问题
New rights can be set using RegistryKey.SetAccessControl(new RegistrySecurity(...)). But after that the inheritance is turned on.
Is there a way to assign new rights without turning the inheritance on?
The whole code:
void test
{
SecurityIdentifier sidAccUser = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
NTAccount ntAccUser = sidAccUser.Translate(typeof(NTAccount)) as NTAccount;
RegistryAccessRule regAcRule = new RegistryAccessRule(
ntAccUser
, RegistryRights.FullControl
, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
, PropagationFlags.None
, AccessControlType.Allow);
RegistrySecurity regSecurity = new RegistrySecurity();
regSecurity.AddAccessRule(regAcRule);
RegistryKey regKey = Registry.CurrentUser.OpenSubKey(@"ZZTEST", true);
// after that the inheritance is turned on
regKey.SetAccessControl(regSecurity);
}
I found this solution but don't want to use a COM-Server: Setting permissions and blocking inheritance from C# with SetACL
回答1:
Use SetAccessRuleProtection to protect the DACL from inheritance..
regSecurity.SetAccessRuleProtection(true, false);
- http://msdn.microsoft.com/en-us/library/vstudio/system.security.accesscontrol.objectsecurity.setaccessruleprotection(v=vs.100).aspx
来源:https://stackoverflow.com/questions/24676812/how-to-assign-new-rights-acl-to-existing-registry-key-without-inheriting-right