Policy Migration Tool (Migpol.exe)

The Policy Migration tool provides the capability of migrating policy between two compatible versions of the .NET Framework. Migpol.exe is available only with the .NET Framework version 1.1.

migpol [option] 




-migrate toVersion [fromVersion]

Migrates security policy to the .NET Framework version indicated by the toVersion parameter. If more than two versions of the .NET Framework exist on the computer, the fromVersion parameter must be included.

-l or -listversions

Lists the versions of the .NET Framework on the computer.

-? or /?

-h or -help

Displays command syntax and options for the tool.


The command-line options for Migpol.exe are case-insensitive.


Code access security policy configuration state consists of three administrative policy levels: enterprise, machine, and user policy. Each policy level is persisted in an XML file containing the serialized security policy level object graph; each file is persisted in a version-qualified subdirectory. Thus, each version of the .NET Framework has separate security policy configuration files.

Because security policy is isolated by version, the security policy configuration state of one version will not automatically apply to any version of the .NET Framework that is subsequently installed. Similarly, administrative changes to the security policy of one version of the .NET Framework will not apply to other currently installed versions of the .NET Framework.

A copy of the Policy Migration tool, Migpol.exe, is contained in the .NET Framework version 1.1 redistributable files. Migpol.exe provides the capability of migrating policy between two compatible versions of the .NET Framework. By default, Migpol.exe should run silently following the installation of a newer version of the .NET Framework. However, any policy changes made to one version are not automatically migrated to the newly installed version. In this case, it is possible to run Migpol.exe as a command-line utility.

Migpol.exe does not migrate user policy or custom security objects. Custom security objects are membership conditions, permissions, or code groups created using a custom library object. For example, if you create a custom membership condition through code, which results in an assembly that you incorporate into the policy, that policy will not be migrated. Migpol.exe does migrate policy for the enterprise and machine policy levels created using Microsoft provided permissions, membership conditions, and code groups.


The following command migrates the security policy from the .NET Framework version 1.1 to the .NET Framework version 1.0.

migpol -migrate 1.0.3705 1.1.4322

The following command lists the versions of the .NET Framework installed on the computer.

migpol -listversions

See Also


.NET Framework Tools

Code Access Security Policy Tool (Caspol.exe)

SDK Command Prompt

Other Resources

Configuring Security Policy

Configuring Applications