RegistryRights 列挙体とは何？わかりやすく解説 Weblio辞書

.NET Framework クラスライブラリリファレンス

索引トップ用語の索引ランキング

RegistryRights 列挙体

メモ : この列挙体は、.NET Framework version 2.0 で新しく追加されたものです。

レジストリオブジェクトに適用できるアクセス制御権を指定します。

この列挙体には、メンバ値のビットごとの組み合わせを可能にする FlagsAttribute 属性が含まれています。

名前空間: System.Security.AccessControl
アセンブリ: mscorlib (mscorlib.dll 内)
構文

Visual Basic (宣言)

<FlagsAttribute> _
Public Enumeration RegistryRights

Visual Basic (使用法)

Dim instance As RegistryRights

[FlagsAttribute] 
public enum RegistryRights

C++

[FlagsAttribute] 
public enum class RegistryRights

/** @attribute FlagsAttribute() */ 
public enum RegistryRights

JScript

FlagsAttribute 
public enum RegistryRights

メンバ

	メンバ名	説明
	ChangePermissions	レジストリキーに関連付けられたアクセス規則と監査規則を変更する権限。
	CreateLink	システムで使用するために予約されています。
	CreateSubKey	レジストリキーのサブキーを作成する権限。
	Delete	レジストリキーを削除する権限。
	EnumerateSubKeys	レジストリキーのサブキーをリストする権限。
	ExecuteKey	ReadKey と同じです。
	FullControl	レジストリキーに対するフルコントロール、およびそのアクセス規則と監査規則を変更する権限。
	Notify	レジストリキーの変更通知を要求する権限。
	QueryValues	レジストリキー内の名前/値ペアを照会する権限。
	ReadKey	レジストリキー内の名前/値ペアの照会、変更通知の要求、そのサブキーの列挙、そのアクセス規則と監査規則の読み取りを行う権限。
	ReadPermissions	レジストリキーのアクセス規則と監査規則を開いてコピーする権限。
	SetValue	レジストリキー内の名前/値ペアを作成、削除、または設定する権限。
	TakeOwnership	レジストリキーの所有者を変更する権限。
	WriteKey	レジストリキー内の名前/値ペアの作成、削除、および設定、サブキーの作成または削除、変更通知の要求、そのサブキーの列挙、そのアクセス規則と監査規則の読み取りを行う権限。

解説

RegistrySecurity オブジェクトを作成する場合に、RegistryRights 列挙体を使用してレジストリアクセス権を指定します。アクセス権をレジストリキーに適用するには、まず、RegistryAccessRule オブジェクトを RegistrySecurity オブジェクトに追加し、RegistryKey.SetAccessControl メソッドを使用するか、または Microsoft.Win32.RegistryKey.CreateSubKey メソッドの適切なオーバーロードを使用して、RegistrySecurity オブジェクトをキーに割り当てます。

使用例

RegistryRights 列挙体の使用方法を示すコード例を次に示します。このコードでは、テストキーを作成し、現在のユーザーに対して ReadKey アクセス権および Delete アクセス権を許可し、ChangePermissions 権および WriteKey 権を拒否します。これらのアクセス許可に基づいて、キーを操作するための後続の試みが成功または失敗します。

キーを削除する前に、コードが一時停止します。レジストリエディタ (Regedit.exe または Regedt32.exe) に切り替えることにより、キーへのアクセスにレジストリエディタを使用した場合でも同じアクセス権が適用されることを確認できます。

この例は、コマンドラインから RunAs を使用してレジストリエディタを実行し、管理者権限を持たないローカルユーザーとしてサンプルコードを実行すると最も効果があります。たとえば、TestUser という名前のローカルユーザーを定義した場合、コマンド runas /user:TestUser cmd によってコマンドウィンドウが開かれ、ここでレジストリエディタを実行し、このプログラム例を実行できます。

Visual Basic

Imports System
Imports System.Reflection
Imports System.Security
Imports System.Security.AccessControl
Imports Microsoft.Win32

Public Class Example
    Public Shared Sub Main()
        ' Delete the example key if it exists.
        Try
            Registry.CurrentUser.DeleteSubKey("RegistryRightsExample")
            Console.WriteLine("Example key has been deleted.")
        Catch ex As ArgumentException
            ' ArgumentException is thrown if the key does not exist.
 In
            ' this case, there is no reason to display a message.
        Catch ex As Exception
            Console.WriteLine("Unable to delete the example key:
 {0}", ex)
            Return
        End Try

        Dim user As String
 = Environment.UserDomainName & "\" & Environment.UserName

        Dim rs As New RegistrySecurity()

        ' Allow the current user to read and delete the key.
        '
        rs.AddAccessRule(new RegistryAccessRule(user, _
            RegistryRights.ReadKey Or RegistryRights.Delete, _
            InheritanceFlags.None, _
            PropagationFlags.None, _
            AccessControlType.Allow))

        ' Prevent the current user from writing or changing the
        ' permission set of the key. Note that if Delete permission
        ' were not allowed in the previous access rule, denying
        ' WriteKey permission would prevent the user from deleting the
 
        ' key.
        rs.AddAccessRule(new RegistryAccessRule(user, _
            RegistryRights.WriteKey Or RegistryRights.ChangePermissions,
 _
            InheritanceFlags.None, _
            PropagationFlags.None, _
            AccessControlType.Deny))

        ' Create the example key with registry security.
        Dim rk As RegistryKey = Nothing
        Try
            rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample",
 _
                RegistryKeyPermissionCheck.Default, rs)
            Console.WriteLine(vbCrLf & "Example key created.")
            rk.SetValue("ValueName", "StringValue")
        Catch ex As Exception
            Console.WriteLine(vbCrLf & "Unable to create the
 example key: {0}", ex)
        End Try

        If rk IsNot Nothing Then
 rk.Close()

        rk = Registry.CurrentUser

        Dim rk2 As RegistryKey
        
        ' Open the key with read access.
        rk2 = rk.OpenSubKey("RegistryRightsExample",
 False)
        Console.WriteLine(vbCrLf & "Retrieved value: {0}",
 rk2.GetValue("ValueName"))
        rk2.Close()

        ' Attempt to open the key with write access.
        Try
            rk2 = rk.OpenSubKey("RegistryRightsExample",
 True)
        Catch ex As SecurityException
            Console.WriteLine(vbCrLf & "Unable to write to
 the example key." _
                & " Caught SecurityException: {0}",
 ex.Message)
        End Try
        If rk2 IsNot Nothing Then
 rk2.Close()

        ' Attempt to change permissions for the key.
        Try
            rs = New RegistrySecurity()
            rs.AddAccessRule(new RegistryAccessRule(user, _
                RegistryRights.WriteKey, _
                InheritanceFlags.None, _
                PropagationFlags.None, _
                AccessControlType.Allow))
            rk2 = rk.OpenSubKey("RegistryRightsExample",
 False)
            rk2.SetAccessControl(rs)
            Console.WriteLine(vbCrLf & "Example key permissions
 were changed.")
        Catch ex As UnauthorizedAccessException
            Console.WriteLine(vbCrLf & "Unable to change permissions
 for the example key." _
                & " Caught UnauthorizedAccessException: {0}",
 ex.Message)
        End Try
        If rk2 IsNot Nothing Then
 rk2.Close()

        Console.WriteLine(vbCrLf & "Press Enter to delete
 the example key.")
        Console.ReadLine()

        Try
            rk.DeleteSubKey("RegistryRightsExample")
            Console.WriteLine("Example key was deleted.")
        Catch ex As Exception
            Console.WriteLine("Unable to delete the example key:
 {0}", ex)
        End Try

        rk.Close()
    End Sub
End Class

' This code produces the following output:
'
'Example key created.
'
'Retrieved value: StringValue
'
'Unable to write to the example key. Caught SecurityException: Requested
 registry access is not allowed.
'
'Unable to change permissions for the example key. Caught UnauthorizedAccessException:
 Cannot write to the registry key.
'
'Press Enter to delete the example key.
'
'Example key was deleted.

using System;
using System.Reflection;
using System.Security;
using System.Security.AccessControl;
using Microsoft.Win32;

public class Example
{
    public static void Main()
    {
        // Delete the example key if it exists.
        try
        {
            Registry.CurrentUser.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key has been deleted.");
        }
        catch (ArgumentException)
        {
            // ArgumentException is thrown if the key does not exist.
 In
            // this case, there is no reason to display a message.
        }
        catch (Exception ex)
        {
            Console.WriteLine("Unable to delete the example key: {0}",
 ex);
            return;
        }

        string user = Environment.UserDomainName + "\\"
 + Environment.UserName;

        RegistrySecurity rs = new RegistrySecurity();

        // Allow the current user to read and delete the key.
        //
        rs.AddAccessRule(new RegistryAccessRule(user, 
            RegistryRights.ReadKey | RegistryRights.Delete, 
            InheritanceFlags.None, 
            PropagationFlags.None, 
            AccessControlType.Allow));

        // Prevent the current user from writing or changing the
        // permission set of the key. Note that if Delete permission
        // were not allowed in the previous access rule, denying
        // WriteKey permission would prevent the user from deleting
 the 
        // key.
        rs.AddAccessRule(new RegistryAccessRule(user, 
            RegistryRights.WriteKey | RegistryRights.ChangePermissions, 
            InheritanceFlags.None, 
            PropagationFlags.None, 
            AccessControlType.Deny));

        // Create the example key with registry security.
        RegistryKey rk = null;
        try
        {
            rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample",
 
                RegistryKeyPermissionCheck.Default, rs);
            Console.WriteLine("\r\nExample key created.");
            rk.SetValue("ValueName", "StringValue");
        }
        catch (Exception ex)
        {
            Console.WriteLine("\r\nUnable to create the example key: {0}",
 ex);
        }
        if (rk != null) rk.Close();

        rk = Registry.CurrentUser;

        RegistryKey rk2;
        
        // Open the key with read access.
        rk2 = rk.OpenSubKey("RegistryRightsExample", false);
        Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName"));
        rk2.Close();

        // Attempt to open the key with write access.
        try
        {
            rk2 = rk.OpenSubKey("RegistryRightsExample", true);
        }
        catch (SecurityException ex)
        {
            Console.WriteLine("\nUnable to write to the example key." +
                " Caught SecurityException: {0}", ex.Message);
        }
        if (rk2 != null) rk2.Close();

        // Attempt to change permissions for the key.
        try
        {
            rs = new RegistrySecurity();
            rs.AddAccessRule(new RegistryAccessRule(user, 
                RegistryRights.WriteKey, 
                InheritanceFlags.None, 
                PropagationFlags.None, 
                AccessControlType.Allow));
            rk2 = rk.OpenSubKey("RegistryRightsExample", false);
            rk2.SetAccessControl(rs);
            Console.WriteLine("\r\nExample key permissions were changed.");
        }
        catch (UnauthorizedAccessException ex)
        {
            Console.WriteLine("\nUnable to change permissions for
 the example key." +
                " Caught UnauthorizedAccessException: {0}", ex.Message);
        }
        if (rk2 != null) rk2.Close();

        Console.WriteLine("\r\nPress Enter to delete the example key.");
        Console.ReadLine();

        try
        {
            rk.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key was deleted.");
        }
        catch(Exception ex)
        {
            Console.WriteLine("Unable to delete the example key: {0}",
 ex);
        }

        rk.Close();
    }
}

/* This code example produces the following output:

Example key created.

Retrieved value: StringValue

Unable to write to the example key. Caught SecurityException: Requested registry
 access is not allowed.

Unable to change permissions for the example key. Caught UnauthorizedAccessException:
 Cannot write to the registry key.

Press Enter to delete the example key.

Example key was deleted.
 */

C++

using namespace System;
using namespace System::Reflection;
using namespace Microsoft::Win32;
using namespace System::Security::AccessControl;
using namespace System::Security;

int main()
{
    // Delete the example key if it exists.
    try
    {
        Registry::CurrentUser->DeleteSubKey("RegistryRightsExample");
        Console::WriteLine("Example key has been deleted.");
    }
    catch (ArgumentException^)
    {
        // ArgumentException is thrown if the key does not exist. In
        // this case, there is no reason to display a message.
    }
    catch (InvalidOperationException^ ex)
    {
        Console::WriteLine(
            "{0}Unable to delete key: it appears to have child subkeys:{0}{1}",
 
            Environment::NewLine, ex);
        return 0;
    }
    catch (SecurityException^ ex)
    {
        Console::WriteLine("{0}You do not have the permissions required "
 +
            "to delete this key:{0}{1}", Environment::NewLine,
 ex);
        return 0;
    }

    String^ user = Environment::UserDomainName + "\\" + Environment::UserName;

    RegistrySecurity^ regSecurity = gcnew RegistrySecurity();

    // Allow the current user to read and delete the key.
    //
    regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
        RegistryRights::ReadKey | RegistryRights::Delete,
        InheritanceFlags::None,
        PropagationFlags::None,
        AccessControlType::Allow));

    // Prevent the current user from writing or changing the
    // permission set of the key. Note that if Delete permission
    // were not allowed in the previous access rule, denying
    // WriteKey permission would prevent the user from deleting the
    // key.
    regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
        RegistryRights::WriteKey | RegistryRights::ChangePermissions,
        InheritanceFlags::None,
        PropagationFlags::None,
        AccessControlType::Deny));

    // Create the example key with registry security.
    RegistryKey^ createdKey = nullptr;
    try
    {
        createdKey = Registry::CurrentUser->CreateSubKey(
            "RegistryRightsExample", RegistryKeyPermissionCheck::Default
,
            regSecurity);
        Console::WriteLine("{0}Example key created.", Environment::NewLine);
        createdKey->SetValue("ValueName", "StringValue");
    }
    catch (SecurityException^ ex)
    {
        Console::WriteLine("{0}You do not have the permissions required "
 +
            "to create the example key:{0}{1}", Environment::NewLine, ex);
        return 0;
    }
    if (createdKey != nullptr)
    {
        createdKey->Close();
    }

    RegistryKey^ openedKey;

    // Open the key with read access.
    openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample"
,
        false);
    Console::WriteLine("{0}Retrieved value: {1}",
        Environment::NewLine, openedKey->GetValue("ValueName"));
    openedKey->Close();

    // Attempt to open the key with write access.
    try
    {
        openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample"
,
            true);
    }
    catch (SecurityException^ ex)
    {
        Console::WriteLine("{0}You do not have the permissions required "
 +
            "to write to the example key:{0}{1}", Environment::NewLine,
 ex);
    }
    if (openedKey != nullptr)
    {
        openedKey->Close();
    }

    // Attempt to change permissions for the key.
    try
    {
        regSecurity = gcnew RegistrySecurity();
        regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
            RegistryRights::WriteKey,
            InheritanceFlags::None,
            PropagationFlags::None,
            AccessControlType::Allow));
        openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample"
,
            false);
        openedKey->SetAccessControl(regSecurity);
        Console::WriteLine("{0}Example key permissions were changed.",
 
            Environment::NewLine);
    }
    catch (UnauthorizedAccessException^ ex)
    {
        Console::WriteLine("{0}You are not authorized to change " +
            "permissions for the example key:{0}{1}",
 Environment::NewLine, ex);
    }
    if (openedKey != nullptr)
    {
        openedKey->Close();
    }

    Console::WriteLine("{0}Press Enter to delete the example key.", 
        Environment::NewLine);
    Console::ReadLine();

    try
    {
        Registry::CurrentUser->DeleteSubKey("RegistryRightsExample");
        Console::WriteLine("Example key was deleted.");
    }
    catch(SecurityException^ ex)
    {
        Console::WriteLine("{0}You do not have the permissions required to "
            + "delete the example key:{0}{1}", Environment::NewLine, ex);
    }
}

import System.*;
import System.Reflection.*;
import System.Security.*;
import System.Security.AccessControl.*;
import Microsoft.Win32.*;

public class Example
{
    public static void main(String[]
 args)
    {
        // Delete the example key if it exists.
        try {
            Registry.CurrentUser.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key has been deleted.");
        }
        catch (ArgumentException exp) {
            // ArgumentException is thrown if the key does not exist.
 In
            // this case, there is no reason to display a message.
        }
        catch (System.Exception ex) {
            Console.WriteLine("Unable to delete the example key: {0}",
 ex);
            return;
        }

        String user = Environment.get_UserDomainName() + "\\" 
            + Environment.get_UserName();

        RegistrySecurity rs = new RegistrySecurity();
        // Allow the current user to read and delete the key.
        //
        rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.ReadKey
 
            | RegistryRights.Delete, InheritanceFlags.None, 
            PropagationFlags.None, AccessControlType.Allow));
        // Prevent the current user from writing or changing the
        // permission set of the key. Note that if Delete permission
        // were not allowed in the previous access rule, denying
        // WriteKey permission would prevent the user from deleting
 the 
        // key.
        rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey
 
            | RegistryRights.ChangePermissions, InheritanceFlags.None, 
            PropagationFlags.None, AccessControlType.Deny));
        // Create the example key with registry security.
        RegistryKey rk = null;
        try {
            rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample",
 
                RegistryKeyPermissionCheck.Default, rs);
            Console.WriteLine("\r\nExample key created.");
            rk.SetValue("ValueName", "StringValue");
        }
        catch (System.Exception ex) {
            Console.WriteLine("\r\nUnable to create the example key: {0}",
 ex);
        }
        if (rk != null) {
            rk.Close();
        }
        rk = Registry.CurrentUser;
        RegistryKey rk2;
        // Open the key with read access.
        rk2 = rk.OpenSubKey("RegistryRightsExample", false);
        Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName"));
        rk2.Close();
        // Attempt to open the key with write access.
        try {
            rk2 = rk.OpenSubKey("RegistryRightsExample", true);
        }
        catch (System.Security.SecurityException ex) {
            Console.WriteLine("\r\nUnable to write to the example key."
 +
                " Caught SecurityException: {0}", ex.get_Message());
        }
        if (rk2 != null) {
            rk2.Close();
        }
        // Attempt to change permissions for the key.
        try {
            rs = new RegistrySecurity();
            rs.AddAccessRule(new RegistryAccessRule(user, 
                RegistryRights.WriteKey, InheritanceFlags.None, 
                PropagationFlags.None, AccessControlType.Allow));
            rk2 = rk.OpenSubKey("RegistryRightsExample", false);
            rk2.SetAccessControl(rs);
            Console.WriteLine("\r\nExample key permissions were changed.");
        }
        catch (System.UnauthorizedAccessException ex) {
            Console.WriteLine("\r\nUnable to change permissions for
 the example key." +
                " Caught UnauthorizedAccessException: {0}", ex.get_Message());
        }
        if (rk2 != null) {
            rk2.Close();
        }
        Console.WriteLine("\r\nPress Enter to delete the example key.");
        Console.ReadLine();
        try {
            rk.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key was deleted.");
        }
        catch (System.Exception ex) {
            Console.WriteLine("Unable to delete the example key: {0}",
 ex);
        }
        rk.Close();
    } //main
} //Example

/* This code example produces the following output:

Example key created.

Retrieved value: StringValue

Unable to write to the example key. Caught SecurityException: Requested registry
 access is not allowed.

Unable to change permissions for the example key. Caught UnauthorizedAccessException:
 Cannot write to the registry key.

Press Enter to delete the example key.

Example key was deleted.
 */