Password Control – Network Install

This article explains how to configure password control to run from a network share.
Password Control was developed using the .NET Framework 2.0 and is therefore subject to the default security policy that applies full trust to code running on the local computer but not to code running on a network share. Running Password Control from a network share is relatively straightforward, but you will need to configure the security policy to allow Password Control to run.

Server Configuration

  • Install Password Control on the server. 
  • Share the Password Control program folder.
  • Grant read permissions to the share. You will also need to ensure that Password Control users have appropriate NTFS permissions to the program folder.

Client Configuration 

  • Check if the client computer has the “Microsoft .NET Framework 2.0 Configuration” in the “Administrative Tools”. If the tool does not appear in the Administrative Tools menu, please install the .NET Framework 2.0 SDK.
  • Open the “Microsoft .NET Framework 2.0 Configuration” tool. Navigate to “.NET Framework 2.0 Configuration\My Computer\Runtime Security Policy\”
  • At this point you can choose the policy level you want to use. This article will assume you want to modify the machine policy.
  • Expand “Machine\Code Groups\”.  Right click the “All Code” node in the treeview and click “New” · Type a name for the code group and click next.
.NET Framework 2.0 Configuration - Create a new code group

You now need to choose how to identify the .NET application you want to trust. I’d recommend using either a URL or a strong name condition type.

URL: 

  • Select “URL” from the condition drop down.
  • Enter the UNC Path to the Password Control application. E.g. \\servername\PasswordControl.
    Note: You can use the “*” wildcard to trust all subfolders. E.g. \\servername\apps\*
  • Click “Next”
.NET Framework 2.0 Configuration - Create a new code group (condition type)

Strong Name: ·

  • Select “Strong Name” from the condition drop down. 
  • Click the “Import” button. 
  • Select the PasswordControl.exe file from the Password Control program folder on the network share. E.g. \\ServerName\PasswordControl\PasswordControl.exe. ·
  • Click “Next”.
  • You can now select a level of trust to assign. Choose the default “FullTrust” permission set and click “Next”. 
  • Click “Finish”
  • Optional: Create a shortcut to the PasswordControl.exe file.
.NET Framework 2.0 Configuration - Create a new code group (Strong Name condition)

You have now completed the required steps to get Password Control working from the network share. Performing the above steps on multiple client computers would be a bit tedious. Luckily the .NET Framework Configuration Tool allows you to create an MSI installer package to deploy the security settings.

  • Click the “Runtime Security Policy” node.
  • Click the “Create Deployment Package” task. 
.NET Framework 2.0 Configuration - Create MSI file
  • Select the policy level chosen in the previous steps (Machine Policy).
  • Select a folder to store the MSI file.
  • Click Finish.
.NET Framework 2.0 Configuration - Deploy Configuration in an MSI file

You can run the MSI manually on other client computers or use Active Directory to deploy the MSI file.