First off, bookmark this page, it has a lot of info on Caspol:
http://blogs.msdn.com/shawnfa/archive/2004/12/30/344554.aspx
I am currently setting up some demos to show in an HPC Jumpstart event in Bogota Colombia in 3 days. One of the demos includes using MPI.Net (an amazing implementation of MPI), and I was running into serious problems trying to get it to work.
When you run binaries with Windows Server HPC 2008, you need a place that will hold the binaries so that each worker process can make a run them from there. An obvious solution to this is to use network shares so that anyone with the right set of permissions – in this case the worker nodes, can run the binaries.
If you ever run a .Net assembly from a local share, you will be greeted a with System.SecurityException that will cause your application to go down in flames. In Windows Server 2003, you could easily modify these settings so that you could change the policy level and let all .Net assemblies un UNC paths execute without any type of restriction. This was done by the .Net Configuration pane in Administrative Tools.
I tried to find the .Net Configuration pane in Windows Server 2008 and it was nowhere to be found, it’s gone. I looked for it under server manager, tried installing new roles to see if it showed up and NADA. There goes my demos, I thought 
In the midst of pulling out my hair, Phil suggested to try Caspol, a utility included with the 2.0 .Net framework that allows you to change security settings for assemblies. The following did the trick:
c:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe -q -m -ag 1.2 -url file://headnode/scratch/04-ManagedAPI/03-PingPong/* FullTrust
This allowed me to run the binary from\\headnode\scratch4-ManagedAPI3-PingPong
I then used the most excellent utility from Windows HPC Server 2008 Clusrun to run a batch file on ALL the nodes of my cluster to set the security settings for all of my demos…sweet:
————————————————————————————————————————C:\Users\administrator.HPC>c:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe -q -m -ag 1.2 -url file://headnode/scratch/04-ManagedAPI/01-Hello/* FullTrust
Microsoft (R) .NET Framework CasPol 2.0.50727.1434Copyright (c) Microsoft Corporation. All rights reserved.
Added union code group with “-url” membership condition to the Machine level.Success…
if this works i owe you a bottle of you name it
By: andras liptak on June 18, 2008
at 12:18 pm
Andras: a bottle of Beaujolais , let me know if it works so I can give you my address
By: csaborio on June 19, 2008
at 2:43 am
I tried the command (modified for my own network share of course) and it didn’t work.
The only thing that works for me is switching security off, and that only works while caspol.exe keep running.
Any ideas?
By: Andrew Brehm on July 25, 2008
at 1:45 pm
Andrew:
What OS are you using? 32-bit? Paste the command here, I might be able to spot something.
By: csaborio on July 31, 2008
at 9:57 pm
There are actually 2 sets of caspol settings, one for 32 bit (kept in Framework) and one for 64 bit (kept in Framework64). If you’re building using the 32-bit msbuild, settings changed with the 64-bit caspol will not affect it.
By: RandomEngy on October 17, 2008
at 10:04 pm
@RandomEngy: Thanks for the clearing that up – you are right on target with the different bit architectures settings in Caspol not affecting it’s counterpart.
By: csaborio on October 18, 2008
at 3:52 pm