Jaa


Which Package are the Security Tools In?

When installing the v2.0 .NET redist package, you'll find that the .Net Configuration MMC snap-in is missing.  As of v2.0, we've moved this tool to the SDK package, which you can download here: [x86] [x64] [IA64].

The split of security tools between the redist and SDK is:

Redist:

  • Caspol

SDK:

  • .NET Configuration Snapin
  • CertMgr
  • MakeCert
  • PermCalc
  • PEVerify
  • SN
  • SecUtil
  • SignTool

Incidentally, the CLR team doesn't own CertMgr, MakeCert, or SignTool even though they ship in the SDK.

Comments

  • Anonymous
    February 08, 2006
    GacUtil has also moved from the Redist to the SDK. As a result, there is no way to manage the GAC on a machine without the SDK installed.

  • Anonymous
    February 08, 2006
    Right.  GAC administration is not an end-user scenario.  Applications should be using an installer such as MSI to install their assemblies to the GAC.

    -Shawn

  • Anonymous
    February 08, 2006
    Vous savez, le snap-in MMC de configuration du Framework (mscorcfg.msc pour les intimes) que vous trouviez...

  • Anonymous
    May 18, 2006
    Is there a simple way of installing these on a server without downloading/installing the SDK?

  • Anonymous
    May 23, 2006
    Hi Tyrven,

    The SDK license does not allow for you to distribute the tools outside of the SDK, so you will have to download the entire package.

    -Shawn

  • Anonymous
    June 25, 2006
    Why the security config tool moved from redist to SDK? i have client machines having framework only. now they have to install entire SDK(which comes enormous 350 mb) just for configuring security to access the server.

  • Anonymous
    June 26, 2006
    Every client machine will have the caspol tool, so you can push out a script which automates the process.  You can also create an MSI file with the SDK tool on your machine and push that out to each client machine.

    -Shawn

  • Anonymous
    November 15, 2006
    Well i've been spending the last hour to find a solution to run an application from a network drive using the Framework 2.0 I would like to give the application full rights, which i can manage in the SDK but users i want the application to use simply cannot. How can i work around this without having to install the entire SDK?

  • Anonymous
    December 17, 2006
    Well, the easiest way in v2.0 is to use ClickOnce.  If you're on v1.x or ClickOnce isn't an option, then you can use the SDK MMC snap-in to generate an MSI package out of your security policy, and ship that to end users.  Finally, you could provide them a script that utilizes caspol, which is in the redist, to update your policy settings. -Shawn

  • Anonymous
    February 18, 2007
    how to leave Users to set Admin config task: \serversharerunas.exe /user:axa-assistanceadmin-username "\serversharecaspol -cg 1.2 FullTrust" | \serversharesanur.exe admin-password

  • Anonymous
    March 15, 2007
    The .NET Framework SDK ships with a MMC Snap-In which enables you to, among other things, avoid using

  • Anonymous
    March 15, 2007
    I too think removing the security configuration applet from the redist was  a big mistake.

  • Anonymous
    April 23, 2007
    We already install using a caspol script.  However, we have many hundreds of customers, and when our support team needs to troubleshoot the .NET security config, they cannot! Once again, thanks MS for making my life harder than it should be!