RegistryAuditRule Class
Represents a set of access rights to be audited for a user or group. This class cannot be inherited.
System.Security.AccessControl::AuthorizationRule
System.Security.AccessControl::AuditRule
System.Security.AccessControl::RegistryAuditRule
Assembly: mscorlib (in mscorlib.dll)
The RegistryAuditRule type exposes the following members.
| Name | Description | |
|---|---|---|
![]() | RegistryAuditRule(IdentityReference, RegistryRights, InheritanceFlags, PropagationFlags, AuditFlags) | Initializes a new instance of the RegistryAuditRule class, specifying the user or group to audit, the rights to audit, whether to take inheritance into account, and whether to audit success, failure, or both. |
![]() | RegistryAuditRule(String, RegistryRights, InheritanceFlags, PropagationFlags, AuditFlags) | Initializes a new instance of the RegistryAuditRule class, specifying the name of the user or group to audit, the rights to audit, whether to take inheritance into account, and whether to audit success, failure, or both. |
| Name | Description | |
|---|---|---|
![]() | AccessMask | Gets the access mask for this rule. (Inherited from AuthorizationRule.) |
![]() | AuditFlags | Gets the audit flags for this audit rule. (Inherited from AuditRule.) |
![]() | IdentityReference | Gets the IdentityReference to which this rule applies. (Inherited from AuthorizationRule.) |
![]() | InheritanceFlags | Gets the value of flags that determine how this rule is inherited by child objects. (Inherited from AuthorizationRule.) |
![]() | IsInherited | Gets a value indicating whether this rule is explicitly set or is inherited from a parent container object. (Inherited from AuthorizationRule.) |
![]() | PropagationFlags | Gets the value of the propagation flags, which determine how inheritance of this rule is propagated to child objects. This property is significant only when the value of the InheritanceFlags enumeration is not None. (Inherited from AuthorizationRule.) |
![]() | RegistryRights | Gets the access rights affected by the audit rule. |
| Name | Description | |
|---|---|---|
![]() | Equals(Object) | Determines whether the specified Object is equal to the current Object. (Inherited from Object.) |
![]() | Finalize | Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection. (Inherited from Object.) |
![]() | GetHashCode | Serves as a hash function for a particular type. (Inherited from Object.) |
![]() | GetType | Gets the Type of the current instance. (Inherited from Object.) |
![]() | MemberwiseClone | Creates a shallow copy of the current Object. (Inherited from Object.) |
![]() | ToString | Returns a string that represents the current object. (Inherited from Object.) |
The RegistryAuditRule class is one of a set of classes that the .NET Framework provides for managing Windows access control security on registry keys. For an overview of these classes and their relationship to the underlying Windows access control structures, see RegistrySecurity.
Note |
|---|
Windows access control security can only be applied to registry keys. It cannot be applied to individual key/value pairs stored in a key. |
To get a list of the audit rules currently applied to a registry key, use the RegistryKey::GetAccessControl method to get a RegistrySecurity object, and then use its GetAuditRules method to obtain a collection of RegistryAuditRule objects.
RegistryAuditRule objects do not map one-to-one with access control entries in the underlying discretionary access control list (DACL). When you get the set of all audit rules for a registry key, the set contains the minimum number of rules currently required to express all the access control entries.
Note |
|---|
The underlying access control entries change as you apply and remove rules. The information in rules is merged if possible, to maintain the smallest number of access control entries. Thus, when you read the current list of rules, it might not look exactly like the list of all the rules you have added. |
Use RegistryAuditRule objects to specify access rights to be audited for a user or group. To apply a rule to a registry key, use the RegistryKey::GetAccessControl method to get the RegistrySecurity object. Modify the RegistrySecurity object by using its methods to add the rule, and then use the RegistryKey::SetAccessControl method to reattach the security object.
Important |
|---|
Changes you make to a RegistrySecurity object do not affect the access levels of the registry key until you call the RegistryKey::SetAccessControl method to assign the altered security object to the registry key. |
RegistryAuditRule objects are immutable. Security for a registry key is modified by using the methods of the RegistrySecurity class to add or remove rules; as you do this, the underlying access control entries are modified.
Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows XP SP2 x64 Edition, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
The .NET Framework does not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.
