.Net security for shared network driver

G

Guest

Hi All:
Yesterday, we released our first .NET window based program on company’s
network. In order to make our .NET program run correctly from a shared
network driver, we also installed a security package on each desktop to make
each desktop to trust mapped network driver. In the security package, we
choose the Zone code group; within in the Zone we made Local Intranet
FullTrust. The program is running properly for ninety percent of users.
Except users their network mapping are using IP address. After we modified
the Zone from Local Intranet to Internet FullTrust. Those IP mapping users
are start working correctly now. My question here why there is difference
between mapping network share using machine name and using IP address. Plus
this change will make ours’ machine very dangerous.

DK
 
N

Nicole Calinoiu

[email protected] said:
Hi All:
Yesterday, we released our first .NET window based program on company's
network. In order to make our .NET program run correctly from a shared
network driver, we also installed a security package on each desktop to
make
each desktop to trust mapped network driver. In the security package, we
choose the Zone code group; within in the Zone we made Local Intranet
FullTrust. The program is running properly for ninety percent of users.
Except users their network mapping are using IP address. After we modified
the Zone from Local Intranet to Internet FullTrust. Those IP mapping users
are start working correctly now. My question here why there is difference
between mapping network share using machine name and using IP address.
Click to expand...

The intranet vs internet distinction is made largely based on the host name.
If it has any dots (.), it is assumed to fall in the internet zone. Since
the IP addresses include dots, they're being evaluated as falling in the
internet zone. Unless you can remap the share on these machines to use the
machine name rather than its IP address, you should definitely choose a more
restrictive policy change (e.g.: based on URL rather than the entire
internet zone).

Plus
this change will make ours' machine very dangerous.
Click to expand...

Yes, it's very dangerous, and you should reverse the change on those
machines. The fully trusted intranet zone on the other machines is also
potentially dangerous, and it might be a good idea to move to a more
specific policy alteration even on those (e.g.: strong name and/or URL
within local intranet zone).
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

.NET apps not being recognized as being in the Intranet Zone 8
.NET 2.0 apps think they're being run from the Internet, but they'rebeing run from the intranet... 6
VS 2008 compilation/running over a network 2
Problem running app from network share 4
Deploying application (.NET 2.0) to intranet 2
.NET Security 7
Adjust code access security rights programmaticly or through script? 1
Security permissions for .NET v2.0 1

Top