RegistrySecurity.RemoveAccessRule(RegistryAccessRule) 方法

定义

命名空间:: System.Security.AccessControl

程序集:: Microsoft.Win32.Registry.dll

程序集:: Microsoft.Win32.Registry.AccessControl.dll

程序集:: mscorlib.dll

包:: Microsoft.Win32.Registry v5.0.0

Source:: RegistrySecurity.cs

重要

一些信息与预发行产品相关，相应产品在发行之前可能会进行重大修改。对于此处提供的信息，Microsoft 不作任何明示或暗示的担保。

搜索与指定访问规则相同的用户和 AccessControlType （允许或拒绝）的访问控制规则，并使用兼容的继承和传播标志;如果找到此类规则，则会从中删除指定访问规则中包含的权限。

public:
 bool RemoveAccessRule(System::Security::AccessControl::RegistryAccessRule ^ rule);

public bool RemoveAccessRule(System.Security.AccessControl.RegistryAccessRule rule);

override this.RemoveAccessRule : System.Security.AccessControl.RegistryAccessRule -> bool

Public Function RemoveAccessRule (rule As RegistryAccessRule) As Boolean

参数

rule: RegistryAccessRule

一个 RegistryAccessRule 指定用户和 AccessControlType 要搜索的一组继承和传播标志，如果找到匹配规则，则必须与它兼容。指定要从兼容规则中删除的权限（如果找到）。

Boolean

true 如果找到兼容规则，则为 ;否则 false。

例外

ArgumentNullException

rule 是 null。

示例

下面的代码示例演示了该方法如何 RemoveAccessRule 从兼容规则中删除权限，以及该方法如何将 AddAccessRule 权限与兼容规则合并。

该示例创建一个 RegistrySecurity 对象并添加一个允许当前用户 RegistryRights.ReadKey 权限的规则。然后，该示例创建一个规则，该规则授予用户 RegistryRights.SetValue，其继承和传播权限与第一个规则相同，并使用 RemoveAccessRule 该方法从 RegistrySecurity 对象中删除此新规则。 SetValue 是其组成部分 ReadKey，因此会将其从兼容规则中删除。将显示对象中的 RegistrySecurity 规则，其中显示了其余组成部分 ReadKey。

然后，示例代码调用 RemoveAccessRule 方法，将右侧合并 SetValue 回对象中的 RegistrySecurity 规则中。

注释

此示例不将安全对象附加到对象 RegistryKey 。本节中的第二个示例附加了一个安全对象，并在其中 RegistryKey.GetAccessControl RegistryKey.SetAccessControl执行示例。


using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;

public class Example
{

    public static void Main()
    {

        string user = Environment.UserDomainName + "\\"
            + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user ReadKey
        // rights. ReadKey is a combination of four other 
        // rights. The rule is inherited by all 
        // contained subkeys.
        RegistryAccessRule rule = new RegistryAccessRule(user, 
            RegistryRights.ReadKey, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Create a rule that allows the current user only the 
        // right to query the key/value pairs of a key, using  
        // the same inheritance and propagation flags as the
        // first rule. QueryValues is a constituent of 
        // ReadKey, so when this rule is removed, using the 
        // RemoveAccessRule method, ReadKey is broken into
        // its constituent parts.
        rule = new RegistryAccessRule(user, 
            RegistryRights.QueryValues, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.RemoveAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Add the second rule back. It merges with the 
        // existing rule, so that the rule is now displayed
        // as ReadKey.
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount)) )
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
            Console.WriteLine("   Inherited? {0}", ar.IsInherited);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: EnumerateSubKeys, Notify, ReadPermissions
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False


Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: ReadKey
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False
 */

Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32

Public Class Example

    Public Shared Sub Main()

        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user ReadKey
        ' rights. ReadKey is a combination of four other 
        ' rights. The rule is inherited by all 
        ' contained subkeys.
        Dim rule As New RegistryAccessRule(user, _
            RegistryRights.ReadKey, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Create a rule that allows the current user only the 
        ' right to query the key/value pairs of a key, using  
        ' the same inheritance and propagation flags as the
        ' first rule. QueryValues is a constituent of 
        ' ReadKey, so when this rule is removed, using the 
        ' RemoveAccessRule method, ReadKey is broken into
        ' its constituent parts.
        rule = New RegistryAccessRule(user, _
            RegistryRights.QueryValues, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.RemoveAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Add the second rule back. It merges with the 
        ' existing rule, so that the rule is now displayed
        ' as ReadKey.
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
            Console.WriteLine("   Inherited? {0}", ar.IsInherited)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: EnumerateSubKeys, Notify, ReadPermissions
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ReadKey
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'

注解

当前 RegistrySecurity 搜索的规则具有相同的用户和相同的 AccessControlType 值 rule。如果未找到此类规则，则不执行任何操作，并且该方法返回 false。如果找到匹配的规则，则会检查其继承和兼容性标志是否与中指定的 rule标志兼容。如果未找到兼容规则，则不执行任何操作，并且该方法返回 false。如果找到具有兼容标志的规则，则从兼容规则中删除指定 rule 的权限，并且该方法返回 true。如果 rule 指定兼容规则中不包含的权限，则不会对这些权限采取任何操作。如果从兼容规则中删除所有权限，则会从当前 RegistrySecurity 对象中删除整个规则。

适用于

反馈

此页面是否有帮助？