Export (0) Print
Expand All

How to: Change Code Groups Using Caspol.exe

Use the –chggroup option of the Code Access Security Policy tool (Caspol.exe) to change the name, membership condition, permission set, flags, or description of a code group. You can change one, some, or all of these code group attributes.

To change a code group

  • Type the following command at the command prompt:

    caspol [-enterprise|-machine|-user] –chggroup label|name {[mship] [pset_name] [-exclusive {on|off}][-levelfinal {on|off}] [-name name] [-description description_text] }

    Specify the policy-level option before the –chggroup option. If you omit the policy-level option, Caspol.exe changes the specified code group in the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.

    The syntax and meaning of mship, pset_name, -exclusive, and -levelfinal are the same as for the –addgroup option. For more information about these arguments and options, see How to: Add Code Groups Using Caspol.exe.

    The following command changes the membership condition for the code group labeled 1.2.1. to the Internet zone membership condition.

    caspol –chggroup 1.2.1. –zone Internet
    

    The following command changes the name of the code group labeled 1.2.1.1. to MyApp_CodeGroup.

    caspol –chgroup 1.2.1.1. –name MyApp_CodeGroup
    

    The following command associates the Internet permission set with the code group 1.3. and turns off the -exclusive flag.

    caspol –chggroup 1.3. Internet –exclusive off
    
    Caution noteCaution:

    Changing a code group can have wide repercussions for security. Use this option with caution.

Community Additions

ADD
Show:
© 2014 Microsoft