Shawn over at the .NET Security Blog has a great tip about using gflags to debug a ClickOnce app that fails to execute correctly in partial trust. Check it!