How can I adjust the security so that my application can run on this PC?
Thanks.
"C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\mscorcfg.msc"
/Claus
"arti" <myste...@artechnology.com> wrote in message
news:%23RjB$9jBGH...@TK2MSFTNGP14.phx.gbl...
the GUI only gets installed with the SDK - the plain redist package does
not contain it anymore..
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
It is located here:
"C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Caspol.exe". When you install
the plain redist package it does not add that to the Path environment
variable. So I have two options:
1. Include the full path in a batch file that I have to run everywhere (of
course some PCs have Windows installed in WINNT and some use WINDOWS) which
is a kludge
2. Do it manually from the command line. Except that you can't do this.
Why? Open a command window and type "CD \WINNT\Microsoft.NET" and you get
"Invalid directory."
Can anyone offer any suggestions as to how I can make this something other
than a big pain?
Thanks!
"Dominick Baier [DevelopMentor]" <dba...@pleasepleasenospamdevelop.com>
wrote in message news:4580be63174f28...@news.microsoft.com...
I wonder if you have an Visual Studio Command Prompt? This guy has the
nesseceary settings to call Caspol.exe.Alternatively locate vcvars32.bat and
run that; it should set the appropriate settings.
Now - Caspol is a beast of it's own without the UI.
the syntax is like this:
Usage: caspol <option> <args> ...
caspol -m[achine]
Modifier that makes additional commands act on the machine level
caspol -u[ser]
Modifier that makes additional commands act on the user level
caspol -en[terprise]
Modifier that makes additional commands act on the enterprise level
caspol -cu
caspol -customuser <path>
Modifier that makes additional commands act on the custom user level
caspol -a[ll]
Set all policy levels as the active levels
caspol -ca
caspol -customall <path>
Modifier that makes additional commands act on all levels as a custom
user
caspol -l[ist]
List code groups & permission sets
caspol -lg
caspol -listgroups
List code groups
caspol -lp
caspol -listpset
List permission sets
caspol -lf
caspol -listfulltrust
List full trust assemblies
caspol -ld
caspol -listdescription
List code group names and descriptions
caspol -ap
caspol -addpset { <named_xml_file> | <xml_file> <name> }
Add named permission set to policy level
caspol -cp
caspol -chgpset <xml_file> <pset_name>
Change named permission set in active level
caspol -rp
caspol -rempset <pset_name>
Remove a named permission set from the policy level
caspol -af
caspol -addfulltrust <assembly_name>
Add full trust assembly to policy level
caspol -rf
caspol -remfulltrust <assembly_name>
Remove a full trust assembly from the policy level
caspol -rg
caspol -remgroup <label|name>
Remove code group at <label|name>
caspol -cg
caspol -chggroup <label|name> {<mship>|<pset_name>|<flag>}+
Change code group at <label|name> to given membership,
permission set, or flags
caspol -ag
caspol -addgroup <parent_label|name> <mship> <pset_name> <flag>
Add code group to <parent_label|name> with given membership,
permission set, and flags
caspol -rsg
caspol -resolvegroup <assembly_name>
List code groups this file belongs to
caspol -rsp
caspol -resolveperm <assembly_name>
List permissions granted to this file
caspol -s[ecurity] { on | off }
Turn security on or off
caspol -e[xecution] { on | off }
Enable/Disable checking for "right-to-run" on code execution start-up
caspol -pp
caspol -polchgprompt { on | off }
Enable/Disable policy change prompt
caspol -q[uiet]
Disable policy change prompt for this command
caspol -r[ecover]
Recover the most recently saved version of a level
"arti" <myste...@artechnology.com> wrote in message
news:e5XPaEwB...@TK2MSFTNGP14.phx.gbl...
"arti" <myste...@artechnology.com> wrote in message
news:e5XPaEwB...@TK2MSFTNGP14.phx.gbl...
For example, I can set the "Intranet Zone" to FullTrust easily wth the
Config Tool. But I do not see how to do this with CasPol.
I suppose the real problem I am having is that I just want an application to
run off of our internal network. But this seems awfully complicated with
.Net 2.0. With earlier versions I just opened the Config tool on each PC
and set Intranet to FullTrust. I have read all of the documentation and I
have to admit that I don't fully understand how exactly I should go about
this.
Thanks,
-- Brian
"Claus Konrad" <some> wrote in message
news:OqQbDNyB...@TK2MSFTNGP12.phx.gbl...
Well - something like this:
This is not the full and final script - but shows some testing.
Use the caspol -lg to see the labels of the individual groups (e.g. 1.2 is
Intranet_Zone).
--list groups
caspol -lg
-- add a new group
caspol -machine -addgroup 1.7 -url \\some\s LocalIntranet
--remove the group
caspol -machine -remgroup 1.7.2
--add full trhst to localintranet
caspol -machine -chggroup 1.2 FullTrust
/Claus
"arti" <myste...@artechnology.com> wrote in message
news:uo%23WkM6D...@TK2MSFTNGP10.phx.gbl...