Can't run 2005 app from network

[cj]

A year or so ago I had this problem with a vb 2003 app that it gave me
an error

"Application attempted to perform an operation not allowed by the
security policy......."

I had to go in to "control panel/administrative tools/microsoft .net
framework 1.1 wizards" and adjust the .net security for local intranet
to full trust to fix the problem.

Now I try to run a 2005 app from the network and get the same error. I
repeated the steps but it doesn't work. Well I suspect since 2005 uses
..net 2.0 that I need to adjust it's security setting but how???????

 

[Herfried K. Wagner [MVP]]

A year or so ago I had this problem with a vb 2003 app that it gave me
an error

"Application attempted to perform an operation not allowed by the
security policy......."

I had to go in to "control panel/administrative tools/microsoft .net
framework 1.1 wizards" and adjust the .net security for local intranet
to full trust to fix the problem.

Now I try to run a 2005 app from the network and get the same error. I
repeated the steps but it doesn't work. Well I suspect since 2005 uses
.net 2.0 that I need to adjust it's security setting but how???????

Check out the "caspol" tool.

 

[cj]

Where would I find this "caspol" tool on a windows XP pro machine?

 

[Herfried K. Wagner [MVP]]

Where would I find this "caspol" tool on a windows XP pro machine?

"%WINDIR%\Microsoft.NET\Framework\v<.NET Framework version>".

 

[rowe_newsgroups]

In addition to using caspol like Herfried suggests, here's a link to
another
thread that will help. It contains a walkthrough on how to use the .Net
2.0
config wizard to set the appropriate permissions.

http://groups.google.com/group/micr...+configuration+wizard&rnum=2#b5b0707902db8246

Thanks,

Seth Rowe

 

[cj]

I browsed to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 and double
clicked caspol.exe. A DOS window popped up very briefly and
disappeared. What up with that?

I've looked at rowe_newsgroups suggestion seems to be telling me a way
that sounds very similar to the .net framework 1.1 method but when I get
to the end of the long tree where I expect to change a setting they
start taking about adding a strong name and using a wizard and then a
msi installer and a bunch of crap I don't care to know. I use xcopy
deployment because deployment here means the exe is put in a dir on the
network and then one pc in the computer room runs it from there. If
that pc were to fail it would be run from another. It IS the way our
company does things and I am NOT in a position to change that. And
don't want to.

Herfried, Don't take this personally. I just want the steps to make the
damn program run from the network like it should have in the first
place. I don't have time to piss around with all this .net crap. .net
framework 1.1 was bad enough that they made me take those steps to give
full trust to intranet but this is ridiculous. MS can't seem to keep
anything the same. The program will reside on the network and I need a
step by step to make a pc run it. I kinda thought I'd have a response
from MS on this overnight. There has to be a setting to tell a pc that
my network is safe after all it's our company network and this is a
company pc in the same building behind the same firewall and if the
network isn't safe then there is no need for the pc to be safe cause
we're out of business.

Sorry for the rant, could someone tell me the steps to make a XP pc run
a VB 2005 program from the network?

 

[Phill W.]

I browsed to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 and double
clicked caspol.exe. A DOS window popped up very briefly and
disappeared. What up with that?

CASPOL needs [lots of] command line arguments to do anything useful.
Open a command prompt in that directory and run "caspol" (or, better
still, "caspol /?") from there.

The 1.1 CASPOL command looks like this - it can't have changed /that/
much in the new version (can it?)
(should be all one line, of course; breaks for clarity only)

%WinDir%\Microsoft.NET\Framework\[VERSION]\caspol.exe
-q
-ag 1.2
-url file://[SERVER]/[SHARED]/*
FullTrust
-name "[DESCRIPTION]"

where you have to fill in VERSION, SERVER, SHARE and DESCRIPTION.
The FullTrust may be a bit overkill, but I haven't played with the
Security stuff in '2005 yet.

HTH,
Phill W.

 

[cj]

how do I get "Control Panel->Administrative Tools->.NET Framework
Configuration 2.0 Configuration" to show up on the pc. It has the .net
framework installed but this option is not on the pc like it is on mine.
This is a new pc with a new installation of Windows XP pro on it--it
does not have VS on it. Mine has been around a couple of years is also
Windows XP pro and has VS2005 on it.

 

[TP]

Here is a sample that grants full trust to an application that runs
in the Local Intranet zone, from any path under m:\:

c:\windows\microsoft.net\framework\v2.0.50727\CasPol.exe -m -ag 1.2 -url file://m:\* FullTrust

-m = Machine level policy
-ag = Add code group
1.2 = LocalIntranet zone (this is where the code group will be added under)
-url = path that code originates from
FullTrust = Grant full trust to the code group

-TP

 

[cj]

I'd like to grant fulltrust to all the local intranet zone.
How about:
CasPol.exe -m -ag LocalIntranet_Zone FullTrust
Will that work?

 

[aaron.kempf]

this is a load of ****ing crap

shit like this didn't used to be necessary in VB6

you could put an EXE on a share and run it

this other crap is called NAGWARE and these mother ****ers need to
simplify

if I wanted to write **** with all this extra horse crap I would be a
web fag not a vb winform developer


-Aaron

 

[aaron.kempf]

this is a load of ****ing crap

shit like this didn't used to be necessary in VB6

you could put an EXE on a share and run it

this other crap is called NAGWARE and these mother ****ers need to
simplify

if I wanted to write **** with all this extra horse crap I would be a
web fag not a vb winform developer


-Aaron

 

[TP]

You can do that by changing the named permission set
that is associated with the Intranet zone:

c:\windows\microsoft.net\framework\v2.0.50727\CasPol.exe -m -cg 1.2 FullTrust

By default, the Intranet zone (1.2) is associated with the
LocalIntranet named permission set. The above command
will change it to the FullTrust named permission set.

You can use caspol -lg to list the code groups, and caspol -lp
to list the permission sets.

-TP

 

[rowe_newsgroups]

how do I get "Control Panel->Administrative Tools->.NET Framework

Configuration 2.0 Configuration" to show up on the pc.

The pc has to have the .Net SDK installed for this to show up. The
normal (imo) way is to set up the permissions on your computer and then
create the msi installer. Then you can just run the msi on the client
pc to set the permissions. Be aware however, the msi also has to be run
off of the local drive as running it from the network will just set
the host server's permissions. This is why in the post I referred you
to I had our net admin set up the login script - it copied the msi to
C:/ and then executed it.

Thanks,

Seth Rowe

 

[cj]

Thanks

The pc has to have the .Net SDK installed for this to show up. The
normal (imo) way is to set up the permissions on your computer and then
create the msi installer. Then you can just run the msi on the client
pc to set the permissions. Be aware however, the msi also has to be run
off of the local drive as running it from the network will just set
the host server's permissions. This is why in the post I referred you
to I had our net admin set up the login script - it copied the msi to
C:/ and then executed it.

Thanks,

Seth Rowe

 

[cj]

Thanks TP! Problem solved.

You can do that by changing the named permission set that is associated
with the Intranet zone:

c:\windows\microsoft.net\framework\v2.0.50727\CasPol.exe -m -cg 1.2
FullTrust

By default, the Intranet zone (1.2) is associated with the LocalIntranet
named permission set. The above command will change it to the FullTrust
named permission set.

You can use caspol -lg to list the code groups, and caspol -lp to list
the permission sets.

-TP

 

[Steve Ledbetter]

CJ, you can 'strongly sign' your app in VS 2005 by selectubg a project node
in Solution Explorer,, then on the Project menu, click Properties. When the
Project Designer appears, click the Signing tab.and checking 'Sign the
clickonce manifests' and 'sign the assembly'. You can generate a new new
strong name key file (if you use passwords, it has a 'pfx' ext, otherwise a
'.snk' ext). Make sure this pfx or snk file gets ditributed to your
applications directory and I think the security issue will go away without
have to change user's security settings.

Then again, I could be hallucinating

Regards,

Steve Ledbetter