How to: View Code Groups and Permission Sets Using Caspol.exe
Sometimes, unintended security settings apply to an assembly because it mistakenly belongs or does not belong to some code group. Such side effects can occur when code groups are added to or deleted from policy levels. To make it easier to find such problems in the policy levels' code group hierarchies, you can use the Code Access Security Policy tool (Caspol.exe) to list all the code groups an assembly belongs to.
The assembly is granted a set of permissions by each policy level. The effective permission set that the security policy grants to code is determined by the intersection of the permission sets granted by the machine and user policies. You can use Caspol.exe to view the permission set granted to an assembly by a particular policy level. You can also use Caspol.exe to view the permission set that results from the intersection of the permission set granted by the machine and user policies.
To list the code groups an assembly belongs to
Type the following command at the command prompt:
caspol [-enterprise|-machine|-user|-all] –resolvegroup assembly-file
Specify the policy-level option before the –resolvegroup option. If you omit the policy-level option, Caspol.exe shows all policy levels.
The following command lists the code groups that MyAssembly.dll belongs to at the user policy level.
caspol –user –resolvegroup MyAssembly.dll
To list the permission set for an assembly
Type the following command at the command prompt:
caspol [-enterprise|-machine|-user|-all] –resolveperm assembly-file
Specify the policy-level option before the –resolveperm option. If you omit the policy-level option, Caspol.exe shows the intersection of all policy levels.
The following command requests a list of permissions that apply to MyApplication.exe at the user policy level.
caspol –user –resolveperm MyApplication.exe
See Also
Reference
Caspol.exe (Code Access Security Policy Tool)
Concepts
Other Resources
Configuring Security Policy Using the Code Access Security Policy Tool (Caspol.exe)