The new UAC blog (formerly LUA, formerly UAP) has up a good post on the six security policy settings that have been introduced to control how UAC works. As the Vista betas start coming out and people can start to play with UAC, knowing that some of these...

In my last post , I mentioned that application scoped isolated storage only works if you're running in a ClickOnce application. That begs the question -- how do I tell if I'm currently running in the context of a ClickOnce application? You can see...

Isolated storage introduced a new scope in v2.0 of the CLR to work with ClickOnce applications. Application scoped Isolated storage is backed by the application's data directory. This enables scenarios where your isolated storage data will flow forward...

As part of planning for our next release, we're interested in collecting some data on how you customize your security policy. We're intereseted in as much information as you have to offer. For instance, do you mainly add code groups to the machine level...

We previously saw that the SkipVerification demand for calling a method with unverifiable code occurs at JIT time rather than at runtime. Two other types of demands also occur at JIT time, LinkDemands and InheritenceDemands. An InheritenceDemand will...

Nicole Calinoiu , one of our developer security MVPs, has just posted a good description of the problems that occur when using PrincipalPermission with impersonation and finalizers . The key thing to take away from this is that impersonation occurs on...

Over the weekend, Mike Rousos (a BCL tester who's been temporarily drafted onto the security team) posted an interesting piece about the new BCL registry security support on the BCL blog . While the title mentions RegistryPermission, the post is actually...

On one of our internal mailing lists, someone was recently surprised that calling RSACryptoServiceProvider::Encrypt on the same bytes with the same instance of the RSA object resulted in two completely different output bytes arrays. The reason is that...

A few people have noticed that the ADMHost sample is not set up to do mixed mode debugging by default. If you're working with this sample and you'd like to debug through both halves of the host, you'll need to enable this mode. Right click on the...