This documentation is archived and is not being maintained.

User Policy Administration

Important noteImportant

In the .NET Framework version 4, the common language runtime (CLR) is moving away from providing security policy for computers. Microsoft is recommending the use of Windows Software Restriction Policies as a replacement for CLR security policy. The information in this topic applies to the .NET Framework version 3.5 and earlier; it does not apply to version 4.0 and later. For more information about this and other changes, see Security Changes in the .NET Framework 4.

User policy is the lowest administrable policy level. Every user has an individual user policy configuration file. Any changes made to this policy level are applicable only to the current logged-on user. The user policy level is restricted in what it can specify.

Because this level is configurable by the current logged-on user, enterprise level policy administrators should be aware that the user might potentially alter any policy changes made on the user policy level. The user policy level is not able to give more permissions to an assembly than is specified in the higher policy levels. However, the user policy level is allowed to decrease permissions, which might potentially cause applications to stop functioning properly. If the LevelFinal attribute is applied to a code group on the machine or enterprise level, the user level is not allowed to tighten policy decisions that have been made on those levels.

User level administration is appropriate in some situations to tightening security. For example, a user might decide to tighten security policy for assemblies that originate from the local intranet zone if untrusted code is found there. You might consider administering policy on this level when you are a user on a corporate network and believe that the security settings are not tight enough.