How to: View Security Policy Using Caspol.exe

You can use the Code Access Security Policy tool (Caspol.exe) to view the security policy (code group hierarchy) and a list of known permission sets for all policy levels or for a single policy level.

To view security policy

  • Type the following command at the command prompt:

    caspol [-enterprise|-machine|-user|-all] –list

    Specify the policy-level option before the –list option. If you omit the policy-level option, Caspol.exe shows the code group hierarchy and known named permission sets at the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.

Code groups have a reference number and, optionally, a name. You can use either one to refer to specific code groups.

Caspol.exe lists the membership condition name and a membership condition value (if present), followed by the name of the permission set associated with that code group. If the code group merges the permissions of its child code groups using first-match logic, Caspol.exe indicates this by displaying (FirstMatchCodeGroup) next to the code group. The default merge logic performs a union on permissions that child code groups grant. For more information, see Security Policy Model.

Following the code group hierarchy is a list of the named permission sets known at that policy level and a list of full trust assemblies, also known as policy assemblies.

See Also


Caspol.exe (Code Access Security Policy Tool)



Security Policy Model

Code Groups

Other Resources

Configuring Security Policy Using the Code Access Security Policy Tool (Caspol.exe)