This documentation is archived and is not being maintained.

Administration Tools

Important noteImportant

In the .NET Framework version 4, the common language runtime (CLR) is moving away from providing security policy for computers. Microsoft is recommending the use of Windows Software Restriction Policies as a replacement for CLR security policy. The information in this topic applies to the .NET Framework version 3.5 and earlier; it does not apply to version 4.0 and later. For more information about this and other changes, see Security Changes in the .NET Framework 4.

The recommended way to configure security policy is to use the .NET Framework Configuration tool (Mscorcfg.msc). This tool provides wizards to help you adjust your user, machine, and enterprise security settings. The following table describes these wizards.



Trust an application

Use this wizard to identify an application by publisher or strong name information and increase the application's level of trust.

Adjust security settings

Use this wizard to increase or decrease permissions to assemblies originating from one of the following zones: My Computer, Local intranet, Internet, Trusted Sites, and Untrusted Sites.

Create a deployment package

Use this wizard to create a Windows Installer package to deploy security policy across an enterprise.

For more information on using the wizards, see the .NET Framework Configuration tool (Mscorcfg.msc).

If the wizards do not provide the functionality you require to administer security policy, you can edit the permission sets and code groups directly by using either the .NET Framework Configuration toolor the Code Access Security Policy tool (Caspol.exe). Caspol.exe is a command-line tool provided mainly for scripting security administration. For information on performing specific tasks using these tools see Security Policy Configuration.