共用方式為


RegistryAccessRule 建構函式

定義

初始化 RegistryAccessRule 類別的新執行個體。

多載

RegistryAccessRule(IdentityReference, RegistryRights, AccessControlType)

初始化 RegistryAccessRule 類別的新執行個體,指定套用此規則的使用者或群組、存取權限,以及允許還是拒絕指定的存取權限。

RegistryAccessRule(String, RegistryRights, AccessControlType)

初始化 RegistryAccessRule 類別的新執行個體,指定套用此規則的使用者或群組名稱、存取權限,以及允許還是拒絕指定的存取權限。

RegistryAccessRule(IdentityReference, RegistryRights, InheritanceFlags, PropagationFlags, AccessControlType)

初始化 RegistryAccessRule 類別的新執行個體,指定套用此規則的使用者或群組、存取權限、繼承旗標、傳用旗標,以及允許還是拒絕指定的存取權限。

RegistryAccessRule(String, RegistryRights, InheritanceFlags, PropagationFlags, AccessControlType)

初始化 RegistryAccessRule 類別的新執行個體,指定套用此規則的使用者或群組名稱、存取權限、繼承旗標、傳用旗標,以及允許還是拒絕指定的存取權限。

RegistryAccessRule(IdentityReference, RegistryRights, AccessControlType)

來源:
RegistrySecurity.cs

初始化 RegistryAccessRule 類別的新執行個體,指定套用此規則的使用者或群組、存取權限,以及允許還是拒絕指定的存取權限。

public:
 RegistryAccessRule(System::Security::Principal::IdentityReference ^ identity, System::Security::AccessControl::RegistryRights registryRights, System::Security::AccessControl::AccessControlType type);
public RegistryAccessRule (System.Security.Principal.IdentityReference identity, System.Security.AccessControl.RegistryRights registryRights, System.Security.AccessControl.AccessControlType type);
new System.Security.AccessControl.RegistryAccessRule : System.Security.Principal.IdentityReference * System.Security.AccessControl.RegistryRights * System.Security.AccessControl.AccessControlType -> System.Security.AccessControl.RegistryAccessRule
Public Sub New (identity As IdentityReference, registryRights As RegistryRights, type As AccessControlType)

參數

identity
IdentityReference

適用這項規則的使用者或群組。 必須是型別 SecurityIdentifier,或是像是可以轉換成型別 NTAccountSecurityIdentifier 的型別。

registryRights
RegistryRights

RegistryRights 值的位元組合,表示允許或拒絕的權限。

type
AccessControlType

其中一個 AccessControlType 值,表示允許還是拒絕權限。

例外狀況

registryRights 指定了無效的值。

-或-

type 指定了無效的值。

identitynull

-或-

eventRights 為零。

identity 既不是 SecurityIdentifier 型別,也不是可以轉換成 NTAccount 型別的型別 (例如 SecurityIdentifier)。

備註

這個建構函式會指定預設傳播和繼承。 也就是 與 InheritanceFlags.NonePropagationFlags.None

適用於

RegistryAccessRule(String, RegistryRights, AccessControlType)

來源:
RegistrySecurity.cs

初始化 RegistryAccessRule 類別的新執行個體,指定套用此規則的使用者或群組名稱、存取權限,以及允許還是拒絕指定的存取權限。

public:
 RegistryAccessRule(System::String ^ identity, System::Security::AccessControl::RegistryRights registryRights, System::Security::AccessControl::AccessControlType type);
public RegistryAccessRule (string identity, System.Security.AccessControl.RegistryRights registryRights, System.Security.AccessControl.AccessControlType type);
new System.Security.AccessControl.RegistryAccessRule : string * System.Security.AccessControl.RegistryRights * System.Security.AccessControl.AccessControlType -> System.Security.AccessControl.RegistryAccessRule
Public Sub New (identity As String, registryRights As RegistryRights, type As AccessControlType)

參數

identity
String

套用這個規則的使用者或群組名稱。

registryRights
RegistryRights

RegistryRights 值的位元組合,表示允許或拒絕的權限。

type
AccessControlType

其中一個 AccessControlType 值,表示允許還是拒絕權限。

例外狀況

registryRights 指定了無效的值。

-或-

type 指定了無效的值。

registryRights 為零。

identitynull

-或-

identity 是零長度字串

-或-

identity 的長度超過 512 個字元。

範例

下列程式代碼範例會建立登錄存取規則,並將其新增至 RegistrySecurity 物件,其中顯示允許和拒絕許可權的規則如何保持分開,同時合併相同類型的相容規則。

using System;
using Microsoft.Win32;
using System.Security.AccessControl;
using System.Security.Principal;

public class Example
{
    public static void Main()
    {
        // Create a string representing the current user.
        string user = Environment.UserDomainName + "\\"
            + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user the 
        // right to read the key.
        RegistryAccessRule rule = new RegistryAccessRule(user, 
            RegistryRights.ReadKey, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that denies the current user the 
        // right to change permissions on the Registry.
        rule = new RegistryAccessRule(user, 
            RegistryRights.ChangePermissions, 
            AccessControlType.Deny);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Add a rule that allows the current user the 
        // right to read permissions on the Registry. This 
        // rule is merged with the existing Allow rule.
        rule = new RegistryAccessRule(user, 
            RegistryRights.WriteKey, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        ShowSecurity(mSec);
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in 
            security.GetAccessRules(true, true, typeof(NTAccount)) )
        {
            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: ReadKey


Current access rules:

        User: TestDomain\TestUser
        Type: Deny
      Rights: ChangePermissions

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, ReadKey
 */
Imports Microsoft.Win32
Imports System.Security.AccessControl
Imports System.Security.Principal

Public Class Example

    Public Shared Sub Main()

        ' Create a string representing the current user.
        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user the 
        ' right to read the key.
        Dim rule As New RegistryAccessRule(user, _
            RegistryRights.ReadKey, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that denies the current user the 
        ' right to change permissions on the Registry.
        rule = New RegistryAccessRule(user, _
            RegistryRights.ChangePermissions, _
            AccessControlType.Deny)
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Add a rule that allows the current user the 
        ' right to read permissions on the Registry. This 
        ' rule is merged with the existing Allow rule.
        rule = New RegistryAccessRule(user, _
            RegistryRights.WriteKey, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ShowSecurity(mSec)

    End Sub 

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ReadKey
'
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Deny
'      Rights: ChangePermissions
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, ReadKey

備註

這個建構函式會指定預設傳播和繼承。 也就是 與 InheritanceFlags.NonePropagationFlags.None

這個建構函式相當於建立 NTAccount 物件,方法是傳遞 identityNTAccount.NTAccount(String) 建構函式,並將新建立 NTAccount 的對象傳遞至 RegistryAccessRule(IdentityReference, RegistryRights, AccessControlType) 建構函式。

適用於

RegistryAccessRule(IdentityReference, RegistryRights, InheritanceFlags, PropagationFlags, AccessControlType)

來源:
RegistrySecurity.cs

初始化 RegistryAccessRule 類別的新執行個體,指定套用此規則的使用者或群組、存取權限、繼承旗標、傳用旗標,以及允許還是拒絕指定的存取權限。

public:
 RegistryAccessRule(System::Security::Principal::IdentityReference ^ identity, System::Security::AccessControl::RegistryRights registryRights, System::Security::AccessControl::InheritanceFlags inheritanceFlags, System::Security::AccessControl::PropagationFlags propagationFlags, System::Security::AccessControl::AccessControlType type);
public RegistryAccessRule (System.Security.Principal.IdentityReference identity, System.Security.AccessControl.RegistryRights registryRights, System.Security.AccessControl.InheritanceFlags inheritanceFlags, System.Security.AccessControl.PropagationFlags propagationFlags, System.Security.AccessControl.AccessControlType type);
new System.Security.AccessControl.RegistryAccessRule : System.Security.Principal.IdentityReference * System.Security.AccessControl.RegistryRights * System.Security.AccessControl.InheritanceFlags * System.Security.AccessControl.PropagationFlags * System.Security.AccessControl.AccessControlType -> System.Security.AccessControl.RegistryAccessRule
Public Sub New (identity As IdentityReference, registryRights As RegistryRights, inheritanceFlags As InheritanceFlags, propagationFlags As PropagationFlags, type As AccessControlType)

參數

identity
IdentityReference

適用這項規則的使用者或群組。 必須是型別 SecurityIdentifier,或是像是可以轉換成型別 NTAccountSecurityIdentifier 的型別。

registryRights
RegistryRights

RegistryRights 值的位元組合,指定允許或拒絕的權限。

inheritanceFlags
InheritanceFlags

InheritanceFlags 旗標的位元組合,指定如何從其他物件繼承存取權限。

propagationFlags
PropagationFlags

PropagationFlags 旗標的位元組合,指定如何將存取權限傳用至其他物件。

type
AccessControlType

其中一個 AccessControlType 值,指定允許還是拒絕權限。

例外狀況

registryRights 指定了無效的值。

-或-

type 指定了無效的值。

-或-

inheritanceFlags 指定了無效的值。

-或-

propagationFlags 指定了無效的值。

identitynull

-或-

registryRights 為零。

identity 既不是 SecurityIdentifier 型別,也不是可以轉換成 NTAccount 型別的型別 (例如 SecurityIdentifier)。

備註

所有登錄機碼都是容器,因此對登錄機碼有意義的唯一繼承旗標是 InheritanceFlags.ContainerInherit 旗標。 如果未指定此旗標,則會忽略傳播旗標,而且只會影響立即索引鍵。 如果旗標存在,規則會傳播,如下表所示。 數據表假設有子子機碼 CS 和子機碼 GS 的子機碼 S。 也就是說,子機碼的路徑是 S\CS\GS。

傳播旗標 S CS GS
None X X X
NoPropagateInherit X X
InheritOnly X X
NoPropagateInherit, InheritOnly X

子機碼的模式會控管子機碼所包含的所有子機碼。

例如,如果 為 ContainerInherit 指定 inheritanceFlags 旗標,且 InheritOnly 已針對 指定 propagationFlags傳播旗標,此規則不會套用至立即子機碼,但會套用至其所有立即子機碼,以及它們所包含的所有子機碼。

注意

雖然您可以指定 的InheritanceFlags.ObjectInheritinheritanceFlags旗標,但沒有這麼做的點。 為了進行訪問控制,子機碼中的名稱/值組不是個別的物件。 名稱/值組的訪問許可權是由子機碼的許可權所控制。 此外,由於所有子機碼都是容器 (也就是說,它們可以包含其他子機碼) ,因此不會受到 ObjectInherit 旗標影響。 最後,指定 ObjectInherit 旗標會不必要地使規則的維護複雜,因為它會干擾其他相容規則的組合。

適用於

RegistryAccessRule(String, RegistryRights, InheritanceFlags, PropagationFlags, AccessControlType)

來源:
RegistrySecurity.cs

初始化 RegistryAccessRule 類別的新執行個體,指定套用此規則的使用者或群組名稱、存取權限、繼承旗標、傳用旗標,以及允許還是拒絕指定的存取權限。

public:
 RegistryAccessRule(System::String ^ identity, System::Security::AccessControl::RegistryRights registryRights, System::Security::AccessControl::InheritanceFlags inheritanceFlags, System::Security::AccessControl::PropagationFlags propagationFlags, System::Security::AccessControl::AccessControlType type);
public RegistryAccessRule (string identity, System.Security.AccessControl.RegistryRights registryRights, System.Security.AccessControl.InheritanceFlags inheritanceFlags, System.Security.AccessControl.PropagationFlags propagationFlags, System.Security.AccessControl.AccessControlType type);
new System.Security.AccessControl.RegistryAccessRule : string * System.Security.AccessControl.RegistryRights * System.Security.AccessControl.InheritanceFlags * System.Security.AccessControl.PropagationFlags * System.Security.AccessControl.AccessControlType -> System.Security.AccessControl.RegistryAccessRule
Public Sub New (identity As String, registryRights As RegistryRights, inheritanceFlags As InheritanceFlags, propagationFlags As PropagationFlags, type As AccessControlType)

參數

identity
String

套用這個規則的使用者或群組名稱。

registryRights
RegistryRights

RegistryRights 值的位元組合,表示允許或拒絕的權限。

inheritanceFlags
InheritanceFlags

InheritanceFlags 旗標的位元組合,指定如何從其他物件繼承存取權限。

propagationFlags
PropagationFlags

PropagationFlags 旗標的位元組合,指定如何將存取權限傳用至其他物件。

type
AccessControlType

其中一個 AccessControlType 值,指定允許還是拒絕權限。

例外狀況

registryRights 指定了無效的值。

-或-

type 指定了無效的值。

-或-

inheritanceFlags 指定了無效的值。

-或-

propagationFlags 指定了無效的值。

eventRights 為零。

identitynull

-或-

identity 是零長度字串

-或-

identity 的長度超過 512 個字元。

範例

下列程式代碼範例示範繼承和傳播的存取規則。 此範例會建立 對象,然後建立並新增兩個 RegistrySecurity 具有 ContainerInherit 旗標的規則。 第一個規則沒有傳播旗標,而第二個規則則具有 NoPropagateInheritInheritOnly

程式會顯示 物件中的 RegistrySecurity 規則,然後使用 RegistrySecurity 物件來建立子機碼。 程式會建立子子機碼和子機碼,然後顯示每個子機碼的規則。 最後,程式會刪除測試金鑰。


using System;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Security;
using Microsoft.Win32;

public class Example
{
    public static void Main()
    {
        const string TestKey = "TestKey3927";
        RegistryKey cu = Registry.CurrentUser;

        string user = Environment.UserDomainName + 
            "\\" + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user the right
        // to read and enumerate the name/value pairs in a key, 
        // to read its access and audit rules, to enumerate
        // its subkeys, to create subkeys, and to delete the key. 
        // The rule is inherited by all contained subkeys.
        //
        RegistryAccessRule rule = new RegistryAccessRule(user, 
           RegistryRights.ReadKey | RegistryRights.WriteKey 
               | RegistryRights.Delete, 
           InheritanceFlags.ContainerInherit, 
           PropagationFlags.None, 
           AccessControlType.Allow
        );
        mSec.AddAccessRule(rule);

        // Add a rule that allows the current user the right
        // right to set the name/value pairs in a key. 
        // This rule is inherited by contained subkeys, but
        // propagation flags limit it to immediate child 
        // subkeys.
        rule = new RegistryAccessRule(user, 
            RegistryRights.ChangePermissions, 
            InheritanceFlags.ContainerInherit, 
            PropagationFlags.InheritOnly | 
                PropagationFlags.NoPropagateInherit, 
            AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Create the test key using the security object.
        //
        RegistryKey rk = cu.CreateSubKey(TestKey, 
            RegistryKeyPermissionCheck.ReadWriteSubTree, mSec);

        // Create a child subkey and a grandchild subkey, 
        // without security.
        RegistryKey rkChild = rk.CreateSubKey("ChildKey", 
            RegistryKeyPermissionCheck.ReadWriteSubTree);
        RegistryKey rkGrandChild = 
            rkChild.CreateSubKey("GrandChildKey", 
                RegistryKeyPermissionCheck.ReadWriteSubTree);

        Show(rk);
        Show(rkChild);
        Show(rkGrandChild);

        rkGrandChild.Close();
        rkChild.Close();
        rk.Close();

        cu.DeleteSubKeyTree(TestKey);
    }

    private static void Show(RegistryKey rk)
    {
        Console.WriteLine(rk.Name);
        ShowSecurity(rk.GetAccessControl());
    }

    private static void ShowSecurity(RegistrySecurity security)
    {
        Console.WriteLine("\r\nCurrent access rules:\r\n");

        foreach( RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount)) )
        {

            Console.WriteLine("        User: {0}", ar.IdentityReference);
            Console.WriteLine("        Type: {0}", ar.AccessControlType);
            Console.WriteLine("      Rights: {0}", ar.RegistryRights);
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags);
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags);
            Console.WriteLine("   Inherited? {0}", ar.IsInherited);
            Console.WriteLine();
        }
    }
}

/* This code example produces output similar to following:

Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, Delete, ReadKey
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False

        User: TestDomain\TestUser
        Type: Allow
      Rights: ChangePermissions
 Inheritance: ContainerInherit
 Propagation: NoPropagateInherit, InheritOnly
   Inherited? False

HKEY_CURRENT_USER\TestKey3927

Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, Delete, ReadKey
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? False

        User: TestDomain\TestUser
        Type: Allow
      Rights: ChangePermissions
 Inheritance: ContainerInherit
 Propagation: NoPropagateInherit, InheritOnly
   Inherited? False

HKEY_CURRENT_USER\TestKey3927\ChildKey

Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, Delete, ReadKey
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? True

        User: TestDomain\TestUser
        Type: Allow
      Rights: ChangePermissions
 Inheritance: None
 Propagation: None
   Inherited? True

HKEY_CURRENT_USER\TestKey3927\ChildKey\GrandChildKey

Current access rules:

        User: TestDomain\TestUser
        Type: Allow
      Rights: SetValue, CreateSubKey, Delete, ReadKey
 Inheritance: ContainerInherit
 Propagation: None
   Inherited? True
 */
Option Explicit
Imports System.Security.AccessControl
Imports System.Security.Principal
Imports System.Security
Imports Microsoft.Win32

Public Class Example

    Public Shared Sub Main()

        Const TestKey As String = "TestKey3927"
        Dim cu As RegistryKey = Registry.CurrentUser

        Dim user As String = Environment.UserDomainName _ 
            & "\" & Environment.UserName

        ' Create a security object that grants no access.
        Dim mSec As New RegistrySecurity()

        ' Add a rule that grants the current user the right
        ' to read and enumerate the name/value pairs in a key, 
        ' to read its access and audit rules, to enumerate
        ' its subkeys, to create subkeys, and to delete the key. 
        ' The rule is inherited by all contained subkeys.
        '
        Dim rule As New RegistryAccessRule(user, _
            RegistryRights.ReadKey Or RegistryRights.WriteKey _
                Or RegistryRights.Delete, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.None, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Add a rule that allows the current user the right
        ' right to set the name/value pairs in a key. 
        ' This rule is inherited by contained subkeys, but
        ' propagation flags limit it to immediate child 
        ' subkeys.
        rule = New RegistryAccessRule(user, _
            RegistryRights.ChangePermissions, _
            InheritanceFlags.ContainerInherit, _
            PropagationFlags.InheritOnly Or PropagationFlags.NoPropagateInherit, _
            AccessControlType.Allow)
        mSec.AddAccessRule(rule)

        ' Display the rules in the security object.
        ShowSecurity(mSec)

        ' Create the test key using the security object.
        '
        Dim rk As RegistryKey = cu.CreateSubKey(TestKey, _
            RegistryKeyPermissionCheck.ReadWriteSubTree, _
            mSec)

        ' Create a child subkey and a grandchild subkey, 
        ' without security.
        Dim rkChild As RegistryKey= rk.CreateSubKey("ChildKey", _
            RegistryKeyPermissionCheck.ReadWriteSubTree)
        Dim rkGrandChild As RegistryKey = _
            rkChild.CreateSubKey("GrandChildKey", _
                RegistryKeyPermissionCheck.ReadWriteSubTree)

        Show(rk)
        Show(rkChild)
        Show(rkGrandChild)

        rkGrandChild.Close()
        rkChild.Close()
        rk.Close()

        cu.DeleteSubKeyTree(TestKey)
    End Sub 

    Private Shared Sub Show(ByVal rk As RegistryKey)
        Console.WriteLine(rk.Name)            
        ShowSecurity(rk.GetAccessControl())
    End Sub

    Private Shared Sub ShowSecurity(ByVal security As RegistrySecurity)
        Console.WriteLine(vbCrLf & "Current access rules:" & vbCrLf)

        For Each ar As RegistryAccessRule In _
            security.GetAccessRules(True, True, GetType(NTAccount))

            Console.WriteLine("        User: {0}", ar.IdentityReference)
            Console.WriteLine("        Type: {0}", ar.AccessControlType)
            Console.WriteLine("      Rights: {0}", ar.RegistryRights)
            Console.WriteLine(" Inheritance: {0}", ar.InheritanceFlags)
            Console.WriteLine(" Propagation: {0}", ar.PropagationFlags)
            Console.WriteLine("   Inherited? {0}", ar.IsInherited)
            Console.WriteLine()
        Next

    End Sub
End Class 

'This code example produces output similar to following:
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
'   Inherited? False
'
'HKEY_CURRENT_USER\TestKey3927
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? False
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ChangePermissions
' Inheritance: ContainerInherit
' Propagation: NoPropagateInherit, InheritOnly
'   Inherited? False
'
'HKEY_CURRENT_USER\TestKey3927\ChildKey
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? True
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: ChangePermissions
' Inheritance: None
' Propagation: None
'   Inherited? True
'
'HKEY_CURRENT_USER\TestKey3927\ChildKey\GrandChildKey
'
'Current access rules:
'
'        User: TestDomain\TestUser
'        Type: Allow
'      Rights: SetValue, CreateSubKey, Delete, ReadKey
' Inheritance: ContainerInherit
' Propagation: None
'   Inherited? True

備註

所有登錄機碼都是容器,因此對登錄機碼有意義的唯一繼承旗標是 InheritanceFlags.ContainerInherit 旗標。 如果未指定此旗標,則會忽略傳播旗標,而且只會影響立即索引鍵。 如果旗標存在,規則會傳播,如下表所示。 數據表假設有子子機碼 CS 和子機碼 GS 的子機碼 S。 也就是說,子機碼的路徑是 S\CS\GS。

傳播旗標 S CS GS
None X X X
NoPropagateInherit X X
InheritOnly X X
NoPropagateInherit, InheritOnly X

子機碼的模式會控管子機碼所包含的所有子機碼。

例如,如果 為 ContainerInherit 指定 inheritanceFlags 旗標,且 InheritOnly 已針對 指定 propagationFlags傳播旗標,此規則不會套用至立即子機碼,但會套用至其所有立即子機碼,以及它們所包含的所有子機碼。

注意

雖然您可以指定 的InheritanceFlags.ObjectInheritinheritanceFlags旗標,但沒有這麼做的點。 為了進行訪問控制,子機碼中的名稱/值組不是個別的物件。 名稱/值組的訪問許可權是由子機碼的許可權所控制。 此外,由於所有子機碼都是容器 (也就是說,它們可以包含其他子機碼) ,因此不會受到 ObjectInherit 旗標影響。 最後,指定 ObjectInherit 旗標會不必要地使規則的維護複雜,因為它會干擾其他相容規則的組合。

這個建構函式相當於建立 NTAccount 物件,方法是傳遞 identityNTAccount.NTAccount(String) 建構函式,並將新建立 NTAccount 的對象傳遞至 RegistryAccessRule(IdentityReference, RegistryRights, InheritanceFlags, PropagationFlags, AccessControlType) 建構函式。

適用於