RegistrySecurity.RemoveAccessRuleAll(RegistryAccessRule) Metode
Definisi
Penting
Beberapa informasi terkait produk prarilis yang dapat diubah secara signifikan sebelum dirilis. Microsoft tidak memberikan jaminan, tersirat maupun tersurat, sehubungan dengan informasi yang diberikan di sini.
Mencari semua aturan kontrol akses dengan pengguna yang sama dan AccessControlType (izinkan atau tolak) sebagai aturan yang ditentukan dan, jika ditemukan, akan menghapusnya.
public:
void RemoveAccessRuleAll(System::Security::AccessControl::RegistryAccessRule ^ rule);public void RemoveAccessRuleAll (System.Security.AccessControl.RegistryAccessRule rule);override this.RemoveAccessRuleAll : System.Security.AccessControl.RegistryAccessRule -> unitPublic Sub RemoveAccessRuleAll (rule As RegistryAccessRule)Parameter
- rule
- RegistryAccessRule
RegistryAccessRule yang menentukan pengguna dan AccessControlType untuk dicari. Setiap hak, bendera pewarisan, atau bendera penyebaran yang ditentukan oleh aturan ini diabaikan.
Pengecualian
ruleadalah null.
Contoh
Contoh kode berikut menunjukkan bahwa RemoveAccessRuleAll metode menghapus semua aturan yang cocok dengan pengguna dan AccessControlType, mengabaikan hak dan bendera.
Contoh membuat RegistrySecurity objek dan menambahkan aturan yang memungkinkan dan menolak berbagai hak untuk pengguna saat ini, dengan bendera pewarisan dan penyebaran yang berbeda. Contohnya kemudian membuat aturan baru yang memungkinkan pengguna saat ini untuk mengambil kepemilikan, dan meneruskan aturan tersebut RemoveAccessRuleAll ke metode untuk menghapus dua aturan yang memungkinkan akses.
Catatan
Contoh ini tidak melampirkan objek keamanan ke RegistryKey objek. RegistryKey.GetAccessControl Lihat metode dan RegistryKey.SetAccessControl metode .
using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
string user = Environment.UserDomainName + "\\"
+ Environment.UserName;
// Create a security object that grants no access.
RegistrySecurity mSec = new RegistrySecurity();
// Add a rule that grants the current user the right
// to read and enumerate the name/value pairs in a key,
// to read its access and audit rules, to enumerate
// its subkeys, to create subkeys, and to delete the key.
// The rule is inherited by all contained subkeys.
//
RegistryAccessRule rule = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that allows the current user the right
// right to set the name/value pairs in a key.
// This rule is inherited by contained subkeys, but
// propagation flags limit it to immediate child
// subkeys.
rule = new RegistryAccessRule(user,
RegistryRights.ChangePermissions,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that denies the current user the right
// to set the name/value pairs in a key. This rule
// has no inheritance or propagation flags, so it
// affects only the key itself.
rule = new RegistryAccessRule(user,
RegistryRights.SetValue,
AccessControlType.Deny);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Create a rule that allows the current user the
// right to change the ownership of the key, with
// no inheritance or propagation flags. The rights
// and flags are ignored by RemoveAccessRuleAll,
// and all rules that allow access for the current
// user are removed.
rule = new RegistryAccessRule(user,
RegistryRights.TakeOwnership,
AccessControlType.Allow);
mSec.RemoveAccessRuleAll(rule);
// Show that all rules that allow access have been
// removed.
ShowSecurity(mSec);
}
private static void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach( RegistryAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)) )
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
}
/* This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: SetValue
Inheritance: None
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: ContainerInherit
Propagation: NoPropagateInherit, InheritOnly
Inherited? False
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: SetValue
Inheritance: None
Propagation: None
Inherited? False
*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New RegistrySecurity()
' Add a rule that grants the current user the right
' to read and enumerate the name/value pairs in a key,
' to read its access and audit rules, to enumerate
' its subkeys, to create subkeys, and to delete the key.
' The rule is inherited by all contained subkeys.
'
Dim rule As New RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.WriteKey _
Or RegistryRights.Delete, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that allows the current user the right
' right to set the name/value pairs in a key.
' This rule is inherited by contained subkeys, but
' propagation flags limit it to immediate child
' subkeys.
rule = New RegistryAccessRule(user, _
RegistryRights.ChangePermissions, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that denies the current user the right
' to set the name/value pairs in a key. This rule
' has no inheritance or propagation flags, so it
' affects only the key itself.
rule = New RegistryAccessRule(user, _
RegistryRights.SetValue, _
AccessControlType.Deny)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Create a rule that allows the current user the
' right to change the ownership of the key, with
' no inheritance or propagation flags. The rights
' and flags are ignored by RemoveAccessRuleAll,
' and all rules that allow access for the current
' user are removed.
rule = New RegistryAccessRule(user, _
RegistryRights.TakeOwnership, _
AccessControlType.Allow)
mSec.RemoveAccessRuleAll(rule)
' Show that all rules that allow access have been
' removed.
ShowSecurity(mSec)
End Sub
Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As RegistryAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.RegistryRights)
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
Console.WriteLine(" Inherited? {0}", ar.IsInherited)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: SetValue
' Inheritance: None
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
' Inherited? False
'
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: SetValue
' Inheritance: None
' Propagation: None
' Inherited? False
'
Keterangan
Saat ini RegistrySecurity dicari untuk aturan yang memiliki pengguna yang sama dan nilai yang sama AccessControlType dengan rule. Setiap hak, bendera pewarisan, atau bendera propagasi yang ditentukan oleh rule diabaikan saat melakukan pencarian ini. Jika tidak ada aturan yang cocok yang ditemukan, tidak ada tindakan yang diambil.
Misalnya, jika pengguna memiliki beberapa aturan yang memungkinkan berbagai hak dengan bendera pewarisan dan penyebaran yang berbeda, Anda dapat menghapus semua aturan tersebut dengan membuat RegistryAccessRule objek yang menentukan pengguna dan AccessControlType.Allow, dengan hak dan bendera arbitrer apa pun, dan meneruskan aturan tersebut RemoveAccessRuleAll ke metode .
