Software Restriction Policy

Properly using the software restriction policy can make your business more agile because it provides a proactive framework for preventing problems, rather than a reactive framework that relies on the costly alternative of restoring a system after a problem has occurred. The software restriction policy was created to protect systems from unknown and possibly dangerous code and provides a mechanism where only trusted code is given unrestricted access to a user's privileges.

By using the software restriction policy, you allow unknown code, which might contain viruses or code that conflicts with currently installed programs, to run only in a constrained environment (often called a sandbox) where it is disallowed from accessing any security-sensitive user privileges. For example, an e-mail attachment that contains a worm would be prohibited from automatically accessing your address book and therefore could not propagate itself. If the e-mail attachment contained a virus, the software restriction policy would restrict its ability to damage your system because it would be allowed to run only in a constrained environment.

The software restriction policy depends on assigning trust levels to the code that can run on a system. Currently, two trust levels exist: Unrestricted and Disallowed. Code that has an Unrestricted trust level is given unrestricted access to the user's privileges, so this trust level should be applied only to fully trusted code. Code with a Disallowed trust level is disallowed from accessing any security-sensitive user privileges and can run only in a sandbox so that Unrestricted code cannot load the Disallowed code into its address space.

Configuring the software restriction policy for a system is done through the Local Security Policy administrative tool, while the restriction policy configuration of individual COM+ applications is done either programmatically or through the Component Services administrative tool. If the restriction policy trust level is not specified for a COM+ application, the systemwide settings are used to determine the application's trust level.

The COM+ software restriction policy settings must be carefully coordinated with the systemwide settings because a COM+ application that has an Unrestricted trust level can load only components with an Unrestricted trust level, while a Disallowed COM+ application can load components with any trust level but cannot access any security-sensitive user privileges.

For step-by-step instructions on configuring the software restriction policy in COM+ applications, see Configuring the Software Restriction Policy.