Export (0) Print
Expand All

User Policy Administration

User policy is the lowest administrable policy level. Every user has an individual user policy configuration file. Any changes made to this policy level are applicable only to the current logged-on user. The user policy level is restricted in what it can specify.

Because this level is configurable by the current logged-on user, enterprise level policy administrators should be aware that the user might potentially alter any policy changes made on the user policy level. The user policy level is not able to give more permissions to an assembly than is specified in the higher policy levels. However, the user policy level is allowed to decrease permissions, which might potentially cause applications to stop functioning properly. If the LevelFinal attribute is applied to a code group on the machine or enterprise level, the user level is not allowed to tighten policy decisions that have been made on those levels.

User level administration is appropriate in some situations to tightening security. For example, a user might decide to tighten security policy for assemblies that originate from the local intranet zone if untrusted code is found there. You might consider administering policy on this level when you are a user on a corporate network and believe that the security settings are not tight enough.

See Also

Security Policy Best Practices

Show:
© 2014 Microsoft