How to specify .NET CAS policies on client machines?

Welcome, March! Earlier this week, I got a question regarding .NET 2.0 (or later) WinForms applications and Code Access Security or CAS. If you are familiar with CAS, then you know that you can use the .NET Framework 2.0 Configuration utility (part of Administrative Tools) to set up security for your applications.

However, the question I got was that where can this tool be found from the client computers? The answer is that unlike the older .NET 1.1 configuration tool, the .NET config tool for version 2.0 and later is not part of the .NET Runtime, and instead only comes with the SDK kit. That said, you could of course install the SDK on a client computer and then use the config tool, but if your only reason to install the SDK is to get the tool, I have a better alternative.

Firstly, you can use the command-line tool called caspol.exe. This comes with the framework, so it is available on all computers which have .NET 2.0 installed. By running a command like this you could add machine-wide full trust to a given executable, for instance:

caspol -m -af C:\Apps\MyApp.exe

The second options is to use the configuration utility to set the correct policies on your development machine, and then create an MSI installer package from those settings. This can be done by right-clicking the Runtime Security Policy node (see the above image), and then choosing the command Create Deployment Package. This process is detailed in the Microsoft KnowledgeBase (KB) article 931867.