Security policy configuration is managed as a collection of code groups that are defined by membership conditions and contain permission sets and special attributes. All policy viewing and changes are subject to administration access permission, as defined in the Security Permissions specification.
Policy configuration should be managed using the Code Access Security Policy tool (CASPol.EXE). For detailed information about maintaining policy and using CASPol, refer to the Runtime Code Access Security Administration specification. Note that CASPol allows administration of machine and user policies only—app domain policy can only be set by NGWS runtime hosts at runtime.