RegistryKey.SetAccessControl(RegistrySecurity) Methode
Definitie
Belangrijk
Bepaalde informatie heeft betrekking op een voorlopige productversie die aanzienlijk kan worden gewijzigd voordat deze wordt uitgebracht. Microsoft biedt geen enkele expliciete of impliciete garanties met betrekking tot de informatie die hier wordt verstrekt.
Hiermee wordt Windows beveiliging van toegangsbeheer toegepast op een bestaande registersleutel.
public:
void SetAccessControl(System::Security::AccessControl::RegistrySecurity ^ registrySecurity);public void SetAccessControl(System.Security.AccessControl.RegistrySecurity registrySecurity);member this.SetAccessControl : System.Security.AccessControl.RegistrySecurity -> unitPublic Sub SetAccessControl (registrySecurity As RegistrySecurity)Parameters
- registrySecurity
- RegistrySecurity
De beveiliging van toegangsbeheer die moet worden toegepast op de huidige subsleutel.
Uitzonderingen
Het huidige RegistryKey object vertegenwoordigt een sleutel met beveiliging voor toegangsbeheer en de aanroeper heeft ChangePermissions geen rechten.
registrySecurity is null.
Het RegistryKey bewerken is gesloten (gesloten sleutels kunnen niet worden geopend).
Voorbeelden
In het volgende codevoorbeeld wordt een testsleutel gemaakt. De huidige gebruiker is toegestaan ReadKey en rechten, Delete maar geweigerd ChangePermissions en WriteKey rechten. Volgende pogingen om de sleutel te manipuleren, slagen of mislukken, afhankelijk van deze machtigingen.
Voordat de sleutel wordt verwijderd, wordt de code onderbroken. U kunt overschakelen naar de registereditor en controleren of dezelfde toegangsrechten van toepassing zijn wanneer de sleutel wordt geopend met behulp van de registereditor. (Dit werkt het beste als u RunAs vanaf de opdrachtregel gebruikt om de registereditor en de voorbeeldcode uit te voeren als lokale gebruiker zonder beheerdersrechten. Met de registereditor kan een beheerder altijd machtigingen wijzigen, zelfs als de specifieke beheerder deze rechten heeft geweigerd. Als u een lokale gebruiker met de naam TestUser hebt gedefinieerd, wordt met de opdracht runas /user:TestUser cmd een opdrachtvenster geopend waaruit u de registereditor en vervolgens de voorbeeldcode kunt uitvoeren.)
using namespace System;
using namespace System::Reflection;
using namespace Microsoft::Win32;
using namespace System::Security::AccessControl;
using namespace System::Security;
int main()
{
// Delete the example key if it exists.
try
{
Registry::CurrentUser->DeleteSubKey("RegistryRightsExample");
Console::WriteLine("Example key has been deleted.");
}
catch (ArgumentException^)
{
// ArgumentException is thrown if the key does not exist. In
// this case, there is no reason to display a message.
}
catch (InvalidOperationException^ ex)
{
Console::WriteLine(
"{0}Unable to delete key: it appears to have child subkeys:{0}{1}",
Environment::NewLine, ex);
return 0;
}
catch (SecurityException^ ex)
{
Console::WriteLine("{0}You do not have the permissions required " +
"to delete this key:{0}{1}", Environment::NewLine, ex);
return 0;
}
String^ user = Environment::UserDomainName + "\\" + Environment::UserName;
RegistrySecurity^ regSecurity = gcnew RegistrySecurity();
// Allow the current user to read and delete the key.
//
regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
RegistryRights::ReadKey | RegistryRights::Delete,
InheritanceFlags::None,
PropagationFlags::None,
AccessControlType::Allow));
// Prevent the current user from writing or changing the
// permission set of the key. Note that if Delete permission
// were not allowed in the previous access rule, denying
// WriteKey permission would prevent the user from deleting the
// key.
regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
RegistryRights::WriteKey | RegistryRights::ChangePermissions,
InheritanceFlags::None,
PropagationFlags::None,
AccessControlType::Deny));
// Create the example key with registry security.
RegistryKey^ createdKey = nullptr;
try
{
createdKey = Registry::CurrentUser->CreateSubKey(
"RegistryRightsExample", RegistryKeyPermissionCheck::Default,
regSecurity);
Console::WriteLine("{0}Example key created.", Environment::NewLine);
createdKey->SetValue("ValueName", "StringValue");
}
catch (SecurityException^ ex)
{
Console::WriteLine("{0}You do not have the permissions required " +
"to create the example key:{0}{1}", Environment::NewLine, ex);
return 0;
}
if (createdKey != nullptr)
{
createdKey->Close();
}
RegistryKey^ openedKey;
// Open the key with read access.
openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample",
false);
Console::WriteLine("{0}Retrieved value: {1}",
Environment::NewLine, openedKey->GetValue("ValueName"));
openedKey->Close();
// Attempt to open the key with write access.
try
{
openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample",
true);
}
catch (SecurityException^ ex)
{
Console::WriteLine("{0}You do not have the permissions required " +
"to write to the example key:{0}{1}", Environment::NewLine, ex);
}
if (openedKey != nullptr)
{
openedKey->Close();
}
// Attempt to change permissions for the key.
try
{
regSecurity = gcnew RegistrySecurity();
regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
RegistryRights::WriteKey,
InheritanceFlags::None,
PropagationFlags::None,
AccessControlType::Allow));
openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample",
false);
openedKey->SetAccessControl(regSecurity);
Console::WriteLine("{0}Example key permissions were changed.",
Environment::NewLine);
}
catch (UnauthorizedAccessException^ ex)
{
Console::WriteLine("{0}You are not authorized to change " +
"permissions for the example key:{0}{1}", Environment::NewLine, ex);
}
if (openedKey != nullptr)
{
openedKey->Close();
}
Console::WriteLine("{0}Press Enter to delete the example key.",
Environment::NewLine);
Console::ReadLine();
try
{
Registry::CurrentUser->DeleteSubKey("RegistryRightsExample");
Console::WriteLine("Example key was deleted.");
}
catch(SecurityException^ ex)
{
Console::WriteLine("{0}You do not have the permissions required to "
+ "delete the example key:{0}{1}", Environment::NewLine, ex);
}
}
using System;
using System.Reflection;
using System.Security;
using System.Security.AccessControl;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
// Delete the example key if it exists.
try
{
Registry.CurrentUser.DeleteSubKey("RegistryRightsExample");
Console.WriteLine("Example key has been deleted.");
}
catch (ArgumentException)
{
// ArgumentException is thrown if the key does not exist. In
// this case, there is no reason to display a message.
}
catch (Exception ex)
{
Console.WriteLine("Unable to delete the example key: {0}", ex);
return;
}
string user = Environment.UserDomainName + "\\" + Environment.UserName;
RegistrySecurity rs = new RegistrySecurity();
// Allow the current user to read and delete the key.
//
rs.AddAccessRule(new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.Delete,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow));
// Prevent the current user from writing or changing the
// permission set of the key. Note that if Delete permission
// were not allowed in the previous access rule, denying
// WriteKey permission would prevent the user from deleting the
// key.
rs.AddAccessRule(new RegistryAccessRule(user,
RegistryRights.WriteKey | RegistryRights.ChangePermissions,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Deny));
// Create the example key with registry security.
RegistryKey rk = null;
try
{
rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample",
RegistryKeyPermissionCheck.Default, rs);
Console.WriteLine("\r\nExample key created.");
rk.SetValue("ValueName", "StringValue");
}
catch (Exception ex)
{
Console.WriteLine("\r\nUnable to create the example key: {0}", ex);
}
if (rk != null) rk.Close();
rk = Registry.CurrentUser;
RegistryKey rk2;
// Open the key with read access.
rk2 = rk.OpenSubKey("RegistryRightsExample", false);
Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName"));
rk2.Close();
// Attempt to open the key with write access.
try
{
rk2 = rk.OpenSubKey("RegistryRightsExample", true);
}
catch (SecurityException ex)
{
Console.WriteLine("\nUnable to write to the example key." +
" Caught SecurityException: {0}", ex.Message);
}
if (rk2 != null) rk2.Close();
// Attempt to change permissions for the key.
try
{
rs = new RegistrySecurity();
rs.AddAccessRule(new RegistryAccessRule(user,
RegistryRights.WriteKey,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow));
rk2 = rk.OpenSubKey("RegistryRightsExample", false);
rk2.SetAccessControl(rs);
Console.WriteLine("\r\nExample key permissions were changed.");
}
catch (UnauthorizedAccessException ex)
{
Console.WriteLine("\nUnable to change permissions for the example key." +
" Caught UnauthorizedAccessException: {0}", ex.Message);
}
if (rk2 != null) rk2.Close();
Console.WriteLine("\r\nPress Enter to delete the example key.");
Console.ReadLine();
try
{
rk.DeleteSubKey("RegistryRightsExample");
Console.WriteLine("Example key was deleted.");
}
catch(Exception ex)
{
Console.WriteLine("Unable to delete the example key: {0}", ex);
}
rk.Close();
}
}
/* This code example produces the following output:
Example key created.
Retrieved value: StringValue
Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed.
Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key.
Press Enter to delete the example key.
Example key was deleted.
*/
Imports System.Reflection
Imports System.Security
Imports System.Security.AccessControl
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
' Delete the example key if it exists.
Try
Registry.CurrentUser.DeleteSubKey("RegistryRightsExample")
Console.WriteLine("Example key has been deleted.")
Catch ex As ArgumentException
' ArgumentException is thrown if the key does not exist. In
' this case, there is no reason to display a message.
Catch ex As Exception
Console.WriteLine("Unable to delete the example key: {0}", ex)
Return
End Try
Dim user As String = Environment.UserDomainName & "\" & Environment.UserName
Dim rs As New RegistrySecurity()
' Allow the current user to read and delete the key.
'
rs.AddAccessRule(new RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.Delete, _
InheritanceFlags.None, _
PropagationFlags.None, _
AccessControlType.Allow))
' Prevent the current user from writing or changing the
' permission set of the key. Note that if Delete permission
' were not allowed in the previous access rule, denying
' WriteKey permission would prevent the user from deleting the
' key.
rs.AddAccessRule(new RegistryAccessRule(user, _
RegistryRights.WriteKey Or RegistryRights.ChangePermissions, _
InheritanceFlags.None, _
PropagationFlags.None, _
AccessControlType.Deny))
' Create the example key with registry security.
Dim rk As RegistryKey = Nothing
Try
rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", _
RegistryKeyPermissionCheck.Default, rs)
Console.WriteLine(vbCrLf & "Example key created.")
rk.SetValue("ValueName", "StringValue")
Catch ex As Exception
Console.WriteLine(vbCrLf & "Unable to create the example key: {0}", ex)
End Try
If rk IsNot Nothing Then rk.Close()
rk = Registry.CurrentUser
Dim rk2 As RegistryKey
' Open the key with read access.
rk2 = rk.OpenSubKey("RegistryRightsExample", False)
Console.WriteLine(vbCrLf & "Retrieved value: {0}", rk2.GetValue("ValueName"))
rk2.Close()
' Attempt to open the key with write access.
Try
rk2 = rk.OpenSubKey("RegistryRightsExample", True)
Catch ex As SecurityException
Console.WriteLine(vbCrLf & "Unable to write to the example key." _
& " Caught SecurityException: {0}", ex.Message)
End Try
If rk2 IsNot Nothing Then rk2.Close()
' Attempt to change permissions for the key.
Try
rs = New RegistrySecurity()
rs.AddAccessRule(new RegistryAccessRule(user, _
RegistryRights.WriteKey, _
InheritanceFlags.None, _
PropagationFlags.None, _
AccessControlType.Allow))
rk2 = rk.OpenSubKey("RegistryRightsExample", False)
rk2.SetAccessControl(rs)
Console.WriteLine(vbCrLf & "Example key permissions were changed.")
Catch ex As UnauthorizedAccessException
Console.WriteLine(vbCrLf & "Unable to change permissions for the example key." _
& " Caught UnauthorizedAccessException: {0}", ex.Message)
End Try
If rk2 IsNot Nothing Then rk2.Close()
Console.WriteLine(vbCrLf & "Press Enter to delete the example key.")
Console.ReadLine()
Try
rk.DeleteSubKey("RegistryRightsExample")
Console.WriteLine("Example key was deleted.")
Catch ex As Exception
Console.WriteLine("Unable to delete the example key: {0}", ex)
End Try
rk.Close()
End Sub
End Class
' This code produces the following output:
'
'Example key created.
'
'Retrieved value: StringValue
'
'Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed.
'
'Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key.
'
'Press Enter to delete the example key.
'
'Example key was deleted.
Opmerkingen
Als u machtigingen voor een registersleutel wilt wijzigen, gebruikt u de methode GetAccessControl om een RegistrySecurity-object te verkrijgen dat de bestaande beveiliging van Windows toegangsbeheer vertegenwoordigt, wijzigt u dat RegistrySecurity-object en gebruikt u vervolgens de methode SetAccessControl om de beveiliging voor de sleutel bij te werken.
Caution
Het RegistrySecurity object dat is opgegeven voor registrySecurity vervanging van de bestaande beveiliging voor de registersleutel. Als u machtigingen voor een nieuwe gebruiker wilt toevoegen, gebruikt u de GetAccessControl methode om de bestaande beveiliging voor toegangsbeheer te verkrijgen en wijzigt u deze.