RegistryAuditRule Class

Represents a set of access rights to be audited for a user or group. This class cannot be inherited.

Namespace: System.Security.AccessControl
Assembly: mscorlib (in mscorlib.dll)

public sealed class RegistryAuditRule : AuditRule
public final class RegistryAuditRule extends AuditRule
public final class RegistryAuditRule extends AuditRule
Not applicable.

The RegistryAuditRule class is one of a set of classes that the .NET Framework provides for managing Windows access control security on registry keys. For an overview of these classes and their relationship to the underlying Windows access control structures, see RegistrySecurity.


Windows access control security can only be applied to registry keys. It cannot be applied to individual key/value pairs stored in a key.

To get a list of the audit rules currently applied to a registry key, use the Microsoft.Win32.RegistryKey.GetAccessControl method to get a RegistrySecurity object, and then use its GetAuditRules method to obtain a collection of RegistryAuditRule objects.

RegistryAuditRule objects do not map one-to-one with access control entries in the underlying discretionary access control list (DACL). When you get the set of all audit rules for a registry key, the set contains the minimum number of rules currently required to express all the access control entries.


The underlying access control entries change as you apply and remove rules. The information in rules is merged if possible, to maintain the smallest number of access control entries. Thus, when you read the current list of rules, it might not look exactly like the list of all the rules you have added.

Use RegistryAuditRule objects to specify access rights to be audited for a user or group. To apply a rule to a registry key, use the Microsoft.Win32.RegistryKey.GetAccessControl method to get the RegistrySecurity object. Modify the RegistrySecurity object by using its methods to add the rule, and then use the Microsoft.Win32.RegistryKey.SetAccessControl(System.Security.AccessControl.RegistrySecurity) method to reattach the security object.


Changes you make to a RegistrySecurity object do not affect the access levels of the registry key until you call the Microsoft.Win32.RegistryKey.SetAccessControl(System.Security.AccessControl.RegistrySecurity) method to assign the altered security object to the registry key.

RegistryAuditRule objects are immutable. Security for a registry key is modified by using the methods of the RegistrySecurity class to add or remove rules; as you do this, the underlying access control entries are modified.

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 98, Windows Server 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The Microsoft .NET Framework 3.0 is supported on Windows Vista, Microsoft Windows XP SP2, and Windows Server 2003 SP1.

.NET Framework

Supported in: 3.0, 2.0

Community Additions