Hello all, I have a query around using caspol.exe for an App-V sequence.

I have a .Net application being virtualised that requires .Net security to be set for a URL using a command like the following

caspol -machine -q -addgroup All_Code -url //server/share/* FullTrust -name Name"

As .Net is on the base machine build, I assume that this command cant be captured within a sequence and would need to be run during a pre-launch script - is this correct?

I have tried running this as a pre-launch script, but as a normal user this reports access denied as users dont have rights to modify machine policy.

Is the only way to get round this issue to change the policy level to user from machine as shown?

caspol -user -q -addgroup All_Code -url //server/share/* FullTrust -name Name"

Appreciate your help.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

1
If you are using SCCM you could add another package as a dependency that runs caspol but otherwise I would suggest using group policy to deliver the script.
Answered 03/31/2011 by: kkaminsk
Ninth Degree Black Belt

Please log in to comment
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Hi kkaminsk thanks for the suggestion.

I think thats what I will do - chain the App-V package to a script running caspol in SCCM, so it has the required permissions.

I've tested the caspol with user security (caspol -user), however this doesnt appear to set the requried .Net permissions. So I cant use this approach as a pre-launch script, which is a shame.

It appears as though the application requires machine level permissions, otherwise it crashes.

Thanks again.
Answered 04/03/2011 by: carlosg
Senior Yellow Belt

Please log in to comment
0
Hello kkaminsk,

... read your advise, but how do I make a dependency in SCCM?
Could you explain?

Thank you

ORIGINAL: kkaminsk

If you are using SCCM you could add another package as a dependency that runs caspol but otherwise I would suggest using group policy to deliver the script.
Answered 08/03/2011 by: msenn
Orange Belt

Please log in to comment
0
you can create an msi package for the .net security running caspol with a custom action ( this will be your dependency package)
hope this helps
Answered 09/07/2011 by: cygan
Fifth Degree Brown Belt

Please log in to comment
Answer this question or Comment on this question for clarity