Tasks with CASPOL

CasPol (Code Access Security) Tool can be used in many ways to make the code Secure.  Some of the common tasks are listed in this article.

Granting Assembly Request (Full Trust)  Caspol –addfulltrust assemblyname.exe

For example to grant the C:Program FilesPersonalMyAssebmly.exe assembly full name we should run the following command.

Caspol –addfulltrust “c:Program FilesPersonalMyAssembly.exe”

Add a Code Group to Machine Policy  Caspol –machine  -addgroup Parent_Code_Group Membership_Conditions_Permission_Set – name “Group Name”

For example top add a code group named My_Code_Group to the Machine Policy levels All_Code  group, using a URL of http://devserverdevshare which  grants Local Intranet permissions, you would run the following command with administrative privileges:

Caspol –machine –addgroup All_code –url \devserverdevshare* LocalIntranet –name “My_code_Group”

Adding a Code group to user policy Caspol –user –addgroup Parent_Code_Group Membership_Condition Permission_Set –name “Group_Name”

Similarly, to add a code group named User_code_Group to the user policy levels All_code group, using a site of http://www.xxxx.com which grants FullTrust  permissions you would run the following command:

Caspol –user –addgroup All_Code –site www.xxxxx.com FullTrust –name “User_Code_Group”

Zone Security Adjustment for Machine Policy  Caspol –chggroup Code_Group Permission_Set

Consider the following example, to change the Machine My_Computer_Access security policy to use the Intranet permission set, run the following command with administrative privileges execute the following command

Caspol – chggroup My_Computer_Access LocalIntranet

Resetting Machine Level Policy

Caspol -recover

Happy Coding !!!