RegistryKey.SetAccessControl(RegistrySecurity) 方法
定義
重要
部分資訊涉及發行前產品,在發行之前可能會有大幅修改。 Microsoft 對此處提供的資訊,不做任何明確或隱含的瑕疵擔保。
將 Windows 存取控制安全性套用至現有的登錄機碼。
public:
void SetAccessControl(System::Security::AccessControl::RegistrySecurity ^ registrySecurity);public void SetAccessControl (System.Security.AccessControl.RegistrySecurity registrySecurity);member this.SetAccessControl : System.Security.AccessControl.RegistrySecurity -> unitPublic Sub SetAccessControl (registrySecurity As RegistrySecurity)參數
- registrySecurity
- RegistrySecurity
要套用至目前子機碼的存取控制安全性。
例外狀況
目前的 RegistryKey 物件,表示擁有存取控制安全性的機碼,而呼叫端沒有 ChangePermissions 權限。
registrySecurity 為 null。
正接受管理的 RegistryKey 已經關閉 (關閉的機碼無法存取)。
範例
下列程式代碼範例會建立測試金鑰。 目前使用者被允許 ReadKey 和許可權, Delete 但遭到 ChangePermissions 拒絕和 WriteKey 許可權。 後續嘗試根據這些許可權操作金鑰成功或失敗。
刪除金鑰之前,程式代碼會暫停。 您可以切換至登錄編輯器,並在使用登錄編輯器存取金鑰時確認相同的存取權限適用。 (如果您使用命令行中的 RunAs 來執行登錄編輯器,並以沒有系統管理員許可權的本機使用者身分執行程式碼範例,則這最適合。登錄編輯器一律允許系統管理員變更許可權,即使特定系統管理員遭到拒絕這些許可權也一樣。如果您已定義名為 TestUser 的本機使用者,此命令 runas /user:TestUser cmd 會開啟命令視窗,您可以從中執行登錄編輯器,然後執行範例程式代碼.)
using namespace System;
using namespace System::Reflection;
using namespace Microsoft::Win32;
using namespace System::Security::AccessControl;
using namespace System::Security;
int main()
{
// Delete the example key if it exists.
try
{
Registry::CurrentUser->DeleteSubKey("RegistryRightsExample");
Console::WriteLine("Example key has been deleted.");
}
catch (ArgumentException^)
{
// ArgumentException is thrown if the key does not exist. In
// this case, there is no reason to display a message.
}
catch (InvalidOperationException^ ex)
{
Console::WriteLine(
"{0}Unable to delete key: it appears to have child subkeys:{0}{1}",
Environment::NewLine, ex);
return 0;
}
catch (SecurityException^ ex)
{
Console::WriteLine("{0}You do not have the permissions required " +
"to delete this key:{0}{1}", Environment::NewLine, ex);
return 0;
}
String^ user = Environment::UserDomainName + "\\" + Environment::UserName;
RegistrySecurity^ regSecurity = gcnew RegistrySecurity();
// Allow the current user to read and delete the key.
//
regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
RegistryRights::ReadKey | RegistryRights::Delete,
InheritanceFlags::None,
PropagationFlags::None,
AccessControlType::Allow));
// Prevent the current user from writing or changing the
// permission set of the key. Note that if Delete permission
// were not allowed in the previous access rule, denying
// WriteKey permission would prevent the user from deleting the
// key.
regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
RegistryRights::WriteKey | RegistryRights::ChangePermissions,
InheritanceFlags::None,
PropagationFlags::None,
AccessControlType::Deny));
// Create the example key with registry security.
RegistryKey^ createdKey = nullptr;
try
{
createdKey = Registry::CurrentUser->CreateSubKey(
"RegistryRightsExample", RegistryKeyPermissionCheck::Default,
regSecurity);
Console::WriteLine("{0}Example key created.", Environment::NewLine);
createdKey->SetValue("ValueName", "StringValue");
}
catch (SecurityException^ ex)
{
Console::WriteLine("{0}You do not have the permissions required " +
"to create the example key:{0}{1}", Environment::NewLine, ex);
return 0;
}
if (createdKey != nullptr)
{
createdKey->Close();
}
RegistryKey^ openedKey;
// Open the key with read access.
openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample",
false);
Console::WriteLine("{0}Retrieved value: {1}",
Environment::NewLine, openedKey->GetValue("ValueName"));
openedKey->Close();
// Attempt to open the key with write access.
try
{
openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample",
true);
}
catch (SecurityException^ ex)
{
Console::WriteLine("{0}You do not have the permissions required " +
"to write to the example key:{0}{1}", Environment::NewLine, ex);
}
if (openedKey != nullptr)
{
openedKey->Close();
}
// Attempt to change permissions for the key.
try
{
regSecurity = gcnew RegistrySecurity();
regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
RegistryRights::WriteKey,
InheritanceFlags::None,
PropagationFlags::None,
AccessControlType::Allow));
openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample",
false);
openedKey->SetAccessControl(regSecurity);
Console::WriteLine("{0}Example key permissions were changed.",
Environment::NewLine);
}
catch (UnauthorizedAccessException^ ex)
{
Console::WriteLine("{0}You are not authorized to change " +
"permissions for the example key:{0}{1}", Environment::NewLine, ex);
}
if (openedKey != nullptr)
{
openedKey->Close();
}
Console::WriteLine("{0}Press Enter to delete the example key.",
Environment::NewLine);
Console::ReadLine();
try
{
Registry::CurrentUser->DeleteSubKey("RegistryRightsExample");
Console::WriteLine("Example key was deleted.");
}
catch(SecurityException^ ex)
{
Console::WriteLine("{0}You do not have the permissions required to "
+ "delete the example key:{0}{1}", Environment::NewLine, ex);
}
}
using System;
using System.Reflection;
using System.Security;
using System.Security.AccessControl;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
// Delete the example key if it exists.
try
{
Registry.CurrentUser.DeleteSubKey("RegistryRightsExample");
Console.WriteLine("Example key has been deleted.");
}
catch (ArgumentException)
{
// ArgumentException is thrown if the key does not exist. In
// this case, there is no reason to display a message.
}
catch (Exception ex)
{
Console.WriteLine("Unable to delete the example key: {0}", ex);
return;
}
string user = Environment.UserDomainName + "\\" + Environment.UserName;
RegistrySecurity rs = new RegistrySecurity();
// Allow the current user to read and delete the key.
//
rs.AddAccessRule(new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.Delete,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow));
// Prevent the current user from writing or changing the
// permission set of the key. Note that if Delete permission
// were not allowed in the previous access rule, denying
// WriteKey permission would prevent the user from deleting the
// key.
rs.AddAccessRule(new RegistryAccessRule(user,
RegistryRights.WriteKey | RegistryRights.ChangePermissions,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Deny));
// Create the example key with registry security.
RegistryKey rk = null;
try
{
rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample",
RegistryKeyPermissionCheck.Default, rs);
Console.WriteLine("\r\nExample key created.");
rk.SetValue("ValueName", "StringValue");
}
catch (Exception ex)
{
Console.WriteLine("\r\nUnable to create the example key: {0}", ex);
}
if (rk != null) rk.Close();
rk = Registry.CurrentUser;
RegistryKey rk2;
// Open the key with read access.
rk2 = rk.OpenSubKey("RegistryRightsExample", false);
Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName"));
rk2.Close();
// Attempt to open the key with write access.
try
{
rk2 = rk.OpenSubKey("RegistryRightsExample", true);
}
catch (SecurityException ex)
{
Console.WriteLine("\nUnable to write to the example key." +
" Caught SecurityException: {0}", ex.Message);
}
if (rk2 != null) rk2.Close();
// Attempt to change permissions for the key.
try
{
rs = new RegistrySecurity();
rs.AddAccessRule(new RegistryAccessRule(user,
RegistryRights.WriteKey,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow));
rk2 = rk.OpenSubKey("RegistryRightsExample", false);
rk2.SetAccessControl(rs);
Console.WriteLine("\r\nExample key permissions were changed.");
}
catch (UnauthorizedAccessException ex)
{
Console.WriteLine("\nUnable to change permissions for the example key." +
" Caught UnauthorizedAccessException: {0}", ex.Message);
}
if (rk2 != null) rk2.Close();
Console.WriteLine("\r\nPress Enter to delete the example key.");
Console.ReadLine();
try
{
rk.DeleteSubKey("RegistryRightsExample");
Console.WriteLine("Example key was deleted.");
}
catch(Exception ex)
{
Console.WriteLine("Unable to delete the example key: {0}", ex);
}
rk.Close();
}
}
/* This code example produces the following output:
Example key created.
Retrieved value: StringValue
Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed.
Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key.
Press Enter to delete the example key.
Example key was deleted.
*/
Imports System.Reflection
Imports System.Security
Imports System.Security.AccessControl
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
' Delete the example key if it exists.
Try
Registry.CurrentUser.DeleteSubKey("RegistryRightsExample")
Console.WriteLine("Example key has been deleted.")
Catch ex As ArgumentException
' ArgumentException is thrown if the key does not exist. In
' this case, there is no reason to display a message.
Catch ex As Exception
Console.WriteLine("Unable to delete the example key: {0}", ex)
Return
End Try
Dim user As String = Environment.UserDomainName & "\" & Environment.UserName
Dim rs As New RegistrySecurity()
' Allow the current user to read and delete the key.
'
rs.AddAccessRule(new RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.Delete, _
InheritanceFlags.None, _
PropagationFlags.None, _
AccessControlType.Allow))
' Prevent the current user from writing or changing the
' permission set of the key. Note that if Delete permission
' were not allowed in the previous access rule, denying
' WriteKey permission would prevent the user from deleting the
' key.
rs.AddAccessRule(new RegistryAccessRule(user, _
RegistryRights.WriteKey Or RegistryRights.ChangePermissions, _
InheritanceFlags.None, _
PropagationFlags.None, _
AccessControlType.Deny))
' Create the example key with registry security.
Dim rk As RegistryKey = Nothing
Try
rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", _
RegistryKeyPermissionCheck.Default, rs)
Console.WriteLine(vbCrLf & "Example key created.")
rk.SetValue("ValueName", "StringValue")
Catch ex As Exception
Console.WriteLine(vbCrLf & "Unable to create the example key: {0}", ex)
End Try
If rk IsNot Nothing Then rk.Close()
rk = Registry.CurrentUser
Dim rk2 As RegistryKey
' Open the key with read access.
rk2 = rk.OpenSubKey("RegistryRightsExample", False)
Console.WriteLine(vbCrLf & "Retrieved value: {0}", rk2.GetValue("ValueName"))
rk2.Close()
' Attempt to open the key with write access.
Try
rk2 = rk.OpenSubKey("RegistryRightsExample", True)
Catch ex As SecurityException
Console.WriteLine(vbCrLf & "Unable to write to the example key." _
& " Caught SecurityException: {0}", ex.Message)
End Try
If rk2 IsNot Nothing Then rk2.Close()
' Attempt to change permissions for the key.
Try
rs = New RegistrySecurity()
rs.AddAccessRule(new RegistryAccessRule(user, _
RegistryRights.WriteKey, _
InheritanceFlags.None, _
PropagationFlags.None, _
AccessControlType.Allow))
rk2 = rk.OpenSubKey("RegistryRightsExample", False)
rk2.SetAccessControl(rs)
Console.WriteLine(vbCrLf & "Example key permissions were changed.")
Catch ex As UnauthorizedAccessException
Console.WriteLine(vbCrLf & "Unable to change permissions for the example key." _
& " Caught UnauthorizedAccessException: {0}", ex.Message)
End Try
If rk2 IsNot Nothing Then rk2.Close()
Console.WriteLine(vbCrLf & "Press Enter to delete the example key.")
Console.ReadLine()
Try
rk.DeleteSubKey("RegistryRightsExample")
Console.WriteLine("Example key was deleted.")
Catch ex As Exception
Console.WriteLine("Unable to delete the example key: {0}", ex)
End Try
rk.Close()
End Sub
End Class
' This code produces the following output:
'
'Example key created.
'
'Retrieved value: StringValue
'
'Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed.
'
'Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key.
'
'Press Enter to delete the example key.
'
'Example key was deleted.
備註
若要修改登錄機碼的許可權,請使用 GetAccessControl 方法來取得 RegistrySecurity 代表現有 Windows 存取控制安全性的物件、修改該 RegistrySecurity 物件,然後使用 SetAccessControl 方法來更新金鑰的安全性。
警告
RegistrySecurity指定的 registrySecurity 物件會取代登錄機碼的現有安全性。 若要新增用戶的許可權,請使用 GetAccessControl 方法來取得現有的訪問控制安全性,然後加以修改。
