The security policy state of the .NET Framework is persisted in three policy configuration files, one for each policy level. Per machine, you have one enterprise policy configuration file, a machine policy configuration file, and policy configuration files for each user on the machine.
If the security system cannot find the configuration file for a policy level, that policy level will be set to the default policy state. One emergency technique of reverting back to default security policy, if the current policy state is hopelessly tangled, is to delete all policy configuration files.
There is no centralized infrastructure that is queried about the current policy state of an enterprise, and it becomes the administrator's ...