deploying security policy

[Marek]

Hi there, we plan to deploy .net WinForm application using "no-touch" model
(users run WinForm application by clicking on the web-link). Everything runs
nicely but one problem that we try to solve is how to deploy .net security
policy in corporate environment with minimum pain.

I know that administrators can package security policy in "msi" file and
then "push" it to every user using "Active Directory" or Microsoft SMS. The
problem is that less than 20% of all our customers have any of these.

So, is there any other option or options for "pushing" security policy down
to the users that can be applied centrally without ActiveDirectory and SMS ?
Perhaps there are some other tools or ways Microsoft can recommend for doing
this ?

I will appreciate any help, hint or recommendation.

Thank you,
Marek.

 

[Guest]

The msi files generated by the .NET config tools are not that great if you do
not want to overwrite your user's configuration. I tried it and altough the
msi files works, it completely replaces the .net security when you run it.
This is very bad for my uses as i do not want to overwrite our users
configurations.

You should look into the CASPOL utility, i used it to add a code group. Of
course you have to be careful to not add the same group many times.

I use a batch file launched from inside an MSI. The batch file is :
c:
cd %windir%\Microsoft.NET\Framework\v1.1.*
caspol.exe -quiet -machine -addgroup All_Code -url http://appserver/*
FullTrust -name "No touch server"

I still have to use Active Directory to push the MSI to the clients but you
might be able to adapt the .bat to your needs...

If you happen to know how to deploy help files with the no touch deployment,
leave a message in this thread please.

Hope this helps!