1

We have a legacy .NET 2.0? ClickOnce application for which developers have been using the caspol.exe tool located at:

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\caspol.exe

To add a group, adding a site in, and giving it full trust to be able to run ClickOnce applications from it. Let me show you an example command from the script they run:

caspol.exe -pp off -m -ag LocalIntranet_Zone -url http://ourserver/* FullTrust -n GroupNamehere

The question I have is, how can I handle this with group policy? This feels messy and if I am not mistaken if it ever gets migrated forward to new .NET versions managing it with caspol.exe is deprecated, correct?

I have been UNABLE to find ANYTHING regarding handling it with GPO and I have searched multiple times, maybe I am blind!

I have tried adding it to Trusted Sites as well as trying the LocalIntranet sites through Internet Explorer -> Internet Control Panel -> Computer & User policy, enabling low security, and giving it enabled on nearly all permissions, still did not work.

Only thing that seems to resolve the issue is using the caspol.exe to adding it as above.

I hope this is the right place for this, thanks.

JustinDev
  • 21
  • 3

1 Answers1

1

I figured out how to do this in our environment (Windows 10):

TO DEPLOY .NET 2.0 SECURITY POLICIES VIA GROUP POLICY

1.) Download .NET 2.0 SDK

https://www.microsoft.com/en-us/download/confirmation.aspx?id=15354

2.) On Windows 10 you will have to use 7zip or equivalent to extract the setup.exe and run the install.exe as administrator.'

3.) After running it you can then configure your code access groups.

4.) Click on the Runtime Security Policy item in the left panel.

5.) Click on Create Deployment Package on the right panel.

6.) Follow the prompts to export an MSI which can then be silently deployed using group policy.

JustinDev
  • 21
  • 3