I just asked some people at Microsoft (Alex and Erwin) about security permissions for .net and their answer has led me onto the following posts which are finally giving me a better idea of how things work with the security policy. It’s amazing how helpful they are to random strangers 
When I’d been looking up the problem before I’d only really seen it from the clients side, and come across references to caspol.exe. As a developer you really want to start by looking at permcalc.exe and the things that you can do become a lot clearer.
Aaron Steele has written some very clear articles on the subject of trust.
- http://blogs.pointbridge.com/Blogs/floraday_burt/Pages/Post.aspx?_ID=2
- http://blogs.pointbridge.com/Blogs/floraday_burt/Pages/Post.aspx?_ID=3
- http://blogs.pointbridge.com/Blogs/floraday_burt/Pages/Post.aspx?_ID=4
Then there’s this possibly useful note of a use of permcalc.exe.
I’m still looking at the best way to deploy a security policy. From what I’m told it’s possible to deploy a custom security policy in an MSI file so that may be the way to ensure your application works from wherever it is deployed to; even network shares. At least for the person who installed it anyway.
Here’s an additional note on a potential limitation of permcalc.exe.
