.NET: are regasm and caspol dependent on which user is logged

Question

When using regasm and caspol to register and grant trust to assemblies, will it matter under which user account these utilties are executed?

Could there arise a situation where assemblies are registered and/or granted trust only for certain users on a machine or domain?

Answer 1

I believe Regasm must be run by an administrator.

Regasm can read the metadata within an assembly and adds the necessary entries to the registry, which allows COM clients to create .NET Framework classes transparently. Once a class is registered, any COM client can use it as though the class were a COM class.

Therefore, whatever is done with Regasm will be done for all users. So no, when using regasm there won't be a situation where assemblies are registered only for certain users on a machine or domain.

Caspol can be run by users other than administrators.

Caspol enables users and administrators to modify security policy for the machine policy level, the user policy level, and the enterprise policy level. If you do not currently have administrative permissions, your default view is the Users view.

A list of the Security Policy Levels, shows the variations.

Therefore, Caspol allows user and machine specific security policies, and the type of user running Caspol will have an impact on what can be achieved. So yes, when using Caspol there can be a sitation where assemblies have a different security policy based on machine and user.

Answer 2

There is also this new security model in .Net 4.0.