RegistryKey.SetAccessControl メソッド
メモ : このメソッドは、.NET Framework version 2.0 で新しく追加されたものです。
既存のレジストリ キーに Windows アクセス制御セキュリティを適用します。
名前空間: Microsoft.Win32
アセンブリ: mscorlib (mscorlib.dll 内)
構文
パラメータ
例外
解説
使用例
プラットフォーム
バージョン情報
参照
アセンブリ: mscorlib (mscorlib.dll 内)
構文Dim instance As RegistryKey Dim registrySecurity As RegistrySecurity instance.SetAccessControl(registrySecurity)
例外解説レジストリ キーのアクセス許可を変更するには、GetAccessControl メソッドを使用して既存の Windows アクセス制御セキュリティを表す RegistrySecurity オブジェクトを取得し、この RegistrySecurity オブジェクトを変更してから、SetAccessControl メソッドを使用してキーのセキュリティを更新します。
.gif) 注意 |
|---|
| registrySecurity に指定された RegistrySecurity オブジェクトにより、レジストリ キーの既存のセキュリティが置き換えられます。新しいユーザーのアクセス許可を追加するには、GetAccessControl メソッドを使用して既存のアクセス制御セキュリティを取得し、これを変更します。 |
使用例テスト キーを作成するコード例を次に示します。現在のユーザーは ReadKey 権限と Delete 権限を許可されていますが、ChangePermissions 権限と WriteKey 権限は拒否されています。これらのアクセス許可に基づいて、キーを操作するための後続の試みが成功または失敗します。
キーを削除する前に、コードが一時停止します。レジストリ エディタに切り替えることにより、キーへのアクセスにレジストリ エディタを使用した場合でも同じアクセス権が適用されることを確認できます。このことは、コマンド ラインから RunAs を使用してレジストリ エディタを実行し、管理者権限を持たないローカル ユーザーとしてサンプル コードを実行するとよくわかります。特定の管理者がアクセス許可の変更を拒否された場合でも、レジストリ エディタでは常にこれが許可されます。TestUser という名前のローカル ユーザーを定義した場合、コマンド runas /user:TestUser cmd によってコマンド ウィンドウが開かれ、ここでレジストリ エディタを実行し、サンプル コードを実行できます。
Imports System Imports System.Reflection Imports System.Security Imports System.Security.AccessControl Imports Microsoft.Win32 Public Class Example Public Shared Sub Main() ' Delete the example key if it exists. Try Registry.CurrentUser.DeleteSubKey("RegistryRightsExample") Console.WriteLine("Example key has been deleted.") Catch ex As ArgumentException ' ArgumentException is thrown if the key does not exist. In ' this case, there is no reason to display a message. Catch ex As Exception Console.WriteLine("Unable to delete the example key: {0}", ex) Return End Try Dim user As String = Environment.UserDomainName & "\" & Environment.UserName Dim rs As New RegistrySecurity() ' Allow the current user to read and delete the key. ' rs.AddAccessRule(new RegistryAccessRule(user, _ RegistryRights.ReadKey Or RegistryRights.Delete, _ InheritanceFlags.None, _ PropagationFlags.None, _ AccessControlType.Allow)) ' Prevent the current user from writing or changing the ' permission set of the key. Note that if Delete permission ' were not allowed in the previous access rule, denying ' WriteKey permission would prevent the user from deleting the ' key. rs.AddAccessRule(new RegistryAccessRule(user, _ RegistryRights.WriteKey Or RegistryRights.ChangePermissions, _ InheritanceFlags.None, _ PropagationFlags.None, _ AccessControlType.Deny)) ' Create the example key with registry security. Dim rk As RegistryKey = Nothing Try rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", _ RegistryKeyPermissionCheck.Default, rs) Console.WriteLine(vbCrLf & "Example key created.") rk.SetValue("ValueName", "StringValue") Catch ex As Exception Console.WriteLine(vbCrLf & "Unable to create the example key: {0}", ex) End Try If rk IsNot Nothing Then rk.Close() rk = Registry.CurrentUser Dim rk2 As RegistryKey ' Open the key with read access. rk2 = rk.OpenSubKey("RegistryRightsExample", False) Console.WriteLine(vbCrLf & "Retrieved value: {0}", rk2.GetValue("ValueName")) rk2.Close() ' Attempt to open the key with write access. Try rk2 = rk.OpenSubKey("RegistryRightsExample", True) Catch ex As SecurityException Console.WriteLine(vbCrLf & "Unable to write to the example key." _ & " Caught SecurityException: {0}", ex.Message) End Try If rk2 IsNot Nothing Then rk2.Close() ' Attempt to change permissions for the key. Try rs = New RegistrySecurity() rs.AddAccessRule(new RegistryAccessRule(user, _ RegistryRights.WriteKey, _ InheritanceFlags.None, _ PropagationFlags.None, _ AccessControlType.Allow)) rk2 = rk.OpenSubKey("RegistryRightsExample", False) rk2.SetAccessControl(rs) Console.WriteLine(vbCrLf & "Example key permissions were changed.") Catch ex As UnauthorizedAccessException Console.WriteLine(vbCrLf & "Unable to change permissions for the example key." _ & " Caught UnauthorizedAccessException: {0}", ex.Message) End Try If rk2 IsNot Nothing Then rk2.Close() Console.WriteLine(vbCrLf & "Press Enter to delete the example key.") Console.ReadLine() Try rk.DeleteSubKey("RegistryRightsExample") Console.WriteLine("Example key was deleted.") Catch ex As Exception Console.WriteLine("Unable to delete the example key: {0}", ex) End Try rk.Close() End Sub End Class ' This code produces the following output: ' 'Example key created. ' 'Retrieved value: StringValue ' 'Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed. ' 'Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key. ' 'Press Enter to delete the example key. ' 'Example key was deleted.
using System; using System.Reflection; using System.Security; using System.Security.AccessControl; using Microsoft.Win32; public class Example { public static void Main() { // Delete the example key if it exists. try { Registry.CurrentUser.DeleteSubKey("RegistryRightsExample"); Console.WriteLine("Example key has been deleted."); } catch (ArgumentException) { // ArgumentException is thrown if the key does not exist. In // this case, there is no reason to display a message. } catch (Exception ex) { Console.WriteLine("Unable to delete the example key: {0}", ex); return; } string user = Environment.UserDomainName + "\\" + Environment.UserName; RegistrySecurity rs = new RegistrySecurity(); // Allow the current user to read and delete the key. // rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.ReadKey | RegistryRights.Delete, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); // Prevent the current user from writing or changing the // permission set of the key. Note that if Delete permission // were not allowed in the previous access rule, denying // WriteKey permission would prevent the user from deleting the // key. rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey | RegistryRights.ChangePermissions, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); // Create the example key with registry security. RegistryKey rk = null; try { rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", RegistryKeyPermissionCheck.Default, rs); Console.WriteLine("\r\nExample key created."); rk.SetValue("ValueName", "StringValue"); } catch (Exception ex) { Console.WriteLine("\r\nUnable to create the example key: {0}", ex); } if (rk != null) rk.Close(); rk = Registry.CurrentUser; RegistryKey rk2; // Open the key with read access. rk2 = rk.OpenSubKey("RegistryRightsExample", false); Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName")); rk2.Close(); // Attempt to open the key with write access. try { rk2 = rk.OpenSubKey("RegistryRightsExample", true); } catch (SecurityException ex) { Console.WriteLine("\nUnable to write to the example key." + " Caught SecurityException: {0}", ex.Message); } if (rk2 != null) rk2.Close(); // Attempt to change permissions for the key. try { rs = new RegistrySecurity(); rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); rk2 = rk.OpenSubKey("RegistryRightsExample", false); rk2.SetAccessControl(rs); Console.WriteLine("\r\nExample key permissions were changed."); } catch (UnauthorizedAccessException ex) { Console.WriteLine("\nUnable to change permissions for the example key." + " Caught UnauthorizedAccessException: {0}", ex.Message); } if (rk2 != null) rk2.Close(); Console.WriteLine("\r\nPress Enter to delete the example key."); Console.ReadLine(); try { rk.DeleteSubKey("RegistryRightsExample"); Console.WriteLine("Example key was deleted."); } catch(Exception ex) { Console.WriteLine("Unable to delete the example key: {0}", ex); } rk.Close(); } } /* This code example produces the following output: Example key created. Retrieved value: StringValue Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed. Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key. Press Enter to delete the example key. Example key was deleted. */
using namespace System; using namespace System::Reflection; using namespace Microsoft::Win32; using namespace System::Security::AccessControl; using namespace System::Security; int main() { // Delete the example key if it exists. try { Registry::CurrentUser->DeleteSubKey("RegistryRightsExample"); Console::WriteLine("Example key has been deleted."); } catch (ArgumentException^) { // ArgumentException is thrown if the key does not exist. In // this case, there is no reason to display a message. } catch (InvalidOperationException^ ex) { Console::WriteLine( "{0}Unable to delete key: it appears to have child subkeys:{0}{1}", Environment::NewLine, ex); return 0; } catch (SecurityException^ ex) { Console::WriteLine("{0}You do not have the permissions required " + "to delete this key:{0}{1}", Environment::NewLine, ex); return 0; } String^ user = Environment::UserDomainName + "\\" + Environment::UserName; RegistrySecurity^ regSecurity = gcnew RegistrySecurity(); // Allow the current user to read and delete the key. // regSecurity->AddAccessRule(gcnew RegistryAccessRule(user, RegistryRights::ReadKey | RegistryRights::Delete, InheritanceFlags::None, PropagationFlags::None, AccessControlType::Allow)); // Prevent the current user from writing or changing the // permission set of the key. Note that if Delete permission // were not allowed in the previous access rule, denying // WriteKey permission would prevent the user from deleting the // key. regSecurity->AddAccessRule(gcnew RegistryAccessRule(user, RegistryRights::WriteKey | RegistryRights::ChangePermissions, InheritanceFlags::None, PropagationFlags::None, AccessControlType::Deny)); // Create the example key with registry security. RegistryKey^ createdKey = nullptr; try { createdKey = Registry::CurrentUser->CreateSubKey( "RegistryRightsExample", RegistryKeyPermissionCheck::Default , regSecurity); Console::WriteLine("{0}Example key created.", Environment::NewLine); createdKey->SetValue("ValueName", "StringValue"); } catch (SecurityException^ ex) { Console::WriteLine("{0}You do not have the permissions required " + "to create the example key:{0}{1}", Environment::NewLine, ex); return 0; } if (createdKey != nullptr) { createdKey->Close(); } RegistryKey^ openedKey; // Open the key with read access. openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample" , false); Console::WriteLine("{0}Retrieved value: {1}", Environment::NewLine, openedKey->GetValue("ValueName")); openedKey->Close(); // Attempt to open the key with write access. try { openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample" , true); } catch (SecurityException^ ex) { Console::WriteLine("{0}You do not have the permissions required " + "to write to the example key:{0}{1}", Environment::NewLine, ex); } if (openedKey != nullptr) { openedKey->Close(); } // Attempt to change permissions for the key. try { regSecurity = gcnew RegistrySecurity(); regSecurity->AddAccessRule(gcnew RegistryAccessRule(user, RegistryRights::WriteKey, InheritanceFlags::None, PropagationFlags::None, AccessControlType::Allow)); openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample" , false); openedKey->SetAccessControl(regSecurity); Console::WriteLine("{0}Example key permissions were changed.", Environment::NewLine); } catch (UnauthorizedAccessException^ ex) { Console::WriteLine("{0}You are not authorized to change " + "permissions for the example key:{0}{1}", Environment::NewLine, ex); } if (openedKey != nullptr) { openedKey->Close(); } Console::WriteLine("{0}Press Enter to delete the example key.", Environment::NewLine); Console::ReadLine(); try { Registry::CurrentUser->DeleteSubKey("RegistryRightsExample"); Console::WriteLine("Example key was deleted."); } catch(SecurityException^ ex) { Console::WriteLine("{0}You do not have the permissions required to " + "delete the example key:{0}{1}", Environment::NewLine, ex); } }
import System.*; import System.Reflection.*; import System.Security.*; import System.Security.AccessControl.*; import Microsoft.Win32.*; public class Example { public static void main(String[] args) { // Delete the example key if it exists. try { Registry.CurrentUser.DeleteSubKey("RegistryRightsExample"); Console.WriteLine("Example key has been deleted."); } catch (ArgumentException exp) { // ArgumentException is thrown if the key does not exist. In // this case, there is no reason to display a message. } catch (System.Exception ex) { Console.WriteLine("Unable to delete the example key: {0}", ex); return; } String user = Environment.get_UserDomainName() + "\\" + Environment.get_UserName(); RegistrySecurity rs = new RegistrySecurity(); // Allow the current user to read and delete the key. // rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.ReadKey | RegistryRights.Delete, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); // Prevent the current user from writing or changing the // permission set of the key. Note that if Delete permission // were not allowed in the previous access rule, denying // WriteKey permission would prevent the user from deleting the // key. rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey | RegistryRights.ChangePermissions, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); // Create the example key with registry security. RegistryKey rk = null; try { rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", RegistryKeyPermissionCheck.Default, rs); Console.WriteLine("\r\nExample key created."); rk.SetValue("ValueName", "StringValue"); } catch (System.Exception ex) { Console.WriteLine("\r\nUnable to create the example key: {0}", ex); } if (rk != null) { rk.Close(); } rk = Registry.CurrentUser; RegistryKey rk2; // Open the key with read access. rk2 = rk.OpenSubKey("RegistryRightsExample", false); Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName")); rk2.Close(); // Attempt to open the key with write access. try { rk2 = rk.OpenSubKey("RegistryRightsExample", true); } catch (System.Security.SecurityException ex) { Console.WriteLine("\r\nUnable to write to the example key." + " Caught SecurityException: {0}", ex.get_Message()); } if (rk2 != null) { rk2.Close(); } // Attempt to change permissions for the key. try { rs = new RegistrySecurity(); rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); rk2 = rk.OpenSubKey("RegistryRightsExample", false); rk2.SetAccessControl(rs); Console.WriteLine("\r\nExample key permissions were changed."); } catch (System.UnauthorizedAccessException ex) { Console.WriteLine("\r\nUnable to change permissions for the example key." + " Caught UnauthorizedAccessException: {0}", ex.get_Message()); } if (rk2 != null) { rk2.Close(); } Console.WriteLine("\r\nPress Enter to delete the example key."); Console.ReadLine(); try { rk.DeleteSubKey("RegistryRightsExample"); Console.WriteLine("Example key was deleted."); } catch (System.Exception ex) { Console.WriteLine("Unable to delete the example key: {0}", ex); } rk.Close(); } //main } //Example /* This code example produces the following output: Example key created. Retrieved value: StringValue Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed. Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key. Press Enter to delete the example key. Example key was deleted. */
プラットフォームWindows 98, Windows 2000 SP4, Windows CE, Windows Millennium Edition, Windows Mobile for Pocket PC, Windows Mobile for Smartphone, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
開発プラットフォームの中には、.NET Framework によってサポートされていないバージョンがあります。サポートされているバージョンについては、「システム要件」を参照してください。
バージョン情報参照- RegistryKey.SetAccessControl メソッドのページへのリンク
