When developing, it’s nice to be able to save and run your projects from your corporate network. Network drives are typically backed up, where local hard drives are often not unless you take the time to do it yourself.
As part of it’s code security initiative, the .Net Framework protects us by not allowing us to run code from an “unsafe” location. Unfortunately .Net often sees company networks as locations that are not safe.
It’s easy enough to remedy, with a simple command that no one seems to know about. I finally lucked out and found a brief reference on Chris Sells blog. I’d like to expound on his entry slightly and go into a little detail about what’s going on.
First though, let me give you the command in case you are the type of person who just wants a quick fix:
First, navigate to your c:\windows\microsoft.net\framework\ directory. Now, if you are using .Net 1.1, drop into the v1.1.4322 folder, if you are using .Net 2.0, go into the v2.0.50727 directory. Now execute the command
caspol -q -machine -addgroup 1 -url file://z:/* FullTrust -name “Z Drive”
Make sure to type it in all as one single command, in case your reader has wrapped the line. The two things you need to note are the folder designation, z:/* and the name in quotes “Z Drive”. For the z:/* put the drive letter for the network drive you want to give permissions to. You can also add a folder if you want to narrow it down for security, such as z:/myprojects/* .
Inside the quotes you can put anything you want, I made it easy and named it Z Drive, but you could call it “Projects on Z” or “My Projects” or “Arcane is a wizard at this coding stuff”.
Now for those who are a bit more inquisitive, here’s a breakdown of the command line options.
-q Runs in quiet mode, suppressing all of the normal “are you sure” prompts
-machine The commands will apply to this computer.
-addgroup This adds a new security group to your machine, with the name you enter in quotes.
1 is the parent group under which you are adding, use 1 for the base group on the machine.
-url file: Indicates we are adding a url, in the form of a file spec. Normally caspol expects your adding a website or webservice you want to execute code from, using the file: spec gives us a work around to add a network drive.
FullTrust Again, an obvious entry that sets the security level in addgroup.
-name Obviously the name you want to give to your group. Following the –name place the name in double quotes, such as –name “Z Drive”
After issuing the command, you probably want to verify your new permissions have been set. To do so, use this command:
This will list your security groups, with your newly named group (the name you put in quotes) at the bottom of the list. It should look something like:
1.7. Url – file://z:/*: FullTrust
Finally, if you want to find out more about the access security policy tool, use the command
To display screen after screen of help text.
And that’s how you can set it up so you can run your .Net applications from your company network.