How to: Change Code Groups Using Caspol.exe
Use the –chggroup option of the Code Access Security Policy tool (Caspol.exe) to change the name, membership condition, permission set, flags, or description of a code group. You can change one, some, or all of these code group attributes.
To change a code group
Type the following command at the command prompt:
caspol [-enterprise|-machine|-user] –chggroup label|name {[mship] [pset_name] [-exclusive {on|off}][-levelfinal {on|off}] [-name name] [-description description_text] }
Specify the policy-level option before the –chggroup option. If you omit the policy-level option, Caspol.exe changes the specified code group in the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.
The syntax and meaning of mship, pset_name, -exclusive, and -levelfinal are the same as for the –addgroup option. For more information about these arguments and options, see How to: Add Code Groups Using Caspol.exe.
The following command changes the membership condition for the code group labeled 1.2.1. to the Internet zone membership condition.
caspol –chggroup 1.2.1. –zone Internet
The following command changes the name of the code group labeled 1.2.1.1. to MyApp_CodeGroup.
caspol –chgroup 1.2.1.1. –name MyApp_CodeGroup
The following command associates the Internet permission set with the code group 1.3. and turns off the -exclusive flag.
caspol –chggroup 1.3. Internet –exclusive off
Caution Changing a code group can have wide repercussions for security. Use this option with caution.
See Also
Reference
Caspol.exe (Code Access Security Policy Tool)
Concepts
Other Resources
Configuring Security Policy Using the Code Access Security Policy Tool (Caspol.exe)