Security Policy Levels

Important noteImportant

In the .NET Framework versionĀ 4, the common language runtime (CLR) is moving away from providing security policy for computers. Microsoft is recommending the use of Windows Software Restriction Policies as a replacement for CLR security policy. The information in this topic applies to the .NET Framework version 3.5 and earlier; it does not apply to version 4.0 and later. For more information about this and other changes, see Security Changes in the .NET Framework 4.

Four security policy levels are provided by the .NET Framework to compute the permission grant of an assembly or application domain. Each level contains its own hierarchy of code groups and permission sets. The runtime intersects the permission sets granted to an assembly from each level when computing the allowed permission set. The resulting grant is the sum of permissions allowed by all participating levels in a policy grant.

The following table describes the four security policy levels provided by .NET Framework security.

Policy type

Specified by

Applies to

Enterprise policy

Administrator

All managed code in an enterprise setting where an enterprise configuration file is distributed.

Machine policy

Administrator

All managed code on the computer.

User policy

Administrator or user

Code in all the processes associated with the current operating system user when the common language runtime starts.

Application domain policy

Application domain host code

Managed code in the host's application domain.

The policy levels are a hierarchy, with enterprise policy on top, machine policy below that, user policy below that, and application domain policy on the bottom. The runtime starts at the top of the hierarchy and works its way down when computing permission grants. Lower policy levels cannot increase permissions granted at a higher levels; however, lower policy levels can decrease permissions. By default, user and application domain policies are less restrictive than machine and enterprise policy. The majority of the default policy exists on the machine level. For more information about default security settings, see Default Security Policy.

When granting permissions to assemblies, the runtime considers the requirements of all existing policies (enterprise, machine, user, and application domain), together with the assembly's requested permissions.

When granting permissions to application domains, the runtime uses the enterprise, machine, and user policies.

See Also

Concepts

Permission Grants

Default Security Policy

Other Resources

Security Policy Management