Deploying Security Policy

Previous page
Table of content
Next page
for RuBoard

The security policy state of the .NET Framework is persisted in three policy configuration files, one for each policy level. Per machine, you have one enterprise policy configuration file, a machine policy configuration file, and policy configuration files for each user on the machine.

NOTE

If the security system cannot find the configuration file for a policy level, that policy level will be set to the default policy state. One emergency technique of reverting back to default security policy, if the current policy state is hopelessly tangled, is to delete all policy configuration files.


There is no centralized infrastructure that is queried about the current policy state of an enterprise, and it becomes the administrator's responsibility to roll out the configuration files to client machines.

The tool offers some help in allowing you to quickly deploy security policy level state. The process of deploying security policy consists of two major steps:

  1. Creation of a deployment package

  2. Deployment of the policy using a deployment mechanism as chosen by the administrator

The tool itself offers no features that directly distribute policy, but it offers a wizard that builds the necessary deployment packages for you.

Creating Security Policy Deployment Packages

The tool ships with the Deployment Package Wizard. You can access this Wizard by right-clicking the Runtime Security Policy node. This Wizard lets you create a Windows Installer Package (a .MSI file) for a policy level currently loaded in the tool (see Figure 18.28).

Figure 18.28. Creating a Windows Installer Package from a currently loaded policy level.

graphics/18fig28.jpg

Simply choose which of the policy levels currently represented in the tool you want to wrap up into an installation package.

NOTE

There is no option to wrap multiple policy levels into a single deployment package. If you want to distribute multiple policy levels, you must generate multiple installer packages.


Then simply pick a filename and location to which you want to store the deployment package file. That is the file you will actually deploy to cause policy changes on other machines.

The .MSI file will contain the directory and filename information of the policy configuration file you chose to deploy. Consequently, you do not have to worry about the filenames and directories of security policy files when deploying security policy.

NOTE

If you have multiple versions of the .NET Framework installed on your enterprise and want to deploy security policy for all these versions, you will have to create separate deployment packages for each version, because security policy configuration is versioned.


Deployment Methods

The tool does not itself have infrastructure built in to actually deploy security policy across a network. However, you can use several commonly available deployment and management technologies to deploy your policy .MSI file.

TIP

For more information and details about policy administration and deployment concerning enterprise security administration, see the enterprise policy administration and deployment FAQ at http://msdn.microsoft.com/net/security.


If your network consists of machines running at least Windows 2000, you can use the Microsoft Group Policy editor to deploy security policy to the whole or a subset of your enterprise's intranet. To do so, you simply need to drag and drop the Windows Installer Package you created and drop it onto the group policy node representing the deployment scope of security policy.

NOTE

You will need the right administrative privileges to deploy policy via Group Policy over your intranet. Machine administrative rights on your machine will be insufficient; you must also have administrative rights on your network domain.


Another deployment method you can choose is to use SMS (Systems Management Server). If you have SMS installed on your enterprise, you could simply write a deployment script embedding the MSI file.

Finally, the Windows Installer Packages are self-contained installation units. Double-clicking an MSI file will run the installation script that will install the policy level contained in the package. If need be, you could distribute your deployment packages even via e-mail or floppy disk, although the previously discussed methods are far superior .

for RuBoard

Previous page
Table of content
Next page
. NET Framework Security
.NET Framework Security
ISBN: 067232184X
EAN: 2147483647
Year: 2000
Pages: 235
Authors: Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi Martin, Kevin T. Price
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
Image Processing with LabVIEW and IMAQ Vision
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
VBScript in a Nutshell, 2nd Edition
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy