RegistrySecurity.ResetAccessRule メソッド
アセンブリ: mscorlib (mscorlib.dll 内)
構文
使用例
ResetAccessRule メソッドが、一致するユーザーのすべての規則を一致検索に指定した規則に置換する方法を表したコード例を次に示します。
この例では、RegistrySecurity オブジェクトを作成し、異なる継承フラグと反映フラグを指定して、現在のユーザーに対して各種権限を許可および拒否する規則を追加します。さらに、現在のユーザーにキーの読み取りだけを許可する新しい規則を作成し、ResetAccessRule メソッドを使用して、そのユーザーのすべての規則を削除して新しい規則に置換します。
メモ |
---|
この例では、セキュリティ オブジェクトが RegistryKey オブジェクトに割り当てられません。Microsoft.Win32.RegistryKey.GetAccessControl メソッドおよび RegistryKey.SetAccessControl メソッドのトピックを参照してください。 |
Option Explicit Imports System Imports System.Security.AccessControl Imports System.Security.Principal Imports System.Security Imports Microsoft.Win32 Public Class Example Public Shared Sub Main() Dim user As String = Environment.UserDomainName _ & "\" & Environment.UserName ' Create a security object that grants no access. Dim mSec As New RegistrySecurity() ' Add a rule that grants the current user the right ' to read and enumerate the name/value pairs in a key, ' to read its access and audit rules, to enumerate ' its subkeys, to create subkeys, and to delete the key. ' The rule is inherited by all contained subkeys. ' Dim rule As New RegistryAccessRule(user, _ RegistryRights.ReadKey Or RegistryRights.WriteKey _ Or RegistryRights.Delete, _ InheritanceFlags.ContainerInherit, _ PropagationFlags.None, _ AccessControlType.Allow) mSec.AddAccessRule(rule) ' Add a rule that allows the current user the right ' right to set the name/value pairs in a key. ' This rule is inherited by contained subkeys, but ' propagation flags limit it to immediate child ' subkeys. rule = New RegistryAccessRule(user, _ RegistryRights.ChangePermissions, _ InheritanceFlags.ContainerInherit, _ PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _ AccessControlType.Allow) mSec.AddAccessRule(rule) ' Add a rule that denies the current user the right ' to set the name/value pairs in a key. This rule ' has no inheritance or propagation flags, so it ' affects only the key itself. rule = New RegistryAccessRule(user, _ RegistryRights.SetValue, _ AccessControlType.Deny) mSec.AddAccessRule(rule) ' Display the rules in the security object. ShowSecurity(mSec) ' Create a rule that allows the current user ' only read access to a key, with no inheritance ' or propagation flags. ResetAccessRule removes ' all the existing rules for the current user, ' replacing them with this rule. rule = New RegistryAccessRule(user, _ RegistryRights.ReadKey, _ AccessControlType.Allow) mSec.ResetAccessRule(rule) ' Display the rules in the security object. ShowSecurity(mSec) End Sub Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity) Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf) For Each ar As RegistryAccessRule In _ security.GetAccessRules(True, True, GetType(NTAccount)) Console.WriteLine(" User: {0}", ar.IdentityReference) Console.WriteLine(" Type: {0}", ar.AccessControlType) Console.WriteLine(" Rights: {0}", ar.RegistryRights) Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags) Console.WriteLine(" Propagation: {0}", ar.PropagationFlags) Console.WriteLine(" Inherited? {0}", ar.IsInherited) Console.WriteLine() Next End Sub End Class 'This code example produces output similar to following: ' 'Current access rules: ' ' User: TestDomain\TestUser ' Type: Deny ' Rights: SetValue ' Inheritance: None ' Propagation: None ' Inherited? False ' ' User: TestDomain\TestUser ' Type: Allow ' Rights: SetValue, CreateSubKey, Delete, ReadKey ' Inheritance: ContainerInherit ' Propagation: None ' Inherited? False ' ' User: TestDomain\TestUser ' Type: Allow ' Rights: ChangePermissions ' Inheritance: ContainerInherit ' Propagation: NoPropagateInherit, InheritOnly ' Inherited? False ' ' 'Current access rules: ' ' User: TestDomain\TestUser ' Type: Allow ' Rights: ReadKey ' Inheritance: None ' Propagation: None ' Inherited? False
using System; using System.Security.AccessControl; using System.Security.Principal; using System.Security; using Microsoft.Win32; public class Example { public static void Main() { string user = Environment.UserDomainName + "\\" + Environment.UserName; // Create a security object that grants no access. RegistrySecurity mSec = new RegistrySecurity(); // Add a rule that grants the current user the right // to read and enumerate the name/value pairs in a key, // to read its access and audit rules, to enumerate // its subkeys, to create subkeys, and to delete the key. // The rule is inherited by all contained subkeys. // RegistryAccessRule rule = new RegistryAccessRule(user, RegistryRights.ReadKey | RegistryRights.WriteKey | RegistryRights.Delete, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow); mSec.AddAccessRule(rule); // Add a rule that allows the current user the right // right to set the name/value pairs in a key. // This rule is inherited by contained subkeys, but // propagation flags limit it to immediate child // subkeys. rule = new RegistryAccessRule(user, RegistryRights.ChangePermissions, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit, AccessControlType.Allow); mSec.AddAccessRule(rule); // Add a rule that denies the current user the right // to set the name/value pairs in a key. This rule // has no inheritance or propagation flags, so it // affects only the key itself. rule = new RegistryAccessRule(user, RegistryRights.SetValue, AccessControlType.Deny); mSec.AddAccessRule(rule); // Display the rules in the security object. ShowSecurity(mSec); // Create a rule that allows the current user // only read access to a key, with no inheritance // or propagation flags. ResetAccessRule removes // all the existing rules for the current user, // replacing them with this rule. rule = new RegistryAccessRule(user, RegistryRights.ReadKey, AccessControlType.Allow); mSec.ResetAccessRule(rule); // Display the rules in the security object. // removed. ShowSecurity(mSec); } private static void ShowSecurity(RegistrySecurity security) { Console.WriteLine("\r\nCurrent access rules:\r\n"); foreach( RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount)) ) { Console.WriteLine(" User: {0}", ar.IdentityReference); Console.WriteLine(" Type: {0}", ar.AccessControlType); Console.WriteLine(" Rights: {0}", ar.RegistryRights); Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags); Console.WriteLine(" Propagation: {0}", ar.PropagationFlags); Console.WriteLine(" Inherited? {0}", ar.IsInherited); Console.WriteLine(); } } } /* This code example produces output similar to following: Current access rules: User: TestDomain\TestUser Type: Deny Rights: SetValue Inheritance: None Propagation: None Inherited? False User: TestDomain\TestUser Type: Allow Rights: SetValue, CreateSubKey, Delete, ReadKey Inheritance: ContainerInherit Propagation: None Inherited? False User: TestDomain\TestUser Type: Allow Rights: ChangePermissions Inheritance: ContainerInherit Propagation: NoPropagateInherit, InheritOnly Inherited? False Current access rules: User: TestDomain\TestUser Type: Allow Rights: ReadKey Inheritance: None Propagation: None Inherited? False */
Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition
開発プラットフォームの中には、.NET Framework によってサポートされていないバージョンがあります。サポートされているバージョンについては、「システム要件」を参照してください。
参照
- RegistrySecurity.ResetAccessRule メソッドのページへのリンク