View Full Version : VB.NET Method

08-01-2007, 04:02 PM
Does anyone have or know of a VB.NET Method to progmatically modify the local security settings to allow for a VB.NET Application to run from a remote share?

I've been doing some reading on the CLR and CAS but have yet to find a clearly defined method.

What I have is an application that I am in the developing that will be deployed to our clients and while the application could be used directly on the workstation, it is not practical as the application needs to run from the server so that the workstations receive the application updates. The second option then is to change the .NET zones using the Microsoft .NET Framework 1.1 Wizards (http://support.microsoft.com/kb/832742/), it's not really practical considering the amount of machines. And since each client is unique in the fact that they are disperate domains, I can't use a policy and even then a policy is not garrunteed to cover all machines. Which is why I am looking for a method to do this progmatically.

Any assistance is greatly appreciated.


08-01-2007, 05:28 PM
While I have experienced the problem you are talking about, I'm not sure on how to solve it. However I have an idea that you might want to look into. I know with .NET you can sign your assemblies which might allow the program to run correctly since it will be "trusted" or whatever. In addition you can set (at least on C# apps) in the project properties the permissions required to run the application.

I don't know if you have look into either of those two areas but it might be worth a try.

08-01-2007, 06:37 PM
I do remember a security section in the project properties, but that appeared to be if you wanted to include a signed certificate. (I'll take another look)

Everything I am finding says that you have to progmatically use the Intranet/Internet Zone limited permissions
using System.Security;
using System.Security.Permissions;
using System.Security.Policy;

// Generated with 'secutil -c -s wahoo.exe'
byte[] publicKey = { 0, 36, ... };

// Find the machine policy level
PolicyLevel machinePolicyLevel = null;
System.Collections.IEnumerator ph = SecurityManager.PolicyHierarchy();

while( ph.MoveNext() ) {
PolicyLevel pl = (PolicyLevel)ph.Current;
if( pl.Label == "Machine" ) {
machinePolicyLevel = pl;

if( machinePolicyLevel == null ) return;

// Create a new code group giving Wahoo! Internet permissions
PermissionSet permSet1 = new NamedPermissionSet("Internet");
StrongNamePublicKeyBlob key = new StrongNamePublicKeyBlob(publicKey);
IMembershipCondition membership1 =
new StrongNameMembershipCondition(key, null, null);

// Create the code group
PolicyStatement policy1 = new PolicyStatement(permSet1);
CodeGroup codeGroup1 = new UnionCodeGroup(membership1, policy1);
codeGroup1.Description = "Internet permissions for Sells Brothers Wahoo!";
codeGroup1.Name = "Sells Brothers Wahoo!";

// Add the code group

// Create a new code group giving all of sellsbrothers.com Execute permission
PermissionSet permSet2 = new NamedPermissionSet("Execution");
IMembershipCondition membership2 =
new SiteMembershipCondition("www.sellsbrothers.com");

// Create the code group
PolicyStatement policy2 = new PolicyStatement(permSet2);
CodeGroup codeGroup2 = new UnionCodeGroup(membership2, policy2);
codeGroup2.Description = "Minimal execute permissions for sellsbrothers.com";
codeGroup2.Name = "sellsbrothers.com minimal execute";

// Add the code group

// Save changes
SecurityManager.SavePolicy();- or -

Build an MSI that will allow you to use the full trusted rights on the computer.

I don't need an MSI for such a simple application that actually runs from the server. And since I am writing to the registry (in case the client is a laptop user, I am caching the applications startup information so that it will continue to run even when the computer is not able to receive updates from the server), I need full trusted rights.

I will continue to search. Thanks for your response oracle.


08-02-2007, 07:13 AM
Well I checked the security settings and they only effect the Permissions of the localhost computer and not the remote. So I still need to devise a method that will allow the application to start from a share on a remote system.

Does anyone else have any ideas?