可以使用RegistryKey.SetAccessControl(new RegistrySecurity(...))设置新权限。但之后是inheritance is turned on。
有没有办法在不启用继承的情况下分配新权限?
整个代码:
void test
{
SecurityIdentifier sidAccUser = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
NTAccount ntAccUser = sidAccUser.Translate(typeof(NTAccount)) as NTAccount;
RegistryAccessRule regAcRule = new RegistryAccessRule(
ntAccUser
, RegistryRights.FullControl
, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
, PropagationFlags.None
, AccessControlType.Allow);
RegistrySecurity regSecurity = new RegistrySecurity();
regSecurity.AddAccessRule(regAcRule);
RegistryKey regKey = Registry.CurrentUser.OpenSubKey(@"ZZTEST", true);
// after that the inheritance is turned on
regKey.SetAccessControl(regSecurity);
}
我找到了这个解决方案但不想使用COM服务器:Setting permissions and blocking inheritance from C# with SetACL
答案 0 :(得分:1)
使用SetAccessRuleProtection保护DACL免于继承..
regSecurity.SetAccessRuleProtection(true, false);