Mscorcfg.msc (.NET Framework Configuration Tool)

The .NET Framework Configuration tool (Mscorcfg.msc) is a Microsoft Management Console (MMC) snap-in that enables you to manage and configure assemblies in the global assembly cache and adjust code access security policy.

Important noteImportant

Mscorcfg.msc has been removed from the .NET Framework version 4 and later versions. This documentation applies only to earlier versions of the .NET Framework. For more information about security changes in the .NET Framework 4, see Security Changes in the .NET Framework 4.

In the .NET Framework versions 1.0 and 1.1, Mscorcfg.msc is installed with the NET Framework redistributable package. In the .NET Framework 2.0 and later versions, Mscorcfg.msc is installed with the .NET Framework 2.0 Software Development Kit (SDK).

If you have both the .NET Framework 1.1 and 2.0 runtimes, you will have version 1.1 of the configuration tool, but you might not have version 2.0. If you want to manage .NET Framework 2.0, 3.0, or 3.5 by using the configuration tool, you must install the .NET Framework 2.0 SDK. To change configuration settings for a computer that has multiple versions of the .NET Framework, you must make the changes in the matching versions of the configuration tool.

NoteNote

The .NET Framework versions 3.0 and 3.5 are built incrementally on the .NET Framework version 2.0. The configuration tool included in the .NET Framework 2.0 SDK is the latest version of the tool. You can use this version to manage code access security policy for the .NET Framework 3.0 and 3.5.

To run Mscorcfg.msc from the Start menu

  1. Click Start, click Control Panel, and then double-click Administrative Tools.

  2. Double-click Microsoft .NET Framework <version> Configuration.

To run Mscorcfg.msc from the command line

  1. In the .NET Framework 1.0 and 1.1, type the following at the command line: %Systemroot%\Microsoft.NET\Framework\versionNumber\Mscorcfg.msc

  2. In the .NET Framework 2.0 and later versions, start the Visual Studio and Windows SDK Command Prompts and type mscorcfg.msc.

    The user interface for the tool is displayed.

To run Mscorcfg.msc from the Microsoft Management Console

  1. Start the Microsoft Management Console by typing the following at a command prompt: mmc.

  2. On the File menu, click Add/Remove Snap-in (or press CTRL+M) to display the Add/Remove Snap-in dialog box.

  3. In the Add/Remove Snap-in dialog box, click Add to display the Add Standalone Snap-in dialog box.

  4. In the Add Standalone Snap-in dialog box, select a version of the .NET Framework Configuration tool, and then click Add.

You can do the following with the .NET Framework Configuration tool:

Assemblies

  • Manage assemblies in the global assembly cache.

  • Configure assemblies in the global assembly cache.

Security

  • View the current .NET Framework security configuration.

  • Increase assembly trust.

  • Adjust zone security.

  • Evaluate an assembly.

  • Create a deployment package.

  • Reset all policy levels.

Individual Applications

  • View applications previously configured with this tool.

  • Add an application to configure with this tool.

  • View an application's properties.

  • View an application's assembly dependencies.

  • Configure an assembly for an application.

To manage assemblies in the global assembly cache

  1. Click the Assembly Cache node of the console tree. Alternately, you can click the Manage the Assembly Cache link in the pane on the right.

  2. Click the View List of Assemblies in the Assembly Cache link in the pane on the right.

    Alternately, you can right-click the Assembly Cache node, point to View on the shortcut menu, and select Assemblies.

    The tool displays all assemblies in the Global Assembly Cache in the pane on the right. The tool also displays all native image versions of assemblies in the cache. Native images are versions of assemblies that have been pre-compiled to native code using the Native Image Generator (Ngen.exe).

  3. To delete an assembly from the cache, right-click the assembly name in the pane on the right and choose Delete from the shortcut menu.

  4. To add an assembly to the cache, right-click the Assembly Cache node and choose Add from the shortcut menu. The tool displays the Add an Assembly dialog box. Navigate to the assembly to add.

To configure assemblies in the global assembly cache

  1. Click the Configured Assemblies node of the console tree.

  2. Click the View List of Configured Assemblies link in the pane on the right to display a list of configured assemblies.

  3. To add an assembly to configure, click the Action menu and select Add.

    Alternately, you can right-click the Configured Assemblies node and select the Add command on the shortcut menu, or you can click the Configure an Assembly link in the pane on the right. The tool displays the Configure an Assembly wizard.

  4. Choose an assembly from the list of assemblies in the cache, or manually enter the information for an assembly.

    The tool displays a Properties window for the assembly to configure.

  5. Choose the Binding Policy tab to specify binding redirections from a requested version to a new version. For more information on binding redirections, see Redirecting Assembly Versions.

  6. Choose the Codebases tab to specify codebases for specific versions of the assembly. For more information on codebases, see Specifying an Assembly's Location.

To view the current .NET Framework security configuration

  1. Expand the Runtime Security Policy node in the console tree.

  2. Expand the User, Enterprise, or Machine policy nodes to view information about code groups, permission sets, and policy assemblies for the selected policy level.

  3. Expand the Code Groups node to view the code groups associated with the policy level. For more information on code groups, see Code Groups and Using the .NET Configuration Tool to Work with Code Groups.

  4. Expand the Permission Sets node to view the permissions associated with the policy level. Click the View Permissions link in the pane on the right.

    The tool displays the permissions in the selected permission set. For more information on permissions, see Named Permission Sets and Using the .NET Configuration Tool to Work with Permission Sets.

  5. Click the Policy Assemblies node. Then, click the View Policy Assemblies link in the pane on the right.

    The tool displays the list of assemblies that are used for evaluating policy for the selected level.

To increase assembly trust

  1. Click the Runtime Security Policy node of the console tree.

  2. Click the Action menu, and select from the available commands.

    Alternately, you can right-click the Runtime Security Policy node and select from the same list of commands on the shortcut menu, or click the Increase Assembly Trust link in the pane on the right. The tool displays a corresponding wizard.

  3. Follow the directions that appear in the wizard to increase the level of trust granted to an assembly that you specify.

    The wizard allows you to modify security policy based upon available information about the assembly's evidence. For a list and description of the common types of evidence, see the Evidence topic.

To adjust zone security

  1. Click the Runtime Security Policy node of the console tree.

  2. Click the Action menu, and select from the available commands.

    Alternately, you can right-click the Runtime Security Policy node and select from the same list of commands on the shortcut menu, or click the Adjust Zone Security link in the pane on the right. The tool displays a corresponding wizard.

  3. Follow the directions that appear in the wizard to modify the level of trust granted to all assemblies from a particular zone.

To evaluate an assembly

  1. Click the Runtime Security Policy node of the console tree.

  2. Click the Action menu, and select from the available commands.

    Alternately, you can right-click the Runtime Security Policy node and select from the same list of commands on the shortcut menu, or click the Evaluate Assembly link in the pane on the right. The tool displays a corresponding wizard.

  3. Follow the directions that appear in the wizard to evaluate the permissions that will be granted to an assembly or the code groups that give permissions to an assembly. You can use this information to determine the effect of current security policy on an assembly that you specify.

To create a deployment package

  1. Click the Runtime Security Policy node of the console tree.

  2. Click the Action menu, and select from the available commands.

    Alternately, you can right-click the Runtime Security Policy node and select from the same list of commands on the shortcut menu, or click the Create a Deployment Package link in the pane on the right. The tool displays a corresponding wizard. The wizard allows you to create a Windows Installer Package (.msi file) that you can use to deploy a policy using Group Policy or Systems Management Server.

  3. Follow the directions that appear in the wizard to create the deployment package.

To reset all policy levels

  1. Click the Runtime Security Policy node of the console tree.

  2. Click the Action menu, and select from the available commands.

    Alternately, you can right-click the Runtime Security Policy node and select from the same list of commands on the shortcut menu, or click the Reset All Policy Levels link in the pane on the right. This command resets security policy to the Default Security Policy settings.

To view applications previously configured with this tool

  • Expand the Applications node of the console tree to view the list of applications configured with this tool.

To add an application to configure with this tool

  1. Click the Applications node of the console tree, and then click the Add an Application to Configure link in the pane on the right.

    The tool displays the Configure an Application dialog box, which contains a list of managed applications that have run at least once on the current computer.

  2. Choose an application from the list, or click the Other button to navigate to an application that does not appear in the list.

    Alternately, you can navigate to a configuration file to add.

  3. To configure the application, click the View the Application's Properties, View the Assembly Dependencies, Configure an Assembly, and Adjust Remoting Services links in the pane on the right. For more information on using these links, see the corresponding procedures later in this topic.

To view an application's properties

  1. Expand the Applications node of the console tree and click the name of the application for which to view properties. If the application is not in the list, follow the procedure "To add an application to configure with this tool."

  2. Click the View the Application's Properties link in the pane on the right.

    The tool displays the Properties window for the selected application.

To view an application's assembly dependencies

  1. Expand the Applications node of the console tree and click the name of the application for which to view assembly dependencies. If the application is not in the list, follow the procedure "To add an application to configure with this tool."

  2. Click the View the Assembly Dependencies link in the pane on the right.

To configure an assembly for an application

  1. Expand the Applications node of the console tree and click the name of the application for which to configure an assembly. If the application is not in the list, follow the procedure "To add an application to configure with this tool."

  2. Click the Configure an Assembly link in the pane on the right.

    The tool displays the View List of Configured Assemblies and Configure an Assembly links in the pane on the right.

  3. Click the Configure an Assembly link.

    The tool displays the Configure an Assembly wizard.

  4. Choose an assembly from the list of assemblies the application uses or the list of assemblies in the cache, or manually enter the information for an assembly.

    The tool displays a Properties window for the assembly to configure.

  5. Choose the Binding Policy tab to specify binding redirections from a requested version to a new version.

  6. Choose the Codebases tab to specify codebases for specific versions of the assembly.

This tool is intended to help advanced administrators perform tasks related to configuring applications. It is not intended for use by application users. Administrators should direct users who want to perform limited configuration tasks to the Microsoft .NET Framework Wizards (Configwizards.exe). This executable provides three wizards in .NET Framework 1.0 and 1.1: Adjust .NET Security, Trust an Assembly, and Fix an Application. It provides two wizards in the NET Framework 2.0: Adjust .NET Security and Trust an Assembly. Users can click the links to start the wizards. You can run Configwizards.exe from the Start menu. How you navigate to Configwizards.exe from the Start menu differs depending on the operating system running on your computer. Configwizards.exe and Mscorcfg.msc are in the same location on the Start menu. To run Configwizards.exe from the Start menu, use the procedures described earlier in this topic that correspond to your operating system for running mscorcfg.msc. You can also run Configwizards.exe from the command line by typing %Systemroot%\Microsoft.NET\Framework\version Number\configwizards.exe.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft