如何为现有注册表项分配新权限(ACL),而不从父项继承权限

本文关键字:权限 ACL 继承权 继承 注册表 新权限 分配 | 更新日期: 2023-09-27 18:12:15

可以通过RegistryKey.SetAccessControl(new RegistrySecurity(...))设置新的权限。但在那之后,inheritance is turned on

是否有一种方法可以在不开启继承的情况下分配新的权利?

整个代码:

void test
{
    SecurityIdentifier sidAccUser = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
    NTAccount ntAccUser = sidAccUser.Translate(typeof(NTAccount)) as NTAccount;
    RegistryAccessRule regAcRule = new RegistryAccessRule(
      ntAccUser
    , RegistryRights.FullControl
    , InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
    , PropagationFlags.None
    , AccessControlType.Allow);
    RegistrySecurity regSecurity = new RegistrySecurity();
    regSecurity.AddAccessRule(regAcRule);
    RegistryKey regKey = Registry.CurrentUser.OpenSubKey(@"ZZTEST", true);
    // after that the inheritance is turned on
    regKey.SetAccessControl(regSecurity);
}

我找到了这个解决方案,但不想使用COM-Server:设置权限和阻止继承c#与SetACL

如何为现有注册表项分配新权限(ACL),而不从父项继承权限

使用SetAccessRuleProtection保护DACL不被继承

regSecurity.SetAccessRuleProtection(true, false);
  • http://msdn.microsoft.com/en-us/library/vstudio/system.security.accesscontrol.objectsecurity.setaccessruleprotection (v = vs.100) . aspx