1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
|
<?xml version="1.0" encoding="utf-8"?>
<Type Name="RegistrySecurity" FullName="System.Security.AccessControl.RegistrySecurity">
<TypeSignature Language="C#" Value="public sealed class RegistrySecurity : System.Security.AccessControl.NativeObjectSecurity" />
<TypeSignature Language="ILAsm" Value=".class public auto ansi sealed beforefieldinit RegistrySecurity extends System.Security.AccessControl.NativeObjectSecurity" />
<AssemblyInfo>
<AssemblyName>mscorlib</AssemblyName>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Base>
<BaseTypeName>System.Security.AccessControl.NativeObjectSecurity</BaseTypeName>
</Base>
<Interfaces />
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>A <see cref="T:System.Security.AccessControl.RegistrySecurity" /> object specifies access rights for a registry key, and also specifies how access attempts are audited. Access rights to the registry key are expressed as rules, with each access rule represented by a <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> object. Each auditing rule is represented by a <see cref="T:System.Security.AccessControl.RegistryAuditRule" /> object.</para>
<para>This mirrors the underlying Windows security system, in which each securable object has at most one discretionary access control list (DACL) that controls access to the secured object, and at most one system access control list (SACL) that specifies which access attempts are audited. The DACL and SACL are ordered lists of access control entries (ACE) that specify access and auditing for users and groups. A <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> or <see cref="T:System.Security.AccessControl.RegistryAuditRule" /> object might represent more than one ACE.</para>
<block subset="none" type="note">
<para>Windows access control security can only be applied to registry keys. It cannot be applied to individual key/value pairs stored in a key. </para>
</block>
<para>The <see cref="T:System.Security.AccessControl.RegistrySecurity" />, <see cref="T:System.Security.AccessControl.RegistryAccessRule" />, and <see cref="T:System.Security.AccessControl.RegistryAuditRule" /> classes hide the implementation details of ACLs and ACEs. They allow you to ignore the seventeen different ACE types and the complexity of correctly maintaining inheritance and propagation of access rights. These objects are also designed to prevent the following common access control errors:</para>
<list type="bullet">
<item>
<para>Creating a security descriptor with a null DACL. A null reference to a DACL allows any user to add access rules to an object, potentially creating a denial-of-service attack. A new <see cref="T:System.Security.AccessControl.RegistrySecurity" /> object always starts with an empty DACL, which denies all access for all users.</para>
</item>
<item>
<para>Violating the canonical ordering of ACEs. If the ACE list in the DACL is not kept in the canonical order, users might inadvertently be given access to the secured object. For example, denied access rights must always appear before allowed access rights. <see cref="T:System.Security.AccessControl.RegistrySecurity" /> objects maintain the correct order internally. </para>
</item>
<item>
<para>Manipulating security descriptor flags, which should be under resource manager control only. </para>
</item>
<item>
<para>Creating invalid combinations of ACE flags.</para>
</item>
<item>
<para>Manipulating inherited ACEs. Inheritance and propagation are handled by the resource manager, in response to changes you make to access and audit rules. </para>
</item>
<item>
<para>Inserting meaningless ACEs into ACLs.</para>
</item>
</list>
<para>The only capabilities not supported by the .NET security objects are dangerous activities that should be avoided by the majority of application developers, such as the following:</para>
<list type="bullet">
<item>
<para>Low-level tasks that are normally performed by the resource manager.</para>
</item>
<item>
<para>Adding or removing access control entries in ways that do not maintain the canonical ordering. </para>
</item>
</list>
<para>To modify Windows access control security for a registry key, use the <see cref="M:Microsoft.Win32.RegistryKey.GetAccessControl" /> method to get the <see cref="T:System.Security.AccessControl.RegistrySecurity" /> object. Modify the security object by adding and removing rules, and then use the <see cref="M:Microsoft.Win32.RegistryKey.SetAccessControl(System.Security.AccessControl.RegistrySecurity)" /> method to reattach it. </para>
<block subset="none" type="note">
<para>Changes you make to a <see cref="T:System.Security.AccessControl.RegistrySecurity" /> object do not affect the access levels of the registry key until you call the <see cref="M:Microsoft.Win32.RegistryKey.SetAccessControl(System.Security.AccessControl.RegistrySecurity)" /> method to assign the altered security object to the registry key.</para>
</block>
<para>To copy access control security from one registry key to another, use the <see cref="M:Microsoft.Win32.RegistryKey.GetAccessControl" /> method to get a <see cref="T:System.Security.AccessControl.RegistrySecurity" /> object representing the access and audit rules for the first registry key, and then use the <see cref="M:Microsoft.Win32.RegistryKey.SetAccessControl(System.Security.AccessControl.RegistrySecurity)" /> method to assign those rules to the second registry key. You can also assign the rules to a second registry key with an <see cref="Overload:Microsoft.Win32.RegistryKey.OpenSubKey" /> or <see cref="Overload:Microsoft.Win32.RegistryKey.CreateSubKey" /> method that takes a <see cref="T:System.Security.AccessControl.RegistrySecurity" /> object parameter.</para>
<para>Users with an investment in the security descriptor definition language (SDDL) can use the <see cref="M:System.Security.AccessControl.ObjectSecurity.SetSecurityDescriptorSddlForm(System.String)" /> method to set access rules for a registry key, and the <see cref="M:System.Security.AccessControl.ObjectSecurity.GetSecurityDescriptorSddlForm(System.Security.AccessControl.AccessControlSections)" /> method to obtain a string that represents the access rules in SDDL format. This is not recommended for new development.</para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Represents the Windows access control security for a registry key. This class cannot be inherited.</para>
</summary>
</Docs>
<Members>
<Member MemberName=".ctor">
<MemberSignature Language="C#" Value="public RegistrySecurity ();" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig specialname rtspecialname instance void .ctor() cil managed" />
<MemberType>Constructor</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<Parameters />
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>A new <see cref="T:System.Security.AccessControl.RegistrySecurity" /> object always starts with an empty discretionary access list (DACL), which denies all access for all users.</para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Initializes a new instance of the <see cref="T:System.Security.AccessControl.RegistrySecurity" /> class with default values.</para>
</summary>
</Docs>
</Member>
<Member MemberName="AccessRightType">
<MemberSignature Language="C#" Value="public override Type AccessRightType { get; }" />
<MemberSignature Language="ILAsm" Value=".property instance class System.Type AccessRightType" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Type</ReturnType>
</ReturnValue>
<Docs>
<value>To be added.</value>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Classes that derive from the <see cref="T:System.Security.AccessControl.ObjectSecurity" /> class override the <see cref="P:System.Security.AccessControl.ObjectSecurity.AccessRightType" /> property and return the type they use to represent access rights. When you work with arrays or collections that contain multiple types of security objects, use this property to determine the correct enumeration type to use with each security object.</para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Gets the enumeration type that the <see cref="T:System.Security.AccessControl.RegistrySecurity" /> class uses to represent access rights.</para>
</summary>
</Docs>
</Member>
<Member MemberName="AccessRuleFactory">
<MemberSignature Language="C#" Value="public override System.Security.AccessControl.AccessRule AccessRuleFactory (System.Security.Principal.IdentityReference identityReference, int accessMask, bool isInherited, System.Security.AccessControl.InheritanceFlags inheritanceFlags, System.Security.AccessControl.PropagationFlags propagationFlags, System.Security.AccessControl.AccessControlType type);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig virtual instance class System.Security.AccessControl.AccessRule AccessRuleFactory(class System.Security.Principal.IdentityReference identityReference, int32 accessMask, bool isInherited, valuetype System.Security.AccessControl.InheritanceFlags inheritanceFlags, valuetype System.Security.AccessControl.PropagationFlags propagationFlags, valuetype System.Security.AccessControl.AccessControlType type) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Security.AccessControl.AccessRule</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="identityReference" Type="System.Security.Principal.IdentityReference" />
<Parameter Name="accessMask" Type="System.Int32" />
<Parameter Name="isInherited" Type="System.Boolean" />
<Parameter Name="inheritanceFlags" Type="System.Security.AccessControl.InheritanceFlags" />
<Parameter Name="propagationFlags" Type="System.Security.AccessControl.PropagationFlags" />
<Parameter Name="type" Type="System.Security.AccessControl.AccessControlType" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>The recommended way to create access control rules is to use the constructors of the <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> class.</para>
<block subset="none" type="note">
<para>Although you can specify the <see cref="F:System.Security.AccessControl.InheritanceFlags.ObjectInherit" /> flag, there is no point in doing so. For the purposes of access control, the name/value pairs in a subkey are not separate objects. The access rights to name/value pairs are controlled by the rights of the subkey. Furthermore, since all subkeys are containers (that is, they can contain other subkeys), they are not affected by the <see cref="F:System.Security.AccessControl.InheritanceFlags.ObjectInherit" /> flag. Finally, specifying the <see cref="F:System.Security.AccessControl.InheritanceFlags.ObjectInherit" /> flag needlessly complicates the maintenance of rules, because it interferes with the normal combination of compatible rules.</para>
</block>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Creates a new access control rule for the specified user, with the specified access rights, access control, and flags.</para>
</summary>
<returns>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>A <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> object representing the specified rights for the specified user.</para>
</returns>
<param name="identityReference">
<attribution license="cc4" from="Microsoft" modified="false" />An <see cref="T:System.Security.Principal.IdentityReference" /> that identifies the user or group the rule applies to.</param>
<param name="accessMask">
<attribution license="cc4" from="Microsoft" modified="false" />A bitwise combination of <see cref="T:System.Security.AccessControl.RegistryRights" /> values specifying the access rights to allow or deny, cast to an integer.</param>
<param name="isInherited">
<attribution license="cc4" from="Microsoft" modified="false" />A Boolean value specifying whether the rule is inherited.</param>
<param name="inheritanceFlags">
<attribution license="cc4" from="Microsoft" modified="false" />A bitwise combination of <see cref="T:System.Security.AccessControl.InheritanceFlags" /> values specifying how the rule is inherited by subkeys.</param>
<param name="propagationFlags">
<attribution license="cc4" from="Microsoft" modified="false" />A bitwise combination of <see cref="T:System.Security.AccessControl.PropagationFlags" /> values that modify the way the rule is inherited by subkeys. Meaningless if the value of <paramref name="inheritanceFlags" /> is <see cref="F:System.Security.AccessControl.InheritanceFlags.None" />.</param>
<param name="type">
<attribution license="cc4" from="Microsoft" modified="false" />One of the <see cref="T:System.Security.AccessControl.AccessControlType" /> values specifying whether the rights are allowed or denied.</param>
</Docs>
</Member>
<Member MemberName="AccessRuleType">
<MemberSignature Language="C#" Value="public override Type AccessRuleType { get; }" />
<MemberSignature Language="ILAsm" Value=".property instance class System.Type AccessRuleType" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Type</ReturnType>
</ReturnValue>
<Docs>
<value>To be added.</value>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Classes that derive from the <see cref="T:System.Security.AccessControl.ObjectSecurity" /> class override the <see cref="P:System.Security.AccessControl.ObjectSecurity.AccessRuleType" /> property and return the type they use to represent access rules. When you work with arrays or collections that contain multiple types of security objects, use this property to determine the correct access rule type to use with each security object.</para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Gets the type that the <see cref="T:System.Security.AccessControl.RegistrySecurity" /> class uses to represent access rules.</para>
</summary>
</Docs>
</Member>
<Member MemberName="AddAccessRule">
<MemberSignature Language="C#" Value="public void AddAccessRule (System.Security.AccessControl.RegistryAccessRule rule);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance void AddAccessRule(class System.Security.AccessControl.RegistryAccessRule rule) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="rule" Type="System.Security.AccessControl.RegistryAccessRule" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>The <see cref="M:System.Security.AccessControl.RegistrySecurity.AddAccessRule(System.Security.AccessControl.RegistryAccessRule)" /> method searches for rules with the same user or group and the same <see cref="T:System.Security.AccessControl.AccessControlType" /> as <paramref name="rule" />. If none are found, <paramref name="rule" /> is added. If a matching rule is found, the rights in <paramref name="rule" /> are merged with the existing rule.</para>
<para>Rules cannot be merged if they have different inheritance flags. For example, if a user is allowed read access with no inheritance flags, and <see cref="M:System.Security.AccessControl.RegistrySecurity.AddAccessRule(System.Security.AccessControl.RegistryAccessRule)" /> is used to add a rule giving the user write access with inheritance for subkeys (<see cref="F:System.Security.AccessControl.InheritanceFlags.ContainerInherit" />), the two rules cannot be merged. </para>
<para>Rules with different <see cref="T:System.Security.AccessControl.AccessControlType" /> values are never merged.</para>
<para>Rules express rights in the most economical way. For example, if a user has <see cref="F:System.Security.AccessControl.RegistryRights.QueryValues" />, <see cref="F:System.Security.AccessControl.RegistryRights.Notify" /> and <see cref="F:System.Security.AccessControl.RegistryRights.ReadPermissions" /> rights, and you add a rule allowing <see cref="F:System.Security.AccessControl.RegistryRights.EnumerateSubKeys" /> rights, the user has all the constituent parts of <see cref="F:System.Security.AccessControl.RegistryRights.ReadKey" /> rights. If you query the user's rights, you will see a rule containing <see cref="F:System.Security.AccessControl.RegistryRights.ReadKey" /> rights. Similarly, if you remove <see cref="F:System.Security.AccessControl.RegistryRights.EnumerateSubKeys" /> rights, the other constituents of <see cref="F:System.Security.AccessControl.RegistryRights.ReadKey" /> rights will reappear.</para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Searches for a matching access control with which the new rule can be merged. If none are found, adds the new rule.</para>
</summary>
<param name="rule">
<attribution license="cc4" from="Microsoft" modified="false" />The access control rule to add.</param>
</Docs>
</Member>
<Member MemberName="AddAuditRule">
<MemberSignature Language="C#" Value="public void AddAuditRule (System.Security.AccessControl.RegistryAuditRule rule);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance void AddAuditRule(class System.Security.AccessControl.RegistryAuditRule rule) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="rule" Type="System.Security.AccessControl.RegistryAuditRule" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>The <see cref="M:System.Security.AccessControl.RegistrySecurity.AddAuditRule(System.Security.AccessControl.RegistryAuditRule)" /> method searches for rules with the same user or group as <paramref name="rule" />. If none are found, <paramref name="rule" /> is added. If a matching rule is found, the flags in <paramref name="rule" /> are merged into the existing rule.</para>
<para>Rules cannot be merged if they have different inheritance flags. For example, if failed attempts to write to a key are audited for a particular user, with no inheritance flags, and <see cref="M:System.Security.AccessControl.RegistrySecurity.AddAuditRule(System.Security.AccessControl.RegistryAuditRule)" /> is used to add a rule specifying that failed attempts to change permissions are to be audited for the same user, but with inheritance for subkeys (<see cref="F:System.Security.AccessControl.InheritanceFlags.ContainerInherit" />), the two rules cannot be merged. </para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Searches for an audit rule with which the new rule can be merged. If none are found, adds the new rule.</para>
</summary>
<param name="rule">
<attribution license="cc4" from="Microsoft" modified="false" />The audit rule to add. The user specified by this rule determines the search.</param>
</Docs>
</Member>
<Member MemberName="AuditRuleFactory">
<MemberSignature Language="C#" Value="public override System.Security.AccessControl.AuditRule AuditRuleFactory (System.Security.Principal.IdentityReference identityReference, int accessMask, bool isInherited, System.Security.AccessControl.InheritanceFlags inheritanceFlags, System.Security.AccessControl.PropagationFlags propagationFlags, System.Security.AccessControl.AuditFlags flags);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig virtual instance class System.Security.AccessControl.AuditRule AuditRuleFactory(class System.Security.Principal.IdentityReference identityReference, int32 accessMask, bool isInherited, valuetype System.Security.AccessControl.InheritanceFlags inheritanceFlags, valuetype System.Security.AccessControl.PropagationFlags propagationFlags, valuetype System.Security.AccessControl.AuditFlags flags) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Security.AccessControl.AuditRule</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="identityReference" Type="System.Security.Principal.IdentityReference" />
<Parameter Name="accessMask" Type="System.Int32" />
<Parameter Name="isInherited" Type="System.Boolean" />
<Parameter Name="inheritanceFlags" Type="System.Security.AccessControl.InheritanceFlags" />
<Parameter Name="propagationFlags" Type="System.Security.AccessControl.PropagationFlags" />
<Parameter Name="flags" Type="System.Security.AccessControl.AuditFlags" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>The recommended way to create audit rules is to use the constructors of the <see cref="T:System.Security.AccessControl.RegistryAuditRule" /> class.</para>
<block subset="none" type="note">
<para>Although you can specify the <see cref="F:System.Security.AccessControl.InheritanceFlags.ObjectInherit" /> flag, there is no point in doing so. For the purposes of audit control, the name/value pairs in a subkey are not separate objects. The audit rights to name/value pairs are controlled by the rights of the subkey. Furthermore, since all subkeys are containers (that is, they can contain other subkeys), they are not affected by the <see cref="F:System.Security.AccessControl.InheritanceFlags.ObjectInherit" /> flag. Finally, specifying the <see cref="F:System.Security.AccessControl.InheritanceFlags.ObjectInherit" /> flag needlessly complicates the maintenance of rules, because it interferes with the normal combination of compatible rules.</para>
</block>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Creates a new audit rule, specifying the user the rule applies to, the access rights to audit, the inheritance and propagation of the rule, and the outcome that triggers the rule.</para>
</summary>
<returns>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>A <see cref="T:System.Security.AccessControl.RegistryAuditRule" /> object representing the specified audit rule for the specified user, with the specified flags. The return type of the method is the base class, <see cref="T:System.Security.AccessControl.AuditRule" />, but the return value can be cast safely to the derived class.</para>
</returns>
<param name="identityReference">
<attribution license="cc4" from="Microsoft" modified="false" />An <see cref="T:System.Security.Principal.IdentityReference" /> that identifies the user or group the rule applies to.</param>
<param name="accessMask">
<attribution license="cc4" from="Microsoft" modified="false" />A bitwise combination of <see cref="T:System.Security.AccessControl.RegistryRights" /> values specifying the access rights to audit, cast to an integer.</param>
<param name="isInherited">
<attribution license="cc4" from="Microsoft" modified="false" />A Boolean value specifying whether the rule is inherited.</param>
<param name="inheritanceFlags">
<attribution license="cc4" from="Microsoft" modified="false" />A bitwise combination of <see cref="T:System.Security.AccessControl.InheritanceFlags" /> values specifying how the rule is inherited by subkeys.</param>
<param name="propagationFlags">
<attribution license="cc4" from="Microsoft" modified="false" />A bitwise combination of <see cref="T:System.Security.AccessControl.PropagationFlags" /> values that modify the way the rule is inherited by subkeys. Meaningless if the value of <paramref name="inheritanceFlags" /> is <see cref="F:System.Security.AccessControl.InheritanceFlags.None" />.</param>
<param name="flags">
<attribution license="cc4" from="Microsoft" modified="false" />A bitwise combination of <see cref="T:System.Security.AccessControl.AuditFlags" /> values specifying whether to audit successful access, failed access, or both.</param>
</Docs>
</Member>
<Member MemberName="AuditRuleType">
<MemberSignature Language="C#" Value="public override Type AuditRuleType { get; }" />
<MemberSignature Language="ILAsm" Value=".property instance class System.Type AuditRuleType" />
<MemberType>Property</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Type</ReturnType>
</ReturnValue>
<Docs>
<value>To be added.</value>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Classes that derive from the <see cref="T:System.Security.AccessControl.ObjectSecurity" /> class override the <see cref="P:System.Security.AccessControl.ObjectSecurity.AuditRuleType" /> property and return the type they use to represent audit rights. When you work with arrays or collections that contain multiple types of security objects, use this property to determine the correct audit rule type to use with each security object.</para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Gets the type that the <see cref="T:System.Security.AccessControl.RegistrySecurity" /> class uses to represent audit rules.</para>
</summary>
</Docs>
</Member>
<Member MemberName="RemoveAccessRule">
<MemberSignature Language="C#" Value="public bool RemoveAccessRule (System.Security.AccessControl.RegistryAccessRule rule);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance bool RemoveAccessRule(class System.Security.AccessControl.RegistryAccessRule rule) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Boolean</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="rule" Type="System.Security.AccessControl.RegistryAccessRule" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>The current <see cref="T:System.Security.AccessControl.RegistrySecurity" /> is searched for a rule that has the same user and the same <see cref="T:System.Security.AccessControl.AccessControlType" /> value as <paramref name="rule" />. If no such rule is found, no action is taken, and the method returns false. If matching rules are found, their inheritance and compatibility flags are checked for compatibility with the flags specified in <paramref name="rule" />. If no compatible rule is found, no action is taken, and the method returns false. If a rule with compatible flags is found, the rights specified in <paramref name="rule" /> are removed from the compatible rule, and the method returns true. If <paramref name="rule" /> specifies rights not contained in the compatible rule, no action is taken with respect to those rights. If all rights are removed from the compatible rule, the entire rule is removed from the current <see cref="T:System.Security.AccessControl.RegistrySecurity" /> object. </para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Searches for an access control rule with the same user and <see cref="T:System.Security.AccessControl.AccessControlType" /> (allow or deny) as the specified access rule, and with compatible inheritance and propagation flags; if such a rule is found, the rights contained in the specified access rule are removed from it.</para>
</summary>
<returns>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>true if a compatible rule is found; otherwise false.</para>
</returns>
<param name="rule">
<attribution license="cc4" from="Microsoft" modified="false" />A <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> that specifies the user and <see cref="T:System.Security.AccessControl.AccessControlType" /> to search for, and a set of inheritance and propagation flags that a matching rule, if found, must be compatible with. Specifies the rights to remove from the compatible rule, if found.</param>
</Docs>
</Member>
<Member MemberName="RemoveAccessRuleAll">
<MemberSignature Language="C#" Value="public void RemoveAccessRuleAll (System.Security.AccessControl.RegistryAccessRule rule);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance void RemoveAccessRuleAll(class System.Security.AccessControl.RegistryAccessRule rule) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="rule" Type="System.Security.AccessControl.RegistryAccessRule" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>The current <see cref="T:System.Security.AccessControl.RegistrySecurity" /> is searched for rules that have the same user and the same <see cref="T:System.Security.AccessControl.AccessControlType" /> value as <paramref name="rule" />. Any rights, inheritance flags, or propagation flags specified by <paramref name="rule" /> are ignored when performing this search. If no matching rules are found, no action is taken.</para>
<para>For example, if a user has multiple rules that allow various rights with different inheritance and propagation flags, you can remove all those rules by creating a <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> object that specifies the user and <see cref="F:System.Security.AccessControl.AccessControlType.Allow" />, with any arbitrary rights and flags, and passing that rule to the <see cref="M:System.Security.AccessControl.RegistrySecurity.RemoveAccessRuleAll(System.Security.AccessControl.RegistryAccessRule)" /> method. </para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Searches for all access control rules with the same user and <see cref="T:System.Security.AccessControl.AccessControlType" /> (allow or deny) as the specified rule and, if found, removes them.</para>
</summary>
<param name="rule">
<attribution license="cc4" from="Microsoft" modified="false" />A <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> that specifies the user and <see cref="T:System.Security.AccessControl.AccessControlType" /> to search for. Any rights, inheritance flags, or propagation flags specified by this rule are ignored.</param>
</Docs>
</Member>
<Member MemberName="RemoveAccessRuleSpecific">
<MemberSignature Language="C#" Value="public void RemoveAccessRuleSpecific (System.Security.AccessControl.RegistryAccessRule rule);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance void RemoveAccessRuleSpecific(class System.Security.AccessControl.RegistryAccessRule rule) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="rule" Type="System.Security.AccessControl.RegistryAccessRule" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>The rule is removed only if it exactly matches <paramref name="rule" /> in all details, including flags. Other rules with the same user and <see cref="T:System.Security.AccessControl.AccessControlType" /> are not affected.</para>
<block subset="none" type="note">
<para>A rule represents one or more underlying access control entries (ACE), and these entries are split or combined as necessary when you modify the access security rules for a user. Thus, a rule might no longer exist in the specific form it had when it was added, and in that case the <see cref="M:System.Security.AccessControl.RegistrySecurity.RemoveAccessRuleSpecific(System.Security.AccessControl.RegistryAccessRule)" /> method cannot remove it. </para>
</block>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Searches for an access control rule that exactly matches the specified rule and, if found, removes it.</para>
</summary>
<param name="rule">
<attribution license="cc4" from="Microsoft" modified="false" />The <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> to remove.</param>
</Docs>
</Member>
<Member MemberName="RemoveAuditRule">
<MemberSignature Language="C#" Value="public bool RemoveAuditRule (System.Security.AccessControl.RegistryAuditRule rule);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance bool RemoveAuditRule(class System.Security.AccessControl.RegistryAuditRule rule) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Boolean</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="rule" Type="System.Security.AccessControl.RegistryAuditRule" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>The current <see cref="T:System.Security.AccessControl.RegistrySecurity" /> is searched for an audit rule that has the same user as <paramref name="rule" />. If no such rule is found, no action is taken, and the method returns false. If matching rules are found, their inheritance and compatibility flags are checked for compatibility with the flags specified in <paramref name="rule" />. If no compatible rule is found, no action is taken, and the method returns false. If a rule with compatible flags is found, the rights specified in <paramref name="rule" /> are removed from the compatible rule, and the method returns true. If <paramref name="rule" /> specifies rights not contained in the compatible rule, no action is taken with respect to those rights. If all rights are removed from the compatible rule, the entire rule is removed from the current <see cref="T:System.Security.AccessControl.RegistrySecurity" /> object. </para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Searches for an audit control rule with the same user as the specified rule, and with compatible inheritance and propagation flags; if a compatible rule is found, the rights contained in the specified rule are removed from it.</para>
</summary>
<returns>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>true if a compatible rule is found; otherwise, false.</para>
</returns>
<param name="rule">
<attribution license="cc4" from="Microsoft" modified="false" />A <see cref="T:System.Security.AccessControl.RegistryAuditRule" /> that specifies the user to search for, and a set of inheritance and propagation flags that a matching rule, if found, must be compatible with. Specifies the rights to remove from the compatible rule, if found.</param>
</Docs>
</Member>
<Member MemberName="RemoveAuditRuleAll">
<MemberSignature Language="C#" Value="public void RemoveAuditRuleAll (System.Security.AccessControl.RegistryAuditRule rule);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance void RemoveAuditRuleAll(class System.Security.AccessControl.RegistryAuditRule rule) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="rule" Type="System.Security.AccessControl.RegistryAuditRule" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>The current <see cref="T:System.Security.AccessControl.RegistrySecurity" /> is searched for audit rules that have the same user as <paramref name="rule" />. Any rights, inheritance flags, or propagation flags specified by <paramref name="rule" /> are ignored when performing this search. If no matching rules are found, no action is taken. </para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Searches for all audit rules with the same user as the specified rule and, if found, removes them.</para>
</summary>
<param name="rule">
<attribution license="cc4" from="Microsoft" modified="false" />A <see cref="T:System.Security.AccessControl.RegistryAuditRule" /> that specifies the user to search for. Any rights, inheritance flags, or propagation flags specified by this rule are ignored.</param>
</Docs>
</Member>
<Member MemberName="RemoveAuditRuleSpecific">
<MemberSignature Language="C#" Value="public void RemoveAuditRuleSpecific (System.Security.AccessControl.RegistryAuditRule rule);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance void RemoveAuditRuleSpecific(class System.Security.AccessControl.RegistryAuditRule rule) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="rule" Type="System.Security.AccessControl.RegistryAuditRule" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>The rule is removed only if it exactly matches <paramref name="rule" /> in all details, including flags. Other audit rules for the same user are not affected.</para>
<block subset="none" type="note">
<para>A rule represents one or more underlying access control entries (ACE), and these entries are split or combined as necessary when you modify the audit security rules for a user. Thus, a rule might no longer exist in the specific form it had when it was added, and in that case the <see cref="M:System.Security.AccessControl.RegistrySecurity.RemoveAuditRuleSpecific(System.Security.AccessControl.RegistryAuditRule)" /> method cannot remove it. </para>
</block>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Searches for an audit rule that exactly matches the specified rule and, if found, removes it.</para>
</summary>
<param name="rule">
<attribution license="cc4" from="Microsoft" modified="false" />The <see cref="T:System.Security.AccessControl.RegistryAuditRule" /> to be removed.</param>
</Docs>
</Member>
<Member MemberName="ResetAccessRule">
<MemberSignature Language="C#" Value="public void ResetAccessRule (System.Security.AccessControl.RegistryAccessRule rule);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance void ResetAccessRule(class System.Security.AccessControl.RegistryAccessRule rule) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="rule" Type="System.Security.AccessControl.RegistryAccessRule" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>If there are no access rules whose user matches the specified rule, <paramref name="rule" /> is added.</para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Removes all access control rules with the same user as the specified rule, regardless of <see cref="T:System.Security.AccessControl.AccessControlType" />, and then adds the specified rule.</para>
</summary>
<param name="rule">
<attribution license="cc4" from="Microsoft" modified="false" />The <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> to add. The user specified by this rule determines the rules to remove before this rule is added.</param>
</Docs>
</Member>
<Member MemberName="SetAccessRule">
<MemberSignature Language="C#" Value="public void SetAccessRule (System.Security.AccessControl.RegistryAccessRule rule);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance void SetAccessRule(class System.Security.AccessControl.RegistryAccessRule rule) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="rule" Type="System.Security.AccessControl.RegistryAccessRule" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>If the specified rule has <see cref="F:System.Security.AccessControl.AccessControlType.Allow" />, the effect of this method is to remove all <see cref="F:System.Security.AccessControl.AccessControlType.Allow" /> rules for the specified user, replacing them with the specified rule. If the specified rule has <see cref="F:System.Security.AccessControl.AccessControlType.Deny" />, all <see cref="F:System.Security.AccessControl.AccessControlType.Deny" /> rules for the specified user are replaced with the specified rule.</para>
<para>If there are no rules whose user and <see cref="T:System.Security.AccessControl.AccessControlType" /> match the specified rule, <paramref name="rule" /> is added.</para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Removes all access control rules with the same user and <see cref="T:System.Security.AccessControl.AccessControlType" /> (allow or deny) as the specified rule, and then adds the specified rule.</para>
</summary>
<param name="rule">
<attribution license="cc4" from="Microsoft" modified="false" />The <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> to add. The user and <see cref="T:System.Security.AccessControl.AccessControlType" /> of this rule determine the rules to remove before this rule is added.</param>
</Docs>
</Member>
<Member MemberName="SetAuditRule">
<MemberSignature Language="C#" Value="public void SetAuditRule (System.Security.AccessControl.RegistryAuditRule rule);" />
<MemberSignature Language="ILAsm" Value=".method public hidebysig instance void SetAuditRule(class System.Security.AccessControl.RegistryAuditRule rule) cil managed" />
<MemberType>Method</MemberType>
<AssemblyInfo>
<AssemblyVersion>2.0.0.0</AssemblyVersion>
<AssemblyVersion>4.0.0.0</AssemblyVersion>
</AssemblyInfo>
<ReturnValue>
<ReturnType>System.Void</ReturnType>
</ReturnValue>
<Parameters>
<Parameter Name="rule" Type="System.Security.AccessControl.RegistryAuditRule" />
</Parameters>
<Docs>
<since version=".NET 2.0" />
<remarks>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>If there are no audit rules whose user matches the specified rule, <paramref name="rule" /> is added.</para>
</remarks>
<summary>
<attribution license="cc4" from="Microsoft" modified="false" />
<para>Removes all audit rules with the same user as the specified rule, regardless of the <see cref="T:System.Security.AccessControl.AuditFlags" /> value, and then adds the specified rule.</para>
</summary>
<param name="rule">
<attribution license="cc4" from="Microsoft" modified="false" />The <see cref="T:System.Security.AccessControl.RegistryAuditRule" /> to add. The user specified by this rule determines the rules to remove before this rule is added.</param>
</Docs>
</Member>
</Members>
</Type>
|
