Where is the .net framework wizard?

[Bryan]

Hi,
After installing VS2005 RTM, with .net framework 2.0 I cannot find the
"Microsoft .NET Framework 2.0 Wizards" in administrative tools. Without this
tool it would be pretty hard to have users configure there machines for
proper security!

Please help with this matter, I hope there is a solution that will put it
there.

Thanks,
Bryan

 

[Peter Huang [MSFT]]

Hi

Thanks for your knowledge sharing, so far I think you can use the Config
MMC in the path below to set security.
"C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\mscorcfg.msc"


Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Willy Denoyette [MVP]]

The end-user tool to use is Caspol.exe, the framework wizard (mscorcfg.msc)
comes with the SDK, and is considered a developer tool.

Willy.

 

[Michael Höhne]

Why should an end-user run caspol.exe? If we're talking about the same user
group, they will have no chance in figuring out the correct syntax. It's
much easier to use the standard .NET Framework configuration tool but there
shouldn't be a need to start even this one by an end-user. All necessary
security settings should be part of the setup and I found that using the
appropriate classes in System.Security is much safer than calling
caspol.exe.

Michael

 

[Willy Denoyette [MVP]]

Why should an end-user run caspol.exe? If we're talking about the same
user group, they will have no chance in figuring out the correct syntax.
It's much easier to use the standard .NET Framework configuration tool but
there shouldn't be a need to start even this one by an end-user. All
necessary security settings should be part of the setup and I found that
using the appropriate classes in System.Security is much safer than
calling caspol.exe.

Michael

The GUI based tool is just as complicated to use as caspol for an non
educated user, to the contrary, it gives you the illusion that it's easier
to use than caspol, that's exactly why it was removed from v2.0 and now it's
only included with the SDK.
Caspol.exe is the tool that comes with the runtime, that is why it's called
an end-user tool, and it's meant to be used by an "administrator" .
I agree that you can use System.Security from your setup code, but you can
do exactly the same using caspol.exe without you writing any code, and what
if the security configuration changes lets say due to infrastructure
changes? You ain't gonna write a program, while a simple batch file that
uses caspol can do the same without you writing any code.

Willy.

 

[Michael Höhne]

When using to create new groups in the .NET Framework security configuration
it never realized that a group with the same name already existed. It simply
created a new group with the identical name. And the next step - adding a
trust to the code group - would be placed in the first - already existing
group. Another pitfall is, that caspol.exe is not in the path of your
machine. So simply starting a command shell and entering caspol.exe will not
work. So you will need to look up a registry value to find the path to
caspol.exe. And if you have more than one .NET Framework installed, you will
have a good chance to find one that is nót for the version you expected.

But I totally agree that - whatever approach is used to change the security
settings - it is done by an administrator. In that case (administrator !=
end-user) caspol may be suitable when working at the system console.

Michael

 

[Bryan]

I have a setup that the end users on my intranet need to have data written
to a DB that is locally instaled on their PC from an IE hosted control.

Setting the permissions to "Full" for local intranet was needed.