RegistryRights Enumeration
Specifies the access control rights that can be applied to registry objects.
This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.
Namespace: System.Security.AccessControlAssembly: mscorlib (in mscorlib.dll)
| Member name | Description | |
|---|---|---|
| QueryValues | The right to query the name/value pairs in a registry key. | |
| SetValue | The right to create, delete, or set name/value pairs in a registry key. | |
| CreateSubKey | The right to create subkeys of a registry key. | |
| EnumerateSubKeys | The right to list the subkeys of a registry key. | |
| Notify | The right to request notification of changes on a registry key. | |
| CreateLink | Reserved for system use. | |
| ExecuteKey | Same as ReadKey. | |
| ReadKey | The right to query the name/value pairs in a registry key, to request notification of changes, to enumerate its subkeys, and to read its access rules and audit rules. | |
| WriteKey | The right to create, delete, and set the name/value pairs in a registry key, to create or delete subkeys, to request notification of changes, to enumerate its subkeys, and to read its access rules and audit rules. | |
| Delete | The right to delete a registry key. | |
| ReadPermissions | The right to open and copy the access rules and audit rules for a registry key. | |
| ChangePermissions | The right to change the access rules and audit rules associated with a registry key. | |
| TakeOwnership | The right to change the owner of a registry key. | |
| FullControl | The right to exert full control over a registry key, and to modify its access rules and audit rules. |
Use the RegistryRights enumeration to specify registry access rights when you create RegistrySecurity objects. To apply access rights to a registry key, first add RegistryAccessRule objects to a RegistrySecurity object, then attach the RegistrySecurity object to the key using the RegistryKey.SetAccessControl method, or an appropriate overload of the RegistryKey.CreateSubKey method.
The following code example demonstrates the use of the RegistryRights enumeration. The code creates a test key, allowing the current user ReadKey and Delete access rights but denying ChangePermissions and WriteKey rights. Subsequent attempts to manipulate the key succeed or fail depending on these permissions.
Before the key is deleted, the code pauses. You can switch to the Registry Editor (Regedit.exe or Regedt32.exe) and verify that the same access rights apply when the key is accessed using the Registry Editor.
This example works best if you use RunAs from the command line to run the Registry Editor and the sample code as a local user without administrator rights. For example, if you have defined a local user named TestUser, the command runas /user:TestUser cmd opens a command window from which you can run the Registry Editor and then the example code.
Imports System Imports System.Reflection Imports System.Security Imports System.Security.AccessControl Imports Microsoft.Win32 Public Class Example Public Shared Sub Main() ' Delete the example key if it exists. Try Registry.CurrentUser.DeleteSubKey("RegistryRightsExample") Console.WriteLine("Example key has been deleted.") Catch ex As ArgumentException ' ArgumentException is thrown if the key does not exist. In ' this case, there is no reason to display a message. Catch ex As Exception Console.WriteLine("Unable to delete the example key: {0}", ex) Return End Try Dim user As String = Environment.UserDomainName & "\" & Environment.UserName Dim rs As New RegistrySecurity() ' Allow the current user to read and delete the key. ' rs.AddAccessRule(new RegistryAccessRule(user, _ RegistryRights.ReadKey Or RegistryRights.Delete, _ InheritanceFlags.None, _ PropagationFlags.None, _ AccessControlType.Allow)) ' Prevent the current user from writing or changing the ' permission set of the key. Note that if Delete permission ' were not allowed in the previous access rule, denying ' WriteKey permission would prevent the user from deleting the ' key. rs.AddAccessRule(new RegistryAccessRule(user, _ RegistryRights.WriteKey Or RegistryRights.ChangePermissions, _ InheritanceFlags.None, _ PropagationFlags.None, _ AccessControlType.Deny)) ' Create the example key with registry security. Dim rk As RegistryKey = Nothing Try rk = Registry.CurrentUser.CreateSubKey("RegistryRightsExample", _ RegistryKeyPermissionCheck.Default, rs) Console.WriteLine(vbCrLf & "Example key created.") rk.SetValue("ValueName", "StringValue") Catch ex As Exception Console.WriteLine(vbCrLf & "Unable to create the example key: {0}", ex) End Try If rk IsNot Nothing Then rk.Close() rk = Registry.CurrentUser Dim rk2 As RegistryKey ' Open the key with read access. rk2 = rk.OpenSubKey("RegistryRightsExample", False) Console.WriteLine(vbCrLf & "Retrieved value: {0}", rk2.GetValue("ValueName")) rk2.Close() ' Attempt to open the key with write access. Try rk2 = rk.OpenSubKey("RegistryRightsExample", True) Catch ex As SecurityException Console.WriteLine(vbCrLf & "Unable to write to the example key." _ & " Caught SecurityException: {0}", ex.Message) End Try If rk2 IsNot Nothing Then rk2.Close() ' Attempt to change permissions for the key. Try rs = New RegistrySecurity() rs.AddAccessRule(new RegistryAccessRule(user, _ RegistryRights.WriteKey, _ InheritanceFlags.None, _ PropagationFlags.None, _ AccessControlType.Allow)) rk2 = rk.OpenSubKey("RegistryRightsExample", False) rk2.SetAccessControl(rs) Console.WriteLine(vbCrLf & "Example key permissions were changed.") Catch ex As UnauthorizedAccessException Console.WriteLine(vbCrLf & "Unable to change permissions for the example key." _ & " Caught UnauthorizedAccessException: {0}", ex.Message) End Try If rk2 IsNot Nothing Then rk2.Close() Console.WriteLine(vbCrLf & "Press Enter to delete the example key.") Console.ReadLine() Try rk.DeleteSubKey("RegistryRightsExample") Console.WriteLine("Example key was deleted.") Catch ex As Exception Console.WriteLine("Unable to delete the example key: {0}", ex) End Try rk.Close() End Sub End Class ' This code produces the following output: ' 'Example key created. ' 'Retrieved value: StringValue ' 'Unable to write to the example key. Caught SecurityException: Requested registry access is not allowed. ' 'Unable to change permissions for the example key. Caught UnauthorizedAccessException: Cannot write to the registry key. ' 'Press Enter to delete the example key. ' 'Example key was deleted.
Windows 7, Windows Vista, Windows XP SP2, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP Starter Edition, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows Server 2000 SP4, Windows Millennium Edition, Windows 98
The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.