次の方法で共有


RegistrySecurity.RemoveAccessRuleSpecific(RegistryAccessRule) メソッド

定義

指定した規則に正確に一致するアクセス制御規則を検索し、見つかった場合は、その規則を削除します。

public:
 void RemoveAccessRuleSpecific(System::Security::AccessControl::RegistryAccessRule ^ rule);
public void RemoveAccessRuleSpecific (System.Security.AccessControl.RegistryAccessRule rule);
override this.RemoveAccessRuleSpecific : System.Security.AccessControl.RegistryAccessRule -> unit
Public Sub RemoveAccessRuleSpecific (rule As RegistryAccessRule)

パラメーター

rule
RegistryAccessRule

削除する RegistryAccessRule

例外

rulenullです。

次のコード例では、 メソッドがルールが RemoveAccessRuleSpecific 完全に一致する場合にのみルールを削除することを示しています。

この例では、異なる権限を許可する 2 つのルールを作成します。 規則には互換性のある継承フラグと伝達フラグがあるため、2 番目のルールが追加されると、最初のルールとマージされます。 この例では、最初の RemoveAccessRuleSpecific ルールを指定して メソッドを呼び出しますが、ルールがマージされるため、一致するルールはありません。 次に、 メソッドを RemoveAccessRule 呼び出してマージされたルールから 2 番目のルールを削除し、最後に メソッドを RemoveAccessRuleSpecific 呼び出して最初のルールを削除します。

注意

この例では、セキュリティ オブジェクトを オブジェクトに RegistryKey アタッチしません。 RegistryKey.GetAccessControlメソッドと メソッドをRegistryKey.SetAccessControl参照してください。


using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;

public class Example
{
    public static void Main()
    {
        string user = Environment.UserDomainName + "\\"
            + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user the right
        // to read and enumerate the name/value pairs in a key, 
        // to read its access and audit rules, to enumerate
        // its subkeys, to create subkeys, and to delete the key. 
        // The rule is inherited by all contained subkeys.
        //
        RegistryAccessRule rule1 = new RegistryAccessRule(user, 
            RegistryRights.ReadKey | RegistryRights.WriteKey
                | RegistryRights.Delete, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule1);

        // Add a rule that allows the current user the right
        // right to take ownership of a key, using the same 
        // inheritance and propagation flags. This rule 
        // merges with the first rule.
        RegistryAccessRule rule2 = new RegistryAccessRule(user, 
            RegistryRights.ChangePermissions, 
            InheritanceFlags.ContainerInherit,
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule2);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Attempt to use RemoveRuleSpecific to remove the
        // first rule. The removal fails, because the rule
        // in the RegistrySecurity object has been altered.
        mSec.RemoveAccessRuleSpecific(rule1);

        // Show that the rule was not removed.
        ShowSecurity(mSec);

        // Use the RemoveAccessRule method to remove rule2,
        // and then use RemoveAccessRuleSpecific to remove
        // rule1.
        mSec.RemoveAccessRule(rule2);
        mSec.RemoveAccessRuleSpecific(rule1);

        // Show that the rules have been removed.
        ShowSecurity(mSec);
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)) )
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
            Console.WriteLine("   Inherited? {0}", ar.IsInherited);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False


Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False


Current access rules:

*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32

Public Class Example

    Public Shared Sub Main()

        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user the right
        ' to read and enumerate the name/value pairs in a key, 
        ' to read its access and audit rules, to enumerate
        ' its subkeys, to create subkeys, and to delete the key. 
        ' The rule is inherited by all contained subkeys.
        '
        Dim rule1 As New RegistryAccessRule(user, _
            RegistryRights.ReadKey Or RegistryRights.WriteKey _
                Or RegistryRights.Delete, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule1)

        ' Add a rule that allows the current user the right
        ' right to take ownership of a key, using the same 
        ' inheritance and propagation flags. This rule 
        ' merges with the first rule.
        Dim rule2 As New RegistryAccessRule(user, _
            RegistryRights.ChangePermissions, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule2)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Attempt to use RemoveRuleSpecific to remove the
        ' first rule. The removal fails, because the rule
        ' in the RegistrySecurity object has been altered.
        mSec.RemoveAccessRuleSpecific(rule1)

        ' Show that the rule was not removed.
        ShowSecurity(mSec)

        ' Use the RemoveAccessRule method to remove rule2,
        ' and then use RemoveAccessRuleSpecific to remove
        ' rule1.
        mSec.RemoveAccessRule(rule2)
        mSec.RemoveAccessRuleSpecific(rule1)

        ' Show that the rules have been removed.
        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
            Console.WriteLine("   Inherited? {0}", ar.IsInherited)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'
'Current access rules:
'

注釈

ルールは、フラグを含むすべての詳細で完全に一致する rule 場合にのみ削除されます。 同じユーザー AccessControlType を持つ他のルールは影響を受けません。

重要

ルールは 1 つ以上の基になるアクセス制御エントリ (ACE) を表し、ユーザーのアクセス セキュリティ規則を変更すると、これらのエントリは必要に応じて分割または結合されます。 したがって、ルールは追加時の特定の形式では存在しなくなる可能性があり、その場合 RemoveAccessRuleSpecific 、メソッドはそれを削除できません。

適用対象