Introduction to the .NET Framework Configuration Tool

Previous page
Table of content
Next page
for RuBoard

The .NET Framework ships with a powerful administrative tool that can be used to change settings for all configurable aspects of the .NET Framework, including security policy. The tool is a Microsoft Management Console (MMC) snap-in and will feel familiar to anybody who has used other Microsoft administrative tools, such as the IIS administration tool.

Availability of the Tool

The full tool described in this chapter ships with the .NET Framework Redistributable and SDK. It will require MMC 1.2 to run.

NOTE

The tool requires MMC (Microsoft Management Console) version 1.2 or higher. If you install the Framework on Windows 95, 98, ME, you may still not find that you have access to the tool. In that case, please download MMC from http://support.microsoft.com/support/mmc/mmcdown.asp.

After you have installed MMC, use the Add Snap-In option under the File menu to add the Microsoft .NET Framework Configuration snap-in.


TIP

To find out whether you have the Microsoft .NET Framework SDK installed, you can do the following:

  1. Click Start.

  2. Click Programs or All Programs (depending on the version of Windows you are running).

  3. Check the list of programs; if you find Microsoft .NET Framework SDK, the SDK has been installed and the administration tool is available on your machine.


If you do not have the right version of MMC installed on your machine, you will not be able to access all administrative features described in this chapter. However, you will still be able to do some administrative changes using the .NET Framework Wizards launcher that ships in all distribution forms of the .NET Framework. The wizard launcher can be used to start the two most common security administration wizardsthe Adjust Security Wizard and the Trust Assembly Wizard. Both wizards will be described later in this chapter.

Starting the Tool

If you have Windows NT, Windows 2000, or Windows XP installed, a shortcut to the .NET Framework Configuration tool was placed in the Administrative Tools directory (see Figure 18.1).

Figure 18.1. Shortcuts to the .NET Framework Configuration tool and .NET Framework Wizards launcher.

graphics/18fig01.jpg

To start the tool, perform the following steps:

For Windows XP (Default control panel view)

  1. Click the Start button.

  2. Select Control Panel.

  3. Select Performance and Maintenance.

  4. Select Administrative Tools.

  5. Choose the Microsoft .NET Framework Configuration shortcut.

For Windows NT, Windows 2000, and Windows XP (classic control panel view)

  1. Click the Start button.

  2. Choose Settings.

  3. Choose the Control Panel.

  4. Choose Administrative Tools.

  5. Choose the Microsoft .NET Framework Configuration shortcut.

For Windows 95/98

  1. Click the Start button.

  2. Choose Programs.

  3. Choose Administrative Tools.

  4. Choose the Microsoft .NET Framework Configuration shortcut.

NOTE

To start the .NET Framework Wizards launcher instead of the tool, simply follow the previous directions, except for the last step; choose the Microsoft .NET Framework Wizards instead.


TIP

If you expect to use the .NET Framework Configuration tool frequently, you should place a copy of the shortcut to it on your desktop.


Overview of the Main Security Administrative Options

After the tool has been started, you will encounter the start screen shown in Figure 18.2.

Figure 18.2. Start up page of the .NET Framework Configuration tool.

graphics/18fig02.jpg

To access the main security administration options, right-click the Runtime Security Policy node in the tree view to the left or single-click the Runtime Security Policy node to get a task pad containing links to the main administrative options (see Figure 18.3).

Figure 18.3. Accessing the main security administration options in the .NET Framework Configuration tool.

graphics/18fig03.jpg

Table 18.1 gives you an overview of the use of these different options, as well as pointers to parts of this chapter or other places in this book that will give you more in-depth explanations of the respective features.

Table 18.1. Overview of the Main Administrative Features of the .NET Framework Configuration Tool
Feature Explanation Recommended Knowledge For Further Explanation
Reset All Resets security policy to default policy state Knowledge of default policy, minimal knowledge of policy model See Chapter 8 for explanation of default policy; see "Resetting Security Policy" later in this chapter
Adjust Security Wizard Used to increase or decrease the level of trust for all code from a particular zone (such as the intranet) Wizard is self contained, no or minimal background knowledge of security policy model required See the " Changing Trust for a Zone Using the Adjust Security Wizard" section later in this chapter
Evaluate Assembly Wizard Used to test what permissions an assembly receives from policy or what code groups apply to it Working knowledge of the security policy model is necessary See Part II, "Code Access Security Fundamentals," for more background information, especially Chapters 6 and 8; also see the "Testing Security Policy Using the Evaluate Assembly Wizard" section later in this chapter
Trust Assembly Wizard Used to increase the level of trust for a particular assembly or all assemblies signed by the same software publisher Wizard is self contained, no or minimal background knowledge of security policy model is required See the "Increasing Trust Just for a Selected Assembly or for All Assemblies Signed by the Same Software Publisher" section later in this chapter
Create Deployment Package Wizard Used to wrap a policy level into an MSI file for further distribution and deployment Good knowledge of the security policy model, depending on deployment method knowledge of Microsoft SMS or Microsoft Group Policy necessary See the " Deploying Security Policy" section later in this chapter
New, Open Options Used to create or open a policy level not applying to current machine, used to do modeling and testing of security policy changes Good knowledge of security policy model See the " Modeling Policy Changes Using Open and New" section later in this chapter

Although only the Adjust Security and Trust Assembly Wizards do not require extensive background knowledge of the security policy model, many common administration scenarios can be solved quickly and safely using either of these wizards.

Overview of the Policy Tree Manipulation Options

Besides the wizards and options already mentioned, the .NET Framework Configuration tool also includes a fully graphical, configurable representation of the security policy model. This enables you to make very fine- tuned and specialized policy changes.

As you will recall from Part II, the security policy model consists of three administrable policy levelsenterprise policy, machine policy, and user policyalso referred to as the security policy tree. If you expand the Runtime Security Policy node, you will find these three policy levels. As you may remember, each policy level consists of a tree of code groups, known permission sets at that policy level, and a list of policy assemblies. Expanding one of the policy level nodes, such as the Machine node, you will find nodes representing exactly these three constituents of a policy level. The list of known permission sets at that policy level can be viewed by expanding the permission sets node. Expanding the code group node allows you to view the code group tree of that policy level. See Figure 18.4 for an example in which the machine policy level has been fully expanded.

Figure 18.4. Policy tree view with the machine policy level fully expanded.

graphics/18fig04.jpg

The right screen, here showing information about the machine policy level, will always show helpful information and a list of tasks available for the selected node in the tree view to the left (single-click a node to select it). Right-clicking any node in the tree view will bring up a menu of all the available options for that specific node. For example, if you right-click the Everything permission set under the Permission set node, you will see a number of options, such as the option to change this permission set or make a copy of it. For a thorough explanation of the various options available and their use, please see the "Manipulating the Security Policy Tree DirectlyBasic Techniques" section later in this chapter.

Exiting the Tool

You can quit the tool without hesitation. All policy manipulations that you have done during your session with the tool have been saved on completion of each action. You will not have to fear any loss of your administrative work, unless the tool is forcefully shut down prior to or during the process of saving an administrative action.

TIP

In the unlikely event that all or part of a policy should ever get corrupted, you always have the option of reverting to the secure default policy by resetting all policy or a specific corrupted policy level. To reset all of security policy, right-click the Runtime Security Policy node and select the Reset All feature. To reset just one policy level, right-click a policy level node, such as Machine, and select the Reset option. For more information, please see the "Resetting Security Policy" section later in this chapter.


for RuBoard

Previous page
Table of content
Next page
. NET Framework Security
.NET Framework Security
ISBN: 067232184X
EAN: 2147483647
Year: 2000
Pages: 235
Authors: Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi Martin, Kevin T. Price
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
MySQL Cookbook
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
File System Forensic Analysis
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy