[Update 12/14/04] - Because I get a lot of Google referals where I'm a #1 or #2 result looking for how to give a network share full trust with CAS, I'm adding how to actually do it, rather than just complain about the name.
So, to give a network share or mapped drive full trust, execute the following at a .net command prompt:
caspol -q -machine -addgroup 1 -url file://z:/* FullTrust -name "Z Drive"
This will give anything on the “Z“ drive full trust, make the name of the rule “Z Drive“, and put this at the machine level (applies to all users). You must be a machine admin to run this command.
Every client site I've been to as a .net guy has had at least one common theme - getting the network admins to grant “Full Trust” to a strong name key or url is hard.
As I'm sure you're aware, when you run a .net application off of a url or network share, it runs under limited rights. However, the easiest way to deploy “no-touch” applications in a locked-down network is by running them from a url or network share.
So, to remove the lock-down the application is run in, you must give that location (or public key token) increased rights. For many smart client applications, only “Full Trust” will do (many use P/Invoke, etc). To grant full trust, you must either touch every client computer, or use group policy (or similar mechanisms) to distribute the CAS changes.
That's where it gets hairy.
At one site I had to talk at no less than six meetings to convince the network admins (who were to distribute the CAS changes) that “Full Trust” was not “Domain Admin”. “I'm not granting you full trust on my network!”, or “What is your application doing that requires increased rights?” were common responses. I finally had to prove --with a sample and stepping through source code -- that “Full Trust” was still limited to the user's rights - that anything else was a subset of the user rights. That it was no different than the other executables that they allowed users to run. That I wasn't an evil hacker planting a trojan horse.
It'd be so much easier if “Full Trust” were named something else... of course, I can't think up a better name. But I'm sure I can look forward to more than one meeting on this same subject.