This documentation is archived and is not being maintained.

RegistryRights Enumeration

Specifies the access control rights that can be applied to registry objects.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

Namespace:  System.Security.AccessControl
Assembly:  mscorlib (in mscorlib.dll)

'Declaration
<FlagsAttribute> _
Public Enumeration RegistryRights
'Usage
Dim instance As RegistryRights

Member nameDescription
QueryValuesThe right to query the name/value pairs in a registry key.
SetValueThe right to create, delete, or set name/value pairs in a registry key.
CreateSubKeyThe right to create subkeys of a registry key.
EnumerateSubKeysThe right to list the subkeys of a registry key.
NotifyThe right to request notification of changes on a registry key.
CreateLinkReserved for system use.
ExecuteKeySame as ReadKey.
ReadKeyThe right to query the name/value pairs in a registry key, to request notification of changes, to enumerate its subkeys, and to read its access rules and audit rules.
WriteKeyThe right to create, delete, and set the name/value pairs in a registry key, to create or delete subkeys, to request notification of changes, to enumerate its subkeys, and to read its access rules and audit rules.
DeleteThe right to delete a registry key.
ReadPermissionsThe right to open and copy the access rules and audit rules for a registry key.
ChangePermissionsThe right to change the access rules and audit rules associated with a registry key.
TakeOwnershipThe right to change the owner of a registry key.
FullControlThe right to exert full control over a registry key, and to modify its access rules and audit rules.

Use the RegistryRights enumeration to specify registry access rights when you create RegistrySecurity objects. To apply access rights to a registry key, first add RegistryAccessRule objects to a RegistrySecurity object, then attach the RegistrySecurity object to the key using the RegistryKey.SetAccessControl method, or an appropriate overload of the RegistryKey.CreateSubKey method.

The following code example demonstrates the use of the RegistryRights enumeration. The code creates a test key, allowing the current user ReadKey and Delete access rights but denying ChangePermissions and WriteKey rights. Subsequent attempts to manipulate the key succeed or fail depending on these permissions.

Before the key is deleted, the code pauses. You can switch to the Registry Editor (Regedit.exe or Regedt32.exe) and verify that the same access rights apply when the key is accessed using the Registry Editor.

This example works best if you use RunAs from the command line to run the Registry Editor and the sample code as a local user without administrator rights. For example, if you have defined a local user named TestUser, the command runas /user:TestUser cmd opens a command window from which you can run the Registry Editor and then the example code.

Imports System
Imports System.Reflection
Imports System.Security
Imports System.Security.AccessControl
Imports Microsoft.Win32

Public Class Example
    Public Shared Sub Main()
        ' Delete the example key if it exists. 
        Try
            Registry.CurrentUser.DeleteSubKey("RegistryRightsExample")
            Console.WriteLine("Example key has been deleted.")
        Catch ex As ArgumentException
            ' ArgumentException is thrown if the key does not exist. In 
            ' this case, there is no reason to display a message. 
        Catch ex As Exception
            Console.WriteLine("Unable to delete the example key: {0}", ex)
            Return 
        End Try 

        Dim user As String = Environment.UserDomainName & "\" & Environment.UserName

        Dim rs As New RegistrySecurity()

        ' Allow the current user to read and delete the key. 
        '
        rs.AddAccessRule(new RegistryAccessRule(user, _
            RegistryRights.ReadKey Or RegistryRights.Delete, _
            InheritanceFlags.None, _
            PropagationFlags.None, _
            AccessControlType.Allow))

        ' Prevent the current user from writing or changing the 
        ' permission set of the key. Note that if Delete permission 
        ' were not allowed in the previous access rule, denying 
        ' WriteKey permission would prevent the user from deleting the  
        ' key.
        rs.AddAccessRule(new RegistryAccessRule(user, _
            RegistryRights.WriteKey Or RegistryRights.ChangePermissions, _
            InheritanceFlags.None, _
            PropagationFlags.None, _
            AccessControlType.Deny))

        ' Create the example key with registry security. 
        Dim rk As RegistryKey = Nothing 
        Try
            rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", _
                RegistryKeyPermissionCheck.Default, rs)
            Console.WriteLine(vbCrLf & "Example key created.")
            rk.SetValue("ValueName", "StringValue")
        Catch ex As Exception
            Console.WriteLine(vbCrLf & "Unable to create the example key: {0}", ex)
        End Try 

        If rk IsNot Nothing Then rk.Close()

        rk = Registry.CurrentUser

        Dim rk2 As RegistryKey

        ' Open the key with read access.
        rk2 = rk.OpenSubKey("RegistryRightsExample", False)
        Console.WriteLine(vbCrLf & "Retrieved value: {0}", rk2.GetValue("ValueName"))
        rk2.Close()

        ' Attempt to open the key with write access. 
        Try
            rk2 = rk.OpenSubKey("RegistryRightsExample", True)
        Catch ex As SecurityException
            Console.WriteLine(vbCrLf & "Unable to write to the example key." _
                & " Caught SecurityException: {0}", ex.Message)
        End Try 
        If rk2 IsNot Nothing Then rk2.Close()

        ' Attempt to change permissions for the key. 
        Try
            rs = New RegistrySecurity()
            rs.AddAccessRule(new RegistryAccessRule(user, _
                RegistryRights.WriteKey, _
                InheritanceFlags.None, _
                PropagationFlags.None, _
                AccessControlType.Allow))
            rk2 = rk.OpenSubKey("RegistryRightsExample", False)
            rk2.SetAccessControl(rs)
            Console.WriteLine(vbCrLf & "Example key permissions were changed.")
        Catch ex As UnauthorizedAccessException
            Console.WriteLine(vbCrLf & "Unable to change permissions for the example key." _
                & " Caught UnauthorizedAccessException: {0}", ex.Message)
        End Try 
        If rk2 IsNot Nothing Then rk2.Close()

        Console.WriteLine(vbCrLf & "Press Enter to delete the example key.")
        Console.ReadLine()

        Try
            rk.DeleteSubKey("RegistryRightsExample")
            Console.WriteLine("Example key was deleted.")
        Catch ex As Exception
            Console.WriteLine("Unable to delete the example key: {0}", ex)
        End Try

        rk.Close()
    End Sub 
End Class 

' This code produces the following output: 

'Example key created. 

'Retrieved value: StringValue 

'Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed. 

'Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key. 

'Press Enter to delete the example key. 

'Example key was deleted.

Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5, 3.0, 2.0
Show: