Export (0) Print
Expand All
Expand Minimize

RegistryRights Enumeration

Note: This enumeration is new in the .NET Framework version 2.0.

Specifies the access control rights that can be applied to registry objects.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

Namespace: System.Security.AccessControl
Assembly: mscorlib (in mscorlib.dll)

[FlagsAttribute] 
public enum RegistryRights
/** @attribute FlagsAttribute() */ 
public enum RegistryRights
FlagsAttribute 
public enum RegistryRights

 Member nameDescription
ChangePermissionsThe right to change the access rules and audit rules associated with a registry key. 
CreateLinkReserved for system use. 
CreateSubKeyThe right to create subkeys of a registry key. 
DeleteThe right to delete a registry key. 
EnumerateSubKeysThe right to list the subkeys of a registry key. 
ExecuteKeySame as ReadKey
FullControlThe right to exert full control over a registry key, and to modify its access rules and audit rules. 
NotifyThe right to request notification of changes on a registry key. 
QueryValuesThe right to query the name/value pairs in a registry key. 
ReadKeyThe right to query the name/value pairs in a registry key, to request notification of changes, to enumerate its subkeys, and to read its access rules and audit rules. 
ReadPermissionsThe right to open and copy the access rules and audit rules for a registry key. 
SetValueThe right to create, delete, or set name/value pairs in a registry key. 
TakeOwnershipThe right to change the owner of a registry key. 
WriteKeyThe right to create, delete, and set the name/value pairs in a registry key, to create or delete subkeys, to request notification of changes, to enumerate its subkeys, and to read its access rules and audit rules. 

Use the RegistryRights enumeration to specify registry access rights when you create RegistrySecurity objects. To apply access rights to a registry key, first add RegistryAccessRule objects to a RegistrySecurity object, then attach the RegistrySecurity object to the key using the RegistryKey.SetAccessControl method, or an appropriate overload of the Microsoft.Win32.RegistryKey.CreateSubKey method.

The following code example demonstrates the use of the RegistryRights enumeration. The code creates a test key, allowing the current user ReadKey and Delete access rights but denying ChangePermissions and WriteKey rights. Subsequent attempts to manipulate the key succeed or fail depending on these permissions.

Before the key is deleted, the code pauses. You can switch to the Registry Editor (Regedit.exe or Regedt32.exe) and verify that the same access rights apply when the key is accessed using the Registry Editor.

This example works best if you use RunAs from the command line to run the Registry Editor and the sample code as a local user without administrator rights. For example, if you have defined a local user named TestUser, the command runas /user:TestUser cmd opens a command window from which you can run the Registry Editor and then the example code.

using System;
using System.Reflection;
using System.Security;
using System.Security.AccessControl;
using Microsoft.Win32;

public class Example
{
    public static void Main()
    {
        // Delete the example key if it exists.
        try
        {
            Registry.CurrentUser.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key has been deleted.");
        }
        catch (ArgumentException)
        {
            // ArgumentException is thrown if the key does not exist. In
            // this case, there is no reason to display a message.
        }
        catch (Exception ex)
        {
            Console.WriteLine("Unable to delete the example key: {0}", ex);
            return;
        }

        string user = Environment.UserDomainName + "\\" + Environment.UserName;

        RegistrySecurity rs = new RegistrySecurity();

        // Allow the current user to read and delete the key.
        //
        rs.AddAccessRule(new RegistryAccessRule(user, 
            RegistryRights.ReadKey | RegistryRights.Delete, 
            InheritanceFlags.None, 
            PropagationFlags.None, 
            AccessControlType.Allow));

        // Prevent the current user from writing or changing the
        // permission set of the key. Note that if Delete permission
        // were not allowed in the previous access rule, denying
        // WriteKey permission would prevent the user from deleting the 
        // key.
        rs.AddAccessRule(new RegistryAccessRule(user, 
            RegistryRights.WriteKey | RegistryRights.ChangePermissions, 
            InheritanceFlags.None, 
            PropagationFlags.None, 
            AccessControlType.Deny));

        // Create the example key with registry security.
        RegistryKey rk = null;
        try
        {
            rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", 
                RegistryKeyPermissionCheck.Default, rs);
            Console.WriteLine("\r\nExample key created.");
            rk.SetValue("ValueName", "StringValue");
        }
        catch (Exception ex)
        {
            Console.WriteLine("\r\nUnable to create the example key: {0}", ex);
        }
        if (rk != null) rk.Close();

        rk = Registry.CurrentUser;

        RegistryKey rk2;
        
        // Open the key with read access.
        rk2 = rk.OpenSubKey("RegistryRightsExample", false);
        Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName"));
        rk2.Close();

        // Attempt to open the key with write access.
        try
        {
            rk2 = rk.OpenSubKey("RegistryRightsExample", true);
        }
        catch (SecurityException ex)
        {
            Console.WriteLine("\nUnable to write to the example key." +
                " Caught SecurityException: {0}", ex.Message);
        }
        if (rk2 != null) rk2.Close();

        // Attempt to change permissions for the key.
        try
        {
            rs = new RegistrySecurity();
            rs.AddAccessRule(new RegistryAccessRule(user, 
                RegistryRights.WriteKey, 
                InheritanceFlags.None, 
                PropagationFlags.None, 
                AccessControlType.Allow));
            rk2 = rk.OpenSubKey("RegistryRightsExample", false);
            rk2.SetAccessControl(rs);
            Console.WriteLine("\r\nExample key permissions were changed.");
        }
        catch (UnauthorizedAccessException ex)
        {
            Console.WriteLine("\nUnable to change permissions for the example key." +
                " Caught UnauthorizedAccessException: {0}", ex.Message);
        }
        if (rk2 != null) rk2.Close();

        Console.WriteLine("\r\nPress Enter to delete the example key.");
        Console.ReadLine();

        try
        {
            rk.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key was deleted.");
        }
        catch(Exception ex)
        {
            Console.WriteLine("Unable to delete the example key: {0}", ex);
        }

        rk.Close();
    }
}

/* This code example produces the following output:

Example key created.

Retrieved value: StringValue

Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed.

Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key.

Press Enter to delete the example key.

Example key was deleted.
 */

import System.*;
import System.Reflection.*;
import System.Security.*;
import System.Security.AccessControl.*;
import Microsoft.Win32.*;

public class Example
{
    public static void main(String[] args)
    {
        // Delete the example key if it exists.
        try {
            Registry.CurrentUser.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key has been deleted.");
        }
        catch (ArgumentException exp) {
            // ArgumentException is thrown if the key does not exist. In
            // this case, there is no reason to display a message.
        }
        catch (System.Exception ex) {
            Console.WriteLine("Unable to delete the example key: {0}", ex);
            return;
        }

        String user = Environment.get_UserDomainName() + "\\" 
            + Environment.get_UserName();

        RegistrySecurity rs = new RegistrySecurity();
        // Allow the current user to read and delete the key.
        //
        rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.ReadKey 
            | RegistryRights.Delete, InheritanceFlags.None, 
            PropagationFlags.None, AccessControlType.Allow));
        // Prevent the current user from writing or changing the
        // permission set of the key. Note that if Delete permission
        // were not allowed in the previous access rule, denying
        // WriteKey permission would prevent the user from deleting the 
        // key.
        rs.AddAccessRule(new RegistryAccessRule(user, RegistryRights.WriteKey 
            | RegistryRights.ChangePermissions, InheritanceFlags.None, 
            PropagationFlags.None, AccessControlType.Deny));
        // Create the example key with registry security.
        RegistryKey rk = null;
        try {
            rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", 
                RegistryKeyPermissionCheck.Default, rs);
            Console.WriteLine("\r\nExample key created.");
            rk.SetValue("ValueName", "StringValue");
        }
        catch (System.Exception ex) {
            Console.WriteLine("\r\nUnable to create the example key: {0}", ex);
        }
        if (rk != null) {
            rk.Close();
        }
        rk = Registry.CurrentUser;
        RegistryKey rk2;
        // Open the key with read access.
        rk2 = rk.OpenSubKey("RegistryRightsExample", false);
        Console.WriteLine("\r\nRetrieved value: {0}", rk2.GetValue("ValueName"));
        rk2.Close();
        // Attempt to open the key with write access.
        try {
            rk2 = rk.OpenSubKey("RegistryRightsExample", true);
        }
        catch (System.Security.SecurityException ex) {
            Console.WriteLine("\r\nUnable to write to the example key." +
                " Caught SecurityException: {0}", ex.get_Message());
        }
        if (rk2 != null) {
            rk2.Close();
        }
        // Attempt to change permissions for the key.
        try {
            rs = new RegistrySecurity();
            rs.AddAccessRule(new RegistryAccessRule(user, 
                RegistryRights.WriteKey, InheritanceFlags.None, 
                PropagationFlags.None, AccessControlType.Allow));
            rk2 = rk.OpenSubKey("RegistryRightsExample", false);
            rk2.SetAccessControl(rs);
            Console.WriteLine("\r\nExample key permissions were changed.");
        }
        catch (System.UnauthorizedAccessException ex) {
            Console.WriteLine("\r\nUnable to change permissions for the example key." +
                " Caught UnauthorizedAccessException: {0}", ex.get_Message());
        }
        if (rk2 != null) {
            rk2.Close();
        }
        Console.WriteLine("\r\nPress Enter to delete the example key.");
        Console.ReadLine();
        try {
            rk.DeleteSubKey("RegistryRightsExample");
            Console.WriteLine("Example key was deleted.");
        }
        catch (System.Exception ex) {
            Console.WriteLine("Unable to delete the example key: {0}", ex);
        }
        rk.Close();
    } //main
} //Example

/* This code example produces the following output:

Example key created.

Retrieved value: StringValue

Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed.

Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key.

Press Enter to delete the example key.

Example key was deleted.
 */

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0

Community Additions

ADD
Show:
© 2014 Microsoft