I build installs for our software CD. One of the application is a
vendor app and we don't have access to the code. They recently
implemented .Net platform. When we received their latest updates, we
are having problems with LAN/Network installs. One of the function is
to create a pdf document and gives you an option to print. I am
getting .NET security errors. One error box has WsPrint.exe as title
and throws in an exception. Another message is Microsoft .NET
framework error saying application has attempted to perform an
operation not allowed by security policy. If I go in
Control-Panel-Admin Settings -.NET Framework 1.1 Configuration -
Runtime Security Policies, and change the LocalIntranetZone from medium
trust to FULL trust, I resolve all of the my issues.

It only happens in Server installs, stand-alone PCs are fine.
Obviously this is not a good solution to change user's security. Is
there a work around? I am using install shield 5.1 to create our
installs.

Thank you,
Aamir.

If the vendor's code is strong named you could create a code group that gave FullTrust to code with that strong name and put it under the LocalIntranet code group.

For this to work you will have to alter the security policy on the machine in some way.

The reason standalone installs work is because the code is running off the LocalMachine zone and so has full trust

Regards

Richard Blewett - DevelopMentor
http://www.dotnetconsult.co.uk/weblog
http://www.dotnetconsult.co.uk

I build installs for our software CD. One of the application is a
vendor app and we don't have access to the code. They recently
implemented .Net platform. When we received their latest updates, we
are having problems with LAN/Network installs. One of the function is
to create a pdf document and gives you an option to print. I am
getting .NET security errors. One error box has WsPrint.exe as title
and throws in an exception. Another message is Microsoft .NET
framework error saying application has attempted to perform an
operation not allowed by security policy. If I go in
Control-Panel-Admin Settings -.NET Framework 1.1 Configuration -
Runtime Security Policies, and change the LocalIntranetZone from medium
trust to FULL trust, I resolve all of the my issues.

It only happens in Server installs, stand-alone PCs are fine.
Obviously this is not a good solution to change user's security. Is
there a work around? I am using install shield 5.1 to create our
installs.

Thank you,
Aamir.


[microsoft.public.dotnet.framework]

IS there a work around without having to mess around with intranet
settings on the user's machine?

Thanks,
Aamir.
----------------------------------------------
bashir.aa...@principal.com wrote:
> I build installs for our software CD. One of the application is a
> vendor app and we don't have access to the code. They recently
> implemented .Net platform. When we received their latest updates, we
> are having problems with LAN/Network installs. One of the function is
> to create a pdf document and gives you an option to print. I am
> getting .NET security errors. One error box has WsPrint.exe as title
> and throws in an exception. Another message is Microsoft .NET
> framework error saying application has attempted to perform an
> operation not allowed by security policy. If I go in
> Control-Panel-Admin Settings -.NET Framework 1.1 Configuration -
> Runtime Security Policies, and change the LocalIntranetZone from medium
> trust to FULL trust, I resolve all of the my issues.
>
> It only happens in Server installs, stand-alone PCs are fine.
> Obviously this is not a good solution to change user's security. Is
> there a work around? I am using install shield 5.1 to create our
> installs.
>
> Thank you,
> Aamir.

Is there a way to circumvent the Code Access Security subsystem? Lets hope not!

You could on a managed network distrbute the Enterprise policy that had the permissions constructed as you want and set it to override subordinate policies

Regards

Richard Blewett - DevelopMentor
http://www.dotnetconsult.co.uk/weblog
http://www.dotnetconsult.co.uk

IS there a work around without having to mess around with intranet
settings on the user's machine?

Thanks,
Aamir.