Audit Rule Class
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Represents a set of access rights to be audited for a user or group. This class cannot be inherited.
public ref class RegistryAuditRule sealed : System::Security::AccessControl::AuditRule
public sealed class RegistryAuditRule : System.Security.AccessControl.AuditRule
[System.Security.SecurityCritical] public sealed class RegistryAuditRule : System.Security.AccessControl.AuditRule
type RegistryAuditRule = class inherit AuditRule
[<System.Security.SecurityCritical>] type RegistryAuditRule = class inherit AuditRule
Public NotInheritable Class RegistryAuditRule Inherits AuditRule
The RegistryAuditRule class is one of a set of classes that the .NET Framework provides for managing Windows access control security on registry keys. For an overview of these classes and their relationship to the underlying Windows access control structures, see RegistrySecurity.
Windows access control security can only be applied to registry keys. It cannot be applied to individual key/value pairs stored in a key.
To get a list of the audit rules currently applied to a registry key, use the RegistryKey.GetAccessControl method to get a RegistrySecurity object, and then use its GetAuditRules method to obtain a collection of RegistryAuditRule objects.
RegistryAuditRule objects do not map one-to-one with access control entries in the underlying discretionary access control list (DACL). When you get the set of all audit rules for a registry key, the set contains the minimum number of rules currently required to express all the access control entries.
The underlying access control entries change as you apply and remove rules. The information in rules is merged if possible, to maintain the smallest number of access control entries. Thus, when you read the current list of rules, it might not look exactly like the list of all the rules you have added.
Use RegistryAuditRule objects to specify access rights to be audited for a user or group. To apply a rule to a registry key, use the RegistryKey.GetAccessControl method to get the RegistrySecurity object. Modify the RegistrySecurity object by using its methods to add the rule, and then use the RegistryKey.SetAccessControl method to reattach the security object.
Changes you make to a RegistrySecurity object do not affect the access levels of the registry key until you call the RegistryKey.SetAccessControl method to assign the altered security object to the registry key.
RegistryAuditRule objects are immutable. Security for a registry key is modified by using the methods of the RegistrySecurity class to add or remove rules; as you do this, the underlying access control entries are modified.
|RegistryAuditRule(IdentityReference, RegistryRights, InheritanceFlags, PropagationFlags, AuditFlags)||
Initializes a new instance of the RegistryAuditRule class, specifying the user or group to audit, the rights to audit, whether to take inheritance into account, and whether to audit success, failure, or both.
|RegistryAuditRule(String, RegistryRights, InheritanceFlags, PropagationFlags, AuditFlags)||
Initializes a new instance of the RegistryAuditRule class, specifying the name of the user or group to audit, the rights to audit, whether to take inheritance into account, and whether to audit success, failure, or both.
Gets the access mask for this rule.(Inherited from AuthorizationRule)
Gets the audit flags for this audit rule.(Inherited from AuditRule)
Gets the IdentityReference to which this rule applies.(Inherited from AuthorizationRule)
Gets the value of flags that determine how this rule is inherited by child objects.(Inherited from AuthorizationRule)
Gets a value indicating whether this rule is explicitly set or is inherited from a parent container object.(Inherited from AuthorizationRule)
Gets the value of the propagation flags, which determine how inheritance of this rule is propagated to child objects. This property is significant only when the value of the InheritanceFlags enumeration is not None.(Inherited from AuthorizationRule)
Gets the access rights affected by the audit rule.
Determines whether the specified object is equal to the current object.(Inherited from Object)
Serves as the default hash function.(Inherited from Object)
Gets the Type of the current instance.(Inherited from Object)
Creates a shallow copy of the current Object.(Inherited from Object)
Returns a string that represents the current object.(Inherited from Object)