Administering Security Policy

Administrators can configure security policy so that individual sites and publishers have more or fewer permissions than default policy allows. For example, an administrator can specify that all code downloaded from the Web site of a trusted business partner has the set of all permissions. The same administrator might specify that all other code from the Internet be given a more restricted set of permissions, such as limited access to isolated storage and to the use of safer user interface functionality.

To view or modify security policy, you must be granted the administrative access SecurityPermission. Understanding the common language runtime's security policy model will help you administer security policy effectively.

You can use the .NET Framework Configuration tool or the Code Access Security Policy tool to administer security policy for the enterprise, machine, or user levels. These tools support the following tasks:

  • Viewing policy, code groups, or permission sets.

  • Creating, modifying, and removing named permission sets.

  • Adding, modifying, and deleting code groups.

  • Assigning permissions and attributes to code groups.

  • Analyzing security settings on assemblies.

  • Undoing policy changes.

See Also

Concepts

Security Policy Model

Reference

Code Access Security Policy Tool (Caspol.exe)

.NET Framework Configuration Tool (Mscorcfg.msc)

Other Resources

Security Policy Best Practices

Security Policy Management