The Project Location is Not Trusted Dialog Box

This dialog box appears if you attempt to open or create a client project on a Universal Naming Convention (UNC) path. By default, a UNC path is not a trusted location for a project. Your project might not run correctly when you attempt to debug or run from this location. For more information, see Configuring Security Policy.

The following tools modify the policy affecting the file share:

• .NET Framework Configuration Tool (Mscorcfg.msc)

• Code Access Security Policy Tool (Caspol.exe)

Mscorcfg.msc

One simple way to modify the policy affecting a file share is to give a specific file share FullTrust permission using Mscorcfg.msc. You must be an administrator on the computer to make this change.

To give a file share FullTrust permission

1. Start Mscorcfg.msc.

2. Expand the Runtime Security Policy node, the Machine node, the Code Groups node, and the All_Code node, and then highlight the LocalIntranet_Zone node.

3. In the right pane, click Add a Child Code Group.

4. Choose Create a new code group, enter a name for the code group, and then click Next.

5. Choose a condition type of URL, and enter the UNC path to the share location of your project, using the format file://\\servername\sharename\* where \\servername\sharename is the name of the share. Click Next.

   Note
   Make sure to add the asterisk at the end of the path.

6. Choose Use existing permission set and select FullTrust, and then click Next.

7. Click Finish.

8. Restart Visual Studio.

Caspol.exe

Using caspol.exe to accomplish this change, you would use the following command line (you must be an administrator on the computer to make this change.):

caspol -m -ag 1.2 -url urlname FullTrust

See Also

Other Resources

Configuring Security Policy

MrFrankieG's solution for VS 2010 works

Just to let others know, if you're using Visual Studio 2010 you can use MrFrankieG's solution to fix this.

I'm out!

Tried all documented solutions, as well as those suggested by community members.  The code is on a drive mapped to a machine three feet away, so it's not as complicated as other issues.

I've got a bottom line to worry about instead of messing with useless security that keeps the good guys out and lets bad guys in.  The solution for me (if you'll pardon the pun) is to move over to an open source platform.  I expect to have all my client projects ported over to PHP and/or perl by the end of the week.

Visual Studio 2010

VS 2010 uses IE security zones. 

Therefore if you have your source code sitting on a network share mapped to a drive letter (or through UNC) then add that to the Local Intranet Zone.  For example lets say you have your source code on p: drive.  Open IE, got to Tools -> Internet Options -> Security Tab.  Click on Local Intranet; then the Sites button.  Click the Advanced button then add the network drive (in our example this would be "file://p:" without the quotes)  when you do this it will more than likely resolve to the name of the file server which is expected. Click OK button all the way back. Open your project and the message should now be gone.

Doesn't seem to work

Tried with .NET Framework 2.0 Configuration (equivalent to mscorcfg.msc, I believe). Did not work. I am an admin on my machine.

Why is this so difficult ?

Why is this so bloody difficult ? hunting around for proper caspol version, command line syntax and running through forums trying to figure out what to do ?

Why not add a button or checkmark on the "Project location not trusted" dialog box
called "Trust this location"

Microsoft wrote the OS, Framework, Visual Studio and the security around all the components.   You have everything you need to make this easier rather than have users jump through hoops even BEFORE we start to write code.

Remember to configure the 32-bit framework on a 64-bit machine

When using caspol on a 64-bit machine, you have to run the command mentioned in the article from both the Framework folder and the Framework64 folder. A separate CAS policy is maintained for the 32-bit and 64-bit frameworks. $0$0 $0

How do you get the Framework SDK?

this hasn't been a problem for me previously, but I'm currently running Win 7 64 bit and when I try and install any of the Framework SDK's I get the error that the installer is not a valid win32 application, and so I don't have access to mscorcfg or caspol.  Any suggestions?

Using file://.host/Shared Folders under VMWARE from Visual Studio

See http://www.gnegg.ch/2008/04/vmware-shared-folders-and-visual-studio/
for information on getting around problems trying to use Visual Studio in a VM (VM Fusion under MACOS) accessing the files using \\.host\Shared Folders\userfiles

Seems Microsoft treats the UNC name \\.host as an INTERNET reference and not a INTRANET reference.

Furthermore, Visual Studio will not PARSE \\.host because of the '.'; you need to use another drive name or share the folders using a different UNC name.

How I wish the world could adopt consistent rules for UNCs

Caspol urlname

When using Caspol, caspol -m -ag 1.2 -url urlname FullTrust, I got errors on the urlname because my path had spaces, when I tried again substituting %20 for any space, it worked.

for C:\Users\Owner\Documents\Visual Studio 2008

use C:\Users\Owner\Documents\Visual%20Studio%202008

-- Or you could enclose the string in double quotes:
-- caspol -m -ag 1.2 -url "C:\Users\Owner\Documents\Visual Studio 2008" FullTrust

Unzip instead of copying from the files out of the folder (Win7)

I came across this issue with a zipped set of files. Originally, I copy-pasted the files/directories out of the Win7 explorer window which is what opens by default if you double-click the zip file in Outlook. Instead, what I needed to do for this to work was:
1. Copy the zip file to my directory
2. Rt-click and select Unzip.

Using Sysinternals Streams Utility

I was able to use the Sysinternals streams utility to fix this problem. The syntax is...

c:\SysInternalsSuite\streams.exe -s -d filepath

This deletes the entire file stream.

RE: Trust issues may be cause by ZIP files

The issue is the unzipped data needs to be removed from the untrusted zone.

Sysinternals has a utility called streams.exe to remove the untrusted zone recursively.

http://intellects.in/2008/11/06/utility-to-recursively-unblock-files-downloaded-from-internet/

This stuff saddens me...

I love .net but this kind of ill-conceived security system will kill .net desktop applications on windows pretty soon. The hackers who know how to get round your previous terrible security implementations know how to get round this stuff too. All you're doing is making it harder for people to develop and deploy software for your platform. Why not fix the buffer overflows all over your kernel first?

Your security team needs some 'pruning'!

Problems with Local Network Drives

This problem has bugged me for 3 years now and I've finally fixed it thanks to this article. However, I wasn't specifically using a UNC share, just a local network drive mapped to a drive letter.

I chose "All Code" as the Membership condition and "Full Trust" as the permission set. It fixed my problem.

Is there a safer set of settings I should try using? Also, I spoke with someone who "changed the security settings" and didn't have this problem anymore... but can't remember what he did. Is there a setting in Visual Studio 2008 to fix this?

Does this also mean that if I simply add "file://x:/" as a trusted site in Internet Explorer I can get a similar solution?

When 2 or more version of Visual Studio installed

I just wanted to clarify Tatworths comments - thanks for them, as that helped me find the solution, but it still took a while to get there.

I have VS2003 & 2008 installed on the same machine, when I tried opening MSCORCFG.MSC, caspol.exe, or using the .net config tools in Admin Tools I always got version 1.1 tools without knowing, and still got an error with VS2008. What I eventually realised was that I needed to open command prompt, and then run vsvars32.bat from the c:|Program Files\Visual Studio\Common7\Tools Folders specific to the version of VS that I had the problem with.

After that running Caspol.exe sorted out my permissions.

Hope that helps

Need to mention that a Visual studio of Framework specific prompt needs to be opened.

Since the CASPOL and MSCORCFG.MSC are framework specific, it is necessary to open either a visual studio of framework specific prompt. The documentation should include this.

Does not seem to work for DFS Shares

This doesn't appear to work when the share is referenced through the Distributed File System unless the DFS root is included in machine's Intranet zone.

Also it seems that if .Net 2.0 is installed side by side with .Net 1.1, the configuration must be done using the .Net 2.0 tools.

Trust issues may be cause by ZIP files

When the untrusted project location is on a local file path this usually means the files and folders were extracted from an untrusted ZIP file. Right-click on the ZIP file and choose Properties to obtain the Properties dialog. If you see an Unblock button enabled then this is the cause of your troubles. Click the Unblock button. Delete the files and folders you previously extracted and any copies you made (which will also exhibit the problem) and repeat the extraction and copying process. You should find the problem is resolved.

12/09/2007 - I just wanted to concur, this problem happened to me when I tried to load a solution from the Beta 3 Entity Samples (http://www.codeplex.com/adonetsamples/Release/ProjectReleases.aspx?ReleaseId=8858) that I had extracted from the zip file onto a Vista machine. The instructions above solved the issue.

Looks like making this change at the 'user' level does *not* work

Just FYI--I tried adding a code group at the user level rather than machine w/the proper membership condition & it looks like it did not have the desired effect. So you really do have to do it at 'machine' level.