Open the Gate!

The .Net Framework offers capabilities to secure application in a way, that a trust-relationship is being established.

Most well known effect of this security features is, that applications will most likely not run from a network share. The reason for this is the code access security, which is being defined in a central XML-configuration file. Default setting is, that local code has full trust, while net-shares (treated as local intranet) has reduced rights and capabilities.

While the .Net Runtime 1.1 had a wizard so modify these settings only the .Net 2.0 SDK has this feature.

So if you’re in the need to modify code access security on a workstation, which only has the .Net Runtime installed you have to use caspol.exe. This is a command-line utility to modify the security settings for the .Net Framework.

For example, to modify the security settings for a folder test on drive z: you need to call:

caspol -m -ag 1.2 -url file://z:/test/* FullTrust


  • -m = machine level (affects to complete machine)
  • -ag = (add (Code)-Group) 1.2 => parent CodeGroup (equivalent “All_Code” -> “Local Intranet”)
  • -url = membership condition “url” (the path has to follow URL notation)


Leave a Comment.