RegistrySecurity.RemoveAccessRuleAll(RegistryAccessRule) Méthode
Définition
Important
Certaines informations portent sur la préversion du produit qui est susceptible d’être en grande partie modifiée avant sa publication. Microsoft exclut toute garantie, expresse ou implicite, concernant les informations fournies ici.
Recherche toutes les règles de contrôle d'accès ayant les mêmes utilisateur et AccessControlType (autorisation ou refus) que la règle spécifiée et, s'il en existe, les supprime.
public:
void RemoveAccessRuleAll(System::Security::AccessControl::RegistryAccessRule ^ rule);
public void RemoveAccessRuleAll (System.Security.AccessControl.RegistryAccessRule rule);
override this.RemoveAccessRuleAll : System.Security.AccessControl.RegistryAccessRule -> unit
Public Sub RemoveAccessRuleAll (rule As RegistryAccessRule)
Paramètres
- rule
- RegistryAccessRule
RegistryAccessRule qui spécifie l'utilisateur et AccessControlType à rechercher. Les droits et les indicateurs d'héritage ou de propagation spécifiés par cette règle sont ignorés.
Exceptions
rule
a la valeur null
.
Exemples
L’exemple de code suivant montre que la RemoveAccessRuleAll méthode supprime toutes les règles qui correspondent à l’utilisateur et AccessControlType, en ignorant les droits et les indicateurs.
L’exemple crée un objet et ajoute des RegistrySecurity règles qui autorisent et refusent différents droits pour l’utilisateur actuel, avec différents indicateurs d’héritage et de propagation. L’exemple crée ensuite une règle qui permet à l’utilisateur actuel d’en prendre possession et transmet cette règle à la RemoveAccessRuleAll méthode pour supprimer les deux règles qui autorisent l’accès.
Notes
Cet exemple n’attache pas l’objet de sécurité à un RegistryKey objet . Consultez la RegistryKey.GetAccessControl méthode et la RegistryKey.SetAccessControl méthode .
using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;
public class Example
{
public static void Main()
{
string user = Environment.UserDomainName + "\\"
+ Environment.UserName;
// Create a security object that grants no access.
RegistrySecurity mSec = new RegistrySecurity();
// Add a rule that grants the current user the right
// to read and enumerate the name/value pairs in a key,
// to read its access and audit rules, to enumerate
// its subkeys, to create subkeys, and to delete the key.
// The rule is inherited by all contained subkeys.
//
RegistryAccessRule rule = new RegistryAccessRule(user,
RegistryRights.ReadKey | RegistryRights.WriteKey
| RegistryRights.Delete,
InheritanceFlags.ContainerInherit,
PropagationFlags.None,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that allows the current user the right
// right to set the name/value pairs in a key.
// This rule is inherited by contained subkeys, but
// propagation flags limit it to immediate child
// subkeys.
rule = new RegistryAccessRule(user,
RegistryRights.ChangePermissions,
InheritanceFlags.ContainerInherit,
PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit,
AccessControlType.Allow);
mSec.AddAccessRule(rule);
// Add a rule that denies the current user the right
// to set the name/value pairs in a key. This rule
// has no inheritance or propagation flags, so it
// affects only the key itself.
rule = new RegistryAccessRule(user,
RegistryRights.SetValue,
AccessControlType.Deny);
mSec.AddAccessRule(rule);
// Display the rules in the security object.
ShowSecurity(mSec);
// Create a rule that allows the current user the
// right to change the ownership of the key, with
// no inheritance or propagation flags. The rights
// and flags are ignored by RemoveAccessRuleAll,
// and all rules that allow access for the current
// user are removed.
rule = new RegistryAccessRule(user,
RegistryRights.TakeOwnership,
AccessControlType.Allow);
mSec.RemoveAccessRuleAll(rule);
// Show that all rules that allow access have been
// removed.
ShowSecurity(mSec);
}
private static void ShowSecurity(RegistrySecurity security)
{
Console.WriteLine("\r\nCurrent access rules:\r\n");
foreach( RegistryAccessRule ar in
security.GetAccessRules(true, true, typeof(NTAccount)) )
{
Console.WriteLine(" User: {0}", ar.IdentityReference);
Console.WriteLine(" Type: {0}", ar.AccessControlType);
Console.WriteLine(" Rights: {0}", ar.RegistryRights);
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
Console.WriteLine(" Inherited? {0}", ar.IsInherited);
Console.WriteLine();
}
}
}
/* This code example produces output similar to following:
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: SetValue
Inheritance: None
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: SetValue, CreateSubKey, Delete, ReadKey
Inheritance: ContainerInherit
Propagation: None
Inherited? False
User: TestDomain\TestUser
Type: Allow
Rights: ChangePermissions
Inheritance: ContainerInherit
Propagation: NoPropagateInherit, InheritOnly
Inherited? False
Current access rules:
User: TestDomain\TestUser
Type: Deny
Rights: SetValue
Inheritance: None
Propagation: None
Inherited? False
*/
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32
Public Class Example
Public Shared Sub Main()
Dim user As String = Environment.UserDomainName _
& "\" & Environment.UserName
' Create a security object that grants no access.
Dim mSec As New RegistrySecurity()
' Add a rule that grants the current user the right
' to read and enumerate the name/value pairs in a key,
' to read its access and audit rules, to enumerate
' its subkeys, to create subkeys, and to delete the key.
' The rule is inherited by all contained subkeys.
'
Dim rule As New RegistryAccessRule(user, _
RegistryRights.ReadKey Or RegistryRights.WriteKey _
Or RegistryRights.Delete, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.None, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that allows the current user the right
' right to set the name/value pairs in a key.
' This rule is inherited by contained subkeys, but
' propagation flags limit it to immediate child
' subkeys.
rule = New RegistryAccessRule(user, _
RegistryRights.ChangePermissions, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
AccessControlType.Allow)
mSec.AddAccessRule(rule)
' Add a rule that denies the current user the right
' to set the name/value pairs in a key. This rule
' has no inheritance or propagation flags, so it
' affects only the key itself.
rule = New RegistryAccessRule(user, _
RegistryRights.SetValue, _
AccessControlType.Deny)
mSec.AddAccessRule(rule)
' Display the rules in the security object.
ShowSecurity(mSec)
' Create a rule that allows the current user the
' right to change the ownership of the key, with
' no inheritance or propagation flags. The rights
' and flags are ignored by RemoveAccessRuleAll,
' and all rules that allow access for the current
' user are removed.
rule = New RegistryAccessRule(user, _
RegistryRights.TakeOwnership, _
AccessControlType.Allow)
mSec.RemoveAccessRuleAll(rule)
' Show that all rules that allow access have been
' removed.
ShowSecurity(mSec)
End Sub
Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)
For Each ar As RegistryAccessRule In _
security.GetAccessRules(True, True, GetType(NTAccount))
Console.WriteLine(" User: {0}", ar.IdentityReference)
Console.WriteLine(" Type: {0}", ar.AccessControlType)
Console.WriteLine(" Rights: {0}", ar.RegistryRights)
Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
Console.WriteLine(" Inherited? {0}", ar.IsInherited)
Console.WriteLine()
Next
End Sub
End Class
'This code example produces output similar to following:
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: SetValue
' Inheritance: None
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
' Inherited? False
'
' User: TestDomain\TestUser
' Type: Allow
' Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
' Inherited? False
'
'
'Current access rules:
'
' User: TestDomain\TestUser
' Type: Deny
' Rights: SetValue
' Inheritance: None
' Propagation: None
' Inherited? False
'
Remarques
Le actuel RegistrySecurity est recherché pour les règles qui ont le même utilisateur et la même AccessControlType valeur que rule
. Tous les droits, indicateurs d’héritage ou indicateurs de propagation spécifiés par rule
sont ignorés lors de la recherche. Si aucune règle de correspondance n’est trouvée, aucune action n’est effectuée.
Par exemple, si un utilisateur a plusieurs règles qui autorisent différents droits avec différents indicateurs d’héritage et de propagation, vous pouvez supprimer toutes ces règles en créant un RegistryAccessRule objet qui spécifie l’utilisateur et AccessControlType.Allow, avec tous les droits et indicateurs arbitraires, et en transmettant cette règle à la RemoveAccessRuleAll méthode .