CasPol (Code Access Security) Tool can be used in many ways to make the code Secure.  Some of the common tasks are listed in this article.


Granting Assembly Request (Full Trust)  Caspol –addfulltrust assemblyname.exe


For example to grant the C:\Program Files\Personal\MyAssebmly.exe assembly full name we should run the following command.


Caspol –addfulltrust “c:\Program Files\Personal\MyAssembly.exe”


Add a Code Group to Machine Policy  Caspol –machine  -addgroup Parent_Code_Group Membership_Conditions_Permission_Set – name “Group Name”


For example top add a code group named My_Code_Group to the Machine Policy levels All_Code  group, using a URL of http://devserver\devshare\ which  grants Local Intranet permissions, you would run the following command with administrative privileges:


Caspol –machine –addgroup All_code –url \\devserver\devshare\* LocalIntranet –name “My_code_Group”


Adding a Code group to user policy Caspol –user –addgroup Parent_Code_Group Membership_Condition Permission_Set –name “Group_Name”


Similarly, to add a code group named User_code_Group to the user policy levels All_code group, using a site of which grants FullTrust  permissions you would run the following command:


Caspol –user –addgroup All_Code –site FullTrust –name “User_Code_Group”


Zone Security Adjustment for Machine Policy  Caspol –chggroup Code_Group Permission_Set


Consider the following example, to change the Machine My_Computer_Access security policy to use the Intranet permission set, run the following command with administrative privileges execute the following command


Caspol – chggroup My_Computer_Access LocalIntranet


Resetting Machine Level Policy


Caspol -recover


Happy Coding !!!

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.