/// <summary> /// apply registry security settings to user profiles /// </summary> /// <param name="where"></param> /// <param name="keyname"></param> /// <param name="username"></param> /// <returns></returns> public static Boolean RegSec(pInvokes.structenums.RegistryLocation where, string keyname, string username) { try { IdentityReference UserIRef = new NTAccount(String.Format("{0}\\{1}", Environment.MachineName, username)); SecurityIdentifier UserSid = (SecurityIdentifier)UserIRef.Translate(typeof(SecurityIdentifier)); using (RegistryKey key = pInvokes.GetRegistryLocation(where).OpenSubKey(keyname, true)) { RegistrySecurity keySecurity = key.GetAccessControl(AccessControlSections.Access); string SDDL = keySecurity.GetSecurityDescriptorSddlForm(AccessControlSections.All); //LibraryLogging.Info(SDDL); foreach (RegistryAccessRule user in keySecurity.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount))) { //LibraryLogging.Info("registry ACE user: {0} {1} {2}", key.Name, user.InheritanceFlags.ToString(), user.IdentityReference.Value); if (user.IdentityReference.Value.StartsWith("S-1-5-21-") && !user.IdentityReference.Value.Equals(UserIRef.Value)) { //LibraryLogging.Info("mod registry ACE:{0} from unknown user:{1} to {2} {3} {4}", key.Name, user.IdentityReference.Value, username, user.RegistryRights.ToString(), user.AccessControlType.ToString()); SDDL = SDDL.Replace(user.IdentityReference.Value, UserSid.Value); //LibraryLogging.Info(SDDL); keySecurity.SetSecurityDescriptorSddlForm(SDDL); key.SetAccessControl(keySecurity); break; } } foreach (string subkey in key.GetSubKeyNames()) { if (!RegSec(where, keyname + "\\" + subkey, username)) { return false; } } } } catch (SystemException ex) { LibraryLogging.Warn("RegSec:{0} Warning {1}", keyname, ex.Message); } catch (Exception ex) { LibraryLogging.Error("RegSec:{0} Error:{1}", keyname, ex.Message); return false; } return true; }