How to: Undo Policy Changes Using Caspol.exe

  • Article

If a policy change has unwanted side effects or if the change was accidentally made at the wrong security policy level (such as at the machine policy level instead of the user policy level), you can use the Code Access Security Policy tool (Caspol.exe) to recover the last machine, user, or enterprise policy before the change was made.

To undo a policy change

  • Type the following command at the command prompt:

    caspol [-enterprise|-machine|-user|-all] –recover

    Specify the policy-level option before the –recover option. If you omit the policy-level option, Caspol.exe undoes the policy change at the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.

    The following command undoes the last change to the user policy.

    caspol –user -recover

    Note

    The –recover option only undoes the last change. Caspol.exe does not cache any changes prior to the last change. If you call this option twice, you undo the policy recovery.

See Also

Reference

Caspol.exe (Code Access Security Policy Tool)

Concepts

Security Policy Model

Other Resources

Configuring Security Policy Using the Code Access Security Policy Tool (Caspol.exe)

Resolving Security Policy Issues Using Caspol.exe