Modeling Policy Changes Using Open and New

Previous page
Table of content
Next page
for RuBoard

Modeling Policy Changes Using Open and New

By default, your wizard actions and policy tree changes will apply to the security policy of the machine on which you are running the tool. This gives you immediate administrative access to the security configuration of this machine. However, you may not always want to directly modify the security policy applying to the computer from which you are using the tool. The following are some scenarios in which it may be advantageous to be able to modify or open security policy levels that do not directly apply to your administrative machine:

  • You are about to make a very risky or pervasive security policy change and want to try it out without risking the security of your administration machine.

  • You want to create a policy level to be deployed (see the "Deploying Security Policy" section later in this chapter) to other machines on the enterprise network. The policy you craft, however, is not applicable to your machine.

  • You have made a backup copy of security policy configuration files prior to a set of policy changes you have made. You'd like to browse through that earlier state of policies to either debug current policy issues or simply to review how you solved some administrative task before.

  • A user has unexpected security policy issues, security exceptions are triggered for an application that should run, or an application seems to access protected resources while security policy was intended to stop it from accessing protected resources. You can have the policy configuration files of the user sent to you and browse through them to find out what the policy issue may be.

The tool includes two features that help you experiment with security policy without actually having to change the security policy that applies to your machine.

By right-clicking the Runtime Security Policy node, you can either access the New or Open features.

Creating a New Policy Level

The New option lets you create a policy level in its default security policy state. You can choose either of the three administrable policy levels (see Figure 18.26), as well as a filename and path to which the policy configuration file should be stored.

Figure 18.26. Creating a default policy level for modeling purposes.

graphics/18fig26.jpg

All administrative features introduced in this chapter are at your disposal to modify this policy level.

You can use the Evaluate Assembly Wizard to test the effect that policy changes you made in that level have on a specific assembly or set of assemblies. You can also use this feature as a starting point for building a policy level that you will then deploy more widely (see "Deploying Security Policy," later in this chapter).

Opening a Policy Level Configuration File

Using the Open feature, you can open a policy level configuration file without changing the security policy state that applies to the machine on which you run the tool.

After selecting the Open option on the Runtime Security Policy node, you will encounter the wizard page shown in Figure 18.27.

Figure 18.27. Opening a policy level that does not affect the security policy of the machine on which the tool is run.

graphics/18fig27.jpg

You will need to select the policy level the configuration file will be loaded to. Subsequently, you either type in or browse to the configuration file you want to load.

This will load in a policy level from the selected configuration file to the policy level you have selected without any impact to the security policy for the machine from which you run the tool. All wizards and policy tree change features are at your disposal to further modify the loaded policy level. All changes to that policy level will be persisted into the selected file.

TIP

Because any modifications to an opened policy level are immediately persisted back to the selected configuration, you may want to make a back-up copy of the original policy level file if you see the need to return to that original state at some point.


Reverting Back to the Security Policy Levels That Apply to the Machine on Which the Tool Runs

After browsing or experimenting with policy levels that do not change the security state of the machine, you may want to again return to administering the policy levels that actually apply to the machine on which you are running the tool. To do so, simply choose the Open Default Policy Level for Selected Level option on the Open feature (see Figure 18.27). This will revert the tool back to administering the selected policy level that applies to the machine on which you are working.

for RuBoard

Previous page
Table of content
Next page
. NET Framework Security
.NET Framework Security
ISBN: 067232184X
EAN: 2147483647
Year: 2000
Pages: 235
Authors: Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi Martin, Kevin T. Price
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Project Management JumpStart
Snort Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy