RegistrySecurity.ResetAccessRule(RegistryAccessRule) Méthode
Définition
Important
Certaines informations portent sur la préversion du produit qui est susceptible d’être en grande partie modifiée avant sa publication. Microsoft exclut toute garantie, expresse ou implicite, concernant les informations fournies ici.
Supprime toutes les règles de contrôle d'accès ayant le même utilisateur que la règle spécifiée, indépendamment de AccessControlType, puis ajoute la règle spécifiée.
public:
void ResetAccessRule(System::Security::AccessControl::RegistryAccessRule ^ rule);
public void ResetAccessRule (System.Security.AccessControl.RegistryAccessRule rule);
override this.ResetAccessRule : System.Security.AccessControl.RegistryAccessRule -> unit
Public Sub ResetAccessRule (rule As RegistryAccessRule)
Paramètres
- rule
- RegistryAccessRule
RegistryAccessRule à ajouter. L'utilisateur spécifié par cette règle détermine les règles à supprimer avant l'ajout de celle-ci.
Exemples
L’exemple de code suivant montre comment la ResetAccessRule méthode remplace toutes les règles de l’utilisateur correspondant par la règle spécifiée pour la correspondance.
L’exemple crée un objet et ajoute des RegistrySecurity règles qui autorisent et refusent différents droits pour l’utilisateur actuel, avec différents indicateurs d’héritage et de propagation. L’exemple crée ensuite une règle qui permet à l’utilisateur actuel de lire uniquement la clé et utilise la ResetAccessRule méthode pour supprimer toutes les règles de l’utilisateur et les remplacer par la nouvelle règle.
Notes
Cet exemple n’attache pas l’objet de sécurité à un RegistryKey objet . Consultez la RegistryKey.GetAccessControl méthode et la RegistryKey.SetAccessControl méthode .
using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
string user = Environment.UserDomainName + "\\"
+ Environment.UserName;
// Create a security object that grants no access.
RegistrySecurity mSec = new RegistrySecurity();
// Add a rule that grants the current user the right
// to read and enumerate the name/value pairs in a key,
// to read its access and audit rules, to enumerate
// its subkeys, to create subkeys, and to delete the key.
// The rule is inherited by all contained subkeys.
//
RegistryAccessRule rule = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that allows the current user the right
// right to set the name/value pairs in a key.
// This rule is inherited by contained subkeys, but
// propagation flags limit it to immediate child
// subkeys.
rule = new RegistryAccessRule(user,
RegistryRights.ChangePermissions,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that denies the current user the right
// to set the name/value pairs in a key. This rule
// has no inheritance or propagation flags, so it
// affects only the key itself.
rule = new RegistryAccessRule(user,
RegistryRights.SetValue,
AccessControlType.Deny);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Create a rule that allows the current user
// only read access to a key, with no inheritance
// or propagation flags. ResetAccessRule removes
// all the existing rules for the current user,
// replacing them with this rule.
rule = new RegistryAccessRule(user,
RegistryRights.ReadKey,
AccessControlType.Allow);
mSec.ResetAccessRule(rule);
// Display the rules in the security object.
// removed.
ShowSecurity(mSec);
}
private static void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach( RegistryAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)) )
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
}
/* This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: SetValue
Inheritance: None
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: ContainerInherit
Propagation: NoPropagateInherit, InheritOnly
Inherited? False
Current access rules:
User: TestDomain\TestUser
Type: Allow
Rights: ReadKey
Inheritance: None
Propagation: None
Inherited? False
*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New RegistrySecurity()
' Add a rule that grants the current user the right
' to read and enumerate the name/value pairs in a key,
' to read its access and audit rules, to enumerate
' its subkeys, to create subkeys, and to delete the key.
' The rule is inherited by all contained subkeys.
'
Dim rule As New RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.WriteKey _
Or RegistryRights.Delete, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that allows the current user the right
' right to set the name/value pairs in a key.
' This rule is inherited by contained subkeys, but
' propagation flags limit it to immediate child
' subkeys.
rule = New RegistryAccessRule(user, _
RegistryRights.ChangePermissions, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that denies the current user the right
' to set the name/value pairs in a key. This rule
' has no inheritance or propagation flags, so it
' affects only the key itself.
rule = New RegistryAccessRule(user, _
RegistryRights.SetValue, _
AccessControlType.Deny)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Create a rule that allows the current user
' only read access to a key, with no inheritance
' or propagation flags. ResetAccessRule removes
' all the existing rules for the current user,
' replacing them with this rule.
rule = New RegistryAccessRule(user, _
RegistryRights.ReadKey, _
AccessControlType.Allow)
mSec.ResetAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
End Sub
Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As RegistryAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.RegistryRights)
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
Console.WriteLine(" Inherited? {0}", ar.IsInherited)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: SetValue
' Inheritance: None
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
' Inherited? False
'
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ReadKey
' Inheritance: None
' Propagation: None
' Inherited? False
Remarques
S’il n’existe aucune règle d’accès dont l’utilisateur correspond à la règle spécifiée, rule
est ajouté.