Since network shares by default only get LocalIntranet permissions, it's relatively common to want to use CasPol to fully trust some shares that you control and know are safe. However, CasPol syntax being what it is, the command to do this isn't immediately obvious. If I wanted to trust everything on the share \\ShawnFa-Srv\Tools, the command:
Would setup the policy to do what I needed. Lets break down this command:
Once you know the pattern, it's pretty easy to modify this command line to do slightly different things. For instance, if I want to trust only a specific non-strongly named assembly on my share, I might use
Which will create a hash membership condition that matches the SHA1 hash of the CodeCSS.exe file.
When I install a new build of the runtime, my install script actually ends with two lines that do just this:
Which trusts everything coming off of a share on my computer, and then makes a copy of that policy as the new default, so that all future calls to CasPol -all -reset do not remove this modification.