Configuring Code Groups Using the .NET Framework Configuration Tool

  • Article

A code group checks whether an assembly matches an administrator-defined criteria called a membership condition. If the assembly matches, the code group grants the assembly a set of permissions that has been associated with that code group.

You can use the .NET Framework Configuration tool (Mscorcfg.msc) to perform the following tasks related to code groups:

  • Create a code group.
  • Make a code group exclusive or level final.
  • Change the permission set associated with an existing code group.
  • Change the membership condition for an existing code group.

To create a code group

When you create a code group, you must also associate the group with a membership condition and a permission set.

  1. Run the .NET Framework Configuration tool. At the command prompt, type:

    %Systemroot%\Microsoft.NET\Framework\versionNumber\Mscorcfg.msc

  2. Expand the Runtime Security Policy node.

  3. Expand the node for the policy level you want to add the code group to.

  4. Expand the Code Groups node, and then expand the tree under the All_code node.

  5. Right-click the code group that will be the immediate parent of the new code group and choose New.

  6. Give the code group a name and, optionally, a description. Click Next.

  7. Select a membership condition from the drop-down box. Follow the instructions for entering the requested information for the membership condition. Click Next.

  8. Choose an existing permission set from the drop-down box or select Create a new permission set. Click Next, and then click Finish.

Optionally, you can make the new code group exclusive or level final. See the procedures that follow for instructions.

To make a code group exclusive or final

  1. Run the .NET Framework Configuration tool. At the command prompt, type:

    %Systemroot%\Microsoft.NET\Framework\versionNumber\Mscorcfg.msc

  2. Expand the Runtime Security Policy node.

  3. Expand the node for the policy level that contains the code group you want to make exclusive or final.

  4. Expand the Code Groups node, and then expand the tree under the All_code node.

  5. Right-click the code group that you want to be exclusive or final and select Properties.

  6. To make a code group exclusive, select the check box labeled "This policy level will only have the permissions from the permission set associated with this code group".

    or

    To make a code group level final, select the check box labeled "Policy levels below this level will not be evaluated".

  7. Click OK.

To change the permission set associated with an existing code group

  1. Run the .NET Framework Configuration tool (Mscorcfg.msc). At the command prompt, type the following:

    %Systemroot%\Microsoft.NET\Framework\versionNumber\Mscorcfg.msc

  2. Expand the Runtime Security Policy node.

  3. Expand the node for the policy level that contains the code group you want to modify.

  4. Expand the Code Groups node, and then expand the tree under the All_code node.

  5. Right-click the appropriate code group and select Properties.

  6. Click the Permission Set tab.

  7. Select the permission set you want to associate with the code group from the drop-down list and click OK.

To change the membership condition for a code group

  1. Run the .NET Framework Configuration tool. At the command prompt, type:

    %Systemroot%\Microsoft.NET\Framework\versionNumber\Mscorcfg.msc

  2. Expand the Runtime Security Policy node.

  3. Expand the node for the policy level that contains the code group that you want to modify.

  4. Expand the Code Groups node, and then expand the tree under the All_code node.

  5. Right-click the appropriate code group and select Properties.

  6. Click the Membership Condition tab.

  7. Select the membership condition you want to associate with the code group from the drop-down list box. Then follow the instructions for entering the needed information for the membership condition and click OK.

    If you want to import a membership condition from an XML file, select (custom) from the membership condition drop-down list. Then click Import and browse to the XML file.

See Also

Security Policy Management | .NET Framework Configuration Tool (Mscorcfg.msc) | Configuring Security Policy | Configuring Security Policy Using the NET Framework Configuration Tool (Mscorcfg.msc)