Enterprise Policy?

[Olav Tollefsen]

In the .NET Framework Configuration tools you have three levels of Runtime
Security Policy: Enterprise, Machine and User.

As I understand modifying the Enterprise policy will NOT affect all machines
/ users in the Enterprise unless you make a .MSI file out of it and then
push that to all your computers.

This leaves me a bit puzzeled. What is realle the difference then between a
Machine Policy distributed to all your computers and an Enterprise Policy
distributed to all the machines?

Olav

[Nicole Calinoiu]

There's essentially no difference at all unless you plan your policy
deployment in such a way as to take advantage of both policy levels. For
example, one approach might be to use the enterprise policy level to
specify the most permissive policy that should ever be allowed on any
machine in the deployment pool, then allow local organizations to further
restrict this via the machine policy level. For example, some machines
might not need to run any managed code off the intranet or internet, so it
might be reasonable to grant no permissions at all to such code on those
machines.



"Olav Tollefsen" <x@y.com> wrote in message
news:OhrZf0NUFHA.1152@tk2msftngp13.phx.gbl...

> In the .NET Framework Configuration tools you have three levels of Runtime
> Security Policy: Enterprise, Machine and User.
>
> As I understand modifying the Enterprise policy will NOT affect all
> machines / users in the Enterprise unless you make a .MSI file out of it
> and then push that to all your computers.
>
> This leaves me a bit puzzeled. What is realle the difference then between
> a Machine Policy distributed to all your computers and an Enterprise
> Policy distributed to all the machines?
>
> Olav
>