xxxxxxxxxxxxxxxx
> Hi All:
> Yesterday, we released our first .NET window based program on company's
> network. In order to make our .NET program run correctly from a shared
> network driver, we also installed a security package on each desktop to
> make
> each desktop to trust mapped network driver. In the security package, we
> choose the Zone code group; within in the Zone we made Local Intranet
> FullTrust. The program is running properly for ninety percent of users.
> Except users their network mapping are using IP address. After we modified
> the Zone from Local Intranet to Internet FullTrust. Those IP mapping users
> are start working correctly now. My question here why there is difference
> between mapping network share using machine name and using IP address.

The intranet vs internet distinction is made largely based on the host name.
If it has any dots (.), it is assumed to fall in the internet zone. Since
the IP addresses include dots, they're being evaluated as falling in the
internet zone. Unless you can remap the share on these machines to use the
machine name rather than its IP address, you should definitely choose a more
restrictive policy change (e.g.: based on URL rather than the entire
internet zone).


> Plus
> this change will make ours' machine very dangerous.

Yes, it's very dangerous, and you should reverse the change on those
machines. The fully trusted intranet zone on the other machines is also
potentially dangerous, and it might be a good idea to move to a more
specific policy alteration even on those (e.g.: strong name and/or URL
within local intranet zone).

>
> DK


.

Relevant Pages

  • Re: ZAPro - Trusted Network vs. Trusted IP Address?
    ... You probably only need a trusted network on the desktop. ... Zone (your LAN with your notebook). ... Internet Zone and Medium on the Trusted Zone. ...
    (comp.security.firewalls)
  • Re: Novice Networker Needs Guidance
    ... EtherLink PCI") into the "Trusted Zone" where I could allow file sharing. ... Although I have set a higher security setting for the "Internet Zone," I'm ... ZA distinguishes between information requests from your other home network ...
    (microsoft.public.windowsxp.network_web)
  • Re: Still Getting Pop-Ups
    ... >> [[Internet zone: By default, this zone contains anything that is not on ... >> For the Sites button to become active you have to select Local intranet, ... >> local computer. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Is this possable with exchange and no ISP
    ... What I would do is just setup email for the AD domain. ... follow the directions below and instead setup DNS in a new primary zone (and ... Create an MX record for the domain pointing to your Exchange server. ... > dc i create pointers and mx records for the 2 computers on their network. ...
    (microsoft.public.exchange.setup)
  • Re: Overlapping Reverse Zone Files
    ... So the proposal was the Forest 1 would have a reverse primary zone ... This post is a lot more clear about your actual network than your original ... In fact to make reverse lookups seamless across the enterprize ths would be ... all DNS servers should have: ...
    (microsoft.public.windows.server.dns)