The .NET Trust Level for IIS cannot be set to anything other than the default of 'Full' for Active Roles Web application. Constraints do exist in the medium trust as described in the link below which prevent Active Roles from functioning.
Reference: https://msdn.microsoft.com/en-us/library/ff648344.aspx
Medium Trust Summary:
The main constraints placed on medium trust Web applications are:
• OleDbPermission is not available. This means you cannot use the ADO.NET managed OLE DB data provider to access databases. However, you can use the managed SQL Server provider to access SQL Server databases.
• EventLogPermission is not available. This means you cannot access the Windows event log.
• ReflectionPermission is not available. This means you cannot use reflection.
• RegistryPermission is not available. This means you cannot access the registry.
• WebPermission is restricted. This means your application can only communicate with an address or range of addresses that you define in the <trust> element.
• FileIOPermission is restricted. This means you can only access files in your application's virtual directory hierarchy. Your application is granted Read, Write, Append, and PathDiscovery permissions for your application's virtual directory hierarchy.
The Active Roles Web Interface needs the following permissions which the Medium trust level has constraints on:
EventLogPermission: Active Roles writes to the Event logs so EventLogPermission is required.
RegistryPermission: Active Roles Web Interface communicates to the Active Roles service via the ADSI provider. In ARS 6.9 ARS service is a COM component registered in the windows registry. WI needs this registry permission to talk to Service via ADSI.
FileIOPermission: WI talks with ADSI which means it needs access to files outside WI application’s virtual directory hierarchy. So FileIOPermission is required.