How to: Remove Code Groups Using Caspol.exe
Important This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here. ArchiveDisclaimer

How to: Remove Code Groups Using Caspol.exe 

You can use the Code Access Security Policy tool (Caspol.exe) to remove code groups from code group hierarchies. When you delete a code group that has child code groups, you also delete the child code groups. You cannot copy part of a code group hierarchy to another part of the code group or to another code group hierarchy. Therefore, deleting a parent code group destroys any security behavior that was defined in its child hierarchy.

Caution noteCaution

Because it can strongly affect security, use extreme caution when you delete code groups.

To remove a code group from a code group hierarchy

  • Type the following command at the command prompt:

    caspol [-enterprise|-machine|-user] –remgroup {label|name}

    Specify the policy-level option before the –remgroup option. If you omit the policy-level option, Caspol.exe removes the specified code group hierarchy from the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.

    The following command deletes the code group labeled 1.1.2..

    caspol –remgroup 1.1.2.

    The following command deletes the code group named MyApp_CodeGroup.

    caspol –remgroup MyApp_CodeGroup

See Also

© 2015 Microsoft