Export (0) Print
Expand All

How to: Administer Security Policy for Nondefault Users Using Caspol.exe

You can use the Code Access Security Policy tool (Caspol.exe) to administer a user policy for a user other than the current user.

To administer user policy for a user other than the current user

  • Use the -customuser path option instead of the –user policy-level option.

    The –customuser option points Caspol.exe to a specified user security configuration file. Note that –customuser must be followed by the path to the user security configuration file.

    The following command lists the code groups in the user security policy configuration file located in C:\config_test\.

    caspol –customuser "C:\config_test\security.config" –listgroups
    

When you specify the –all option before the policy-level option to list or resolve policy, Caspol.exe considers all policy levels (user, machine, and enterprise). The -all option always uses the policy for the current user. However, you can use the policy for another user in a list of all policy levels or a policy resolution across policy levels.

To list or resolve all policy levels for a user other than the current user

  • Use the -customall path option instead of the -all option.

    The following command resolves policy against the current enterprise and machine policy, as well as against a custom user policy.

    caspol –customall "c:\config_test\security.config" –resolvegroup "myApplication.exe"
    

Community Additions

ADD
Show:
© 2014 Microsoft