RegistrySecurity.RemoveAccessRuleAll(RegistryAccessRule) Metodo
Definizione
Importante
Alcune informazioni sono relative alla release non definitiva del prodotto, che potrebbe subire modifiche significative prima della release definitiva. Microsoft non riconosce alcuna garanzia, espressa o implicita, in merito alle informazioni qui fornite.
Cerca tutte le regole di controllo di accesso con lo stesso utente e la stessa classe AccessControlType (consenso o negazione) della regola specificata e, se trovate, le rimuove.
public:
void RemoveAccessRuleAll(System::Security::AccessControl::RegistryAccessRule ^ rule);public void RemoveAccessRuleAll (System.Security.AccessControl.RegistryAccessRule rule);override this.RemoveAccessRuleAll : System.Security.AccessControl.RegistryAccessRule -> unitPublic Sub RemoveAccessRuleAll (rule As RegistryAccessRule)Parametri
- rule
- RegistryAccessRule
Classe RegistryAccessRule che specifica l'utente e la classe AccessControlType da ricercare. Tutti i diritti, i flag di ereditarietà o di propagazione specificati da questa regola verranno ignorati.
Eccezioni
rule è null.
Esempio
Nell'esempio di codice seguente viene illustrato che il RemoveAccessRuleAll metodo rimuove tutte le regole che corrispondono all'utente e , ignorando i diritti e AccessControlTypei flag.
L'esempio crea un RegistrySecurity oggetto e aggiunge regole che consentono e negano vari diritti per l'utente corrente, con flag di ereditarietà e propagazione diversi. L'esempio crea quindi una nuova regola che consente all'utente corrente di accettare la proprietà e passa tale regola al RemoveAccessRuleAll metodo per rimuovere le due regole che consentono l'accesso.
Nota
In questo esempio non viene collegato l'oggetto di sicurezza a un RegistryKey oggetto. Vedere il metodo e il RegistryKey.GetAccessControlRegistryKey.SetAccessControl metodo.
using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
string user = Environment.UserDomainName + "\\"
+ Environment.UserName;
// Create a security object that grants no access.
RegistrySecurity mSec = new RegistrySecurity();
// Add a rule that grants the current user the right
// to read and enumerate the name/value pairs in a key,
// to read its access and audit rules, to enumerate
// its subkeys, to create subkeys, and to delete the key.
// The rule is inherited by all contained subkeys.
//
RegistryAccessRule rule = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that allows the current user the right
// right to set the name/value pairs in a key.
// This rule is inherited by contained subkeys, but
// propagation flags limit it to immediate child
// subkeys.
rule = new RegistryAccessRule(user,
RegistryRights.ChangePermissions,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that denies the current user the right
// to set the name/value pairs in a key. This rule
// has no inheritance or propagation flags, so it
// affects only the key itself.
rule = new RegistryAccessRule(user,
RegistryRights.SetValue,
AccessControlType.Deny);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Create a rule that allows the current user the
// right to change the ownership of the key, with
// no inheritance or propagation flags. The rights
// and flags are ignored by RemoveAccessRuleAll,
// and all rules that allow access for the current
// user are removed.
rule = new RegistryAccessRule(user,
RegistryRights.TakeOwnership,
AccessControlType.Allow);
mSec.RemoveAccessRuleAll(rule);
// Show that all rules that allow access have been
// removed.
ShowSecurity(mSec);
}
private static void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach( RegistryAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)) )
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
}
/* This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: SetValue
Inheritance: None
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: ContainerInherit
Propagation: NoPropagateInherit, InheritOnly
Inherited? False
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: SetValue
Inheritance: None
Propagation: None
Inherited? False
*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New RegistrySecurity()
' Add a rule that grants the current user the right
' to read and enumerate the name/value pairs in a key,
' to read its access and audit rules, to enumerate
' its subkeys, to create subkeys, and to delete the key.
' The rule is inherited by all contained subkeys.
'
Dim rule As New RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.WriteKey _
Or RegistryRights.Delete, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that allows the current user the right
' right to set the name/value pairs in a key.
' This rule is inherited by contained subkeys, but
' propagation flags limit it to immediate child
' subkeys.
rule = New RegistryAccessRule(user, _
RegistryRights.ChangePermissions, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that denies the current user the right
' to set the name/value pairs in a key. This rule
' has no inheritance or propagation flags, so it
' affects only the key itself.
rule = New RegistryAccessRule(user, _
RegistryRights.SetValue, _
AccessControlType.Deny)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Create a rule that allows the current user the
' right to change the ownership of the key, with
' no inheritance or propagation flags. The rights
' and flags are ignored by RemoveAccessRuleAll,
' and all rules that allow access for the current
' user are removed.
rule = New RegistryAccessRule(user, _
RegistryRights.TakeOwnership, _
AccessControlType.Allow)
mSec.RemoveAccessRuleAll(rule)
' Show that all rules that allow access have been
' removed.
ShowSecurity(mSec)
End Sub
Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As RegistryAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.RegistryRights)
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
Console.WriteLine(" Inherited? {0}", ar.IsInherited)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: SetValue
' Inheritance: None
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
' Inherited? False
'
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: SetValue
' Inheritance: None
' Propagation: None
' Inherited? False
'
Commenti
L'oggetto corrente RegistrySecurity viene cercato per le regole con lo stesso utente e lo stesso AccessControlType valore di rule. Tutti i diritti, i flag di ereditarietà o i flag di propagazione specificati da rule vengono ignorati durante l'esecuzione di questa ricerca. Se non vengono trovate regole corrispondenti, non viene eseguita alcuna azione.
Ad esempio, se un utente dispone di più regole che consentono vari diritti con flag di ereditarietà e propagazione diversi, è possibile rimuovere tutte queste regole creando un RegistryAccessRule oggetto che specifica l'utente e AccessControlType.Allow, con eventuali diritti e flag arbitrari e passando tale regola al RemoveAccessRuleAll metodo.
