By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,346 Members | 2,318 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,346 IT Pros & Developers. It's quick & easy.

.Net security for shared network driver

P: n/a
Hi All:
Yesterday, we released our first .NET window based program on company’s
network. In order to make our .NET program run correctly from a shared
network driver, we also installed a security package on each desktop to make
each desktop to trust mapped network driver. In the security package, we
choose the Zone code group; within in the Zone we made Local Intranet
FullTrust. The program is running properly for ninety percent of users.
Except users their network mapping are using IP address. After we modified
the Zone from Local Intranet to Internet FullTrust. Those IP mapping users
are start working correctly now. My question here why there is difference
between mapping network share using machine name and using IP address. Plus
this change will make ours’ machine very dangerous.

DK
Nov 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
"da*******@opco.com" <da*************@discussions.microsoft.com> wrote in
message news:BC**********************************@microsof t.com...
Hi All:
Yesterday, we released our first .NET window based program on company's
network. In order to make our .NET program run correctly from a shared
network driver, we also installed a security package on each desktop to
make
each desktop to trust mapped network driver. In the security package, we
choose the Zone code group; within in the Zone we made Local Intranet
FullTrust. The program is running properly for ninety percent of users.
Except users their network mapping are using IP address. After we modified
the Zone from Local Intranet to Internet FullTrust. Those IP mapping users
are start working correctly now. My question here why there is difference
between mapping network share using machine name and using IP address.
The intranet vs internet distinction is made largely based on the host name.
If it has any dots (.), it is assumed to fall in the internet zone. Since
the IP addresses include dots, they're being evaluated as falling in the
internet zone. Unless you can remap the share on these machines to use the
machine name rather than its IP address, you should definitely choose a more
restrictive policy change (e.g.: based on URL rather than the entire
internet zone).

Plus
this change will make ours' machine very dangerous.
Yes, it's very dangerous, and you should reverse the change on those
machines. The fully trusted intranet zone on the other machines is also
potentially dangerous, and it might be a good idea to move to a more
specific policy alteration even on those (e.g.: strong name and/or URL
within local intranet zone).

DK

Nov 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.