Securty around .NET setup program

5 May 2005 8:57 PM

eL

Iâ€™d like to use a .NET setup program for deploying my application. Can the
person who uses this setup program to deploy my application setup security
around it to ensure that it doesnâ€™t write to the registry and/or specified
folders?

The problem is my company does not typically allow setup programs to be used
for deployment purposes unless it can ensure that the setup program only does
what is specified. (i.e doesnâ€™t change registry, etc.). I assume an Access
Security Policy can be set to help our deployment team ensure compliance. Is
this possible?

6 May 2005 7:12 AM

Dominick Baier [DevelopMentor]

Hello eL,

normally only admin can run setup programs - because normal user don't have
write access to \Program Files nor HKLM in the registry.

if you want to further lock down the setup, you could run it under a special
user account and use a local security policy to granularly control resource
access.

I guess you are talking about .msi files - which are native code - so e.g.
Code Access Security would not apply.

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

Show quoteHide quote

> I'd like to use a .NET setup program for deploying my application. Can
> the person who uses this setup program to deploy my application setup
> security around it to ensure that it doesn't write to the registry
> and/or specified folders?
>
> The problem is my company does not typically allow setup programs to
> be used for deployment purposes unless it can ensure that the setup
> program only does what is specified. (i.e doesn't change registry,
> etc.). I assume an Access Security Policy can be set to help our
> deployment team ensure compliance. Is this possible?
>