* HaySeed wrote, On 16-9-2009 18:30:
I am deploying a .NET application with ClickOnce. I am running into issues in
large companies that do not give administrative rights to the desktop. Is
there a way to give the desktop permission to update from a specific trusted
site without granting adminidtrative rights?
If you sign your application with a valid Code Signing Cert, you can
talk to these companies to add your certificate to the list of trusted
parties. Once installed your application will run in Full Trust Mode.
Keep in mind that CAS Trust levels and Windows user levels are two
separate layers of security. If the user is a normal user, an
application he's running can still be granted full trust. in that case
the app can do everything a normal user can do. But it still cannot do
tasks that require administrative access.
In the same manner, a user with Administrative access to a machine can
still run an application in Partial Trust mode. The application cannot
access the resources the user can, but is limited to the stuff that is
configured in the CAS policy, even though the user has full access to
said machine.
