1.3.9 Configure Global .NET Trust Level

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The CAS determines the permissions that are granted to the application on the server. Setting a minimal level of trust that is compatible with the applications will limit the potential harm that a compromised application could cause to a system.

Solution

Trust level can be set by using the UI, running appcmd.exe commands, by editing configuration files directly, or by writing WMI scripts. To set the .Net Trust Level to Medium at the server level using an appcmd.exe command: %systemroot%\system32\inetsrv\appcmd set config /commit:WEBROOT /section:trust /level:Medium Note: When Appcmd.exe is used to configure the element at the global level in IIS 7.0, the /commit:WEBROOT switch must be included so that configuration changes are made to the root web.config file instead of ApplicationHost.config. The machine.config file can contain a location tag to override allowing this to be set at the web.config level. If this is done, web.config files that specify a trust level will cause the site to break. To implement this configuration, add the following to the machine.config file. <location allowOverride='false'>

See Also

https://benchmarks.cisecurity.org/tools2/iis/CIS_Microsoft_IIS_7_Benchmark_v1.7.1.pdf

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6

Plugin: Windows

Control ID: 8910c5f4d9578b959acf56b70fc1e6b27c84aca7fbe4673e35cad7bd6d0d4126