Terminal Server problem

  • Thread starter Thread starter Michael ValeCruz
  • Start date Start date
M

Michael ValeCruz

We have a .NET application compiled as a Windows executable running in a
Client/Server environment. We use CASPOL to setup the LocalIntranet security
to allow our program to run. We have run into two Terminal Servers that
cannot execute our program except when logged in as Administrator. What is
preventing the other terminal Server users from running the application?

I would appreciate any comments please.

Michael ValeCruz
Atlanta
 
Exactly what caspol command(s) are you running, and how is the caspol
execution being launched?
 
where are running it thru calls to createprocess:

%windir%\Microsoft.NET\Framework\v1.1.4322\caspol -pp off
%windir%\Microsoft.NET\Framework\v1.1.4322\caspol -machine -addgroup
LocalIntranet_Zone -strong -file o:\ga\progs\OmniNPad.exe -noname -noversion
FullTrust -name "MMM Code"
%windir%\Microsoft.NET\Framework\v1.1.4322\caspol -pp on

We did not know a way to programmatically accomplish this. On the terminal
Server the install program was executed thru add\remove programs.

Would a server reboot make a difference?
 
Michael ValeCruz said:
where are running it thru calls to createprocess:
Click to expand...

That's not quite what I meant. What triggers all this? (e.g.: one-time
script run manually by an admin, startup script, login script, etc.)

%windir%\Microsoft.NET\Framework\v1.1.4322\caspol -pp off
%windir%\Microsoft.NET\Framework\v1.1.4322\caspol -machine -addgroup
LocalIntranet_Zone -strong -file
o:\ga\progs\OmniNPad.exe -noname -noversion
FullTrust -name "MMM Code"
%windir%\Microsoft.NET\Framework\v1.1.4322\caspol -pp on
Click to expand...

Can you see the new code group in the machine policy when you run
mscorcfg.msc on the problem
machines? If so, could it be that users other than Administrator have
user-level policy settings on these machines that override this full trust
grant?


We did not know a way to programmatically accomplish this.
Click to expand...

There's a way, but it's hardly worth the bother since it's subject to much
the same set of problems as using caspol.

On the terminal
Server the install program was executed thru add\remove programs.
Click to expand...

Does this mean that the caspol run was triggered from the installer?

Would a server reboot make a difference?
Click to expand...

Very, very unlikely.
 
Back
Top