This documentation is archived and is not being maintained.

Security Policy Management 

Security policy is the configurable set of rules that the common language runtime follows when determining the permissions to grant to code. The runtime examines identifiable characteristics of the code, such as the Web site or zone where the code originates, to determine the access that code can have to resources. During execution, the runtime ensures that code accesses only the resources that it has been granted permission to access.

Security policy defines several code groups and associates each of them with a set of permissions. Code groups categorize code by characteristics such as its publisher, digital signature, the URL from where it originates, and so on. After all evidence is considered, code is placed into code groups and the resulting permission grant is the total set of permissions associated with every code group that the code obtains membership in. Although the default security policy is suitable for most situations, administrators can modify or customize security policy to tailor it to the specific needs of their organizations. The runtime grants permissions to both assemblies and application domains based on security policy.

In This Section

Security Policy Model

Describes the components of the security policy system.

Permission Grants

Describes how the common language runtime grants permission to code.

Default Security Policy

Describes how security policy is configured by default.

Administering Security Policy

Describes how administrators can view and modify security policy.

How to: Enable Internet Explorer Security Settings for Managed Execution

Describes how Microsoft Internet Explorer security settings affect managed execution.

Related Sections

Security Policy Best Practices

Describes techniques that administrators can use to maintain security policy on a machine or in an enterprise.

Key Security Concepts

Introduces fundamental concepts you must understand before using .NET Framework security.


Describes permission objects and how they are used by the runtime.

Code Access Security

Describes .NET Framework code access security in detail and provides instructions for using it in your code.

Security Tools

Lists and briefly describes the security tools included in the .NET Framework.