如何为现有注册表项分配新权限(ACL),而不从父项继承权限
本文关键字:权限 ACL 继承权 继承 注册表 新权限 分配 | 更新日期: 2023-09-27 18:12:15
可以通过RegistryKey.SetAccessControl(new RegistrySecurity(...))设置新的权限。但在那之后,inheritance is turned on。
是否有一种方法可以在不开启继承的情况下分配新的权利?
整个代码:
void test
{
SecurityIdentifier sidAccUser = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
NTAccount ntAccUser = sidAccUser.Translate(typeof(NTAccount)) as NTAccount;
RegistryAccessRule regAcRule = new RegistryAccessRule(
ntAccUser
, RegistryRights.FullControl
, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
, PropagationFlags.None
, AccessControlType.Allow);
RegistrySecurity regSecurity = new RegistrySecurity();
regSecurity.AddAccessRule(regAcRule);
RegistryKey regKey = Registry.CurrentUser.OpenSubKey(@"ZZTEST", true);
// after that the inheritance is turned on
regKey.SetAccessControl(regSecurity);
}
我找到了这个解决方案,但不想使用COM-Server:设置权限和阻止继承c#与SetACL
使用SetAccessRuleProtection保护DACL不被继承
regSecurity.SetAccessRuleProtection(true, false);
- http://msdn.microsoft.com/en-us/library/vstudio/system.security.accesscontrol.objectsecurity.setaccessruleprotection (v = vs.100) . aspx