Using Batch Scripts for Security Policy Administration

The .NET Framework ships with a command-line administration tool called Caspol (Code Access Security Policy tool). With it, you can undertake administrative changes of security policy via the command line. For example, the following is a Caspol command to reset the machine policy level:

Caspol –machine -reset

By adding Caspol calls into a batch file (.bat), you can effectively create indefinitely complex scripts to change security policy. The following set of Caspol commands represents a script that first turns off Caspol's prompt to the user to ascertain a policy change, resets all of security policy, and adds a new code group under the Internet code group of the machine policy. The newly ...

Get .NET Framework Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

.NET Framework Security by Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi Martin, Kevin T. Price

Using Batch Scripts for Security Policy Administration

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly