NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Introduction to CASPol

CASPol is a command line tool that is used to administer code access security (CAS). Security policy changes should always be made using this tool. This insures that the security configuration files will not be inadvertently corrupted. CASPol also includes several features that allow administrators to catch, reverse and analyze unintended policy changes.

In the following sections I will show how most standard security administration tasks are completed using CASPol.

Referencing security objects

To facilitate references to code groups in a hierarchy, the policy list (-list command, see below) will show indented objects with labels (1, 1.1, 1.1.1, etc.) for reference purposes.  Subsequent command line operations targeting code groups use these labels to refer to specific code groups.

Named permission sets are referenced by their name. When a policy is listed the list of code groups followed by a list of named permission sets available in that policy will be shown.

CASPol users can also switch between the user and machine policies (using the –machine and –user options, see below).

Default Behavior

If a user without machine administrative rights calls CASPol, by default all CASPol options refer to the user level policy, unless the CASPol user explicitly refers to the machine policy level (see ”Viewing Policy”).

If an administrator calls CASPol, by default all CASPol options refer to the machine’s policy, unless the administrator explicitly specifies the user policy level as target (See below).