Removing Permission Sets

  • Article

You can remove a permission set from a policy if both of the following conditions are met:

  • The permission set is not one of the built-in permission sets provided by the .NET Framework SDK. The only built-in permission set that can be removed is the Everything permission set.
  • The permission set is not currently used by any code group in the policy level where it will be deleted.

To remove a permission set from a policy level

  • Type the following command at the command prompt:

    caspol [-enterprise|-machine|-user] –rempset PsetName.

    Specify the policy level before the –rempset option. If you omit the policy-level option, Caspol.exe removes the permission set from the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.

    The following command deletes the MyFilePset permission set from the machine policy level.

    caspol –machine –rempset MyFilePset

This command does not delete the XML file from which the permission set has been imported. The –rempset option excludes only the specified permission set from a policy level.

See Also

Configuring Security Policy Using the Code Access Security Policy Tool (Caspol.exe) | Configuring Permission Sets Using Caspol.exe | Security Policy Model | Code Access Security Policy Tool (Caspol.exe)