RegistrySecurity.RemoveAccessRule(RegistryAccessRule) 方法

  • 參考

定義

命名空間:
System.Security.AccessControl
組件:
Microsoft.Win32.Registry.dll
組件:
Microsoft.Win32.Registry.AccessControl.dll
組件:
mscorlib.dll
來源:
RegistrySecurity.cs

搜尋具有與指定之存取規則相同的使用者和 AccessControlType (允許或拒絕) 以及具有相容的繼承和傳用旗標的存取控制規則。如果找到這樣的規則,則會移除指定之存取規則中所包含的權限。

public:
 bool RemoveAccessRule(System::Security::AccessControl::RegistryAccessRule ^ rule);
public bool RemoveAccessRule (System.Security.AccessControl.RegistryAccessRule rule);
override this.RemoveAccessRule : System.Security.AccessControl.RegistryAccessRule -> bool
Public Function RemoveAccessRule (rule As RegistryAccessRule) As Boolean

參數

rule
RegistryAccessRule

RegistryAccessRule,其會指定要搜尋的使用者和 AccessControlType,以及必須與相符的規則 (如果找到的話) 相容的繼承和傳用旗標集合。 如果找到的話,指定從相容的規則中移除此權限。

傳回

Boolean

如果找到相容的規則,則為 true,否則為 false

例外狀況

ArgumentNullException

rulenull

範例

下列程式碼範例示範 方法如何 RemoveAccessRule 從相容的規則中移除許可權,以及方法如何 AddAccessRule 合併許可權與相容的規則。

此範例會 RegistrySecurity 建立 物件,並新增允許目前使用者 RegistryRights.ReadKey 權力的規則。 然後,此範例會建立一個規則,以與第一個規則相同的繼承和傳播許可權授與使用者 RegistryRights.SetValue ,並使用 RemoveAccessRule 方法從 RegistrySecurity 物件中移除這個新規則。 SetValue 是 的組成, ReadKey 因此會從相容的規則中移除。 物件中的 RegistrySecurity 規則隨即顯示,其中顯示 的 ReadKey 其餘組成。

然後範例程式碼會呼叫 方法, RemoveAccessRule 將右方合併 SetValue 回 物件中的 RegistrySecurity 規則。

注意

這個範例不會將安全性物件附加至 RegistryKey 物件。 本節中的第二個範例會附加安全性物件,因此請執行 中的 RegistryKey.GetAccessControlRegistryKey.SetAccessControl 範例。


using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;

public class Example
{

    public static void Main()
    {

        string user = Environment.UserDomainName + "\\"
            + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user ReadKey
        // rights. ReadKey is a combination of four other 
        // rights. The rule is inherited by all 
        // contained subkeys.
        RegistryAccessRule rule = new RegistryAccessRule(user, 
            RegistryRights.ReadKey, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Create a rule that allows the current user only the 
        // right to query the key/value pairs of a key, using  
        // the same inheritance and propagation flags as the
        // first rule. QueryValues is a constituent of 
        // ReadKey, so when this rule is removed, using the 
        // RemoveAccessRule method, ReadKey is broken into
        // its constituent parts.
        rule = new RegistryAccessRule(user, 
            RegistryRights.QueryValues, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.RemoveAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Add the second rule back. It merges with the 
        // existing rule, so that the rule is now displayed
        // as ReadKey.
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount)) )
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
            Console.WriteLine("   Inherited? {0}", ar.IsInherited);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: EnumerateSubKeys, Notify, ReadPermissions
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False


Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: ReadKey
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False
 */

Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32

Public Class Example

    Public Shared Sub Main()

        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user ReadKey
        ' rights. ReadKey is a combination of four other 
        ' rights. The rule is inherited by all 
        ' contained subkeys.
        Dim rule As New RegistryAccessRule(user, _
            RegistryRights.ReadKey, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Create a rule that allows the current user only the 
        ' right to query the key/value pairs of a key, using  
        ' the same inheritance and propagation flags as the
        ' first rule. QueryValues is a constituent of 
        ' ReadKey, so when this rule is removed, using the 
        ' RemoveAccessRule method, ReadKey is broken into
        ' its constituent parts.
        rule = New RegistryAccessRule(user, _
            RegistryRights.QueryValues, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.RemoveAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Add the second rule back. It merges with the 
        ' existing rule, so that the rule is now displayed
        ' as ReadKey.
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
            Console.WriteLine("   Inherited? {0}", ar.IsInherited)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: EnumerateSubKeys, Notify, ReadPermissions
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ReadKey
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'

備註

目前 RegistrySecurity 會搜尋具有相同使用者的規則,以及與 rule 相同的 AccessControlType 值。 如果找不到這類規則,則不會採取任何動作,而且方法會傳 false 回 。 如果找到相符的規則,則會檢查其繼承和相容性旗標是否與 中指定的 rule 旗標相容。 如果找不到相容的規則,則不會採取任何動作,而且方法會傳 false 回 。 如果找到具有相容旗標的規則,則會從相容的規則中移除中指定的 rule 許可權,而 方法會傳 true 回 。 如果 rule 指定相容規則中未包含的許可權,則不會針對這些許可權採取任何動作。 如果從相容規則中移除擁有權限,則會從目前的 RegistrySecurity 物件中移除整個規則。

適用於