.NET Framework Configuration Tool 1.1 and Code Access Security Policy Tool [Office 2003 SDK Documentation]

  • Article

You can use the Deployment Package Wizard included in the Microsoft Windows® .NET Framework 1.1 redistributable to create a Windows Installer Package (.msi file) to deploy policy to Windows clients using group policy or Microsoft Systems Management Server (SMS). To view the Deployment Package Wizard, click Start, point to All Programs, point to Administrative Tools, and click Microsoft .NET Framework 1.1 Configuration. This displays the .NET Configuration 1.1 dialog box as shown below.

Important  If you have side by side install of .NET Framework 1.0 and .NET Framework 1.1 on your computer, make sure you use the Microsoft .NET Framework 1.1 Configuration tool and not the Microsoft .NET Framework Configuration tool.

To display the Deployment Package Wizard dialog box, right-click on Runtime Security Policy, and click Create Deployment Project.

Note  The deployment project created using the Deployment Package Wizard will copy the entire policy level and overwrite the users policy level, so it is recommended that you only do this with the Enterprise level policy.

Use the options in the wizard to customize the security policy you want deployed. You can find a walkthroughs on how to create a security policy deployment package in the .NET Framework Enterprise Security Policy Administration and Deployment article on MSDN.

In the .NET Configuration 1.1 dialog box, if you expand the Runtime Security Policy node, you will see three security policy levels: Enterprise, Machine and User.

If you expand each of this security policy levels, you will notice each policy level contains Code Groups, Permission Sets and a list of Policy, all of which are configurable using the .NET Configuration 1.1 dialog box.

You can also use the Code Access Security Policy Tool (Caspol.exe), included in the Windows .NET Framework Redistributable, to create or modify security policy for the machine, the user, and the enterprise policy levels. You can also use caspol.exe to view the code groups or permissions that apply to a particular assembly. Additionally, you can also use it to analyze problems that might occur with assemblies, for example, if an assembly does not run or if an assembly accesses protected resources or runs when it should not.

Both the .NET Framework Configuration tool and the caspol.exe are very useful tools. Detailed descriptions on how to use them is beyond the scope of the Smart tag SDK -- it has been documented extensively in the Windows .NET Framework SDK documentation. For more information about these tools and how to use them, refer to the .NET Framework SDK documentation (to display it, click Start, point to All Programs, point to Microsoft .NET Framework SDK v1.1, and click Documentation).

You can also find online documentation on the Code Access Security Policy Tool (Caspol.exe) and how to use the .NET Framework Configuration tool in the .NET Framework Enterprise Security Policy Administration and Deployment article on MSDN.

Note  Also see the Deploying .NET Security Policies topic for more discussions on this subject.