Does a ClickOnce Application deploy to a FDCC locked down computer?

Question

We are looking to publish a ClickOnce application to a large Active Directory network which has to abide by the FDCC (Federal Desktop Core Configuration) which is an OMB-mandated security configuration.

Does anyone have experience with this security configuration and ClickOnce applications? The application requires the ability to read a file the logged in user has access to.

We are also concerned with extra security setting being placed in the future that may stop the ClickOnce application from working.

How robust is the ClickOnce method for deployment when you start to lock down the computer?
What settings must be in place for a ClickOnce to function?

Thank you,
Keith

edit: I am also asking this on stackoverflow since it kind of rides both sides.

score 1 · Accepted Answer · answered May 09 '09 at 04:51

1

This presentation looks to say that VS2005 ClickOnce is not FIPS compliant. It's a little hard to discern, but also maybe hints that VS2008 ClickOnce is. See pages 3 and 4.

One thing in favor is that ClickOnce doesn't require local admin which is a no-no per FDCC. This is an interesting question (+1) as I'm a .NET developer and deploy via ClickOnce quite often. I'll keep looking and thinking on this.

answered May 09 '09 at 04:51

squillman

37,618
10
90
145

Thanks for the link. It looks like click once will work. I'll post what I find out during testing. – Keith Sirmons May 12 '09 at 02:49

paulr · Answer 2 · 2009-05-29T02:24:55.710

0

This FDCC blog post says explicitly that you can retire ActiveX controls and replace them with ClickOnce applications. Sorry, no help for any of your other questions.

edited May 29 '09 at 02:24

answered May 27 '09 at 17:11

paulr

2,083
13
11

Does a ClickOnce Application deploy to a FDCC locked down computer?

2 Answers2