Policy Migration Tool(Migpol.exe)

The Migration Policy tool provides the capability of migrating policy between two compatible versions of the .NET Framework.

migpol [option] 
Option Description
-migrate toVersion [fromVersion] Migrates security policy to the .NET Framework version indicated by the toVersion parameter. If more than two versions of the .NET Framework exist on the computer, the fromVersion parameter must be included.
-l or -listversions Lists the versions of the .NET Framework on the computer.
-? or /?

-h or -help

Displays command syntax and options for the tool.

Note   The command line options for Migpol.exe are case-insensitive.


Code Access Security (CAS) policy configuration state consists of three administrative policy levels: Enterprise, Machine and User policy. Each policy level is persisted in an XML file containing the serialized security policy level object graph; each file is persisted in a version-qualified subdirectory. Thus, each version of the .NET Framework has separate security policy configuration files.

Because security policy is isolated by version, the security policy configuration state of one version will not automatically apply to any version of the .NET Framework that is subsequently installed. Similarly, administrative changes to the security policy of one version of the .NET Framework will not apply to any other currently installed versions of the .NET Framework.

A copy of the policy migration tool, migpol.exe is contained in the .NET Framework version 1.1 redistribution files. Migpol.exe provides the capability of migrating policy between two compatible versions of the .NET Framework. By default, Migpol.exe should run silently following the installation of a newer version of the .NET Framework. However, any policy changes made to one version are not automatically migrated to the newly installed version. In this case, it is possible to run Migpol.exe as a command line utility.

Migpol.exe does not migrate User policy or custom security objects. Custom security objects are membership conditions, permissions or code groups created using a custom library object. For example, if you create a custom membership condition through code which results in an assembly that you incorporate into the policy, that policy will not be migrated. Migpol.exe does migrate policy for the Enterprise and Machine policy levels created using Microsoft provided permissions, membership conditions, and code groups.


The following command migrates the security policy from .NET Framework version 1.1 to .NET Framework version 1.0.

migpol -migrate 1.0.3705 1.1.4322

The following command lists the versions of the .NET Framework installed on this computer.

migpol -listversions

See Also

.NET Framework Tools | Security Policy Configuration | Configuring Applications | Code Access Security Policy Tool (Caspol.exe)