| Groups | Blog | Home |
dotnet security : Code Access Security
prevent execution of unauthorized mobile code? I have checked into the .NET configuration tools, but do not see a way to disallow execution for mobile
I am also waiting on that definition, but I believe it is code from outside
the local machine. The app will be on machines which might be hooked up to a network. [quoted text, click to view] "Nicole Calinoiu" wrote:
> What is meant by "unauthorized mobile code" in this context? Any code from > outside the local machine or something else? > > > "Scott" <Scott@discussions.microsoft.com> wrote in message > news:11B4DE7A-714F-4887-9168-18F8A505DAD9@microsoft.com... > >I have been instructed that I have a need to configure the framework to > > prevent execution of unauthorized mobile code? I have checked into the > > .NET > > configuration tools, but do not see a way to disallow execution for mobile > > apps? Any help on where to look would be appreciated. > >
Nicole,
I am installing an application to a group of computers(probably 24 machines). These systems will need to comply with COE requirements, which is another can of worms. The program is launched from a main application, so I am not sure with I have to tackle the mobile code synario, but I guess low man on the totem-pole? Thank you for your time. [quoted text, click to view] "Nicole Calinoiu" wrote:
> How is any given application relevant here? Will it be the only application > running on these machines? If not, why should the destributor of this > application get to dictate the CAS policy for the entire machine? > > > "Scott" <Scott@discussions.microsoft.com> wrote in message > news:D32F0493-6562-4397-946E-5794B533A3A0@microsoft.com... > >I am also waiting on that definition, but I believe it is code from outside > > the local machine. The app will be on machines which might be hooked up > > to a > > network. > > > > "Nicole Calinoiu" wrote: > > > >> What is meant by "unauthorized mobile code" in this context? Any code > >> from > >> outside the local machine or something else? > >> > >> > >> "Scott" <Scott@discussions.microsoft.com> wrote in message > >> news:11B4DE7A-714F-4887-9168-18F8A505DAD9@microsoft.com... > >> >I have been instructed that I have a need to configure the framework to > >> > prevent execution of unauthorized mobile code? I have checked into the > >> > .NET > >> > configuration tools, but do not see a way to disallow execution for > >> > mobile > >> > apps? Any help on where to look would be appreciated. > >> > >> > >> > >
When my app installs' .NET and SP1, we are wanting to restrict any "mobile"
code from running on that machine at all. [quoted text, click to view] "Nicole Calinoiu" wrote:
> Still seems a bit odd to me, so I just want to confirm that I understand the > problem correctly... > > Is the intent to prevent any "mobile" code from running on the machine at > all or merely to prevent such code from calling into your application's > code? > > > > "Scott" <Scott@discussions.microsoft.com> wrote in message > news:CC63F9F4-B034-48EC-A2FE-FC081F09FB50@microsoft.com... > > Nicole, > > I am installing an application to a group of computers(probably 24 > > machines). These systems will need to comply with COE requirements, which > > is > > another can of worms. The program is launched from a main application, so > > I > > am not sure with I have to tackle the mobile code synario, but I guess low > > man on the totem-pole? Thank you for your time. > > > > "Nicole Calinoiu" wrote: > > > >> How is any given application relevant here? Will it be the only > >> application > >> running on these machines? If not, why should the destributor of this > >> application get to dictate the CAS policy for the entire machine? > >> > >> > >> "Scott" <Scott@discussions.microsoft.com> wrote in message > >> news:D32F0493-6562-4397-946E-5794B533A3A0@microsoft.com... > >> >I am also waiting on that definition, but I believe it is code from > >> >outside > >> > the local machine. The app will be on machines which might be hooked > >> > up > >> > to a > >> > network. > >> > > >> > "Nicole Calinoiu" wrote: > >> > > >> >> What is meant by "unauthorized mobile code" in this context? Any code > >> >> from > >> >> outside the local machine or something else? > >> >> > >> >> > >> >> "Scott" <Scott@discussions.microsoft.com> wrote in message > >> >> news:11B4DE7A-714F-4887-9168-18F8A505DAD9@microsoft.com... > >> >> >I have been instructed that I have a need to configure the framework > >> >> >to > >> >> > prevent execution of unauthorized mobile code? I have checked into > >> >> > the > >> >> > .NET > >> >> > configuration tools, but do not see a way to disallow execution for > >> >> > mobile > >> >> > apps? Any help on where to look would be appreciated. > >> >> > >> >> > >> >> > >> > >> > >> > >
What is meant by "unauthorized mobile code" in this context? Any code from
outside the local machine or something else? [quoted text, click to view] "Scott" <Scott@discussions.microsoft.com> wrote in message news:11B4DE7A-714F-4887-9168-18F8A505DAD9@microsoft.com... >I have been instructed that I have a need to configure the framework to > prevent execution of unauthorized mobile code? I have checked into the > .NET > configuration tools, but do not see a way to disallow execution for mobile > apps? Any help on where to look would be appreciated.
How is any given application relevant here? Will it be the only application
running on these machines? If not, why should the destributor of this application get to dictate the CAS policy for the entire machine? [quoted text, click to view] "Scott" <Scott@discussions.microsoft.com> wrote in message news:D32F0493-6562-4397-946E-5794B533A3A0@microsoft.com... >I am also waiting on that definition, but I believe it is code from outside > the local machine. The app will be on machines which might be hooked up > to a > network. > > "Nicole Calinoiu" wrote: > >> What is meant by "unauthorized mobile code" in this context? Any code >> from >> outside the local machine or something else? >> >> >> "Scott" <Scott@discussions.microsoft.com> wrote in message >> news:11B4DE7A-714F-4887-9168-18F8A505DAD9@microsoft.com... >> >I have been instructed that I have a need to configure the framework to >> > prevent execution of unauthorized mobile code? I have checked into the >> > .NET >> > configuration tools, but do not see a way to disallow execution for >> > mobile >> > apps? Any help on where to look would be appreciated. >> >> >>
Still seems a bit odd to me, so I just want to confirm that I understand the
problem correctly... Is the intent to prevent any "mobile" code from running on the machine at all or merely to prevent such code from calling into your application's code? [quoted text, click to view] "Scott" <Scott@discussions.microsoft.com> wrote in message news:CC63F9F4-B034-48EC-A2FE-FC081F09FB50@microsoft.com... > Nicole, > I am installing an application to a group of computers(probably 24 > machines). These systems will need to comply with COE requirements, which > is > another can of worms. The program is launched from a main application, so > I > am not sure with I have to tackle the mobile code synario, but I guess low > man on the totem-pole? Thank you for your time. > > "Nicole Calinoiu" wrote: > >> How is any given application relevant here? Will it be the only >> application >> running on these machines? If not, why should the destributor of this >> application get to dictate the CAS policy for the entire machine? >> >> >> "Scott" <Scott@discussions.microsoft.com> wrote in message >> news:D32F0493-6562-4397-946E-5794B533A3A0@microsoft.com... >> >I am also waiting on that definition, but I believe it is code from >> >outside >> > the local machine. The app will be on machines which might be hooked >> > up >> > to a >> > network. >> > >> > "Nicole Calinoiu" wrote: >> > >> >> What is meant by "unauthorized mobile code" in this context? Any code >> >> from >> >> outside the local machine or something else? >> >> >> >> >> >> "Scott" <Scott@discussions.microsoft.com> wrote in message >> >> news:11B4DE7A-714F-4887-9168-18F8A505DAD9@microsoft.com... >> >> >I have been instructed that I have a need to configure the framework >> >> >to >> >> > prevent execution of unauthorized mobile code? I have checked into >> >> > the >> >> > .NET >> >> > configuration tools, but do not see a way to disallow execution for >> >> > mobile >> >> > apps? Any help on where to look would be appreciated. >> >> >> >> >> >> >> >> >>
OK, then this should be relatively simple. Your best bet is probably to add
modify the CAS enterprise policy so that code outside the "my computer" zone is granted no permissions. Since you're using an installer already, distributing the new policy via an MSI would probably be the best bet. Here are some steps to follow for preparing the MSI: 1. Create a backup of your current enterprise policy level file (<windows>\Microsoft.NET\Framework\v1.1.4322\CONFIG\enterprisesec.config). 2. Launch the "Microsoft .NET Framework 1.1 Configuration" MMC from under the administrative tools group on your Windows start menu. (You must run this tool as an admin in order to modify the enterprise policy level.) 3. Once the MMC has loaded, expand to the following node in the treeview: My Computer\Runtime Security Policy\Enterprise\Code Groups\All_Code. 4. Create a new group under the All_Code node using the following configuration: Name: My_Computer_Zone Condition type: Zone Zone: My Computer Permission set: FullTrust 5. Modify the All_Code parent group to use the Nothing permission set. 6. Test the new configuration by attempting to run a .NET test app from a hard drive on your machine (should run OK) and a shared drive on the network (a PolicyException should be thrown). 7. Back in the configuration MMC, right-click the My Computer\Runtime Security Policy node and select the "Create deployment package..." option to initiate creation of an MSI package. When offered a choice of policy level, select the enterprise level. You'll end up with an MSI package that can be installed either as part of your application's installation sequence, as a group policy object (if you're running a Windows domain), or any other means that you might find to be convenient. HTH, Nicole [quoted text, click to view] "Scott" <Scott@discussions.microsoft.com> wrote in message news:BD302B03-4D01-490E-81CB-4CB429279055@microsoft.com... > When my app installs' .NET and SP1, we are wanting to restrict any > "mobile" > code from running on that machine at all. > > "Nicole Calinoiu" wrote: > >> Still seems a bit odd to me, so I just want to confirm that I understand >> the >> problem correctly... >> >> Is the intent to prevent any "mobile" code from running on the machine at >> all or merely to prevent such code from calling into your application's >> code? >> >> >> >> "Scott" <Scott@discussions.microsoft.com> wrote in message >> news:CC63F9F4-B034-48EC-A2FE-FC081F09FB50@microsoft.com... >> > Nicole, >> > I am installing an application to a group of computers(probably 24 >> > machines). These systems will need to comply with COE requirements, >> > which >> > is >> > another can of worms. The program is launched from a main application, >> > so >> > I >> > am not sure with I have to tackle the mobile code synario, but I guess >> > low >> > man on the totem-pole? Thank you for your time. >> > >> > "Nicole Calinoiu" wrote: >> > >> >> How is any given application relevant here? Will it be the only >> >> application >> >> running on these machines? If not, why should the destributor of this >> >> application get to dictate the CAS policy for the entire machine? >> >> >> >> >> >> "Scott" <Scott@discussions.microsoft.com> wrote in message >> >> news:D32F0493-6562-4397-946E-5794B533A3A0@microsoft.com... >> >> >I am also waiting on that definition, but I believe it is code from >> >> >outside >> >> > the local machine. The app will be on machines which might be >> >> > hooked >> >> > up >> >> > to a >> >> > network. >> >> > >> >> > "Nicole Calinoiu" wrote: >> >> > >> >> >> What is meant by "unauthorized mobile code" in this context? Any >> >> >> code >> >> >> from >> >> >> outside the local machine or something else? >> >> >> >> >> >> >> >> >> "Scott" <Scott@discussions.microsoft.com> wrote in message >> >> >> news:11B4DE7A-714F-4887-9168-18F8A505DAD9@microsoft.com... >> >> >> >I have been instructed that I have a need to configure the >> >> >> >framework >> >> >> >to >> >> >> > prevent execution of unauthorized mobile code? I have checked >> >> >> > into >> >> >> > the >> >> >> > .NET >> >> >> > configuration tools, but do not see a way to disallow execution >> >> >> > for >> >> >> > mobile >> >> >> > apps? Any help on where to look would be appreciated. >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >>
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |