RegistryKey.SetAccessControl メソッドとは何？わかりやすく解説 Weblio辞書

.NET Framework クラスライブラリリファレンス

索引トップ用語の索引ランキング

RegistryKey.SetAccessControl メソッド

メモ : このメソッドは、.NET Framework version 2.0 で新しく追加されたものです。

既存のレジストリキーに Windows アクセス制御セキュリティを適用します。

名前空間: Microsoft.Win32
アセンブリ: mscorlib (mscorlib.dll 内)
構文

Visual Basic (宣言)

Public Sub SetAccessControl ( _
    registrySecurity As RegistrySecurity _
)

Visual Basic (使用法)

Dim instance As RegistryKey
Dim registrySecurity As RegistrySecurity

instance.SetAccessControl(registrySecurity)

public void SetAccessControl (
    RegistrySecurity registrySecurity
)

C++

public:
void SetAccessControl (
    RegistrySecurity^ registrySecurity
)

public void SetAccessControl (
    RegistrySecurity registrySecurity
)

JScript

public function SetAccessControl (
    registrySecurity : RegistrySecurity
)

パラメータ

registrySecurity: 現在のサブキーに適用するアクセス制御セキュリティを表す RegistrySecurity オブジェクト。

例外

例外の種類	条件
UnauthorizedAccessException	現在の RegistryKey オブジェクトはアクセス制御セキュリティを指定したキーを表しますが、呼び出し元には RegistryRights.ChangePermissions 権限がありません。
ArgumentNullException	registrySecurity が null 参照 (Visual Basic では Nothing) です。
ObjectDisposedException	操作対象の RegistryKey が閉じています。閉じられたキーにはアクセスできません。

解説

レジストリキーのアクセス許可を変更するには、GetAccessControl メソッドを使用して既存の Windows アクセス制御セキュリティを表す RegistrySecurity オブジェクトを取得し、この RegistrySecurity オブジェクトを変更してから、SetAccessControl メソッドを使用してキーのセキュリティを更新します。

注意
registrySecurity に指定された RegistrySecurity オブジェクトにより、レジストリキーの既存のセキュリティが置き換えられます。新しいユーザーのアクセス許可を追加するには、GetAccessControl メソッドを使用して既存のアクセス制御セキュリティを取得し、これを変更します。

使用例

テストキーを作成するコード例を次に示します。現在のユーザーは ReadKey 権限と Delete 権限を許可されていますが、ChangePermissions 権限と WriteKey 権限は拒否されています。これらのアクセス許可に基づいて、キーを操作するための後続の試みが成功または失敗します。

キーを削除する前に、コードが一時停止します。レジストリエディタに切り替えることにより、キーへのアクセスにレジストリエディタを使用した場合でも同じアクセス権が適用されることを確認できます。このことは、コマンドラインから RunAs を使用してレジストリエディタを実行し、管理者権限を持たないローカルユーザーとしてサンプルコードを実行するとよくわかります。特定の管理者がアクセス許可の変更を拒否された場合でも、レジストリエディタでは常にこれが許可されます。TestUser という名前のローカルユーザーを定義した場合、コマンド runas /user:TestUser cmd によってコマンドウィンドウが開かれ、ここでレジストリエディタを実行し、サンプルコードを実行できます。

Visual Basic

Imports System
Imports System.Reflection
Imports System.Security
Imports System.Security.AccessControl
Imports Microsoft.Win32

Public Class Example
    Public Shared Sub Main()
        ' Delete the example key if it exists.
        Try
            Registry.CurrentUser.DeleteSubKey("RegistryRightsExample")
            Console.WriteLine("Example key has been deleted.")
        Catch ex As ArgumentException
            ' ArgumentException is thrown if the key does not exist.
 In
            ' this case, there is no reason to display a message.
        Catch ex As Exception
            Console.WriteLine("Unable to delete the example key:
 {0}", ex)
            Return
        End Try

        Dim user As String
 = Environment.UserDomainName & "\" & Environment.UserName

        Dim rs As New RegistrySecurity()

        ' Allow the current user to read and delete the key.
        '
        rs.AddAccessRule(new RegistryAccessRule(user, _
            RegistryRights.ReadKey Or RegistryRights.Delete, _
            InheritanceFlags.None, _
            PropagationFlags.None, _
            AccessControlType.Allow))

        ' Prevent the current user from writing or changing the
        ' permission set of the key. Note that if Delete permission
        ' were not allowed in the previous access rule, denying
        ' WriteKey permission would prevent the user from deleting the
 
        ' key.
        rs.AddAccessRule(new RegistryAccessRule(user, _
            RegistryRights.WriteKey Or RegistryRights.ChangePermissions,
 _
            InheritanceFlags.None, _
            PropagationFlags.None, _
            AccessControlType.Deny))

        ' Create the example key with registry security.
        Dim rk As RegistryKey = Nothing
        Try
            rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample",
 _
                RegistryKeyPermissionCheck.Default, rs)
            Console.WriteLine(vbCrLf & "Example key created.")
            rk.SetValue("ValueName", "StringValue")
        Catch ex As Exception
            Console.WriteLine(vbCrLf & "Unable to create the
 example key: {0}", ex)
        End Try

        If rk IsNot Nothing Then
 rk.Close()

        rk = Registry.CurrentUser

        Dim rk2 As RegistryKey
        
        ' Open the key with read access.
        rk2 = rk.OpenSubKey("RegistryRightsExample",
 False)
        Console.WriteLine(vbCrLf & "Retrieved value: {0}",
 rk2.GetValue("ValueName"))
        rk2.Close()

        ' Attempt to open the key with write access.
        Try
            rk2 = rk.OpenSubKey("RegistryRightsExample",
 True)
        Catch ex As SecurityException
            Console.WriteLine(vbCrLf & "Unable to write to
 the example key." _
                & " Caught SecurityException: {0}",
 ex.Message)
        End Try
        If rk2 IsNot Nothing Then
 rk2.Close()

        ' Attempt to change permissions for the key.
        Try
            rs = New RegistrySecurity()
            rs.AddAccessRule(new RegistryAccessRule(user, _
                RegistryRights.WriteKey, _
                InheritanceFlags.None, _
                PropagationFlags.None, _
                AccessControlType.Allow))
            rk2 = rk.OpenSubKey("RegistryRightsExample",
 False)
            rk2.SetAccessControl(rs)
            Console.WriteLine(vbCrLf & "Example key permissions
 were changed.")
        Catch ex As UnauthorizedAccessException
            Console.WriteLine(vbCrLf & "Unable to change permissions
 for the example key." _
                & " Caught UnauthorizedAccessException: {0}",
 ex.Message)
        End Try
        If rk2 IsNot Nothing Then
 rk2.Close()

        Console.WriteLine(vbCrLf & "Press Enter to delete
 the example key.")
        Console.ReadLine()

        Try
            rk.DeleteSubKey("RegistryRightsExample")
            Console.WriteLine("Example key was deleted.")
        Catch ex As Exception
            Console.WriteLine("Unable to delete the example key:
 {0}", ex)
        End Try

        rk.Close()
    End Sub
End Class

' This code produces the following output:
'
'Example key created.
'
'Retrieved value: StringValue
'
'Unable to write to the example key. Caught SecurityException: Requested
 registry access is not allowed.
'
'Unable to change permissions for the example key. Caught UnauthorizedAccessException:
 Cannot write to the registry key.
'
'Press Enter to delete the example key.
'
'Example key was deleted.

using System;
using System.Reflection;
using System.Security;
using System.Security.AccessControl;
using Microsoft.Win32;

public class Example
{
    public static void Main()
    {
        // Delete the example key if it exists.
        try
        {
            Registry.CurrentUser.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key has been deleted.");
        }
        catch (ArgumentException)
        {
            // ArgumentException is thrown if the key does not exist.
 In
            // this case, there is no reason to display a message.
        }
        catch (Exception ex)
        {
            Console.WriteLine("Unable to delete the example key: {0}",
 ex);
            return;
        }

        string user = Environment.UserDomainName + "\\"
 + Environment.UserName;

        RegistrySecurity rs = new RegistrySecurity();

        // Allow the current user to read and delete the key.
        //
        rs.AddAccessRule(new RegistryAccessRule(user, 
            RegistryRights.ReadKey | RegistryRights.Delete, 
            InheritanceFlags.None, 
            PropagationFlags.None, 
            AccessControlType.Allow));

        // Prevent the current user from writing or changing the
        // permission set of the key. Note that if Delete permission
        // were not allowed in the previous access rule, denying
        // WriteKey permission would prevent the user from deleting
 the 
        // key.
        rs.AddAccessRule(new RegistryAccessRule(user, 
            RegistryRights.WriteKey | RegistryRights.ChangePermissions, 
            InheritanceFlags.None, 
            PropagationFlags.None, 
            AccessControlType.Deny));

        // Create the example key with registry security.
        RegistryKey rk = null;
        try
        {
            rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample",
 
                RegistryKeyPermissionCheck.Default, rs);
            Console.WriteLine("\r\nExample key created.");
            rk.SetValue("ValueName", "StringValue");
        }
        catch (Exception ex)
        {
            Console.WriteLine("\r\nUnable to create the example key: {0}",
 ex);
        }
        if (rk != null) rk.Close();

        rk = Registry.CurrentUser;

        RegistryKey rk2;
        
        // Open the key with read access.
        rk2 = rk.OpenSubKey("RegistryRightsExample", false);
        Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName"));
        rk2.Close();

        // Attempt to open the key with write access.
        try
        {
            rk2 = rk.OpenSubKey("RegistryRightsExample", true);
        }
        catch (SecurityException ex)
        {
            Console.WriteLine("\nUnable to write to the example key." +
                " Caught SecurityException: {0}", ex.Message);
        }
        if (rk2 != null) rk2.Close();

        // Attempt to change permissions for the key.
        try
        {
            rs = new RegistrySecurity();
            rs.AddAccessRule(new RegistryAccessRule(user, 
                RegistryRights.WriteKey, 
                InheritanceFlags.None, 
                PropagationFlags.None, 
                AccessControlType.Allow));
            rk2 = rk.OpenSubKey("RegistryRightsExample", false);
            rk2.SetAccessControl(rs);
            Console.WriteLine("\r\nExample key permissions were changed.");
        }
        catch (UnauthorizedAccessException ex)
        {
            Console.WriteLine("\nUnable to change permissions for
 the example key." +
                " Caught UnauthorizedAccessException: {0}", ex.Message);
        }
        if (rk2 != null) rk2.Close();

        Console.WriteLine("\r\nPress Enter to delete the example key.");
        Console.ReadLine();

        try
        {
            rk.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key was deleted.");
        }
        catch(Exception ex)
        {
            Console.WriteLine("Unable to delete the example key: {0}",
 ex);
        }

        rk.Close();
    }
}

/* This code example produces the following output:

Example key created.

Retrieved value: StringValue

Unable to write to the example key. Caught SecurityException: Requested registry
 access is not allowed.

Unable to change permissions for the example key. Caught UnauthorizedAccessException:
 Cannot write to the registry key.

Press Enter to delete the example key.

Example key was deleted.
 */

C++

using namespace System;
using namespace System::Reflection;
using namespace Microsoft::Win32;
using namespace System::Security::AccessControl;
using namespace System::Security;

int main()
{
    // Delete the example key if it exists.
    try
    {
        Registry::CurrentUser->DeleteSubKey("RegistryRightsExample");
        Console::WriteLine("Example key has been deleted.");
    }
    catch (ArgumentException^)
    {
        // ArgumentException is thrown if the key does not exist. In
        // this case, there is no reason to display a message.
    }
    catch (InvalidOperationException^ ex)
    {
        Console::WriteLine(
            "{0}Unable to delete key: it appears to have child subkeys:{0}{1}",
 
            Environment::NewLine, ex);
        return 0;
    }
    catch (SecurityException^ ex)
    {
        Console::WriteLine("{0}You do not have the permissions required "
 +
            "to delete this key:{0}{1}", Environment::NewLine,
 ex);
        return 0;
    }

    String^ user = Environment::UserDomainName + "\\" + Environment::UserName;

    RegistrySecurity^ regSecurity = gcnew RegistrySecurity();

    // Allow the current user to read and delete the key.
    //
    regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
        RegistryRights::ReadKey | RegistryRights::Delete,
        InheritanceFlags::None,
        PropagationFlags::None,
        AccessControlType::Allow));

    // Prevent the current user from writing or changing the
    // permission set of the key. Note that if Delete permission
    // were not allowed in the previous access rule, denying
    // WriteKey permission would prevent the user from deleting the
    // key.
    regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
        RegistryRights::WriteKey | RegistryRights::ChangePermissions,
        InheritanceFlags::None,
        PropagationFlags::None,
        AccessControlType::Deny));

    // Create the example key with registry security.
    RegistryKey^ createdKey = nullptr;
    try
    {
        createdKey = Registry::CurrentUser->CreateSubKey(
            "RegistryRightsExample", RegistryKeyPermissionCheck::Default
,
            regSecurity);
        Console::WriteLine("{0}Example key created.", Environment::NewLine);
        createdKey->SetValue("ValueName", "StringValue");
    }
    catch (SecurityException^ ex)
    {
        Console::WriteLine("{0}You do not have the permissions required "
 +
            "to create the example key:{0}{1}", Environment::NewLine, ex);
        return 0;
    }
    if (createdKey != nullptr)
    {
        createdKey->Close();
    }

    RegistryKey^ openedKey;

    // Open the key with read access.
    openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample"
,
        false);
    Console::WriteLine("{0}Retrieved value: {1}",
        Environment::NewLine, openedKey->GetValue("ValueName"));
    openedKey->Close();

    // Attempt to open the key with write access.
    try
    {
        openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample"
,
            true);
    }
    catch (SecurityException^ ex)
    {
        Console::WriteLine("{0}You do not have the permissions required "
 +
            "to write to the example key:{0}{1}", Environment::NewLine,
 ex);
    }
    if (openedKey != nullptr)
    {
        openedKey->Close();
    }

    // Attempt to change permissions for the key.
    try
    {
        regSecurity = gcnew RegistrySecurity();
        regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
            RegistryRights::WriteKey,
            InheritanceFlags::None,
            PropagationFlags::None,
            AccessControlType::Allow));
        openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample"
,
            false);
        openedKey->SetAccessControl(regSecurity);
        Console::WriteLine("{0}Example key permissions were changed.",
 
            Environment::NewLine);
    }
    catch (UnauthorizedAccessException^ ex)
    {
        Console::WriteLine("{0}You are not authorized to change " +
            "permissions for the example key:{0}{1}",
 Environment::NewLine, ex);
    }
    if (openedKey != nullptr)
    {
        openedKey->Close();
    }

    Console::WriteLine("{0}Press Enter to delete the example key.", 
        Environment::NewLine);
    Console::ReadLine();

    try
    {
        Registry::CurrentUser->DeleteSubKey("RegistryRightsExample");
        Console::WriteLine("Example key was deleted.");
    }
    catch(SecurityException^ ex)
    {
        Console::WriteLine("{0}You do not have the permissions required to "
            + "delete the example key:{0}{1}", Environment::NewLine, ex);
    }
}

import System.*;
import System.Reflection.*;
import System.Security.*;
import System.Security.AccessControl.*;
import Microsoft.Win32.*;

public class Example
{
    public static void main(String[]
 args)
    {
        // Delete the example key if it exists.
        try {
            Registry.CurrentUser.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key has been deleted.");
        }
        catch (ArgumentException exp) {
            // ArgumentException is thrown if the key does not exist.
 In
            // this case, there is no reason to display a message.
        }
        catch (System.Exception ex) {
            Console.WriteLine("Unable to delete the example key: {0}",
 ex);
            return;
        }

        String user = Environment.get_UserDomainName() + "\\" 
            + Environment.get_UserName();

        RegistrySecurity rs = new RegistrySecurity();
        // Allow the current user to read and delete the key.
        //
        rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.ReadKey
 
            | RegistryRights.Delete, InheritanceFlags.None, 
            PropagationFlags.None, AccessControlType.Allow));
        // Prevent the current user from writing or changing the
        // permission set of the key. Note that if Delete permission
        // were not allowed in the previous access rule, denying
        // WriteKey permission would prevent the user from deleting
 the 
        // key.
        rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey
 
            | RegistryRights.ChangePermissions, InheritanceFlags.None, 
            PropagationFlags.None, AccessControlType.Deny));
        // Create the example key with registry security.
        RegistryKey rk = null;
        try {
            rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample",
 
                RegistryKeyPermissionCheck.Default, rs);
            Console.WriteLine("\r\nExample key created.");
            rk.SetValue("ValueName", "StringValue");
        }
        catch (System.Exception ex) {
            Console.WriteLine("\r\nUnable to create the example key: {0}",
 ex);
        }
        if (rk != null) {
            rk.Close();
        }
        rk = Registry.CurrentUser;
        RegistryKey rk2;
        // Open the key with read access.
        rk2 = rk.OpenSubKey("RegistryRightsExample", false);
        Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName"));
        rk2.Close();
        // Attempt to open the key with write access.
        try {
            rk2 = rk.OpenSubKey("RegistryRightsExample", true);
        }
        catch (System.Security.SecurityException ex) {
            Console.WriteLine("\r\nUnable to write to the example key."
 +
                " Caught SecurityException: {0}", ex.get_Message());
        }
        if (rk2 != null) {
            rk2.Close();
        }
        // Attempt to change permissions for the key.
        try {
            rs = new RegistrySecurity();
            rs.AddAccessRule(new RegistryAccessRule(user, 
                RegistryRights.WriteKey, InheritanceFlags.None, 
                PropagationFlags.None, AccessControlType.Allow));
            rk2 = rk.OpenSubKey("RegistryRightsExample", false);
            rk2.SetAccessControl(rs);
            Console.WriteLine("\r\nExample key permissions were changed.");
        }
        catch (System.UnauthorizedAccessException ex) {
            Console.WriteLine("\r\nUnable to change permissions for
 the example key." +
                " Caught UnauthorizedAccessException: {0}", ex.get_Message());
        }
        if (rk2 != null) {
            rk2.Close();
        }
        Console.WriteLine("\r\nPress Enter to delete the example key.");
        Console.ReadLine();
        try {
            rk.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key was deleted.");
        }
        catch (System.Exception ex) {
            Console.WriteLine("Unable to delete the example key: {0}",
 ex);
        }
        rk.Close();
    } //main
} //Example

/* This code example produces the following output:

Example key created.

Retrieved value: StringValue

Unable to write to the example key. Caught SecurityException: Requested registry
 access is not allowed.

Unable to change permissions for the example key. Caught UnauthorizedAccessException:
 Cannot write to the registry key.

Press Enter to delete the example key.

Example key was deleted.
 */