Looks like it is something that says "allow this .Net assembly to run from this site". I'd read it as being comparable to run a java app from a specific site.
The important thing is that it looks like a modified caspol command line would let you remove the permission the command below grants. DAMIEN SOLODOW Systems Engineer 317.447.6033 (office) 317.217.6851 (fax) HARRISON COLLEGE -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, October 19, 2010 4:39 PM To: NT System Admin Issues Subject: CASPOL docs for sysadmins? Hi list, I've got a vendor who wants me to do this: caspol.exe -m -q -ag 1. -site "meters.example.com" FullTrust -name FMAuditWebAudit and then go to some web site, to run their managed print audit thingy. Can anyone tell me what that means, from a practical security standpoint? If it means "really bad idea" (e.g., the moral equivalent of running as admin), is there a more reasonable alternative? I've done a Google, and found plenty of hits, but most of it seems to be written for programmers. It talks about publishing applications, and signing code, etc., etc., none of which I'm involved with. It all seems to assume I'm the one designing the program, so I know exactly what it needs to do, and I have all the details on things like what "code groups" and "strong names" have been assigned. We all know we can't trust programmers to give us security advice. If I did everything programmers told me to do, every user account on our network would be a member of "Domain Admins". I'm willing to R a FM if someone can point me at one that's useful for this situation. advTHANKSance! -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
