Microsoft KB Archive/872906

= Information about the Policy Migration Tool (Migpol.exe) as a command-line utility =

Article ID: 872906

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft .NET Framework 1.1
 * Microsoft .NET Framework 1.0 Service Pack 3
 * Microsoft .NET Framework 1.0 Service Pack 2
 * Microsoft .NET Framework 1.0 Service Pack 1
 * Microsoft .NET Framework 1.0

-



SUMMARY
''The Policy Migration Tool (Migpol.exe) is available in the Microsoft .NET Framework 1.1. This tool migrates the security policy level of one version of the .NET Framework to other versions of the .NET Framework. You can use Migpol.exe as a command-line utility to change the security policy level in different versions of the .NET Framework.''


 * To change the security policy level, use the Migpol.exe tool.
 * Use the Migpol.exe tool to migrate the security locks from an older version of the .NET Framework to a newer version of the .NET Framework. You can also decrease the security level in one version of the .NET Framework by using the Migpol.exe tool.
 * You can use the Migpol.exe tool at the command prompt with different options to perform the security policy settings.
 * The Migpol.exe tool cannot migrate the user policy level and the custom security objects.



INTRODUCTION
The Migpol.exe tool is used to migrate the security policy between two compatible versions of the .NET Framework that are installed on your computer. The Migpol.exe tool is available in the redistribution files of the .NET Framework 1.1.



MORE INFORMATION
The following topics discuss how to use the Migpol.exe tool:
 * Requirements
 * Significance of the Migpol.exe tool
 * When to use the Migpol.exe tool
 * Functions of the Migpol.exe tool
 * How to use the Migpol.exe tool
 * Migrate the security policy to a .NET Framework version
 * List the versions of the .NET Framework on your computer
 * Display the command syntax and the options for the Migpol.exe tool
 * Limitations of the Migpol.exe tool
 * REFERENCES

Requirements
This article assumes that you are familiar with the following topics:
 * Basic knowledge of the Microsoft .NET Framework
 * Security in the .NET Framework

back to the top

Significance of the Migpol.exe tool
After you install a newer version of the .NET Framework, the Migpol.exe tool silently migrates the security policy on a computer. However, after you install a newer version of the .NET Framework, the security policy changes that you made in the earlier version of the .NET Framework are not automatically migrated to the newer version of the .NET Framework.

If you install a version of the .NET Framework on a computer that already has another version of the .NET Framework installed, the following settings are not migrated from the existing version of the .NET Framework to the newly installed version of the .NET Framework:
 * The security policy configuration state
 * Administrative changes that were made to the security policy

To migrate security policy changes that were made in one version of the .NET Framework to another version of the .NET Framework, you must run the Migpol.exe tool at the command prompt.

back to the top

When to use the Migpol.exe tool
Use the Migpol.exe tool in the following situations:
 * If you implement security locks in one version of the .NET Framework and then you install another version of the .NET Framework on your computer, your computer has the default security policy of the newer version of the .NET Framework. The security policy on your computer does not include the security locks. Use the Migpol.exe tool to migrate the security locks from the older version of the .NET Framework to the newer version of the .NET Framework. The policy migration will help prevent the security risks that may exist because of the default security policy of the newer version of the .NET Framework.
 * If you decrease the security level in one version of the .NET Framework and then you install another version of the .NET Framework on your computer, the default security policy on your computer will be the security policy of the newer version of the .NET Framework. Applications that require the less stringent security policy that was in the older version of the .NET Framework will not run on your computer. To run those applications on your computer, you must use the Migpol.exe tool to make the security policy less stringent.
 * If you install the Microsoft .NET Framework 1.0 Service Pack 1 (SP1) and then you install the Microsoft .NET Framework 1.1 on your computer, your computer will have the default security policy of the .NET Framework 1.1. That security policy is less restrictive than the default security policy of the .NET Framework 1.0 SP1. Use the Migpol.exe tool to retain the restrictive security policy of the .NET Framework 1.0 SP1.

back to the top

Functions of the Migpol.exe tool
The Migpol.exe tool performs the following functions:
 * Migrates the security policy when a new version of the .NET Framework is installed on your computer.
 * Offer support when you configure the security policy in one version of the .NET Framework and then you want to make the same changes in another installed version of the .NET Framework on your computer.
 * Migrates from the .NET Framework 1.0 SP1 to the .NET Framework 1.1 without any changes in the Internet code group settings. Mgpol.exe also helps prevent security vulnerabilities when you install the .NET Framework 1.1 on a computer that has the .NET Framework 1.0 SP1 installed.

back to the top

How to use the Migpol.exe tool
The Migpol.exe tool has the following three command-line options:
 * -migrate  
 * -listversions
 * -l
 * -help
 * -h

Notes
 * is a placeholder for the version of the .NET Framework to which the security policy must be migrated.
 * is a placeholder for the version of the .NET Framework from which the security policy will be migrated.

To open a command prompt and then change the directory path where the Migpol.exe file is located, follow these steps:  Click Start, click Run, type cmd, and then click OK. At the command prompt, type the following command to change the current directory path to the folder where the Migpol.exe tool is located:

cd %WINDIR%\Microsoft.NET\Framework\v1.1.4322\



back to the top

Migrate the security policy to a .NET Framework version
 To migrate the security policy from the Microsoft .NET Framework 1.0 to the .NET Framework 1.1, type the following command at the command prompt:

migpol -migrate 1.1.4322 1.0.3705

 To migrate the security policy from the .NET Framework 1.1 to the .NET Framework 1.0, type the following command at the command prompt:

migpol -migrate 1.0.3705 1.1.4322



back to the top

List the versions of the .NET Framework on your computer
To list the versions of the .NET Framework that are installed on your computer, type one of the following commands at the command prompt:
 * migpol -listversions
 * migpol -l

back to the top

Display the syntax and the options for the Migpol.exe tool
To display the command syntax and the options for the Migpol.exe tool, type one of the following commands at the command prompt:
 * migpol -help
 * migpol -h
 * migpol -?
 * migpol /?

back to the top

Limitations of the Migpol.exe tool

 * The Migpol.exe tool cannot migrate the user policy level. The user policy level configuration files location is not known when users have roaming profiles. Therefore, you cannot migrate the user policy configuration state.
 * The Migpol.exe tool cannot migrate custom security objects. Migration cannot change the component implementation or cannot set the publisher policy for all .NET Framework components. Therefore, the Migpol.exe tool cannot migrate custom security objects.

back to the top

