RegistrySecurity.RemoveAccessRuleSpecific(RegistryAccessRule) 方法

定义

搜索与指定的规则完全匹配的访问控制规则,如果找到则将其移除。

public:
 void RemoveAccessRuleSpecific(System::Security::AccessControl::RegistryAccessRule ^ rule);
public void RemoveAccessRuleSpecific (System.Security.AccessControl.RegistryAccessRule rule);
override this.RemoveAccessRuleSpecific : System.Security.AccessControl.RegistryAccessRule -> unit
Public Sub RemoveAccessRuleSpecific (rule As RegistryAccessRule)

参数

rule
RegistryAccessRule

要移除的 RegistryAccessRule

例外

rulenull

示例

下面的代码示例显示,仅当规则完全匹配时, RemoveAccessRuleSpecific 方法才会删除该规则。

该示例创建两个允许不同权限的规则。 规则具有兼容的继承和传播标志,因此,添加第二个规则时,它会与第一个规则合并。 该示例调用 RemoveAccessRuleSpecific 方法,指定第一个规则,但由于规则已合并,因此没有匹配的规则。 然后,该示例调用 RemoveAccessRule 方法以从合并规则中删除第二个规则,最后调用 RemoveAccessRuleSpecific 方法以删除第一个规则。

注意

此示例不将安全对象附加到 对象 RegistryKeyRegistryKey.GetAccessControl请参阅 方法和 RegistryKey.SetAccessControl 方法。


using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;

public class Example
{
    public static void Main()
    {
        string user = Environment.UserDomainName + "\\"
            + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user the right
        // to read and enumerate the name/value pairs in a key, 
        // to read its access and audit rules, to enumerate
        // its subkeys, to create subkeys, and to delete the key. 
        // The rule is inherited by all contained subkeys.
        //
        RegistryAccessRule rule1 = new RegistryAccessRule(user, 
            RegistryRights.ReadKey | RegistryRights.WriteKey
                | RegistryRights.Delete, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule1);

        // Add a rule that allows the current user the right
        // right to take ownership of a key, using the same 
        // inheritance and propagation flags. This rule 
        // merges with the first rule.
        RegistryAccessRule rule2 = new RegistryAccessRule(user, 
            RegistryRights.ChangePermissions, 
            InheritanceFlags.ContainerInherit,
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule2);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Attempt to use RemoveRuleSpecific to remove the
        // first rule. The removal fails, because the rule
        // in the RegistrySecurity object has been altered.
        mSec.RemoveAccessRuleSpecific(rule1);

        // Show that the rule was not removed.
        ShowSecurity(mSec);

        // Use the RemoveAccessRule method to remove rule2,
        // and then use RemoveAccessRuleSpecific to remove
        // rule1.
        mSec.RemoveAccessRule(rule2);
        mSec.RemoveAccessRuleSpecific(rule1);

        // Show that the rules have been removed.
        ShowSecurity(mSec);
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)) )
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
            Console.WriteLine("   Inherited? {0}", ar.IsInherited);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False


Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False


Current access rules:

*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32

Public Class Example

    Public Shared Sub Main()

        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user the right
        ' to read and enumerate the name/value pairs in a key, 
        ' to read its access and audit rules, to enumerate
        ' its subkeys, to create subkeys, and to delete the key. 
        ' The rule is inherited by all contained subkeys.
        '
        Dim rule1 As New RegistryAccessRule(user, _
            RegistryRights.ReadKey Or RegistryRights.WriteKey _
                Or RegistryRights.Delete, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule1)

        ' Add a rule that allows the current user the right
        ' right to take ownership of a key, using the same 
        ' inheritance and propagation flags. This rule 
        ' merges with the first rule.
        Dim rule2 As New RegistryAccessRule(user, _
            RegistryRights.ChangePermissions, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule2)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Attempt to use RemoveRuleSpecific to remove the
        ' first rule. The removal fails, because the rule
        ' in the RegistrySecurity object has been altered.
        mSec.RemoveAccessRuleSpecific(rule1)

        ' Show that the rule was not removed.
        ShowSecurity(mSec)

        ' Use the RemoveAccessRule method to remove rule2,
        ' and then use RemoveAccessRuleSpecific to remove
        ' rule1.
        mSec.RemoveAccessRule(rule2)
        mSec.RemoveAccessRuleSpecific(rule1)

        ' Show that the rules have been removed.
        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
            Console.WriteLine("   Inherited? {0}", ar.IsInherited)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, Delete, ReadKey, ChangePermissions
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'
'Current access rules:
'

注解

仅当规则在所有详细信息(包括标志)中完全匹配 rule 时,才会删除该规则。 具有相同用户 和 AccessControlType 的其他规则不受影响。

重要

规则表示 ACE) (一个或多个基础访问控制条目,在修改用户的访问安全规则时,这些条目会根据需要进行拆分或组合。 因此,规则在添加时可能不再以特定形式存在,在这种情况下, RemoveAccessRuleSpecific 方法无法删除它。

适用于