Information about the Policy Migration Tool (Migpol.exe) as a command-line utility (872906)


The information in this article applies to:

  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 1.0 SP3
  • Microsoft .NET Framework 1.0 SP2
  • Microsoft .NET Framework 1.0 SP1
  • Microsoft .NET Framework 1.0

SUMMARY

The Policy Migration Tool (Migpol.exe) is available in the Microsoft .NET Framework 1.1. This tool migrates the security policy level of one version of the .NET Framework to other versions of the .NET Framework. You can use Migpol.exe as a command-line utility to change the security policy level in different versions of the .NET Framework.

  • To change the security policy level, use the Migpol.exe tool.
  • Use the Migpol.exe tool to migrate the security locks from an older version of the .NET Framework to a newer version of the .NET Framework. You can also decrease the security level in one version of the .NET Framework by using the Migpol.exe tool.
  • You can use the Migpol.exe tool at the command prompt with different options to perform the security policy settings.
  • The Migpol.exe tool cannot migrate the user policy level and the custom security objects.

INTRODUCTION

The Migpol.exe tool is used to migrate the security policy between two compatible versions of the .NET Framework that are installed on your computer. The Migpol.exe tool is available in the redistribution files of the .NET Framework 1.1.

MORE INFORMATION

The following topics discuss how to use the Migpol.exe tool:

Requirements

This article assumes that you are familiar with the following topics:
  • Basic knowledge of the Microsoft .NET Framework
  • Security in the .NET Framework
back to the top

Significance of the Migpol.exe tool

After you install a newer version of the .NET Framework, the Migpol.exe tool silently migrates the security policy on a computer. However, after you install a newer version of the .NET Framework, the security policy changes that you made in the earlier version of the .NET Framework are not automatically migrated to the newer version of the .NET Framework.

If you install a version of the .NET Framework on a computer that already has another version of the .NET Framework installed, the following settings are not migrated from the existing version of the .NET Framework to the newly installed version of the .NET Framework:
  • The security policy configuration state
  • Administrative changes that were made to the security policy
To migrate security policy changes that were made in one version of the .NET Framework to another version of the .NET Framework, you must run the Migpol.exe tool at the command prompt.

back to the top

When to use the Migpol.exe tool

Use the Migpol.exe tool in the following situations:
  • If you implement security locks in one version of the .NET Framework and then you install another version of the .NET Framework on your computer, your computer has the default security policy of the newer version of the .NET Framework. The security policy on your computer does not include the security locks. Use the Migpol.exe tool to migrate the security locks from the older version of the .NET Framework to the newer version of the .NET Framework. The policy migration will help prevent the security risks that may exist because of the default security policy of the newer version of the .NET Framework.
  • If you decrease the security level in one version of the .NET Framework and then you install another version of the .NET Framework on your computer, the default security policy on your computer will be the security policy of the newer version of the .NET Framework. Applications that require the less stringent security policy that was in the older version of the .NET Framework will not run on your computer. To run those applications on your computer, you must use the Migpol.exe tool to make the security policy less stringent.
  • If you install the Microsoft .NET Framework 1.0 Service Pack 1 (SP1) and then you install the Microsoft .NET Framework 1.1 on your computer, your computer will have the default security policy of the .NET Framework 1.1. That security policy is less restrictive than the default security policy of the .NET Framework 1.0 SP1. Use the Migpol.exe tool to retain the restrictive security policy of the .NET Framework 1.0 SP1.
back to the top

Functions of the Migpol.exe tool

The Migpol.exe tool performs the following functions:
  • Migrates the security policy when a new version of the .NET Framework is installed on your computer.
  • Offer support when you configure the security policy in one version of the .NET Framework and then you want to make the same changes in another installed version of the .NET Framework on your computer.
  • Migrates from the .NET Framework 1.0 SP1 to the .NET Framework 1.1 without any changes in the Internet code group settings. Mgpol.exe also helps prevent security vulnerabilities when you install the .NET Framework 1.1 on a computer that has the .NET Framework 1.0 SP1 installed.
back to the top

How to use the Migpol.exe tool

The Migpol.exe tool has the following three command-line options:
  • -migrate ToVersion FromVersion
  • -listversions
  • -l
  • -help
  • -h
  • -?
  • /?
Notes
  • ToVersion is a placeholder for the version of the .NET Framework to which the security policy must be migrated.
  • FromVersion is a placeholder for the version of the .NET Framework from which the security policy will be migrated.
To open a command prompt and then change the directory path where the Migpol.exe file is located, follow these steps:
  1. Click Start, click Run, type cmd, and then click OK.
  2. At the command prompt, type the following command to change the current directory path to the folder where the Migpol.exe tool is located:

    cd %WINDIR%\Microsoft.NET\Framework\v1.1.4322\

back to the top

Migrate the security policy to a .NET Framework version

  • To migrate the security policy from the Microsoft .NET Framework 1.0 to the .NET Framework 1.1, type the following command at the command prompt:

    migpol -migrate 1.1.4322 1.0.3705

  • To migrate the security policy from the .NET Framework 1.1 to the .NET Framework 1.0, type the following command at the command prompt:

    migpol -migrate 1.0.3705 1.1.4322

back to the top

List the versions of the .NET Framework on your computer

To list the versions of the .NET Framework that are installed on your computer, type one of the following commands at the command prompt:
  • migpol -listversions
  • migpol -l
back to the top

Display the syntax and the options for the Migpol.exe tool

To display the command syntax and the options for the Migpol.exe tool, type one of the following commands at the command prompt:
  • migpol -help
  • migpol -h
  • migpol -?
  • migpol /?
back to the top

Limitations of the Migpol.exe tool

  • The Migpol.exe tool cannot migrate the user policy level. The user policy level configuration files location is not known when users have roaming profiles. Therefore, you cannot migrate the user policy configuration state.
  • The Migpol.exe tool cannot migrate custom security objects. Migration cannot change the component implementation or cannot set the publisher policy for all .NET Framework components. Therefore, the Migpol.exe tool cannot migrate custom security objects.
back to the top

REFERENCES

For more information about the policy migration tool, visit the following Microsoft Developer Network (MSDN) Web sites:

Policy Migration Tool(Migpol.exe)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrfpolicymigrationtoolmigpolexe.asp

Configuring Security Policy Using the Code Access Security Policy Tool (Caspol.exe)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconUsingCodeAccessSecurityPolicyToolCaspolexe.asp

An Overview of Security in the .NET Framework
http://msdn.microsoft.com/security/securecode/dotnet/default.aspx?pull=/library/en-us/dnnetsec/html/netframesecover.asp

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

815441 INFO: Microsoft .NET Framework configuration files in a side-by-side installation environment

back to the top
Modification Type:MajorLast Reviewed:7/27/2004
Keywords:kbinfo kbpolicy kbMigration kbSecurity kbhowto KB872906 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.