deploying security policy in AD (caspol?)

[Sam Jost]

I got an .NET app, got it signed with a strong name, and now would like
to give this app (better, every app signed with this strong name) full
rights in my entire network.

So I am looking for a way to set once, on my windows server 2003, full
rights for all apps signed with this special strong name.

Well, there is an 'enterprise' setting on caspol, but I can't get this
setting propagated on the AD network.

I thought this should be a common problem, but I can't find no solution
other then making a batch and starting it on every comp more or less by
hand (since only admins can set machine or enterprise rights logon
scripts could only be used for user rights).

Any ideas?
Sam

 

[Guest]

Create an account, add to domain admins, run the application under that
account. Woo Hoo!!!

Just be sure nobody can get that app or you are in deep doo doo!!!

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************

 

[Nicole Calinoiu]

Would deploying as a startup script (which runs under the system account,
not a user account) work for you, or are reboots too infrequent?

 

[Sam Jost]

Would deploying as a startup script (which runs under the system account,
not a user account) work for you, or are reboots too infrequent?

That would do nicely - do you have some link to information where to
edit the startup script?

Thanks,
Sam

 

[Nicole Calinoiu]

It's under the Computer Configuration\Windows Settings\Scripts node in the
GPO editor. In case you're unfamiliar with its use, you can access the GPO
editor by running mmc.exe then adding an instance of the "Group Policy
Object Editor" snap-in associated with the machine or domain scope you wish
to target.