K
Keld R. Hansen
I am coding a .NET 2.0 application that needs to be able to run from a
network share (intranet), but the security settings does not allow me to do
this by default.
How can I - in the installation program or by manual intervention
afterwards - grant FullRights to the program?
The program consists of three modules:
WinEXE - a plain Visual C++ 32-bit .EXE file
WinDLL - a mixed unmanaged/managed .DLL file used to call...
DotNetLib - a managed-only C# .DLL file
The main part of the application lies in the DotNetLib program, and contains
a couple of forms and some database access code. The reason for this split
is that we need to be able to call this program from both plain unmanaged
old-style Win32 code (any language), and from a C# .NET program, so the
WinDLL exports a routine in the standard Win32 format so that any language
can call this and let it convert the parameters to "Managed format" before
passing it on to the plain C# library.
I have found out that the graphical configuration program for granting
security privileges to files does not come with .NET 2.0 but only with the
..NET 2.0 SDK and am reluctant to install the SDK on our customers' machines,
so I have found a message about a command line program that should do the
same:
[from http://blogs.msdn.com/astebner/archive/2006/01/23/516671.aspx ]
rekpias, I ran into the same issue you did but figured out how to get caspol
to behave by playing around with caspol in v1.1 and seeing how it changed
things in the GUI tool.
The command you need is:
[path to caspol]\caspol.exe -pp off -m -ag 1 -url file:s:/dir/subdir
FullTrust -name NewGroupName
"-pp off" is only necessary if you need to run "silent"
"-m" is to change the machine level
"-ag 1" adds the new policy after the root (group 1)
"-url file:s:/dir/subdir" change s:/dir/subdir to the network drive you have
mappted (s: in my example) or to something like //server/share/dir/subdir.
You need to specify the location of your executable.
"FullTrust" is where the policy goes. You can specify some other policy or
create your own named policy with the rights you need.
"-name NewGroupName" gives the new code group a name so that you can modify
it more easily in the future. Of course you can name the group whatever you
want.
[End Quote]
but even when I tried doing as best I could decode the above, I still
couldn't run it from a network share (it works fine from a local disk, so I
am fairly certain that it must be a security issue).
Can anyone supply me with a command line that allows the above application
to run off a network share. I have tried with
caspol -pp off -m -ag 1 -url file
:/Utils/InternPost/WinDLL.DLL
FullTrust -name InternPost
and when listing it with caspol -lg I can also see the entry, but still
can't execute the program.
Any help or pointers would be greatly appreciated...
Thank you
Keld R. Hansen
A-Data ApS
network share (intranet), but the security settings does not allow me to do
this by default.
How can I - in the installation program or by manual intervention
afterwards - grant FullRights to the program?
The program consists of three modules:
WinEXE - a plain Visual C++ 32-bit .EXE file
WinDLL - a mixed unmanaged/managed .DLL file used to call...
DotNetLib - a managed-only C# .DLL file
The main part of the application lies in the DotNetLib program, and contains
a couple of forms and some database access code. The reason for this split
is that we need to be able to call this program from both plain unmanaged
old-style Win32 code (any language), and from a C# .NET program, so the
WinDLL exports a routine in the standard Win32 format so that any language
can call this and let it convert the parameters to "Managed format" before
passing it on to the plain C# library.
I have found out that the graphical configuration program for granting
security privileges to files does not come with .NET 2.0 but only with the
..NET 2.0 SDK and am reluctant to install the SDK on our customers' machines,
so I have found a message about a command line program that should do the
same:
[from http://blogs.msdn.com/astebner/archive/2006/01/23/516671.aspx ]
rekpias, I ran into the same issue you did but figured out how to get caspol
to behave by playing around with caspol in v1.1 and seeing how it changed
things in the GUI tool.
The command you need is:
[path to caspol]\caspol.exe -pp off -m -ag 1 -url file:s:/dir/subdir
FullTrust -name NewGroupName
"-pp off" is only necessary if you need to run "silent"
"-m" is to change the machine level
"-ag 1" adds the new policy after the root (group 1)
"-url file:s:/dir/subdir" change s:/dir/subdir to the network drive you have
mappted (s: in my example) or to something like //server/share/dir/subdir.
You need to specify the location of your executable.
"FullTrust" is where the policy goes. You can specify some other policy or
create your own named policy with the rights you need.
"-name NewGroupName" gives the new code group a name so that you can modify
it more easily in the future. Of course you can name the group whatever you
want.
[End Quote]
but even when I tried doing as best I could decode the above, I still
couldn't run it from a network share (it works fine from a local disk, so I
am fairly certain that it must be a security issue).
Can anyone supply me with a command line that allows the above application
to run off a network share. I have tried with
caspol -pp off -m -ag 1 -url file
:/Utils/InternPost/WinDLL.DLLFullTrust -name InternPost
and when listing it with caspol -lg I can also see the entry, but still
can't execute the program.
Any help or pointers would be greatly appreciated...
Thank you
Keld R. Hansen
A-Data ApS