注册表更改权限删除其他用户权限
Registry change permission remove other user rights
我想更改所有权,然后更改对注册表项的权限。
这里是我目前的代码:
var id = WindowsIdentity.GetCurrent();
if (!Win32.SetPrivilege(Win32.TakeOwnership, true))
throw new Exception();
if (!Win32.SetPrivilege(Win32.Restore, true))
throw new Exception();
var hklm = RegistryKey.OpenBaseKey(registryHive, is64Key ? RegistryView.Registry64 : RegistryView.Registry32);
using (RegKey = hklm.OpenSubKey(path, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.TakeOwnership))
{
if (RegKey == null)
throw new Exception("clé de registre non trouvée");
_security = RegKey.GetAccessControl(AccessControlSections.All);
var oldId = _security.GetOwner(typeof (SecurityIdentifier));
_oldSi = new SecurityIdentifier(oldId.ToString());
_security.SetOwner(id.User);
RegKey.SetAccessControl(_security);
}
using (RegKey = hklm.OpenSubKey(path, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.ChangePermissions))
{
_fullAccess = new RegistryAccessRule(id.User, RegistryRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow);
_security.AddAccessRule(_fullAccess);
RegKey.SetAccessControl(_security);
}
一切正常,但在regedit中,子项权限只包含我的用户,所有其他用户都被删除。
之前:
之后:
似乎继承的权利被删除了。
我快成功了,一定是少了一个参数,但是我没看到是哪个。
尝试添加这个:
_security.SetAccessRuleProtection(false, false);
调用之前:
RegKey.SetAccessControl(_security);
这样做将确保 "protection from inheritance" 被禁用(即允许继承)。
我想更改所有权,然后更改对注册表项的权限。
这里是我目前的代码:
var id = WindowsIdentity.GetCurrent();
if (!Win32.SetPrivilege(Win32.TakeOwnership, true))
throw new Exception();
if (!Win32.SetPrivilege(Win32.Restore, true))
throw new Exception();
var hklm = RegistryKey.OpenBaseKey(registryHive, is64Key ? RegistryView.Registry64 : RegistryView.Registry32);
using (RegKey = hklm.OpenSubKey(path, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.TakeOwnership))
{
if (RegKey == null)
throw new Exception("clé de registre non trouvée");
_security = RegKey.GetAccessControl(AccessControlSections.All);
var oldId = _security.GetOwner(typeof (SecurityIdentifier));
_oldSi = new SecurityIdentifier(oldId.ToString());
_security.SetOwner(id.User);
RegKey.SetAccessControl(_security);
}
using (RegKey = hklm.OpenSubKey(path, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.ChangePermissions))
{
_fullAccess = new RegistryAccessRule(id.User, RegistryRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow);
_security.AddAccessRule(_fullAccess);
RegKey.SetAccessControl(_security);
}
一切正常,但在regedit中,子项权限只包含我的用户,所有其他用户都被删除。
之前:
之后:
似乎继承的权利被删除了。
我快成功了,一定是少了一个参数,但是我没看到是哪个。
尝试添加这个:
_security.SetAccessRuleProtection(false, false);
调用之前:
RegKey.SetAccessControl(_security);
这样做将确保 "protection from inheritance" 被禁用(即允许继承)。