Article ID: 815168
Article Last Modified on 7/8/2005
APPLIES TO
- Microsoft .NET Framework 1.0
- Microsoft .NET Framework 1.1
SUMMARY
This step-by-step article describes how you must back up and restore .NET Framework configuration and security policy files. Security policies define the permissions that are assigned to .NET Framework applications. Configuration files define the environment that is presented to .NET applications. These configuration files affect the system resources that are available to applications. The configuration files also affect the level of administrative credentials that the applications receive. The system administrator must make sure that .NET Framework configuration files are backed up in addition to other critical files. The system administrator must be able to restore these files to recover from a system failure. The .NET Framework stores security policies in XML files. These files are backed up and restored as ordinary files. All these files have a .config file name extension. While several .config files exist on all systems, additional .config files may be created when applications are added or new trust levels are defined.
back to the top
Policy level file locations
The following table lists critical .NET Framework configuration files and their locations.
| File Location | Description |
| \%SystemRoot%\Microsoft .NET\Framework\%VersionNumber%\CONFIG\web_notrust.config | Defines the permissions for applications that run at the None trust level. |
| \%SystemRoot%\Microsoft .NET\Framework\%VersionNumber%\CONFIG\web_lowtrust.config | Defines the permissions for applications that run at the Low trust level. |
| \%SystemRoot%\Microsoft .NET\Framework\%VersionNumber%\CONFIG\web_hightrust.config | Defines the permissions for applications that run at the High trust level. |
| \%SystemRoot%\Microsoft .NET\Framework\%VersionNumber%\CONFIG\Machine.config | Defines .NET Framework configuration information for the local system. |
| \%SystemRoot%\Microsoft .NET\Framework\%VersionNumber%\CONFIG\Enterprisesec.config | This is the Enterprise security policy configuration file, as applied to the local system. |
| \%SystemRoot%\Microsoft .NET\Framework\%VersionNumber%\CONFIG\Security.config | This is the Local computer security policy configuration file. |
| \%UserProfile%\ Application Data\Microsoft\CLR Security Config\%VersionNumber%\Security.Config | This is the User security policy configuration file for Microsoft Windows NT, Microsoft Windows 2000, Microsoft Windows XP, and Microsoft Windows Server 2003. |
| \%SystemRoot%\username\CLR security config\%VersionNumber%\Security.Config | This is the User security policy configuration file for Microsoft Windows 98 and Microsoft Windows millennium edition (ME). |
Note The files that have the extension .cch are dynamically generated and do not have to be backed up or restored. You may find some files that have numbers appended to their .cch extensions. When you try to make backups of these files, you may receive errors because the files are in use. You must not make backups of these files because these files are cache files.
Files that have the extension .old are generated to make rolling back changes easier. These files must be backed up. These files do not affect how a system functions.
back to the top
REFERENCES
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
315736 How to secure an ASP.NET application by using Windows security
315588 How to secure an ASP.NET application using client-side certificates
Keywords: kbhowtomaster kbsecurity kbconfig kbbackup KB815168
