RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
Back to the top
When a web application that has a control embedded in it; in order to instantiate the control the .Net Runtime Security needs to be configured on the client machine to allow fulltrust for the control to be loaded. One method to achieve this is to re-direct the client to a page that has a link to download a .vbs file locally that will execute on the client machine and make this configuration change without having the user interact with the .Net Framework Configuration tool. The execution sets up a code group for the control (with a membership condition : Site, permission set : Full Trust and the site name corresponding to the server where the .vbs file was downloaded from) and then adds the codegroup to the security policy.
Back to the top
In Windows XP environment - the downloaded .vbs file can be executed which sets runtime security settings correctly without user interaction.
But In Windows Vista - the .vbs file will NOT execute - even if the user logged in is part of the administrators group. One work around is to :
1. Save the file locally ,
2. Execute the vbs file  in command line which is opened to run as administrator .Â
3. This is be design of Vista security where any system changes need to be explicitly run as administrator.
Back to the top
The reason the control cannot instantiate is because .Net security policy prevents code downloaded from the Internet from running with fulltrust. The user must enable the code to run on the local machine via the caspol.exe command line or the .Net Framework configuration wizard. The vbs script is used to minimized user interaction.
In order to run caspol on Vista machine the script needs to run in an administrator command prompt. This is a security feature in Vista so the script needs to run with explicit elevated administrator trust.
   Â
Back to the top
The script below shows how such a vbs file should look like and also how the verb "runas" can be passed to either the ShellExecute API or to its COM equivalent, the ShellExecute method of Shell.Application, will prompt for elevation for administrator login to enable elevated trust for the script to run.
Follow the instructions given below:Â
1.Create a new .vbs file using a text editor.
2.Copy the following sample code.Â
 Â
  Set obj = CreateObject("Shell.Application")
  strCasPolExe = objShell.ExpandEnvironmentStrings("%windir%\Microsoft.NET\Framework\v" + strVer + "\caspol.exe")
  strCommandLine = <"command to be passed to run ">
 obj.ShellExecute strCasPolExe, strCommandLine, "", "runas", 0
3.Save the .vbs file.
4.Double Click the .vbs file to run it.Â
This will run the CASPOL with administrative privilege.
Back to the top
There is one other way to  configure .net runtime policy on clients machine, by  creating an msi and adding custom action to it using Orca tool.
How to create a Windows Installer package that uses the Code Access Security Policy tool in Visual Studio 2005
http://kbalertz.com/Feedback.aspx?kbNumber=931867 (http://kbalertz.com/Feedback.aspx?kbNumber=931867)More info on Code Access Security
http://msdn2.microsoft.com/en-us/library/930b76w0(VS.71).aspx (http://msdn2.microsoft.com/en-us/library/930b76w0(VS.71).aspx)Back to the top
MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALSâ€) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.
Back to the top