|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
deploying security policy in AD (caspol?)I got an .NET app, got it signed with a strong name, and now would like
to give this app (better, every app signed with this strong name) full rights in my entire network. So I am looking for a way to set once, on my windows server 2003, full rights for all apps signed with this special strong name. Well, there is an 'enterprise' setting on caspol, but I can't get this setting propagated on the AD network. I thought this should be a common problem, but I can't find no solution other then making a batch and starting it on every comp more or less by hand (since only admins can set machine or enterprise rights logon scripts could only be used for user rights). Any ideas? Sam Create an account, add to domain admins, run the application under that
account. Woo Hoo!!! Just be sure nobody can get that app or you are in deep doo doo!!! -- Show quoteGregory A. Beamer MVP; MCP: +I, SE, SD, DBA *************************** Think Outside the Box! *************************** "Sam Jost" wrote: > I got an .NET app, got it signed with a strong name, and now would like > to give this app (better, every app signed with this strong name) full > rights in my entire network. > > So I am looking for a way to set once, on my windows server 2003, full > rights for all apps signed with this special strong name. > > Well, there is an 'enterprise' setting on caspol, but I can't get this > setting propagated on the AD network. > > I thought this should be a common problem, but I can't find no solution > other then making a batch and starting it on every comp more or less by > hand (since only admins can set machine or enterprise rights logon > scripts could only be used for user rights). > > Any ideas? > Sam > > Would deploying as a startup script (which runs under the system account,
not a user account) work for you, or are reboots too infrequent? Show quote "Sam Jost" <radeldu***@gmail.com> wrote in message news:1140635245.712606.154340@g44g2000cwa.googlegroups.com... >I got an .NET app, got it signed with a strong name, and now would like > to give this app (better, every app signed with this strong name) full > rights in my entire network. > > So I am looking for a way to set once, on my windows server 2003, full > rights for all apps signed with this special strong name. > > Well, there is an 'enterprise' setting on caspol, but I can't get this > setting propagated on the AD network. > > I thought this should be a common problem, but I can't find no solution > other then making a batch and starting it on every comp more or less by > hand (since only admins can set machine or enterprise rights logon > scripts could only be used for user rights). > > Any ideas? > Sam > Nicole Calinoiu schrieb:
> Would deploying as a startup script (which runs under the system account, That would do nicely - do you have some link to information where to> not a user account) work for you, or are reboots too infrequent? edit the startup script? Thanks, Sam Show quote > "Sam Jost" <radeldu***@gmail.com> wrote in message > news:1140635245.712606.154340@g44g2000cwa.googlegroups.com... > >I got an .NET app, got it signed with a strong name, and now would like > > to give this app (better, every app signed with this strong name) full > > rights in my entire network. > > > > So I am looking for a way to set once, on my windows server 2003, full > > rights for all apps signed with this special strong name. > > > > Well, there is an 'enterprise' setting on caspol, but I can't get this > > setting propagated on the AD network. > > > > I thought this should be a common problem, but I can't find no solution > > other then making a batch and starting it on every comp more or less by > > hand (since only admins can set machine or enterprise rights logon > > scripts could only be used for user rights). > > > > Any ideas? > > Sam > > It's under the Computer Configuration\Windows Settings\Scripts node in the
GPO editor. In case you're unfamiliar with its use, you can access the GPO editor by running mmc.exe then adding an instance of the "Group Policy Object Editor" snap-in associated with the machine or domain scope you wish to target. Show quote "Sam Jost" <radeldu***@gmail.com> wrote in message news:1140769413.652317.201540@p10g2000cwp.googlegroups.com... > > Nicole Calinoiu schrieb: > >> Would deploying as a startup script (which runs under the system account, >> not a user account) work for you, or are reboots too infrequent? > > That would do nicely - do you have some link to information where to > edit the startup script? > > Thanks, > Sam > >> "Sam Jost" <radeldu***@gmail.com> wrote in message >> news:1140635245.712606.154340@g44g2000cwa.googlegroups.com... >> >I got an .NET app, got it signed with a strong name, and now would like >> > to give this app (better, every app signed with this strong name) full >> > rights in my entire network. >> > >> > So I am looking for a way to set once, on my windows server 2003, full >> > rights for all apps signed with this special strong name. >> > >> > Well, there is an 'enterprise' setting on caspol, but I can't get this >> > setting propagated on the AD network. >> > >> > I thought this should be a common problem, but I can't find no solution >> > other then making a batch and starting it on every comp more or less by >> > hand (since only admins can set machine or enterprise rights logon >> > scripts could only be used for user rights). >> > >> > Any ideas? >> > Sam >> > >  |
|||||||||||||||||||||||
Other interesting topics