deploying security policy in AD (caspol?)

TheMSsForum.com: The Microsoft Software Forum

I got an .NET app, got it signed with a strong name, and now would like
to give this app (better, every app signed with this strong name) full
rights in my entire network.

So I am looking for a way to set once, on my windows server 2003, full
rights for all apps signed with this special strong name.

Well, there is an 'enterprise' setting on caspol, but I can't get this
setting propagated on the AD network.

I thought this should be a common problem, but I can't find no solution
other then making a batch and starting it on every comp more or less by
hand (since only admins can set machine or enterprise rights logon
scripts could only be used for user rights).

Any ideas?
Sam
Top

RE: deploying security policy in AD (caspol?) by NoSpamMgbworld

NoSpamMgbworld
Wed Feb 22 13:40:14 CST 2006

Create an account, add to domain admins, run the application under that
account. Woo Hoo!!!

Just be sure nobody can get that app or you are in deep doo doo!!!

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************


"Sam Jost" wrote:

> I got an .NET app, got it signed with a strong name, and now would like
> to give this app (better, every app signed with this strong name) full
> rights in my entire network.
>
> So I am looking for a way to set once, on my windows server 2003, full
> rights for all apps signed with this special strong name.
>
> Well, there is an 'enterprise' setting on caspol, but I can't get this
> setting propagated on the AD network.
>
> I thought this should be a common problem, but I can't find no solution
> other then making a batch and starting it on every comp more or less by
> hand (since only admins can set machine or enterprise rights logon
> scripts could only be used for user rights).
>
> Any ideas?
> Sam
>
>
Top

Re: deploying security policy in AD (caspol?) by Nicole

Nicole
Thu Feb 23 07:41:58 CST 2006

Would deploying as a startup script (which runs under the system account,
not a user account) work for you, or are reboots too infrequent?



"Sam Jost" <radeldudel@gmail.com> wrote in message
news:1140635245.712606.154340@g44g2000cwa.googlegroups.com...
>I got an .NET app, got it signed with a strong name, and now would like
> to give this app (better, every app signed with this strong name) full
> rights in my entire network.
>
> So I am looking for a way to set once, on my windows server 2003, full
> rights for all apps signed with this special strong name.
>
> Well, there is an 'enterprise' setting on caspol, but I can't get this
> setting propagated on the AD network.
>
> I thought this should be a common problem, but I can't find no solution
> other then making a batch and starting it on every comp more or less by
> hand (since only admins can set machine or enterprise rights logon
> scripts could only be used for user rights).
>
> Any ideas?
> Sam
>



Top

Re: deploying security policy in AD (caspol?) by Sam

Sam
Fri Feb 24 02:23:33 CST 2006


Nicole Calinoiu schrieb:

> Would deploying as a startup script (which runs under the system account,
> not a user account) work for you, or are reboots too infrequent?

That would do nicely - do you have some link to information where to
edit the startup script?

Thanks,
Sam

> "Sam Jost" <radeldudel@gmail.com> wrote in message
> news:1140635245.712606.154340@g44g2000cwa.googlegroups.com...
> >I got an .NET app, got it signed with a strong name, and now would like
> > to give this app (better, every app signed with this strong name) full
> > rights in my entire network.
> >
> > So I am looking for a way to set once, on my windows server 2003, full
> > rights for all apps signed with this special strong name.
> >
> > Well, there is an 'enterprise' setting on caspol, but I can't get this
> > setting propagated on the AD network.
> >
> > I thought this should be a common problem, but I can't find no solution
> > other then making a batch and starting it on every comp more or less by
> > hand (since only admins can set machine or enterprise rights logon
> > scripts could only be used for user rights).
> >
> > Any ideas?
> > Sam
> >

Top

Re: deploying security policy in AD (caspol?) by Nicole

Nicole
Fri Feb 24 07:24:44 CST 2006

It's under the Computer Configuration\Windows Settings\Scripts node in the
GPO editor. In case you're unfamiliar with its use, you can access the GPO
editor by running mmc.exe then adding an instance of the "Group Policy
Object Editor" snap-in associated with the machine or domain scope you wish
to target.


"Sam Jost" <radeldudel@gmail.com> wrote in message
news:1140769413.652317.201540@p10g2000cwp.googlegroups.com...
>
> Nicole Calinoiu schrieb:
>
>> Would deploying as a startup script (which runs under the system account,
>> not a user account) work for you, or are reboots too infrequent?
>
> That would do nicely - do you have some link to information where to
> edit the startup script?
>
> Thanks,
> Sam
>
>> "Sam Jost" <radeldudel@gmail.com> wrote in message
>> news:1140635245.712606.154340@g44g2000cwa.googlegroups.com...
>> >I got an .NET app, got it signed with a strong name, and now would like
>> > to give this app (better, every app signed with this strong name) full
>> > rights in my entire network.
>> >
>> > So I am looking for a way to set once, on my windows server 2003, full
>> > rights for all apps signed with this special strong name.
>> >
>> > Well, there is an 'enterprise' setting on caspol, but I can't get this
>> > setting propagated on the AD network.
>> >
>> > I thought this should be a common problem, but I can't find no solution
>> > other then making a batch and starting it on every comp more or less by
>> > hand (since only admins can set machine or enterprise rights logon
>> > scripts could only be used for user rights).
>> >
>> > Any ideas?
>> > Sam
>> >
>


Top