问题
I'm currently having an issue when writing an app to set permissions on some Legacy keys. Legacy keys are quite locked down and to actually modify them in regedit you have to take ownership and then add yourself with full control. When trying to replicate this in code i cannot get the key for write with the error "Access is denied". Example code:
RegistrySecurity rs = new RegistrySecurity();
rs.AddAccessRule(new RegistryAccessRule("Administrators", RegistryRights.FullControl, AccessControlType.Allow));
rs.SetOwner(new NTAccount("Administrators"));
return LocalMachine.CreateSubKey(post, RegistryKeyPermissionCheck.ReadWriteSubTree, rs);
Any ideas would be greatly appreciated. I have also tried OpenSubKey with write access requested and I just cannot get the key.
Thanks guys.
回答1:
I finally found a solution. You had to open the key with "ChangePermissions" and then change the permission for yourself... THEN re-open the key with full control to change the owner. Here's how.
RegistryKey rk = LocalMachine.OpenSubKey(subkey, RegistryKeyPremissionsCheck.ReadWriteSubTree, RegistryRights.ChangePermissions | RegistryRights.ReadKey);//Get the registry key desired with ChangePermissions Rights.
RegistrySecurity rs = new RegistrySecurity();
rs.AddAccessRule(new RegistryAccessRule("Administrator", RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));//Create access rule giving full control to the Administrator user.
rk.SetAccessControl(rs); //Apply the new access rule to this Registry Key.
rk = LocalMachine.OpenSubKey(subkey, RegistryKeyPremissionsCheck.ReadWriteSubTree, RegistryRights.FullControl); // Opens the key again with full control.
rs.SetOwner(new NTAccount("Administrator"));// Set the securitys owner to be Administrator
rk.SetAccessControl(rs);// Set the key with the changed permission so Administrator is now owner.
This works for me. Let me know if it works for you :)
Obviously change Administrator to another user if you aren't logged in as administrator or if you need rights for another user.
回答2:
When you run your app with that code are you right-clicking the exe and selecting "Run As Administrator"?
回答3:
using System.Security;
using System.Security.AccessControl;
using System.Security.Principal;
using Microsoft.Win32;
First must Set a permission with right FULL-ACCESS to subkey
RegistryKey rkey = LocalMachine.OpenSubKey(_subKey, RegistryKeyPermissionCheck.ReadWriteSubTree, gistryRights.ChangePermissions);
if (rkey == null)
throw new Exception("Not Open");
//-------
RegistrySecurity _registrySecurity =new RegistrySecurity();//Or rkey.GetAccessControl();
WindowsIdentity _windowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent();
RegistryAccessRule _accessRule = new RegistryAccessRule(_windowsIdentity.Name, RegistryRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow);
_registrySecurity.AddAccessRule(_accessRule);
_registrySecurity.SetAccessRuleProtection(false, true);
rkey.SetAccessControl(_registrySecurity);
//--------Now, Set owner
_registrySecurity.SetGroup(new NTAccount("Administrators")); //This is optional
var SID = new System.Security.Principal.NTAccount("XXX\\Users");
_registrySecurity.SetOwner(SID);
rkey.SetAccessControl(_registrySecurity);
XXX : your account name
回答4:
RegistryKey rkey = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Norton\SecurityStatusSDK", RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.ChangePermissions);
if (rkey == null)
throw new Exception("Not Open");
//-------
RegistrySecurity _registrySecurity = new RegistrySecurity();//Or rkey.GetAccessControl();
WindowsIdentity _windowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent();
RegistryAccessRule _accessRule = new RegistryAccessRule(_windowsIdentity.Name, RegistryRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow);
_registrySecurity.AddAccessRule(_accessRule);
_registrySecurity.SetAccessRuleProtection(false, true);
try
{
rkey.SetAccessControl(_registrySecurity);// <---"Attempted to perform an unauthorized operation."
}
catch (UnauthorizedAccessException e)
{
}
//--------Now, Set owner
_registrySecurity.SetGroup(new NTAccount("Administrators")); //This is optional
var SID = new System.Security.Principal.NTAccount("XXX\\Users");
_registrySecurity.SetOwner(SID);
rkey.SetAccessControl(_registrySecurity);
I installed Norton Internet Security
回答5:
Microsoft Visual Studio 2015 (Administrator)
_subKey = SOFTWARE\Wow6432Node\Norton
rkey.SetAccessControl(_registrySecurity);->"Attempted to perform an unauthorized operation."`
来源:https://stackoverflow.com/questions/6455691/registrysecurity-access-is-denied-c-sharp