Changing Code Groups

Use the –chggroup option to change the name, membership condition, permission set, flags, or description of a code group. You can change one, some, or all of these code group attributes.

To change a code group

• Type the following command at the command prompt:

  caspol [-enterprise|-machine|-user] –chggroup label|name {[mship] [pset_name] [-exclusive {on|off}][-levelfinal {on|off}] [-name name] [-description description_text] }

  Specify the policy-level option before the –chggroup option. If you omit the policy-level option, Caspol.exe changes the specified code group in the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.

  The syntax and meaning of mship, pset_name, -exclusive, and -levelfinal are the same as for the –addgroup option. For more information about these arguments and options, see Adding Code Groups.

  The following command changes the membership condition for the code group labeled 1.2.1. to the Internet zone membership condition.

  caspol –chggroup 1.2.1. –zone Internet
  

  The following command changes the name of the code group labeled 1.2.1.1. to MyApp_CodeGroup.

  caspol –chgroup 1.2.1.1. –name MyApp_CodeGroup
  

  The following command associates the Internet permission set with the code group 1.3. and turns off the -exclusive flag.

  caspol –chggroup 1.3. Internet –exclusive off
  

  CAUTION   Changing a code group can have wide repercussions for security. Use this option with caution.

See Also

Configuring Security Policy Using the Code Access Security Policy Tool (Caspol.exe) | Configuring Code Groups Using Caspol.exe | Security Policy Model | Code Access Security Policy Tool (Caspol.exe)