Code Access Security Policy tool (Caspol.exe) can be used to examine and modify Machine, User, and Enterprise level code access security policies. Btw, (just to make sure you are aware) Code access security (CAS) is a security system that allows administrators and developers to control application authorization similar to the way they have always been able to authorize users. With CAS, you can allow one application to read and write to the registry, while restricting access for a different application.
Going back to Caspol, following list provides usage examples for common tasks that you might want to perform with Caspol.
To grant an assembly full trust: Caspol –addfulltrust assemblyname.exe
For example, to grant the C:\Program Files\Mine\Mine.exe assembly full trust,you would run the following command:
Caspol –addfulltrust "C:\Program Files\Mine\Mine.exe"
To add a code group to the Machine policy: Caspol -machine -addgroup Parent_Code_Group Membership_Conditions Permission_Set -name "Group_Name"
For example, to add a code group named My_Code_Group to the Machine policy level’s All_Code group, using a URL of \\devserver\devshare\, which grants LocalIntranet permissions, you would run the following command with administrative
privileges:
Caspol -machine -addgroup All_Code -url \\devserver\devshare\* LocalIntranet -name "My_Code_Group"
To add a code group to the User policy: Caspol -user -addgroup Parent_Code_Group Membership_Condition Permission_Set -name "Group_Name"
Similarly, to add a code group named User_Code_Group to the User policy level’s All_Code group, using a site of www.contoso.com, which grants FullTrust permissions, you would run the following command:
Caspol -user -addgroup All_Code -site www.contoso.com FullTrust -name "User_Code_Group"
To adjust zone security for a Machine policy: Caspol -chggroup Code_GroupPermission_Set
For example, to change the Machine My_Computer_Zone security policy to use the Intranet permission set, run the following command with administrative privileges:
Caspol -chggroup My_Computer_Zone LocalIntranet
To reset policy levels for the Machine policy level:
Caspol -recover
b6f21229-60a0-4c3b-8544-0edc6f8ae52a|0|.0
cas, caspol