RegistryKey.SetAccessControl(RegistrySecurity) Metodo
Definizione
Importante
Alcune informazioni sono relative alla release non definitiva del prodotto, che potrebbe subire modifiche significative prima della release definitiva. Microsoft non riconosce alcuna garanzia, espressa o implicita, in merito alle informazioni qui fornite.
Applica la sicurezza del controllo di accesso Windows a una chiave del Registro di sistema esistente.
public:
void SetAccessControl(System::Security::AccessControl::RegistrySecurity ^ registrySecurity);public void SetAccessControl (System.Security.AccessControl.RegistrySecurity registrySecurity);member this.SetAccessControl : System.Security.AccessControl.RegistrySecurity -> unitPublic Sub SetAccessControl (registrySecurity As RegistrySecurity)Parametri
- registrySecurity
- RegistrySecurity
Sicurezza del controllo di accesso da applicare alla sottochiave corrente.
Eccezioni
L'oggetto RegistryKey corrente rappresenta una chiave con sicurezza del controllo di accesso e il chiamante non dispone dei diritti ChangePermissions.
registrySecurity è null.
La chiave RegistryKey da modificare è chiusa, pertanto non è possibile accedere ad essa.
Esempio
Nell'esempio di codice seguente viene creata una chiave di test. L'utente corrente è consentito ReadKey e diritti, ma negati ChangePermissions e DeleteWriteKey diritti. I tentativi successivi di modificare la chiave hanno esito positivo o negativo a seconda di queste autorizzazioni.
Prima dell'eliminazione della chiave, il codice viene sospeso. È possibile passare all'editor del Registro di sistema e verificare che gli stessi diritti di accesso si applicano quando si accede alla chiave usando l'editor del Registro di sistema. Questo funziona meglio se si usano RunAs dalla riga di comando per eseguire l'editor del Registro di sistema e il codice di esempio come utente locale senza diritti di amministratore. L'editor del Registro di sistema consente sempre a un amministratore di modificare le autorizzazioni, anche se l'amministratore specifico è stato negato tali diritti. Se è stato definito un utente locale denominato TestUser, il comando runas /user:TestUser cmd apre una finestra di comando da cui è possibile eseguire l'editor del Registro di sistema e quindi il codice di esempio.
using namespace System;
using namespace System::Reflection;
using namespace Microsoft::Win32;
using namespace System::Security::AccessControl;
using namespace System::Security;
int main()
{
// Delete the example key if it exists.
try
{
Registry::CurrentUser->DeleteSubKey("RegistryRightsExample");
Console::WriteLine("Example key has been deleted.");
}
catch (ArgumentException^)
{
// ArgumentException is thrown if the key does not exist. In
// this case, there is no reason to display a message.
}
catch (InvalidOperationException^ ex)
{
Console::WriteLine(
"{0}Unable to delete key: it appears to have child subkeys:{0}{1}",
Environment::NewLine, ex);
return 0;
}
catch (SecurityException^ ex)
{
Console::WriteLine("{0}You do not have the permissions required " +
"to delete this key:{0}{1}", Environment::NewLine, ex);
return 0;
}
String^ user = Environment::UserDomainName + "\\" + Environment::UserName;
RegistrySecurity^ regSecurity = gcnew RegistrySecurity();
// Allow the current user to read and delete the key.
//
regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
RegistryRights::ReadKey | RegistryRights::Delete,
InheritanceFlags::None,
PropagationFlags::None,
AccessControlType::Allow));
// Prevent the current user from writing or changing the
// permission set of the key. Note that if Delete permission
// were not allowed in the previous access rule, denying
// WriteKey permission would prevent the user from deleting the
// key.
regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
RegistryRights::WriteKey | RegistryRights::ChangePermissions,
InheritanceFlags::None,
PropagationFlags::None,
AccessControlType::Deny));
// Create the example key with registry security.
RegistryKey^ createdKey = nullptr;
try
{
createdKey = Registry::CurrentUser->CreateSubKey(
"RegistryRightsExample", RegistryKeyPermissionCheck::Default,
regSecurity);
Console::WriteLine("{0}Example key created.", Environment::NewLine);
createdKey->SetValue("ValueName", "StringValue");
}
catch (SecurityException^ ex)
{
Console::WriteLine("{0}You do not have the permissions required " +
"to create the example key:{0}{1}", Environment::NewLine, ex);
return 0;
}
if (createdKey != nullptr)
{
createdKey->Close();
}
RegistryKey^ openedKey;
// Open the key with read access.
openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample",
false);
Console::WriteLine("{0}Retrieved value: {1}",
Environment::NewLine, openedKey->GetValue("ValueName"));
openedKey->Close();
// Attempt to open the key with write access.
try
{
openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample",
true);
}
catch (SecurityException^ ex)
{
Console::WriteLine("{0}You do not have the permissions required " +
"to write to the example key:{0}{1}", Environment::NewLine, ex);
}
if (openedKey != nullptr)
{
openedKey->Close();
}
// Attempt to change permissions for the key.
try
{
regSecurity = gcnew RegistrySecurity();
regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
RegistryRights::WriteKey,
InheritanceFlags::None,
PropagationFlags::None,
AccessControlType::Allow));
openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample",
false);
openedKey->SetAccessControl(regSecurity);
Console::WriteLine("{0}Example key permissions were changed.",
Environment::NewLine);
}
catch (UnauthorizedAccessException^ ex)
{
Console::WriteLine("{0}You are not authorized to change " +
"permissions for the example key:{0}{1}", Environment::NewLine, ex);
}
if (openedKey != nullptr)
{
openedKey->Close();
}
Console::WriteLine("{0}Press Enter to delete the example key.",
Environment::NewLine);
Console::ReadLine();
try
{
Registry::CurrentUser->DeleteSubKey("RegistryRightsExample");
Console::WriteLine("Example key was deleted.");
}
catch(SecurityException^ ex)
{
Console::WriteLine("{0}You do not have the permissions required to "
+ "delete the example key:{0}{1}", Environment::NewLine, ex);
}
}
using System;
using System.Reflection;
using System.Security;
using System.Security.AccessControl;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
// Delete the example key if it exists.
try
{
Registry.CurrentUser.DeleteSubKey("RegistryRightsExample");
Console.WriteLine("Example key has been deleted.");
}
catch (ArgumentException)
{
// ArgumentException is thrown if the key does not exist. In
// this case, there is no reason to display a message.
}
catch (Exception ex)
{
Console.WriteLine("Unable to delete the example key: {0}", ex);
return;
}
string user = Environment.UserDomainName + "\\" + Environment.UserName;
RegistrySecurity rs = new RegistrySecurity();
// Allow the current user to read and delete the key.
//
rs.AddAccessRule(new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.Delete,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow));
// Prevent the current user from writing or changing the
// permission set of the key. Note that if Delete permission
// were not allowed in the previous access rule, denying
// WriteKey permission would prevent the user from deleting the
// key.
rs.AddAccessRule(new RegistryAccessRule(user,
RegistryRights.WriteKey | RegistryRights.ChangePermissions,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Deny));
// Create the example key with registry security.
RegistryKey rk = null;
try
{
rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample",
RegistryKeyPermissionCheck.Default, rs);
Console.WriteLine("\r\nExample key created.");
rk.SetValue("ValueName", "StringValue");
}
catch (Exception ex)
{
Console.WriteLine("\r\nUnable to create the example key: {0}", ex);
}
if (rk != null) rk.Close();
rk = Registry.CurrentUser;
RegistryKey rk2;
// Open the key with read access.
rk2 = rk.OpenSubKey("RegistryRightsExample", false);
Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName"));
rk2.Close();
// Attempt to open the key with write access.
try
{
rk2 = rk.OpenSubKey("RegistryRightsExample", true);
}
catch (SecurityException ex)
{
Console.WriteLine("\nUnable to write to the example key." +
" Caught SecurityException: {0}", ex.Message);
}
if (rk2 != null) rk2.Close();
// Attempt to change permissions for the key.
try
{
rs = new RegistrySecurity();
rs.AddAccessRule(new RegistryAccessRule(user,
RegistryRights.WriteKey,
InheritanceFlags.None,
PropagationFlags.None,
AccessControlType.Allow));
rk2 = rk.OpenSubKey("RegistryRightsExample", false);
rk2.SetAccessControl(rs);
Console.WriteLine("\r\nExample key permissions were changed.");
}
catch (UnauthorizedAccessException ex)
{
Console.WriteLine("\nUnable to change permissions for the example key." +
" Caught UnauthorizedAccessException: {0}", ex.Message);
}
if (rk2 != null) rk2.Close();
Console.WriteLine("\r\nPress Enter to delete the example key.");
Console.ReadLine();
try
{
rk.DeleteSubKey("RegistryRightsExample");
Console.WriteLine("Example key was deleted.");
}
catch(Exception ex)
{
Console.WriteLine("Unable to delete the example key: {0}", ex);
}
rk.Close();
}
}
/* This code example produces the following output:
Example key created.
Retrieved value: StringValue
Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed.
Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key.
Press Enter to delete the example key.
Example key was deleted.
*/
Imports System.Reflection
Imports System.Security
Imports System.Security.AccessControl
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
' Delete the example key if it exists.
Try
Registry.CurrentUser.DeleteSubKey("RegistryRightsExample")
Console.WriteLine("Example key has been deleted.")
Catch ex As ArgumentException
' ArgumentException is thrown if the key does not exist. In
' this case, there is no reason to display a message.
Catch ex As Exception
Console.WriteLine("Unable to delete the example key: {0}", ex)
Return
End Try
Dim user As String = Environment.UserDomainName & "\" & Environment.UserName
Dim rs As New RegistrySecurity()
' Allow the current user to read and delete the key.
'
rs.AddAccessRule(new RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.Delete, _
InheritanceFlags.None, _
PropagationFlags.None, _
AccessControlType.Allow))
' Prevent the current user from writing or changing the
' permission set of the key. Note that if Delete permission
' were not allowed in the previous access rule, denying
' WriteKey permission would prevent the user from deleting the
' key.
rs.AddAccessRule(new RegistryAccessRule(user, _
RegistryRights.WriteKey Or RegistryRights.ChangePermissions, _
InheritanceFlags.None, _
PropagationFlags.None, _
AccessControlType.Deny))
' Create the example key with registry security.
Dim rk As RegistryKey = Nothing
Try
rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", _
RegistryKeyPermissionCheck.Default, rs)
Console.WriteLine(vbCrLf & "Example key created.")
rk.SetValue("ValueName", "StringValue")
Catch ex As Exception
Console.WriteLine(vbCrLf & "Unable to create the example key: {0}", ex)
End Try
If rk IsNot Nothing Then rk.Close()
rk = Registry.CurrentUser
Dim rk2 As RegistryKey
' Open the key with read access.
rk2 = rk.OpenSubKey("RegistryRightsExample", False)
Console.WriteLine(vbCrLf & "Retrieved value: {0}", rk2.GetValue("ValueName"))
rk2.Close()
' Attempt to open the key with write access.
Try
rk2 = rk.OpenSubKey("RegistryRightsExample", True)
Catch ex As SecurityException
Console.WriteLine(vbCrLf & "Unable to write to the example key." _
& " Caught SecurityException: {0}", ex.Message)
End Try
If rk2 IsNot Nothing Then rk2.Close()
' Attempt to change permissions for the key.
Try
rs = New RegistrySecurity()
rs.AddAccessRule(new RegistryAccessRule(user, _
RegistryRights.WriteKey, _
InheritanceFlags.None, _
PropagationFlags.None, _
AccessControlType.Allow))
rk2 = rk.OpenSubKey("RegistryRightsExample", False)
rk2.SetAccessControl(rs)
Console.WriteLine(vbCrLf & "Example key permissions were changed.")
Catch ex As UnauthorizedAccessException
Console.WriteLine(vbCrLf & "Unable to change permissions for the example key." _
& " Caught UnauthorizedAccessException: {0}", ex.Message)
End Try
If rk2 IsNot Nothing Then rk2.Close()
Console.WriteLine(vbCrLf & "Press Enter to delete the example key.")
Console.ReadLine()
Try
rk.DeleteSubKey("RegistryRightsExample")
Console.WriteLine("Example key was deleted.")
Catch ex As Exception
Console.WriteLine("Unable to delete the example key: {0}", ex)
End Try
rk.Close()
End Sub
End Class
' This code produces the following output:
'
'Example key created.
'
'Retrieved value: StringValue
'
'Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed.
'
'Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key.
'
'Press Enter to delete the example key.
'
'Example key was deleted.
Commenti
Per modificare le autorizzazioni per una chiave del Registro di sistema, usare il metodo per ottenere un RegistrySecurity oggetto che rappresenta la sicurezza del controllo di accesso di Windows esistente, modificare tale RegistrySecurity oggetto e quindi usare il GetAccessControlSetAccessControl metodo per aggiornare la sicurezza per la chiave.
Attenzione
L'oggetto RegistrySecurity specificato per registrySecurity sostituisce la sicurezza esistente per la chiave del Registro di sistema. Per aggiungere autorizzazioni per un nuovo utente, usare il GetAccessControl metodo per ottenere la sicurezza del controllo di accesso esistente e quindi modificarla.
Si applica a
Collabora con noi su GitHub
L'origine di questo contenuto è disponibile in GitHub, in cui è anche possibile creare ed esaminare i problemi e le richieste pull. Per ulteriori informazioni, vedere la guida per i collaboratori.
Commenti e suggerimenti
Presto disponibile: Nel corso del 2024 verranno gradualmente disattivati i problemi di GitHub come meccanismo di feedback per il contenuto e ciò verrà sostituito con un nuovo sistema di feedback. Per altre informazioni, vedere https://aka.ms/ContentUserFeedback.
Invia e visualizza il feedback per