Enterprise Policy Administration
Important This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here. ArchiveDisclaimer

Enterprise Policy Administration 

The enterprise policy level contains policy for every computer and user on the network and can be administered by domain or machine administrators. See the section on Deploying Security Policy for information on deployment strategies.

Because the runtime evaluates enterprise policy first, you can apply the LevelFinal attribute to a code group on this level to exclude the lower levels from making policy changes. Without the LevelFinal attribute, lower policy levels can remove permissions from the final grant set, potentially causing application instability. However, even if you do not apply the LevelFinal attribute, lower levels are not able to increase the final grant set because all policy levels are intersected during policy resolution.

You might consider administering policy on this level when every person in your enterprise uses an application and you want to make sure that it always receives sufficient permission to run.

See Also

© 2015 Microsoft