Network shares get “LocalIntranet” permission by default. If you use the IP address of the server or if you use the FQDN of the server, that share will get “Internet” permissions. I find this common when I use domain-based DFS (\\domain.local\dfs\share). Since I trust these share locations, I find myself constantly updating the code access security policy so that I can run .Net applications from network share locations.
If I wanted to trust everything on the share
\\server\share, the command:
CasPol.exe -m -pp off -ag 1.2 -url file://///server/share/* FullTrust
-m- modify the machine level of the policy. This is needed, since the machine level is where all of the default policy lives.
-pp off- Turns the confirmation prompt off
-ag 1.2- add a code group under group 1.2. In the default policy, group 1.2 is the “LocalIntranet” group, so the new code group that we're creating will only be checked if the file comes from the intranet.
-url file://///server/share/*- The membership condition for the new code group is should be a UrlMembershipCondition
FullTrust- The permission set to grant assemblies that match the code group.
Sometimes I map that drive to the local system and when you do that you have to slightly modify the above -url pattern to
I also run my development tools inside a VM on my laptop and so I map drives back to the host system. These are the commands that I use to allow me to use those drives as if they were local drives:
caspol.exe -m -pp off -ag 1 -url "file:///D:/*" FullTrust caspol.exe -m -pp off -ag 1 -url "file:///L:/*" FullTrust
The difference here is that I'm adding the code group to the “LocalComputer” instead of the “LocalIntranet”.