RegistrySecurity.RemoveAccessRuleAll(RegistryAccessRule) Método

Definición

Busca todas las reglas de control de acceso con el mismo usuario y AccessControlType (conceder o denegar) que la regla especificada y, si las encuentra, las quita.

public:
 void RemoveAccessRuleAll(System::Security::AccessControl::RegistryAccessRule ^ rule);
public void RemoveAccessRuleAll (System.Security.AccessControl.RegistryAccessRule rule);
override this.RemoveAccessRuleAll : System.Security.AccessControl.RegistryAccessRule -> unit
Public Sub RemoveAccessRuleAll (rule As RegistryAccessRule)

Parámetros

rule
RegistryAccessRule

RegistryAccessRule que especifica el usuario y AccessControlType que se va a buscar. Se pasan por alto los derechos, los marcadores de herencia o los marcadores de propagación especificados por esta regla.

Excepciones

rule es null.

Ejemplos

En el ejemplo de código siguiente se muestra que el RemoveAccessRuleAll método quita todas las reglas que coinciden con el usuario y AccessControlType, ignorando los derechos y las marcas.

En el ejemplo se crea un RegistrySecurity objeto y se agregan reglas que permiten y deniegan varios derechos para el usuario actual, con marcas de herencia y propagación diferentes. A continuación, el ejemplo crea una nueva regla que permite al usuario actual tomar posesión y pasa esa regla al RemoveAccessRuleAll método para quitar las dos reglas que permiten el acceso.

Nota

En este ejemplo no se adjunta el objeto de seguridad a un RegistryKey objeto . Vea el RegistryKey.GetAccessControl método y el RegistryKey.SetAccessControl método .


using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;

public class Example
{
    public static void Main()
    {
        string user = Environment.UserDomainName + "\\"
            + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user the right
        // to read and enumerate the name/value pairs in a key, 
        // to read its access and audit rules, to enumerate
        // its subkeys, to create subkeys, and to delete the key. 
        // The rule is inherited by all contained subkeys.
        //
        RegistryAccessRule rule = new RegistryAccessRule(user, 
            RegistryRights.ReadKey | RegistryRights.WriteKey
                | RegistryRights.Delete, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that allows the current user the right
        // right to set the name/value pairs in a key. 
        // This rule is inherited by contained subkeys, but
        // propagation flags limit it to immediate child 
        // subkeys.
        rule = new RegistryAccessRule(user, 
            RegistryRights.ChangePermissions,
            InheritanceFlags.ContainerInherit,
            PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that denies the current user the right
        // to set the name/value pairs in a key. This rule
        // has no inheritance or propagation flags, so it 
        // affects only the key itself.
        rule = new RegistryAccessRule(user,
            RegistryRights.SetValue,
            AccessControlType.Deny);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Create a rule that allows the current user the 
        // right to change the ownership of the key, with
        // no inheritance or propagation flags. The rights
        // and flags are ignored by RemoveAccessRuleAll,
        // and all rules that allow access for the current
        // user are removed.
        rule = new RegistryAccessRule(user, 
            RegistryRights.TakeOwnership, 
            AccessControlType.Allow);
        mSec.RemoveAccessRuleAll(rule);

        // Show that all rules that allow access have been 
        // removed.
        ShowSecurity(mSec);
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)) )
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
            Console.WriteLine("   Inherited? {0}", ar.IsInherited);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: SetValue
 Inheritance: None
 Propagation: None
   Inherited? False

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, Delete, ReadKey
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False

        User: TestDomain\TestUser
        Type: Allow
      Rights: ChangePermissions
 Inheritance: ContainerInherit
 Propagation: NoPropagateInherit, InheritOnly
   Inherited? False


Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: SetValue
 Inheritance: None
 Propagation: None
   Inherited? False

*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32

Public Class Example

    Public Shared Sub Main()

        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user the right
        ' to read and enumerate the name/value pairs in a key, 
        ' to read its access and audit rules, to enumerate
        ' its subkeys, to create subkeys, and to delete the key. 
        ' The rule is inherited by all contained subkeys.
        '
        Dim rule As New RegistryAccessRule(user, _
            RegistryRights.ReadKey Or RegistryRights.WriteKey _
                Or RegistryRights.Delete, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that allows the current user the right
        ' right to set the name/value pairs in a key. 
        ' This rule is inherited by contained subkeys, but
        ' propagation flags limit it to immediate child 
        ' subkeys.
        rule = New RegistryAccessRule(user, _
            RegistryRights.ChangePermissions, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that denies the current user the right
        ' to set the name/value pairs in a key. This rule
        ' has no inheritance or propagation flags, so it 
        ' affects only the key itself.
        rule = New RegistryAccessRule(user, _
            RegistryRights.SetValue, _
            AccessControlType.Deny)
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Create a rule that allows the current user the 
        ' right to change the ownership of the key, with
        ' no inheritance or propagation flags. The rights
        ' and flags are ignored by RemoveAccessRuleAll,
        ' and all rules that allow access for the current
        ' user are removed.
        rule = New RegistryAccessRule(user, _
            RegistryRights.TakeOwnership, _
            AccessControlType.Allow)
        mSec.RemoveAccessRuleAll(rule)

        ' Show that all rules that allow access have been 
        ' removed.
        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
            Console.WriteLine("   Inherited? {0}", ar.IsInherited)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: SetValue
' Inheritance: None
' Propagation: None
'   Inherited? False
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
'   Inherited? False
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: SetValue
' Inheritance: None
' Propagation: None
'   Inherited? False
'

Comentarios

Se busca en el objeto actual RegistrySecurity reglas que tengan el mismo usuario y el mismo AccessControlType valor que rule. Los derechos, las marcas de herencia o las marcas de propagación especificadas por rule se omiten al realizar esta búsqueda. Si no se encuentra ninguna regla de coincidencia, no se realiza ninguna acción.

Por ejemplo, si un usuario tiene varias reglas que permiten varios derechos con marcas de herencia y propagación diferentes, puede quitar todas esas reglas mediante la creación de un RegistryAccessRule objeto que especifique el usuario y AccessControlType.Allow, con cualquier derecho arbitrario y marcas, y pasando esa regla al RemoveAccessRuleAll método .

Se aplica a