RegistryKey.SetAccessControl(RegistrySecurity) Méthode

Définition

Applique la sécurité du contrôle d'accès Windows à une clé de Registre existante.

public:
 void SetAccessControl(System::Security::AccessControl::RegistrySecurity ^ registrySecurity);
public void SetAccessControl (System.Security.AccessControl.RegistrySecurity registrySecurity);
member this.SetAccessControl : System.Security.AccessControl.RegistrySecurity -> unit
Public Sub SetAccessControl (registrySecurity As RegistrySecurity)

Paramètres

registrySecurity
RegistrySecurity

Sécurité du contrôle d'accès à appliquer à la sous-clé actuelle.

Exceptions

L'objet RegistryKey en cours représente une clé avec sécurité du contrôle d'accès et l'appelant n'a pas de droits ChangePermissions.

registrySecurity a la valeur null.

Le RegistryKey en cours de manipulation est fermé (les clés fermées ne sont pas accessibles).

Exemples

L’exemple de code suivant crée une clé de test. L’utilisateur actuel est autorisé ReadKey et les droits, Delete mais refusés ChangePermissions et WriteKey les droits. Les tentatives suivantes de manipulation de la clé réussissent ou échouent en fonction de ces autorisations.

Avant la suppression de la clé, le code s’interrompt. Vous pouvez basculer vers l’éditeur du Registre et vérifier que les mêmes droits d’accès s’appliquent lorsque la clé est accessible à l’aide de l’éditeur du Registre. (Cela fonctionne mieux si vous utilisez des runAs à partir de la ligne de commande pour exécuter l’éditeur du Registre et l’exemple de code en tant qu’utilisateur local sans droits d’administrateur. L’éditeur du Registre permet toujours à un administrateur de modifier les autorisations, même si ces droits ont été refusés à l’administrateur particulier. Si vous avez défini un utilisateur local nommé TestUser, la commande runas /user:TestUser cmd ouvre une fenêtre de commande à partir de laquelle vous pouvez exécuter l’éditeur du Registre, puis l’exemple de code.)

using namespace System;
using namespace System::Reflection;
using namespace Microsoft::Win32;
using namespace System::Security::AccessControl;
using namespace System::Security;

int main()
{
    // Delete the example key if it exists.
    try
    {
        Registry::CurrentUser->DeleteSubKey("RegistryRightsExample");
        Console::WriteLine("Example key has been deleted.");
    }
    catch (ArgumentException^)
    {
        // ArgumentException is thrown if the key does not exist. In
        // this case, there is no reason to display a message.
    }
    catch (InvalidOperationException^ ex)
    {
        Console::WriteLine(
            "{0}Unable to delete key: it appears to have child subkeys:{0}{1}", 
            Environment::NewLine, ex);
        return 0;
    }
    catch (SecurityException^ ex)
    {
        Console::WriteLine("{0}You do not have the permissions required " +
            "to delete this key:{0}{1}", Environment::NewLine, ex);
        return 0;
    }

    String^ user = Environment::UserDomainName + "\\" + Environment::UserName;

    RegistrySecurity^ regSecurity = gcnew RegistrySecurity();

    // Allow the current user to read and delete the key.
    //
    regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
        RegistryRights::ReadKey | RegistryRights::Delete,
        InheritanceFlags::None,
        PropagationFlags::None,
        AccessControlType::Allow));

    // Prevent the current user from writing or changing the
    // permission set of the key. Note that if Delete permission
    // were not allowed in the previous access rule, denying
    // WriteKey permission would prevent the user from deleting the
    // key.
    regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
        RegistryRights::WriteKey | RegistryRights::ChangePermissions,
        InheritanceFlags::None,
        PropagationFlags::None,
        AccessControlType::Deny));

    // Create the example key with registry security.
    RegistryKey^ createdKey = nullptr;
    try
    {
        createdKey = Registry::CurrentUser->CreateSubKey(
            "RegistryRightsExample", RegistryKeyPermissionCheck::Default,
            regSecurity);
        Console::WriteLine("{0}Example key created.", Environment::NewLine);
        createdKey->SetValue("ValueName", "StringValue");
    }
    catch (SecurityException^ ex)
    {
        Console::WriteLine("{0}You do not have the permissions required " +
            "to create the example key:{0}{1}", Environment::NewLine, ex);
        return 0;
    }
    if (createdKey != nullptr)
    {
        createdKey->Close();
    }

    RegistryKey^ openedKey;

    // Open the key with read access.
    openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample",
        false);
    Console::WriteLine("{0}Retrieved value: {1}",
        Environment::NewLine, openedKey->GetValue("ValueName"));
    openedKey->Close();

    // Attempt to open the key with write access.
    try
    {
        openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample",
            true);
    }
    catch (SecurityException^ ex)
    {
        Console::WriteLine("{0}You do not have the permissions required " +
            "to write to the example key:{0}{1}", Environment::NewLine, ex);
    }
    if (openedKey != nullptr)
    {
        openedKey->Close();
    }

    // Attempt to change permissions for the key.
    try
    {
        regSecurity = gcnew RegistrySecurity();
        regSecurity->AddAccessRule(gcnew RegistryAccessRule(user,
            RegistryRights::WriteKey,
            InheritanceFlags::None,
            PropagationFlags::None,
            AccessControlType::Allow));
        openedKey = Registry::CurrentUser->OpenSubKey("RegistryRightsExample",
            false);
        openedKey->SetAccessControl(regSecurity);
        Console::WriteLine("{0}Example key permissions were changed.", 
            Environment::NewLine);
    }
    catch (UnauthorizedAccessException^ ex)
    {
        Console::WriteLine("{0}You are not authorized to change " +
            "permissions for the example key:{0}{1}", Environment::NewLine, ex);
    }
    if (openedKey != nullptr)
    {
        openedKey->Close();
    }

    Console::WriteLine("{0}Press Enter to delete the example key.", 
        Environment::NewLine);
    Console::ReadLine();

    try
    {
        Registry::CurrentUser->DeleteSubKey("RegistryRightsExample");
        Console::WriteLine("Example key was deleted.");
    }
    catch(SecurityException^ ex)
    {
        Console::WriteLine("{0}You do not have the permissions required to "
            + "delete the example key:{0}{1}", Environment::NewLine, ex);
    }
}
using System;
using System.Reflection;
using System.Security;
using System.Security.AccessControl;
using Microsoft.Win32;

public class Example
{
    public static void Main()
    {
        // Delete the example key if it exists.
        try
        {
            Registry.CurrentUser.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key has been deleted.");
        }
        catch (ArgumentException)
        {
            // ArgumentException is thrown if the key does not exist. In
            // this case, there is no reason to display a message.
        }
        catch (Exception ex)
        {
            Console.WriteLine("Unable to delete the example key: {0}", ex);
            return;
        }

        string user = Environment.UserDomainName + "\\" + Environment.UserName;

        RegistrySecurity rs = new RegistrySecurity();

        // Allow the current user to read and delete the key.
        //
        rs.AddAccessRule(new RegistryAccessRule(user,
            RegistryRights.ReadKey | RegistryRights.Delete,
            InheritanceFlags.None,
            PropagationFlags.None,
            AccessControlType.Allow));

        // Prevent the current user from writing or changing the
        // permission set of the key. Note that if Delete permission
        // were not allowed in the previous access rule, denying
        // WriteKey permission would prevent the user from deleting the
        // key.
        rs.AddAccessRule(new RegistryAccessRule(user,
            RegistryRights.WriteKey | RegistryRights.ChangePermissions,
            InheritanceFlags.None,
            PropagationFlags.None,
            AccessControlType.Deny));

        // Create the example key with registry security.
        RegistryKey rk = null;
        try
        {
            rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample",
                RegistryKeyPermissionCheck.Default, rs);
            Console.WriteLine("\r\nExample key created.");
            rk.SetValue("ValueName", "StringValue");
        }
        catch (Exception ex)
        {
            Console.WriteLine("\r\nUnable to create the example key: {0}", ex);
        }
        if (rk != null) rk.Close();

        rk = Registry.CurrentUser;

        RegistryKey rk2;

        // Open the key with read access.
        rk2 = rk.OpenSubKey("RegistryRightsExample", false);
        Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName"));
        rk2.Close();

        // Attempt to open the key with write access.
        try
        {
            rk2 = rk.OpenSubKey("RegistryRightsExample", true);
        }
        catch (SecurityException ex)
        {
            Console.WriteLine("\nUnable to write to the example key." +
                " Caught SecurityException: {0}", ex.Message);
        }
        if (rk2 != null) rk2.Close();

        // Attempt to change permissions for the key.
        try
        {
            rs = new RegistrySecurity();
            rs.AddAccessRule(new RegistryAccessRule(user,
                RegistryRights.WriteKey,
                InheritanceFlags.None,
                PropagationFlags.None,
                AccessControlType.Allow));
            rk2 = rk.OpenSubKey("RegistryRightsExample", false);
            rk2.SetAccessControl(rs);
            Console.WriteLine("\r\nExample key permissions were changed.");
        }
        catch (UnauthorizedAccessException ex)
        {
            Console.WriteLine("\nUnable to change permissions for the example key." +
                " Caught UnauthorizedAccessException: {0}", ex.Message);
        }
        if (rk2 != null) rk2.Close();

        Console.WriteLine("\r\nPress Enter to delete the example key.");
        Console.ReadLine();

        try
        {
            rk.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key was deleted.");
        }
        catch(Exception ex)
        {
            Console.WriteLine("Unable to delete the example key: {0}", ex);
        }

        rk.Close();
    }
}

/* This code example produces the following output:

Example key created.

Retrieved value: StringValue

Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed.

Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key.

Press Enter to delete the example key.

Example key was deleted.
 */
Imports System.Reflection
Imports System.Security
Imports System.Security.AccessControl
Imports Microsoft.Win32

Public Class Example
    Public Shared Sub Main()
        ' Delete the example key if it exists.
        Try
            Registry.CurrentUser.DeleteSubKey("RegistryRightsExample")
            Console.WriteLine("Example key has been deleted.")
        Catch ex As ArgumentException
            ' ArgumentException is thrown if the key does not exist. In
            ' this case, there is no reason to display a message.
        Catch ex As Exception
            Console.WriteLine("Unable to delete the example key: {0}", ex)
            Return
        End Try

        Dim user As String = Environment.UserDomainName & "\" & Environment.UserName

        Dim rs As New RegistrySecurity()

        ' Allow the current user to read and delete the key.
        '
        rs.AddAccessRule(new RegistryAccessRule(user, _
            RegistryRights.ReadKey Or RegistryRights.Delete, _
            InheritanceFlags.None, _
            PropagationFlags.None, _
            AccessControlType.Allow))

        ' Prevent the current user from writing or changing the
        ' permission set of the key. Note that if Delete permission
        ' were not allowed in the previous access rule, denying
        ' WriteKey permission would prevent the user from deleting the 
        ' key.
        rs.AddAccessRule(new RegistryAccessRule(user, _
            RegistryRights.WriteKey Or RegistryRights.ChangePermissions, _
            InheritanceFlags.None, _
            PropagationFlags.None, _
            AccessControlType.Deny))

        ' Create the example key with registry security.
        Dim rk As RegistryKey = Nothing
        Try
            rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", _
                RegistryKeyPermissionCheck.Default, rs)
            Console.WriteLine(vbCrLf & "Example key created.")
            rk.SetValue("ValueName", "StringValue")
        Catch ex As Exception
            Console.WriteLine(vbCrLf & "Unable to create the example key: {0}", ex)
        End Try

        If rk IsNot Nothing Then rk.Close()

        rk = Registry.CurrentUser

        Dim rk2 As RegistryKey
        
        ' Open the key with read access.
        rk2 = rk.OpenSubKey("RegistryRightsExample", False)
        Console.WriteLine(vbCrLf & "Retrieved value: {0}", rk2.GetValue("ValueName"))
        rk2.Close()

        ' Attempt to open the key with write access.
        Try
            rk2 = rk.OpenSubKey("RegistryRightsExample", True)
        Catch ex As SecurityException
            Console.WriteLine(vbCrLf & "Unable to write to the example key." _
                & " Caught SecurityException: {0}", ex.Message)
        End Try
        If rk2 IsNot Nothing Then rk2.Close()

        ' Attempt to change permissions for the key.
        Try
            rs = New RegistrySecurity()
            rs.AddAccessRule(new RegistryAccessRule(user, _
                RegistryRights.WriteKey, _
                InheritanceFlags.None, _
                PropagationFlags.None, _
                AccessControlType.Allow))
            rk2 = rk.OpenSubKey("RegistryRightsExample", False)
            rk2.SetAccessControl(rs)
            Console.WriteLine(vbCrLf & "Example key permissions were changed.")
        Catch ex As UnauthorizedAccessException
            Console.WriteLine(vbCrLf & "Unable to change permissions for the example key." _
                & " Caught UnauthorizedAccessException: {0}", ex.Message)
        End Try
        If rk2 IsNot Nothing Then rk2.Close()

        Console.WriteLine(vbCrLf & "Press Enter to delete the example key.")
        Console.ReadLine()

        Try
            rk.DeleteSubKey("RegistryRightsExample")
            Console.WriteLine("Example key was deleted.")
        Catch ex As Exception
            Console.WriteLine("Unable to delete the example key: {0}", ex)
        End Try

        rk.Close()
    End Sub
End Class

' This code produces the following output:
'
'Example key created.
'
'Retrieved value: StringValue
'
'Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed.
'
'Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key.
'
'Press Enter to delete the example key.
'
'Example key was deleted.

Remarques

Pour modifier les autorisations d’une clé de Registre, utilisez la GetAccessControl méthode pour obtenir un RegistrySecurity objet représentant la sécurité de contrôle d’accès Windows existante, modifiez cet RegistrySecurity objet, puis utilisez la méthode pour mettre à jour la SetAccessControl sécurité de la clé.

Attention

L’objet RegistrySecurity spécifié pour registrySecurity remplace la sécurité existante pour la clé de Registre. Pour ajouter des autorisations pour un nouvel utilisateur, utilisez la GetAccessControl méthode pour obtenir la sécurité de contrôle d’accès existante, puis modifiez-la.

S’applique à