How to: Remove Permission Sets Using Caspol.exe

  • Article

You can use the Code Access Security Policy tool (Caspol.exe) to remove a permission set from a code group. You can remove a permission set from a policy if both of the following conditions are met:

  • The permission set is not one of the built-in permission sets provided by the Windows Software Development Kit (SDK). The only built-in permission set that can be removed is the Everything permission set.

  • The permission set is not currently used by any code group in the policy level where it will be deleted.

To remove a permission set from a policy level

  • Type the following command at the command prompt:

    caspol [-enterprise|-machine|-user] –rempset PsetName.

    Specify the policy level before the –rempset option. If you omit the policy-level option, Caspol.exe removes the permission set from the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.

    The following command deletes the MyFilePset permission set from the machine policy level.

    caspol –machine –rempset MyFilePset

This command does not delete the XML file from which the permission set has been imported. The –rempset option excludes only the specified permission set from a policy level.

See Also

Reference

Caspol.exe (Code Access Security Policy Tool)

Concepts

Security Policy Model

Other Resources

Configuring Security Policy Using the Code Access Security Policy Tool (Caspol.exe)

Configuring Permission Sets Using Caspol.exe