Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

When you install the .NET Framework, this automatically sets a new default security policy, replacing the previous security policy that was in effect. The change in default security policy disallows managed code downloaded from the Internet

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 317399 - Last Review: June 28, 2004 - Revision: 3.0

INFO: .NET Framework Change in Default Machine Level Security Policy

Retired KB ArticleRetired KB Content Disclaimer
View products that this article applies to.
This article was previously published under Q317399

SUMMARY

When you install Microsoft .NET Framework 1.0 Service Pack 1 (SP1), the installation automatically sets a new defult policy that replaces the previous security policy that was in effect. The change in default security policy does not permit managed code that was downloaded from the Internet zone to run (as configured on the Security tab under Internet Options in Microsoft Internet Explorer). Previously, this code was permitted to run with a limited set of permissions roughly analogous to the permissions that script on a Web page would have within the browser. This is the only change. Use the Microsoft .NET Framework Configuration tool (Mscorcfg.msc) to review security policy to ensure that it is appropriate for your situation.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
318836  (http://kbalertz.com/Feedback.aspx?kbNumber=318836/EN-US/ ) INFO: How to Obtain the Latest .NET Framework Service Pack

MORE INFORMATION

If you have configured security policy for the machine level, that policy will be saved before any change is made. To restore security policy to the previous configuration, use the following command: 
caspol -machine -recover
Note that you must recover the previous security policy before you make additional changes to security policy, because only the most recent (previous) security policy information is saved.

If you have already configured enterprise-level or user-level security policy, this change may also affect how security policy works, because policy configurations of all levels intersect to compute the resulting allowable permissions.

If you want to keep your customized machine-level security policy configuration and merge this change for the Internet zone, use the following procedure. Note that if you have already configured the Internet zone, this procedure will override that configuration.

  1. Open the .Net Framework Configuration tool (in Control Panel, double-click Administrative Tools, and then double-click Microsoft .Net Framework Configuration), and then right-click the Runtime Security Policy node.
  2. Select the Adjust Security Wizard.
  3. Accept the Make changes to this computer message, and then click Next.
  4. Select the Internet zone.
  5. Drag the vertical slider to No Trust, and then click Next.
  6. Click Finish to accept the policy change.
To adjust the machine-level common language runtime (CLR) security policy to the previous setting of Internet permission, follow these steps:
  1. Open the .NET Framework Configuration Wizard (in Control panel, double-click Administrative Tools, and then double-click Microsoft .NET Framework Configuration).
  2. Select Adjust zone security.
  3. Click Make changes to this computer to modify the machine-level policy (you must have administrator rights to do this).
  4. Select the Internet zone (on the upper bar).
  5. Drag the vertical slider to Low Trust.
  6. Review the summary of changes, and then click Finish.
This procedure does both of the following:
  • Sets the policy for code in the Internet zone to match the Internet permission setting.

    -and-

  • Applies the policy that grants permission to connect to the same Web site that the code comes from.
APPLIES TO
  • Microsoft .NET Framework 1.0 Service Pack 1
  • Microsoft .NET Framework Class Libraries 1.0
Back to the top
Keywords: 
kbmisctools kbsetup kbsecurity kbconfig kbinfo KB317399
Retired KB ArticleRetired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting