Following are the ustilities that can be used to manipulate the security policies of .NET. These utilies can be run only from SDK comand prompt "C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0".
1. Code Access Security Policy Utility (caspol.exe): This utility allows administrators(current logged on user can also use this utility) to modify security policy at user level and machine level.
2. Software Publisher Certificate Test Utility (Cert2spc.exe) : This utility can be used to create a Software Publisher's Certificate (SPC) for testing from X.509 certificates. You can get a valid SPC from a Certification Authority (CA) like VeriSign or Thawte.
3. Certificate Manager Utility (certmgr.exe): This utility manages certificates, certificate trust lists (CTLs), and certificate revocation lists (CRLs) so that it can be used to print certificates, CTLs, and CRLs, Add/Delete/Save them from one certificate store to another.
4. Certificate Verification Utility (chktrust.exe): This utility can be used to validite Authenticode signed file or certificate.
5. Certificate Creation Utility (makecert.exe): It generates a X.509 certificate with public and private key pair for digital signatures and associates it with a name that you specify.
6. Permissions View Utility (permview.exe): It is command line utility to view the minimal, optional, and refused permission sets requested by an assembly. By default, permission requests are dumped to the console.
7. PEVerify Utility (peverify.exe): This utility can be used in generating MSIL for compiler, script engine etc.
8. Secutil Utility (SecUtil.exe): It provides the way to restricting the actions of code based on its associated evidence. Two types of evidence, strong names (also called shared names) and Authenticode publishers, are based on cryptographic keys and digital signature technology.
9. Set Registry Utility (setreg.exe): This can be used to change registry settings for public key cryptography.
10. File Signing Utility (signcode.exe): This utility can be used to sign a portable executable (PE) file with requested permissions to give developers more detailed control over the security restrictions placed on their component. You can sign a component or an assembly. If you are distributing an assembly rather than individual components (i.e.,.dlls or .exes), you should sign the assembly, not the individual components. If signcode is run without any options, it launches a wizard to help with signing.
11. Isolated Storage Utility (storeadm.exe): Use the StoreAdm command line tool to manage isolated storage The tool provides three simple functions that are typically used one at a time namely /LIST , /REMOVE and /QUIET.
Also see my article http://www.eggheadcafe.com/tutorials/aspnet/41d48a9e-bb3e-4034-bf8c-0a49235b4686/c-net-securities.aspx which has the implementation details.