static bool WriteRegistry() { try { // 로컬호스트 관리자그룹을 사용해서 레지스트리 쓰기 권한을 할당한다. // 도메인에 속하는 컴퓨터인 경우 아래 코드가 잘 될지 안될지 모르겠다. RegistryAccessRule allow_write_rule = new RegistryAccessRule(new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null), RegistryRights.FullControl, AccessControlType.Allow); RegistrySecurity securitySettings = new RegistrySecurity(); securitySettings.AddAccessRule(allow_write_rule); // MSDN의 샘플은 HKEY_CLASSROOT 에 저장하게 되어있는데 // HKEY_CURRENT_USER 에 저장하는걸 권장한다고 하더라. // 난 그냥 HKEY_LOCAL_MACHINE 에 저장한다. RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Classes", RegistryKeyPermissionCheck.ReadWriteSubTree); key.SetAccessControl(securitySettings); // 스키마 생성 RegistryKey reg_base = key.CreateSubKey("mytro.RecPlayer"); if (null == reg_base) return false; // 기본값 설정 reg_base.SetValue("", "mytro record player URI", RegistryValueKind.String); // 이게 꼭 필요한지는 모르겠음 reg_base.SetValue("Content Type", "application/x-mytrorec", RegistryValueKind.String); // 이게 있어야 브라우저에서 클릭했을때 동작한다. reg_base.SetValue("URL Protocol", "", RegistryValueKind.String); // icon 설정 RegistryKey icon = reg_base.CreateSubKey("DefaultIcon"); if (null == icon) return false; icon.SetValue("", @"C:\MYTRO\RecordPlayer\MytroPlayer.exe,1", RegistryValueKind.String); // 핸들러 설정 (shell open 을 만들어준다.) RegistryKey shell = reg_base.CreateSubKey("shell"); if (null == shell) return false; shell.SetValue("", "open", RegistryValueKind.String); RegistryKey open = shell.CreateSubKey("open"); if (null == open) return false; RegistryKey command = open.CreateSubKey("command"); if (null == command) return false; // 실행파일도 Environment.SpecialFolder.ApplicationData 에 넣고 사용하는걸 권장하는데 왜 그런지는 잘 모르겠음... // 저 규칙에 따른다면 경로는 이렇게 된다. C:/Users/홍준기/AppData/Roaming/RecordPlayer/MytroPlayer.exe command.SetValue("", @"""C:\MYTRO\RecordPlayer\MytroPlayer.exe"" ""%1""", RegistryValueKind.String); return true; } catch (Exception e) { MessageBox.Show(e.ToString()); } return false; }
private RegistryKey OpenExplorerPoliciesKey() { RegistrySecurity RegistrySecurity = new RegistrySecurity(); WindowsIdentity WindowsIdentity = System.Security.Principal.WindowsIdentity.GetCurrent(); RegistryAccessRule AccessRule = new RegistryAccessRule(WindowsIdentity.Name, RegistryRights.FullControl, InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow); RegistrySecurity.AddAccessRule(AccessRule); RegistrySecurity.SetAccessRuleProtection(false, true); RegistryKey RegistryKey = Registry.LocalMachine.OpenSubKey(ExplorerPolitiesRegistryPath, true); RegistryKey.SetAccessControl(RegistrySecurity); return RegistryKey; }
private static void Main(params string[] args) { if (args.Length == 0) { Console.WriteLine(Resources.Help); Pause(); return; } if (args.Contains(Factory.FormFlag)) { CommandLineBuilder form = new CommandLineBuilder(); form.ShowDialog(); return; } Console.WriteLine(Resources.NotifyStartMessage); Factory factory = new Factory(); ExecutionInfo executionInfo = factory.CreateExecutationInfo(); // TODO: validate parameters try { RegistryKey registryKey = branchRegistryKey[executionInfo.MainBranch]; registryKey = registryKey.OpenSubKey(executionInfo.PathToKey, true); RegistryAccessRule registryAccessRule = new RegistryAccessRule( executionInfo.User, executionInfo.Permission, executionInfo.InheritanceFlags, executionInfo.PropagationFlags, executionInfo.AccessControlType); RegistrySecurity registrySecurity = new RegistrySecurity(); registrySecurity.SetAccessRule(registryAccessRule); registryKey.SetAccessControl(registrySecurity); Console.WriteLine(Resources.SuccessMessage); } catch (Exception ex) { Console.WriteLine("ERROR: {0}", ex.ToString()); } Pause(); }
private static void SetUserAccess(RegistryKey registryKey, IdentityReference user, RegistryRights accessType) { RegistrySecurity registrySecurity = registryKey.GetAccessControl(); RegistryAccessRule rule = new RegistryAccessRule( user, accessType, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow ); registrySecurity.AddAccessRule(rule); registryKey.SetAccessControl(registrySecurity); }
private static RegistryKey GetRegistryKey() { // Create a security context for a new key that we will use to store our data. // The security context will restrict access to only our user. string user = Environment.UserDomainName + "\\" + Environment.UserName; RegistrySecurity security = new RegistrySecurity(); RegistryAccessRule rule = new RegistryAccessRule(user, RegistryRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow); security.AddAccessRule(rule); RegistryKey key = Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Run", RegistryKeyPermissionCheck.ReadWriteSubTree, security); return key; }
static RegistryUtilities() { MSec = new RegistrySecurity(); string user = Environment.UserDomainName + "\\" + Environment.UserName; try { RegistryAccessRule rule = new RegistryAccessRule(user, RegistryRights.ReadKey | RegistryRights.WriteKey | RegistryRights.Delete | RegistryRights.FullControl | RegistryRights.CreateSubKey, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow ); MSec.AddAccessRule(rule); } catch { } }
public ForcedProxy() { InitializeComponent(); RegistryKey key; key = Registry.LocalMachine.CreateSubKey("Software\\Klatt\\Forced Proxy"); SecurityIdentifier everybodyId = new SecurityIdentifier(WellKnownSidType.WorldSid, null); NTAccount everybody = everybodyId.Translate(typeof(NTAccount)) as NTAccount; RegistryAccessRule rule = new RegistryAccessRule( everybody.ToString(), RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow); RegistrySecurity security = new RegistrySecurity(); security.AddAccessRule(rule); key.SetAccessControl(security); ip.Text = (string)key.GetValue(null, "127.0.0.1"); key.Close(); programs.Items.Clear(); readAvaiablePrograms(); setInstallButtonCaption(); }
public void ResetAccessRule(RegistryAccessRule rule) { base.ResetAccessRule(rule); }
public void AddAccessRule(RegistryAccessRule rule) { base.AddAccessRule(rule); }
public void RemoveAccessRuleAll(RegistryAccessRule rule) { }
public void AddAccessRule(RegistryAccessRule rule) { }
/// <summary> /// Grant All Access Permission to user /// </summary> /// <param name="key"></param> protected void GrantAllAccessPermission(String key) { try { SecurityIdentifier sid = new SecurityIdentifier(WellKnownSidType.WorldSid, null); NTAccount account = sid.Translate(typeof(NTAccount)) as NTAccount; // Get ACL from Windows using (RegistryKey rk = Registry.LocalMachine.OpenSubKey(key)) { RegistrySecurity rs = new RegistrySecurity(); // Creating registry access rule for 'Everyone' NT account RegistryAccessRule rar = new RegistryAccessRule( account.ToString(), RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow); rs.AddAccessRule(rar); rk.SetAccessControl(rs); } } catch (System.Security.SecurityException ex) { //throw new InstallException( // String.Format("An exception in GrantAllAccessPermission, security exception! {0}", key), // ex); } catch (UnauthorizedAccessException ex) { //throw new InstallException( // String.Format("An exception in GrantAllAccessPermission, access denied! {0}", key), // ex); } }
public bool RemoveAccessRule (RegistryAccessRule rule) { throw new NotImplementedException (); }
public void RemoveAccessRuleSpecific(RegistryAccessRule rule) { base.RemoveAccessRuleSpecific(rule); }
public void AddAccessRule (RegistryAccessRule rule) { AddAccessRule ((AccessRule)rule); }
public void ResetAccessRule(RegistryAccessRule rule) { ResetAccessRule((AccessRule)rule); }
public void SetAccessRule(RegistryAccessRule rule) { SetAccessRule((AccessRule)rule); }
private static void SetRegistryAcls() { string ToopherSubKey = Abstractions.Settings.DynamicSettings.ROOT_KEY; using(RegistryKey key = Registry.LocalMachine.CreateSubKey (ToopherSubKey)) { if(key != null) { RegistryAccessRule allowRead = new RegistryAccessRule ( USERS_GROUP, RegistryRights.ReadKey, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow); RegistryAccessRule adminFull = new RegistryAccessRule ( ADMIN_GROUP, RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow); RegistryAccessRule systemFull = new RegistryAccessRule ( SYSTEM_ACCT, RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow); RegistrySecurity keySec = key.GetAccessControl (); // Remove inherited rules keySec.SetAccessRuleProtection (true, false); // Add full control for administrators and system. keySec.AddAccessRule (adminFull); keySec.AddAccessRule (systemFull); // Remove any read rules for users (if they exist) keySec.RemoveAccessRuleAll (allowRead); // Apply the rules.. key.SetAccessControl (keySec); } } }
public void RemoveAccessRuleSpecific (RegistryAccessRule rule) { throw new NotImplementedException (); }
public void RemoveAccessRuleAll(RegistryAccessRule rule) { base.RemoveAccessRuleAll(rule); }
public bool RemoveAccessRule (RegistryAccessRule rule) { return RemoveAccessRule ((AccessRule)rule); }
public bool RemoveAccessRule(RegistryAccessRule rule) { return base.RemoveAccessRule(rule); }
public void RemoveAccessRuleAll (RegistryAccessRule rule) { RemoveAccessRuleAll ((AccessRule)rule); }
public void SetAccessRule(RegistryAccessRule rule) { base.SetAccessRule(rule); }
public void RemoveAccessRuleSpecific (RegistryAccessRule rule) { RemoveAccessRuleSpecific ((AccessRule)rule); }
/// <summary> /// Compare two rules on important properties. /// </summary> /// <param name="rule1">access rule 1</param> /// <param name="rule2">access rule 2</param> /// <returns>true if equal</returns> private static bool IsEqualRule(RegistryAccessRule rule1, RegistryAccessRule rule2) { if (rule1.AccessControlType != rule2.AccessControlType || rule1.RegistryRights != rule2.RegistryRights || rule1.IdentityReference != rule2.IdentityReference || rule1.InheritanceFlags != rule2.InheritanceFlags) return false; else return true; }
public void ResetAccessRule (RegistryAccessRule rule) { ResetAccessRule ((AccessRule)rule); }
public bool RemoveAccessRule(RegistryAccessRule rule) { return(RemoveAccessRule((AccessRule)rule)); }
public void SetAccessRule (RegistryAccessRule rule) { SetAccessRule ((AccessRule)rule); }
public bool RemoveAccessRule(RegistryAccessRule rule) { return(default(bool)); }
public void RemoveAccessRuleSpecific(RegistryAccessRule rule) { RemoveAccessRuleSpecific((AccessRule)rule); }
public void SetAccessRule(RegistryAccessRule rule) { }
private static void GrantRegistryAccess(string key, Prison prison) { NTAccount account = new NTAccount(null, prison.User.Username); var hklm = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64); using (RegistryKey rk = hklm.OpenSubKey(key, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.FullControl)) { RegistrySecurity rs = rk.GetAccessControl(); RegistryAccessRule rar = new RegistryAccessRule( account.ToString(), RegistryRights.FullControl, InheritanceFlags.ContainerInherit, PropagationFlags.None, AccessControlType.Allow); rs.AddAccessRule(rar); rk.SetAccessControl(rs); } }
internal void AdjustRegKeyPermission() { try { RegistryKey regKey; regKey = Registry.LocalMachine.OpenSubKey( WsatKeys.WsatRegKey, RegistryKeyPermissionCheck.ReadWriteSubTree, RegistryRights.FullControl); if (regKey != null) { using (regKey) { // NetworkService always needs access to the WS-AT key // On some platforms, it doesn't inherit this permission from the parent MSDTC key RegistryAccessRule rule = new RegistryAccessRule( new SecurityIdentifier(WellKnownSidType.NetworkServiceSid, null), RegistryRights.ReadKey, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow); // Ensure the authenticated users have read access to the WS-AT key // there is a key under the WS-AT key named OleTxUpgradeEnabled that requires the permission RegistryAccessRule rule2 = new RegistryAccessRule( new SecurityIdentifier(WellKnownSidType.AuthenticatedUserSid, null), RegistryRights.ReadKey, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow); RegistrySecurity registrySecurity = regKey.GetAccessControl(); registrySecurity.AddAccessRule(rule); registrySecurity.AddAccessRule(rule2); regKey.SetAccessControl(registrySecurity); } } } catch (SecurityException e) { throw registryExceptionHelper.CreateRegistryWriteException(e); } catch (ObjectDisposedException e) { throw registryExceptionHelper.CreateRegistryWriteException(e); } catch (ArgumentNullException e) { throw registryExceptionHelper.CreateRegistryWriteException(e); } catch (ArgumentException e) { throw registryExceptionHelper.CreateRegistryWriteException(e); } catch (UnauthorizedAccessException e) { throw registryExceptionHelper.CreateRegistryWriteException(e); } }
public bool RemoveAccessRule(RegistryAccessRule rule) { return(base.RemoveAccessRule(rule)); }
private static void SetRegistryAcls() { string pGinaSubKey = pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot; using (RegistryKey key = Registry.LocalMachine.CreateSubKey(pGinaSubKey)) { if (key != null) { m_logger.InfoFormat("Setting ACLs on {0}", key.Name); RegistryAccessRule allowRead = new RegistryAccessRule( USERS_GROUP, RegistryRights.ReadKey, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow); RegistryAccessRule adminFull = new RegistryAccessRule( ADMIN_GROUP, RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow); RegistryAccessRule systemFull = new RegistryAccessRule( SYSTEM_ACCT, RegistryRights.FullControl, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.None, AccessControlType.Allow); RegistrySecurity keySec = key.GetAccessControl(); if (m_logger.IsDebugEnabled) { m_logger.DebugFormat("{0} before update:", key.Name); ShowSecurity(keySec); } // Remove inherited rules keySec.SetAccessRuleProtection(true, false); // Add full control for administrators and system. keySec.AddAccessRule(adminFull); keySec.AddAccessRule(systemFull); // Remove any read rules for users (if they exist) keySec.RemoveAccessRuleAll(allowRead); // Apply the rules.. key.SetAccessControl(keySec); if (m_logger.IsDebugEnabled) { m_logger.DebugFormat("{0} after update: ", key.Name); ShowSecurity(keySec); } } } }
/// <summary>Searches for a matching access control with which the new rule can be merged. If none are found, adds the new rule.</summary> /// <param name="rule">The access control rule to add.</param> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="rule" /> is null.</exception> public void AddAccessRule(RegistryAccessRule rule) { throw new NotImplementedException(); }
public void AddAccessRule(RegistryAccessRule rule) { AddAccessRule((AccessRule)rule); }
/// <summary> /// Checks if the rule already exists in the collection. /// </summary> /// <param name="allRules">collection of existing rules</param> /// <param name="checkRule">rule to check for</param> /// <returns>true if existing</returns> private static bool ContainsRule(AuthorizationRuleCollection allRules, RegistryAccessRule checkRule) { foreach (RegistryAccessRule existingRule in allRules) { if (IsEqualRule(existingRule, checkRule)) return true; } return false; }
public void AddAccessRule (RegistryAccessRule rule) { throw new NotImplementedException (); }
/// <summary>Searches for an access control rule that exactly matches the specified rule and, if found, removes it.</summary> /// <param name="rule">The <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> to remove.</param> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="rule" /> is null.</exception> public void RemoveAccessRuleSpecific(RegistryAccessRule rule) { throw new NotImplementedException(); }
/// <summary> /// Grants full control on the given registry key under RegistryKey for everyone /// </summary> /// <param name="subKey">subkey name</param> public static void GrantFullControlRegKey(RegistryKey baseKey, string subKey) { RegistryKey rKey = baseKey.OpenSubKey(subKey, true); if (rKey == null) return; Console.WriteLine("Granting full control to: {0}\\{1}", baseKey, subKey); try { // Create a SecurityIdentifier object for "everyone". SecurityIdentifier everyoneSid = new SecurityIdentifier(WellKnownSidType.WorldSid, null); RegistrySecurity security = rKey.GetAccessControl(); RegistryAccessRule newRule = new RegistryAccessRule( everyoneSid, RegistryRights.FullControl, // modify is enough for reading/writing/deleting InheritanceFlags.ObjectInherit | InheritanceFlags.ContainerInherit, // all subfolders and files PropagationFlags.None, AccessControlType.Allow); // Check if such a rule already exists, if so skip the modifications if (ContainsRule(security.GetAccessRules(true, true, typeof (SecurityIdentifier)), newRule)) { Console.WriteLine("Permissions already set."); return; } security.AddAccessRule(newRule); rKey.SetAccessControl(security); rKey.Close(); } catch (Exception ex) { Console.WriteLine("Error while setting full write access to everyone for file: {0} : {1}", subKey, ex); } }
/// <summary>Searches for an access control rule with the same user and <see cref="T:System.Security.AccessControl.AccessControlType" /> (allow or deny) as the specified access rule, and with compatible inheritance and propagation flags; if such a rule is found, the rights contained in the specified access rule are removed from it.</summary> /// <returns>true if a compatible rule is found; otherwise false.</returns> /// <param name="rule">A <see cref="T:System.Security.AccessControl.RegistryAccessRule" /> that specifies the user and <see cref="T:System.Security.AccessControl.AccessControlType" /> to search for, and a set of inheritance and propagation flags that a matching rule, if found, must be compatible with. Specifies the rights to remove from the compatible rule, if found.</param> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="rule" /> is null.</exception> public bool RemoveAccessRule(RegistryAccessRule rule) { throw new NotImplementedException(); }
/// <summary>搜索与指定的规则具有相同用户和 <see cref="T:System.Security.AccessControl.AccessControlType" />(允许或拒绝)的所有访问控制规则,如果找到则将其移除。</summary> /// <param name="rule">一个 <see cref="T:System.Security.AccessControl.RegistryAccessRule" />,指定要搜索的用户和 <see cref="T:System.Security.AccessControl.AccessControlType" />。忽略此规则指定的任何权限、继承标志或传播标志。</param> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="rule" /> 为 null。</exception> public void RemoveAccessRuleAll(RegistryAccessRule rule) { this.RemoveAccessRuleAll((AccessRule)rule); }