RegistryRights 列挙体
この列挙体には、メンバ値のビットごとの組み合わせを可能にする FlagsAttribute 属性が含まれています。
名前空間: System.Security.AccessControlアセンブリ: mscorlib (mscorlib.dll 内)
構文
<FlagsAttribute> _ Public Enumeration RegistryRights
メンバ名 | 説明 | |
---|---|---|
ChangePermissions | レジストリ キーに関連付けられたアクセス規則と監査規則を変更する権限。 | |
CreateLink | システムで使用するために予約されています。 | |
CreateSubKey | レジストリ キーのサブキーを作成する権限。 | |
Delete | レジストリ キーを削除する権限。 | |
EnumerateSubKeys | レジストリ キーのサブキーをリストする権限。 | |
ExecuteKey | ReadKey と同じです。 | |
FullControl | レジストリ キーに対するフル コントロール、およびそのアクセス規則と監査規則を変更する権限。 | |
Notify | レジストリ キーの変更通知を要求する権限。 | |
QueryValues | レジストリ キー内の名前/値ペアを照会する権限。 | |
ReadKey | レジストリ キー内の名前/値ペアの照会、変更通知の要求、そのサブキーの列挙、そのアクセス規則と監査規則の読み取りを行う権限。 | |
ReadPermissions | レジストリ キーのアクセス規則と監査規則を開いてコピーする権限。 | |
SetValue | レジストリ キー内の名前/値ペアを作成、削除、または設定する権限。 | |
TakeOwnership | レジストリ キーの所有者を変更する権限。 | |
WriteKey | レジストリ キー内の名前/値ペアの作成、削除、および設定、サブキーの作成または削除、変更通知の要求、そのサブキーの列挙、そのアクセス規則と監査規則の読み取りを行う権限。 |
RegistrySecurity オブジェクトを作成する場合に、RegistryRights 列挙体を使用してレジストリ アクセス権を指定します。アクセス権をレジストリ キーに適用するには、まず、RegistryAccessRule オブジェクトを RegistrySecurity オブジェクトに追加し、RegistryKey.SetAccessControl メソッドを使用するか、または Microsoft.Win32.RegistryKey.CreateSubKey メソッドの適切なオーバーロードを使用して、RegistrySecurity オブジェクトをキーに割り当てます。
RegistryRights 列挙体の使用方法を示すコード例を次に示します。このコードでは、テスト キーを作成し、現在のユーザーに対して ReadKey アクセス権および Delete アクセス権を許可し、ChangePermissions 権および WriteKey 権を拒否します。これらのアクセス許可に基づいて、キーを操作するための後続の試みが成功または失敗します。
キーを削除する前に、コードが一時停止します。レジストリ エディタ (Regedit.exe または Regedt32.exe) に切り替えることにより、キーへのアクセスにレジストリ エディタを使用した場合でも同じアクセス権が適用されることを確認できます。
この例は、コマンド ラインから RunAs を使用してレジストリ エディタを実行し、管理者権限を持たないローカル ユーザーとしてサンプル コードを実行すると最も効果があります。たとえば、TestUser という名前のローカル ユーザーを定義した場合、コマンド runas /user:TestUser cmd によってコマンド ウィンドウが開かれ、ここでレジストリ エディタを実行し、このプログラム例を実行できます。
Imports System Imports System.Reflection Imports System.Security Imports System.Security.AccessControl Imports Microsoft.Win32 Public Class Example Public Shared Sub Main() ' Delete the example key if it exists. Try Registry.CurrentUser.DeleteSubKey("RegistryRightsExample") Console.WriteLine("Example key has been deleted.") Catch ex As ArgumentException ' ArgumentException is thrown if the key does not exist. In ' this case, there is no reason to display a message. Catch ex As Exception Console.WriteLine("Unable to delete the example key: {0}", ex) Return End Try Dim user As String = Environment.UserDomainName & "\" & Environment.UserName Dim rs As New RegistrySecurity() ' Allow the current user to read and delete the key. ' rs.AddAccessRule(new RegistryAccessRule(user, _ RegistryRights.ReadKey Or RegistryRights.Delete, _ InheritanceFlags.None, _ PropagationFlags.None, _ AccessControlType.Allow)) ' Prevent the current user from writing or changing the ' permission set of the key. Note that if Delete permission ' were not allowed in the previous access rule, denying ' WriteKey permission would prevent the user from deleting the ' key. rs.AddAccessRule(new RegistryAccessRule(user, _ RegistryRights.WriteKey Or RegistryRights.ChangePermissions, _ InheritanceFlags.None, _ PropagationFlags.None, _ AccessControlType.Deny)) ' Create the example key with registry security. Dim rk As RegistryKey = Nothing Try rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", _ RegistryKeyPermissionCheck.Default, rs) Console.WriteLine(vbCrLf & "Example key created.") rk.SetValue("ValueName", "StringValue") Catch ex As Exception Console.WriteLine(vbCrLf & "Unable to create the example key: {0}", ex) End Try If rk IsNot Nothing Then rk.Close() rk = Registry.CurrentUser Dim rk2 As RegistryKey ' Open the key with read access. rk2 = rk.OpenSubKey("RegistryRightsExample", False) Console.WriteLine(vbCrLf & "Retrieved value: {0}", rk2.GetValue("ValueName")) rk2.Close() ' Attempt to open the key with write access. Try rk2 = rk.OpenSubKey("RegistryRightsExample", True) Catch ex As SecurityException Console.WriteLine(vbCrLf & "Unable to write to the example key." _ & " Caught SecurityException: {0}", ex.Message) End Try If rk2 IsNot Nothing Then rk2.Close() ' Attempt to change permissions for the key. Try rs = New RegistrySecurity() rs.AddAccessRule(new RegistryAccessRule(user, _ RegistryRights.WriteKey, _ InheritanceFlags.None, _ PropagationFlags.None, _ AccessControlType.Allow)) rk2 = rk.OpenSubKey("RegistryRightsExample", False) rk2.SetAccessControl(rs) Console.WriteLine(vbCrLf & "Example key permissions were changed.") Catch ex As UnauthorizedAccessException Console.WriteLine(vbCrLf & "Unable to change permissions for the example key." _ & " Caught UnauthorizedAccessException: {0}", ex.Message) End Try If rk2 IsNot Nothing Then rk2.Close() Console.WriteLine(vbCrLf & "Press Enter to delete the example key.") Console.ReadLine() Try rk.DeleteSubKey("RegistryRightsExample") Console.WriteLine("Example key was deleted.") Catch ex As Exception Console.WriteLine("Unable to delete the example key: {0}", ex) End Try rk.Close() End Sub End Class ' This code produces the following output: ' 'Example key created. ' 'Retrieved value: StringValue ' 'Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed. ' 'Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key. ' 'Press Enter to delete the example key. ' 'Example key was deleted.
using System; using System.Reflection; using System.Security; using System.Security.AccessControl; using Microsoft.Win32; public class Example { public static void Main() { // Delete the example key if it exists. try { Registry.CurrentUser.DeleteSubKey("RegistryRightsExample"); Console.WriteLine("Example key has been deleted."); } catch (ArgumentException) { // ArgumentException is thrown if the key does not exist. In // this case, there is no reason to display a message. } catch (Exception ex) { Console.WriteLine("Unable to delete the example key: {0}", ex); return; } string user = Environment.UserDomainName + "\\" + Environment.UserName; RegistrySecurity rs = new RegistrySecurity(); // Allow the current user to read and delete the key. // rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.ReadKey | RegistryRights.Delete, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); // Prevent the current user from writing or changing the // permission set of the key. Note that if Delete permission // were not allowed in the previous access rule, denying // WriteKey permission would prevent the user from deleting the // key. rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey | RegistryRights.ChangePermissions, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); // Create the example key with registry security. RegistryKey rk = null; try { rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", RegistryKeyPermissionCheck.Default, rs); Console.WriteLine("\r\nExample key created."); rk.SetValue("ValueName", "StringValue"); } catch (Exception ex) { Console.WriteLine("\r\nUnable to create the example key: {0}", ex); } if (rk != null) rk.Close(); rk = Registry.CurrentUser; RegistryKey rk2; // Open the key with read access. rk2 = rk.OpenSubKey("RegistryRightsExample", false); Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName")); rk2.Close(); // Attempt to open the key with write access. try { rk2 = rk.OpenSubKey("RegistryRightsExample", true); } catch (SecurityException ex) { Console.WriteLine("\nUnable to write to the example key." + " Caught SecurityException: {0}", ex.Message); } if (rk2 != null) rk2.Close(); // Attempt to change permissions for the key. try { rs = new RegistrySecurity(); rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); rk2 = rk.OpenSubKey("RegistryRightsExample", false); rk2.SetAccessControl(rs); Console.WriteLine("\r\nExample key permissions were changed."); } catch (UnauthorizedAccessException ex) { Console.WriteLine("\nUnable to change permissions for the example key." + " Caught UnauthorizedAccessException: {0}", ex.Message); } if (rk2 != null) rk2.Close(); Console.WriteLine("\r\nPress Enter to delete the example key."); Console.ReadLine(); try { rk.DeleteSubKey("RegistryRightsExample"); Console.WriteLine("Example key was deleted."); } catch(Exception ex) { Console.WriteLine("Unable to delete the example key: {0}", ex); } rk.Close(); } } /* This code example produces the following output: Example key created. Retrieved value: StringValue Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed. Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key. Press Enter to delete the example key. Example key was deleted. */
using namespace System; using namespace System::Reflection; using namespace Microsoft::Win32; using namespace System::Security::AccessControl; using namespace System::Security; int main() { // Delete the example key if it exists. try { Registry::CurrentUser->DeleteSubKey("RegistryRightsExample"); Console::WriteLine("Example key has been deleted."); } catch (ArgumentException^) { // ArgumentException is thrown if the key does not exist. In // this case, there is no reason to display a message. } catch (InvalidOperationException^ ex) { Console::WriteLine( "{0}Unable to delete key: it appears to have child subkeys:{0}{1}", Environment::NewLine, ex); return 0; } catch (SecurityException^ ex) { Console::WriteLine("{0}You do not have the permissions required " + "to delete this key:{0}{1}", Environment::NewLine, ex); return 0; } String^ user = Environment::UserDomainName + "\\" + Environment::UserName; RegistrySecurity^ regSecurity = gcnew RegistrySecurity(); // Allow the current user to read and delete the key. // regSecurity->AddAccessRule(gcnew RegistryAccessRule(user, RegistryRights::ReadKey | RegistryRights::Delete, InheritanceFlags::None, PropagationFlags::None, AccessControlType::Allow)); // Prevent the current user from writing or changing the // permission set of the key. Note that if Delete permission // were not allowed in the previous access rule, denying // WriteKey permission would prevent the user from deleting the // key. regSecurity->AddAccessRule(gcnew RegistryAccessRule(user, RegistryRights::WriteKey | RegistryRights::ChangePermissions, InheritanceFlags::None, PropagationFlags::None, AccessControlType::Deny)); // Create the example key with registry security. RegistryKey^ createdKey = nullptr; try { createdKey = Registry::CurrentUser->CreateSubKey( "RegistryRightsExample", RegistryKeyPermissionCheck::Default , regSecurity); Console::WriteLine("{0}Example key created.", Environment::NewLine); createdKey->SetValue("ValueName", "StringValue"); } catch (SecurityException^ ex) { Console::WriteLine("{0}You do not have the permissions required " + "to create the example key:{0}{1}", Environment::NewLine, ex); return 0; } if (createdKey != nullptr) { createdKey->Close(); } RegistryKey^ openedKey; // Open the key with read access. openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample" , false); Console::WriteLine("{0}Retrieved value: {1}", Environment::NewLine, openedKey->GetValue("ValueName")); openedKey->Close(); // Attempt to open the key with write access. try { openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample" , true); } catch (SecurityException^ ex) { Console::WriteLine("{0}You do not have the permissions required " + "to write to the example key:{0}{1}", Environment::NewLine, ex); } if (openedKey != nullptr) { openedKey->Close(); } // Attempt to change permissions for the key. try { regSecurity = gcnew RegistrySecurity(); regSecurity->AddAccessRule(gcnew RegistryAccessRule(user, RegistryRights::WriteKey, InheritanceFlags::None, PropagationFlags::None, AccessControlType::Allow)); openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample" , false); openedKey->SetAccessControl(regSecurity); Console::WriteLine("{0}Example key permissions were changed.", Environment::NewLine); } catch (UnauthorizedAccessException^ ex) { Console::WriteLine("{0}You are not authorized to change " + "permissions for the example key:{0}{1}", Environment::NewLine, ex); } if (openedKey != nullptr) { openedKey->Close(); } Console::WriteLine("{0}Press Enter to delete the example key.", Environment::NewLine); Console::ReadLine(); try { Registry::CurrentUser->DeleteSubKey("RegistryRightsExample"); Console::WriteLine("Example key was deleted."); } catch(SecurityException^ ex) { Console::WriteLine("{0}You do not have the permissions required to " + "delete the example key:{0}{1}", Environment::NewLine, ex); } }
import System.*; import System.Reflection.*; import System.Security.*; import System.Security.AccessControl.*; import Microsoft.Win32.*; public class Example { public static void main(String[] args) { // Delete the example key if it exists. try { Registry.CurrentUser.DeleteSubKey("RegistryRightsExample"); Console.WriteLine("Example key has been deleted."); } catch (ArgumentException exp) { // ArgumentException is thrown if the key does not exist. In // this case, there is no reason to display a message. } catch (System.Exception ex) { Console.WriteLine("Unable to delete the example key: {0}", ex); return; } String user = Environment.get_UserDomainName() + "\\" + Environment.get_UserName(); RegistrySecurity rs = new RegistrySecurity(); // Allow the current user to read and delete the key. // rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.ReadKey | RegistryRights.Delete, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); // Prevent the current user from writing or changing the // permission set of the key. Note that if Delete permission // were not allowed in the previous access rule, denying // WriteKey permission would prevent the user from deleting the // key. rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey | RegistryRights.ChangePermissions, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Deny)); // Create the example key with registry security. RegistryKey rk = null; try { rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", RegistryKeyPermissionCheck.Default, rs); Console.WriteLine("\r\nExample key created."); rk.SetValue("ValueName", "StringValue"); } catch (System.Exception ex) { Console.WriteLine("\r\nUnable to create the example key: {0}", ex); } if (rk != null) { rk.Close(); } rk = Registry.CurrentUser; RegistryKey rk2; // Open the key with read access. rk2 = rk.OpenSubKey("RegistryRightsExample", false); Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName")); rk2.Close(); // Attempt to open the key with write access. try { rk2 = rk.OpenSubKey("RegistryRightsExample", true); } catch (System.Security.SecurityException ex) { Console.WriteLine("\r\nUnable to write to the example key." + " Caught SecurityException: {0}", ex.get_Message()); } if (rk2 != null) { rk2.Close(); } // Attempt to change permissions for the key. try { rs = new RegistrySecurity(); rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey, InheritanceFlags.None, PropagationFlags.None, AccessControlType.Allow)); rk2 = rk.OpenSubKey("RegistryRightsExample", false); rk2.SetAccessControl(rs); Console.WriteLine("\r\nExample key permissions were changed."); } catch (System.UnauthorizedAccessException ex) { Console.WriteLine("\r\nUnable to change permissions for the example key." + " Caught UnauthorizedAccessException: {0}", ex.get_Message()); } if (rk2 != null) { rk2.Close(); } Console.WriteLine("\r\nPress Enter to delete the example key."); Console.ReadLine(); try { rk.DeleteSubKey("RegistryRightsExample"); Console.WriteLine("Example key was deleted."); } catch (System.Exception ex) { Console.WriteLine("Unable to delete the example key: {0}", ex); } rk.Close(); } //main } //Example /* This code example produces the following output: Example key created. Retrieved value: StringValue Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed. Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key. Press Enter to delete the example key. Example key was deleted. */
Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
開発プラットフォームの中には、.NET Framework によってサポートされていないバージョンがあります。サポートされているバージョンについては、「システム要件」を参照してください。
参照
- RegistryRights 列挙体のページへのリンク