The .NET Framework Configuration Tool s Self Protection Mechanism

Previous page
Table of content
Next page
for RuBoard

The .NET Framework Configuration Tool's Self Protection Mechanism

The tool is itself written in managed code. This means that it is subject to security checks within the .NET Framework security system just as any other assembly is. Although the security default policy is designed to give the tool enough trust to run properly irrespective of from where it is started, it is possible to change security policy such that the tool will not receive sufficient permissions to do its job. Consequently, the tool has a self protection mechanism built in that evaluates whether the policy change you are about to make would jeopardize the proper running of the tool during future tool sessions.

NOTE

Security policy changes are always only applied to assemblies that are loaded after the change was made.


Whenever the tool establishes that a policy change would prevent it from running in the future, it will warn you of that fact (see Figure 18.29).

Figure 18.29. The tool warns of policy changes that would undermine its own functioning.

graphics/18fig29.jpg

As long as you don't quit your current tool session, you still have the chance to undo these policy changes or change policy to a state in which the tool would run properly again. When you bring security policy back into a state in which the tool could function fully, a message box will be displayed letting you know that fact. However, if you exit the tool while having persisted a policy state too restrictive for the tool to run, you will not be able to use the GUI tool at a later time to change policy back into a state in which the admin tool runs. In such cases, simply deleting all security policy configuration files by hand is a valid solution to get back to a policy state in which the administrative tool would work. The lack of the presence of a security configuration file for a specific policy level is always interpreted by the security engine as the presence of default policy for that level. As a result, if you delete all security configuration files for all three policy levels, you will set your machine back to the default security policy.

TIP

Deleting the security policy configuration files for the user, machine, and enterprise policy level will reset the machine for the respective user back to the default policy state. The policy configuration files can be found in the following locations:

  • Enterprise-level configuration file ” %WINDIR% \Microsoft.NET\Framework\v[ version ]\Config\Enterprisesec.config

  • Machine-level configuration file ” %WINDIR% \Microsoft.NET\Framework\v[ version ]\Config\security.config

  • User-level configuration file

    Windows NT/2000/XP ” %USERPROFILE% \Application data\Microsoft\CLR security config\v[ version ]\Security.config

    Windows 95/98 ” %WINDIR% \username\CLR security config\v[ version ]\Security.config

Depending on the OS you are running on, %WINDIR% will either be the \Windows or \WINNT directory on your system. The %USERPROFILE% directory stands for your Documents and Settings\ username folder. Note that the Application data folder is a hidden folder.


for RuBoard

Previous page
Table of content
Next page
. NET Framework Security
.NET Framework Security
ISBN: 067232184X
EAN: 2147483647
Year: 2000
Pages: 235
Authors: Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi Martin, Kevin T. Price
BUY ON AMAZON
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Java for RPG Programmers, 2nd Edition
Introduction to 80x86 Assembly Language and Computer Architecture
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Comparing, Designing, and Deploying VPNs
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy