Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All
Important This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here.

Enterprise Policy Administration

The enterprise policy level contains policy for every computer and user on the network and can be administered by domain or machine administrators. See the section on Deploying Security Policy for information on deployment strategies.

Because the runtime evaluates enterprise policy first, you can apply the LevelFinal attribute to a code group on this level to exclude the lower levels from making policy changes. Without the LevelFinal attribute, lower policy levels can remove permissions from the final grant set, potentially causing application instability. However, even if you do not apply the LevelFinal attribute, lower levels are not able to increase the final grant set because all policy levels are intersected during policy resolution.

You might consider administering policy on this level when every person in your enterprise uses an application and you want to make sure that it always receives sufficient permission to run.

Community Additions

© 2015 Microsoft