授予注册表权限
Granting Permission to Registry
我正在授予 NETWORK SERVICE 访问我需要通过我 运行 作为 NETWORK 的控制台应用程序访问的注册表项的权限服务。以下是我如何创建密钥和授予权限。
Microsoft.Win32.RegistryKey key;
key = Microsoft.Win32.Registry.LocalMachine.CreateSubKey("SOFTWARE", RegistryKeyPermissionCheck.ReadWriteSubTree);
RegistrySecurity rs = new RegistrySecurity();
rs = key.GetAccessControl();
rs.AddAccessRule(new RegistryAccessRule("NETWORK SERVICE", RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
key.SetAccessControl(rs);
key = key.CreateSubKey("RM", RegistryKeyPermissionCheck.ReadWriteSubTree);
key = key.CreateSubKey("CSVExtraction", RegistryKeyPermissionCheck.ReadWriteSubTree);
key.SetValue("Failure Tally", "0");
但是,当我尝试使用以下代码将值设置为键时,出现错误。下面给出了我用来设置值的代码。
Microsoft.Win32.RegistryKey key;
key = Microsoft.Win32.Registry.LocalMachine.CreateSubKey("SOFTWARE", Microsoft.Win32.RegistryKeyPermissionCheck.ReadWriteSubTree);
key = key.CreateSubKey("RM", Microsoft.Win32.RegistryKeyPermissionCheck.ReadWriteSubTree);
key = key.CreateSubKey("CSVExtraction", Microsoft.Win32.RegistryKeyPermissionCheck.ReadWriteSubTree);
key.SetValue("Failure Tally, "1");
但是我收到一条错误消息,提示访问 HKLM/LOCAL MACHINE/SOFTWARE 被拒绝。但是我已经使用上面的代码添加了访问规则。但是当我手动检查访问权限时,访问权限被添加到 WOW6432 节点。
问题可以通过进行 2 处更改来解决
1)授予权限时
您的代码:rs.AddAccessRule(new RegistryAccessRule("NETWORK SERVICE", RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
key.SetAccessControl(rs);
编辑为:
rs.AddAccessRule(new RegistryAccessRule("NETWORK SERVICE", RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
key.SetAccessControl(rs);
这是为了确保您给予的许可被继承到子树。
2) 您不需要逐个密钥打开,而是可以通过写入
来访问您想要的密钥
string registryFolderStructure =@"SOFTWARE\RM\CSVExtraction";
key = Microsoft.Win32.Registry.LocalMachine.CreateSubKey(registryFolderStructure, Microsoft.Win32.RegistryKeyPermissionCheck.ReadWriteSubTree);
我正在授予 NETWORK SERVICE 访问我需要通过我 运行 作为 NETWORK 的控制台应用程序访问的注册表项的权限服务。以下是我如何创建密钥和授予权限。
Microsoft.Win32.RegistryKey key;
key = Microsoft.Win32.Registry.LocalMachine.CreateSubKey("SOFTWARE", RegistryKeyPermissionCheck.ReadWriteSubTree);
RegistrySecurity rs = new RegistrySecurity();
rs = key.GetAccessControl();
rs.AddAccessRule(new RegistryAccessRule("NETWORK SERVICE", RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
key.SetAccessControl(rs);
key = key.CreateSubKey("RM", RegistryKeyPermissionCheck.ReadWriteSubTree);
key = key.CreateSubKey("CSVExtraction", RegistryKeyPermissionCheck.ReadWriteSubTree);
key.SetValue("Failure Tally", "0");
但是,当我尝试使用以下代码将值设置为键时,出现错误。下面给出了我用来设置值的代码。
Microsoft.Win32.RegistryKey key;
key = Microsoft.Win32.Registry.LocalMachine.CreateSubKey("SOFTWARE", Microsoft.Win32.RegistryKeyPermissionCheck.ReadWriteSubTree);
key = key.CreateSubKey("RM", Microsoft.Win32.RegistryKeyPermissionCheck.ReadWriteSubTree);
key = key.CreateSubKey("CSVExtraction", Microsoft.Win32.RegistryKeyPermissionCheck.ReadWriteSubTree);
key.SetValue("Failure Tally, "1");
但是我收到一条错误消息,提示访问 HKLM/LOCAL MACHINE/SOFTWARE 被拒绝。但是我已经使用上面的代码添加了访问规则。但是当我手动检查访问权限时,访问权限被添加到 WOW6432 节点。
问题可以通过进行 2 处更改来解决 1)授予权限时 您的代码:rs.AddAccessRule(new RegistryAccessRule("NETWORK SERVICE", RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow)); key.SetAccessControl(rs);
编辑为:
rs.AddAccessRule(new RegistryAccessRule("NETWORK SERVICE", RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow));
key.SetAccessControl(rs);
这是为了确保您给予的许可被继承到子树。
2) 您不需要逐个密钥打开,而是可以通过写入
来访问您想要的密钥string registryFolderStructure =@"SOFTWARE\RM\CSVExtraction";
key = Microsoft.Win32.Registry.LocalMachine.CreateSubKey(registryFolderStructure, Microsoft.Win32.RegistryKeyPermissionCheck.ReadWriteSubTree);