How to: View Code Groups and Permission Sets Using Caspol.exe

Sometimes, unintended security settings apply to an assembly because it mistakenly belongs or does not belong to some code group. Such side effects can occur when code groups are added to or deleted from policy levels. To make it easier to find such problems in the policy levels' code group hierarchies, you can use the Code Access Security Policy tool (Caspol.exe) to list all the code groups an assembly belongs to.

The assembly is granted a set of permissions by each policy level. The effective permission set that the security policy grants to code is determined by the intersection of the permission sets granted by the machine and user policies. You can use Caspol.exe to view the permission set granted to an assembly by a particular policy level. You can also use Caspol.exe to view the permission set that results from the intersection of the permission set granted by the machine and user policies.

To list the code groups an assembly belongs to

  • Type the following command at the command prompt:

    caspol [-enterprise|-machine|-user|-all] –resolvegroup assembly-file

    Specify the policy-level option before the –resolvegroup option. If you omit the policy-level option, Caspol.exe shows all policy levels.

    The following command lists the code groups that MyAssembly.dll belongs to at the user policy level.

caspol –user –resolvegroup MyAssembly.dll

To list the permission set for an assembly

  • Type the following command at the command prompt:

    caspol [-enterprise|-machine|-user|-all] –resolveperm assembly-file

    Specify the policy-level option before the –resolveperm option. If you omit the policy-level option, Caspol.exe shows the intersection of all policy levels.

    The following command requests a list of permissions that apply to MyApplication.exe at the user policy level.

    caspol –user –resolveperm MyApplication.exe
    
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft