Share via


Default Security Policy

Important noteImportant

In the .NET Framework version 4, the common language runtime (CLR) is moving away from providing security policy for computers. Microsoft is recommending the use of Windows Software Restriction Policies as a replacement for CLR security policy. The information in this topic applies to the .NET Framework version 3.5 and earlier; it does not apply to version 4.0 and later. For more information about this and other changes, see Security Changes in the .NET Framework 4.

Machine policy is set by default to the values shown in the following tables. Because the policy levels are intersected when determining the allowed permission set, the machine policy settings actually determine the default security policy. Note that these tables represent the named permission sets and permissions used by the default policy settings and not all the named permission sets and permissions available to customize security policy.

The following table shows the default code groups for machine policy and the named permissions sets they receive by default. For example, code that originates from the local computer is assigned to the My Computer Zone and receives full trust by default.

Code group

Named permission set received by default

  • My Computer Zone (code from the local computer)

  • Microsoft Strong Name (code signed with the Microsoft Strong Name)

  • ECMA Strong Name (code signed with the ECMA strong name)

Full Trust

  • Local Intranet Zone (Code from a local network)

Local Intranet

  • Internet Zone (Code from the internet)

  • Trusted Zone (Code from trusted sites in Internet Explorer)

Internet

  • All Code (All managed code)

  • Restricted Zone (Code from restricted sites)

Nothing

Note

In the .NET Framework 1.0 Service Pack 1 and Service Pack 2, the Internet Zone Code Group receives the Nothing named permission set. In all other releases of the .NET Framework, the Internet Zone code group receives the Internet named permissions set, as described in the preceding table.

Although the All Code group receives the Nothing permission set by default, this does not mean that none of the code has permissions, because matching code groups are combined (called a union) to calculate the allowed permission set.

The following table shows the individual permissions that constitute the default permission sets. The column on the left lists individual permission objects, while the columns on the right represent the configuration of those objects in the permission sets. For example, code that originates from the Local Intranet Zone receives the Local Intranet Permission Set. This table shows that the Local Intranet Permission Set consists of unrestricted DNSPermission, unrestricted FileDialogPermission, and so on. Note that code from the Internet Zone does not receive the Internet Permission Set by default; instead it receives the Nothing Permission Set.

Permission

Full Trust Permission Set

(Unrestricted access to all permissions including those not listed)

Nothing Permission Set

(No permissions, no right to execute)

Local Intranet Permission Set

Internet Permission Set

DnsPermission

Unrestricted

No Access

Unrestricted

No Access

EnvironmentPermission

Unrestricted

No Access

Read Username (environmental variable)

No Access

EventLogPermission

Unrestricted

No Access

Instrument

No Access

FileDialogPermission

Unrestricted

No Access

Unrestricted

Open

IsolatedStoragePermission

Unrestricted

No Access

AssemblyIsolationByUser

Disk Quota of 9223372036854775807

ApplicationIsolationByUser

Disk Quota of 512000

PrintingPermission

Unrestricted

No Access

DefaultPrinting

SafePriniting

ReflectionPermission

Unrestricted

No Access

ReflectionEmit

No Access

SecurityPermission

Unrestricted

No Access

Execution

Assertion

Execution

UIPermission

Unrestricted

No Access

Unrestricted

SafeTopLevelWindows

OwnClipboard

Although the default security policy is suitable for many situations, administrators can modify or customize security policy to tailor it to the specific needs of their organizations. For details, see Administering Security Policy.

Note that code is subject to the additional restrictions associated with the inherent LinkDemand for full trust automatically performed by assemblies placed in the global assembly cache. Unless the AllowPartiallyTrustedCallersAttribute is applied to an assembly in the global assembly cache, all code that does not receive the Full Trust permission set will generate a SecurityException when it attempts to link to the assembly. For more information and a list of assemblies that have the AllowPartiallyTrustedCallersAttribute, see Using Libraries from Partially Trusted Code.

See Also

Concepts

Security Policy Model

Using Libraries from Partially Trusted Code

Other Resources

Security Policy Management