Like a lot of developers, I am an early adopter, and as such I downloaded and installed Windows 7 beta (blog post forthcoming) on a variety of my computers and created new VM’s. I decided to try to switch over to a Windows 7 beta dev machine at home, to see if there are any gotchas. So far there is nothing related to Windows 7, but getting VS to work fully with my projects stored on a network share took some additional time.

Apparently I completely forgot I had to set Code Access Security on my original development machine, and even after I remember vaguely doing it, I don’t remember what I did. Going back and looking at the settings via mscorcfg.msc, it looks like I just granted the local intranet full trust. This time around I wanted to just grant the full trust permission set to my projects folder on my network share. Not that I don’t trust my local intranet, it just seems like the correct thing to do.

First I tried messing around with the command like tool, caspol, but my command line skills just were not cutting it. I looked for mscorcfg, but it’s no longer installed with Visual Studio (2008), so I downloaded and installed the latest .net SDK. I figure there are some other good tools in it any way. With access to mscorcfg, I set out to grant my user share, U:\Projects full trust permissions.

I figured out that I needed to add a new code group, but I didn’t know under which zone. Reviewing the error in Visual Studio, it referenced both My Computer and Local Intranet. I decided to try My Computer first, and that didn’t work, so I created a second code group under Local Intranet and that did work. I didn’t want to leave extra stuff around, so I removed the code group from My Computer and everything still worked.

Here are the steps I took:

1. Open mscorcfg (as an administrator if you want to modify the CAS at the machine level)
2. Under Runtime Security Policy, expand the Enterprise, Machine, or User, and then under Code Groups drill down to the Local Intranet Zone
3. Right click on Local Intranet Zone and choose new
1. Ender a name and description for your code group and click next
2. For the condition condition, change it to URL.
3. This is the tricky part, entering a correct URL. The path I wanted to add, as shown in windows explorer is U:\Projects, but the error message in VS showed file:///U:/Projects/, so I used that as the URL and added a * at the end, so I ended up with file:///U:/Projects/*. Click Next.
4. Select Full Trust, and click next
5. Click finish

You need to restart Visual Studio after you make a change. While looking for some help on the Internet, I also saw that you can use mscorcfg to create a MSI installer package with your CAS settings, which you can run on other machines, or deploy via group policy. This option is available as “Create Deployment Package” when you left click and select Runtime Security Policy.