.NET Framework 類庫RegistrySecurity.RemoveAccessRule 方法

原文出處：http://technet.microsoft.com/zh-cn/subscriptions/722axwyk(VS.80).aspx

注意：此方法在 .NET Framework 2.0 版中是新增的。

搜尋如下的通路控制規則：與指定的通路規則具有相同的使用者和 AccessControlType（允許或拒絕），并具有相容的繼承和傳播标志；如果找到，則從中移除指定通路規則中包含的權限。

命名空間:System.Security.AccessControl

程式集:mscorlib（在 mscorlib.dll 中）

參數

rule

指定要搜尋的使用者和 AccessControlType 的 RegistryAccessRule，以及比對規則（如果找到）必須相容的一組繼承和傳播标志。指定要從相容規則移除的權限（如果找到）。

傳回值

如果找到一個相容規則，則為 true；否則為 false。

 異常

異常類型	條件
ArgumentNullException	rule 為 空引用（在 Visual Basic 中為 Nothing）。

 備注

在目前 RegistrySecurity 中搜尋與 rule 具有相同使用者和 AccessControlType 值的規則。如果找不到這樣的規則，則不執行任何操作，并且此方法将傳回false。如果找到比對規則，将檢查它們的繼承和相容性标志是否與 rule 中指定的标志相容。如果找不到相容規則，則不執行任何操作，并且該方法将傳回false。如果找到具有相容标志的規則，将從此相容規則中移除 rule 中指定的權限，并且該方法将傳回true。如果 rule 指定了相容規則中不包含的權限，則不根據這些權限執行任何操作。如果移除相容規則中的所有權限，則整個規則将從目前RegistrySecurity 對象中移除。

 示例

下面的代碼示例示範 RemoveAccessRule 方法如何從一條相容規則中移除權限，以及 AddAccessRule 方法如何将權限與相容規則合并。

此示例建立一個 RegistrySecurity 對象并添加一個授予目前使用者 RegistryRights.ReadKey 權限的規則。然後，此示例建立一個授予使用者 RegistryRights.SetValue 權限的規則（與第一個規則具有相同的繼承和傳播權限），然後使用RemoveAccessRule 方法從 RegistrySecurity 對象移除此新規則。SetValue 是ReadKey 的構成部分，是以它将從相容的規則移除。還将顯示 RegistrySecurity 對象中的規則，展示ReadKey 的其餘構成部分。

然後，此示例代碼調用 RemoveAccessRule 方法将 SetValue 權限合并回RegistrySecurity 對象中的規則。

注意
此示例未将安全對象附加到 RegistryKey 對象。本節的第二個示例則附加一個安全對象，Microsoft.Win32.RegistryKey.GetAccessControl 和RegistryKey.SetAccessControl 中的示例亦如此。

Visual Basic 複制代碼

Option Explicit
Imports System
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32

Public Class Example

    Public Shared Sub Main()

        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user ReadKey
        ' rights. ReadKey is a combination of four other 
        ' rights. The rule is inherited by all 
        ' contained subkeys.
        Dim rule As New RegistryAccessRule(user, _
            RegistryRights.ReadKey, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Create a rule that allows the current user only the 
        ' right to query the key/value pairs of a key, using  
        ' the same inheritance and propagation flags as the
        ' first rule. QueryValues is a constituent of 
        ' ReadKey, so when this rule is removed, using the 
        ' RemoveAccessRule method, ReadKey is broken into
        ' its constituent parts.
        rule = New RegistryAccessRule(user, _
            RegistryRights.QueryValues, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.RemoveAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Add the second rule back. It merges with the 
        ' existing rule, so that the rule is now displayed
        ' as ReadKey.
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
            Console.WriteLine("   Inherited? {0}", ar.IsInherited)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: EnumerateSubKeys, Notify, ReadPermissions
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ReadKey
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'      
        
(" Type: {0}", ar.AccessControlType) Console.WriteLine(" Rights: {0}", ar.RegistryRights) Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags) Console.WriteLine(" Propagation: {0}", ar.PropagationFlags) Console.WriteLine(" Inherited? {0}", ar.IsInherited) Console.WriteLine() Next End SubEnd Class 'This code example produces output similar to following:''Current access rules:'' User: TestDomain\TestUser' Type: Allow' Rights: EnumerateSubKeys, Notify, ReadPermissions' Inheritance: ContainerInherit' Propagation: None' Inherited? False'''Current access rules:'' User: TestDomain\TestUser' Type: Allow' Rights: ReadKey' Inheritance: ContainerInherit' Propagation: None' Inherited? False'      

C# 複制代碼

using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;

public class Example
{

    public static void Main()
    {

        string user = Environment.UserDomainName + "\\"
            + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user ReadKey
        // rights. ReadKey is a combination of four other 
        // rights. The rule is inherited by all 
        // contained subkeys.
        RegistryAccessRule rule = new RegistryAccessRule(user, 
            RegistryRights.ReadKey, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Create a rule that allows the current user only the 
        // right to query the key/value pairs of a key, using  
        // the same inheritance and propagation flags as the
        // first rule. QueryValues is a constituent of 
        // ReadKey, so when this rule is removed, using the 
        // RemoveAccessRule method, ReadKey is broken into
        // its constituent parts.
        rule = new RegistryAccessRule(user, 
            RegistryRights.QueryValues, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.None, 
            AccessControlType.Allow);
        mSec.RemoveAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Add the second rule back. It merges with the 
        // existing rule, so that the rule is now displayed
        // as ReadKey.
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount)) )
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
            Console.WriteLine("   Inherited? {0}", ar.IsInherited);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: EnumerateSubKeys, Notify, ReadPermissions
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False


Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: ReadKey
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False
 */      

  
             
  平台 
    
    
     
     
Windows 98、Windows 2000 SP4、Windows Millennium Edition、Windows Server 2003、Windows XP Media Center Edition、Windows XP Professional x64 Edition、Windows XP SP2、Windows XP Starter Edition

     
.NET Framework 并不是對每個平台的所有版本都提供支援。有關受支援版本的清單，請參見系統要求。

    
   
   
    
     
        
  
             
  版本資訊 
    
    
     
             
 .NET Framework       
         受以下版本支援：2.0

    
   
   
    
     
        
  
             
  請參見 
    
    
     
     
              
 參考       
         
      RegistrySecurity 類

      RegistrySecurity 成員

      System.Security.AccessControl 命名空間