Using CASPOL to Fully Trust a Network Share

<note warning>The .NET 4.0 Framework does not apply CAS policy by default. Any settings modified by CasPol will only affect applications that opt into using CAS policy. Please see http://go.microsoft.com/fwlink/?LinkId=131738 for more information.</note>

Network shares get “LocalIntranet” permission by default. If you use the IP address of the server or if you use the FQDN of the server, that share will get “Internet” permissions. I find this common when I use domain-based DFS (\\domain.local\dfs\share). Since I trust these share locations, I find myself constantly updating the code access security policy so that I can run .Net applications from network share locations.

If I wanted to trust everything on the share \\server\share, the command:

CasPol.exe -m -pp off -ag 1.2 -url file://///server/share/* FullTrust

Sometimes I map that drive to the local system and when you do that you have to slightly modify the above -url pattern to file:///F:/*

<note important>If you are running a 64-bit system, make sure to run caspol.exe on both the 32-bit version and the 64-bit version of the framework…</note>

I also run my development tools inside a VM on my laptop and so I map drives back to the host system. These are the commands that I use to allow me to use those drives as if they were local drives:

caspol.exe -m -pp off -ag 1 -url "file:///D:/*" FullTrust
caspol.exe -m -pp off -ag 1 -url "file:///L:/*" FullTrust

The difference here is that I'm adding the code group to the “LocalComputer” instead of the “LocalIntranet”.