Exemplo n.º 1
0
        private static void SetRegistryAcls()
        {
            string pGinaSubKey = pGina.Shared.Settings.pGinaDynamicSettings.pGinaRoot;

            using (RegistryKey key = Registry.LocalMachine.CreateSubKey(pGinaSubKey))
            {
                if (key != null)
                {
                    //m_logger.InfoFormat("Setting ACLs on {0}", key.Name);

                    RegistryAccessRule allowRead = new RegistryAccessRule(
                        USERS_GROUP, RegistryRights.ReadKey,
                        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                        PropagationFlags.None, AccessControlType.Allow);
                    RegistryAccessRule adminFull = new RegistryAccessRule(
                        ADMIN_GROUP, RegistryRights.FullControl,
                        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                        PropagationFlags.None, AccessControlType.Allow);
                    RegistryAccessRule systemFull = new RegistryAccessRule(
                        SYSTEM_ACCT, RegistryRights.FullControl,
                        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                        PropagationFlags.None, AccessControlType.Allow);

                    RegistrySecurity keySec = key.GetAccessControl();

                    //if (//m_logger.IsDebugEnabled)

                    {
                        //m_logger.DebugFormat("{0} before update:", key.Name);
                        ShowSecurity(keySec);
                    }

                    // Remove inherited rules
                    keySec.SetAccessRuleProtection(true, false);

                    // Add full control for administrators and system.
                    keySec.AddAccessRule(adminFull);
                    keySec.AddAccessRule(systemFull);

                    // Remove any read rules for users (if they exist)
                    keySec.RemoveAccessRuleAll(allowRead);

                    // Apply the rules..
                    key.SetAccessControl(keySec);

                    //if (//m_logger.IsDebugEnabled)
                    {
                        //m_logger.DebugFormat("{0} after update: ", key.Name);
                        ShowSecurity(keySec);
                    }
                }
            }
        }
Exemplo n.º 2
0
        private static void SetRegistryAcls()
        {
            string ToopherSubKey = Abstractions.Settings.DynamicSettings.ROOT_KEY;

            using (RegistryKey key = Registry.LocalMachine.CreateSubKey(ToopherSubKey)) {
                if (key != null)
                {
                    RegistryAccessRule allowRead = new RegistryAccessRule(
                        USERS_GROUP, RegistryRights.ReadKey,
                        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                        PropagationFlags.None, AccessControlType.Allow);
                    RegistryAccessRule adminFull = new RegistryAccessRule(
                        ADMIN_GROUP, RegistryRights.FullControl,
                        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                        PropagationFlags.None, AccessControlType.Allow);
                    RegistryAccessRule systemFull = new RegistryAccessRule(
                        SYSTEM_ACCT, RegistryRights.FullControl,
                        InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                        PropagationFlags.None, AccessControlType.Allow);

                    RegistrySecurity keySec = key.GetAccessControl();

                    // Remove inherited rules
                    keySec.SetAccessRuleProtection(true, false);

                    // Add full control for administrators and system.
                    keySec.AddAccessRule(adminFull);
                    keySec.AddAccessRule(systemFull);

                    // Remove any read rules for users (if they exist)
                    keySec.RemoveAccessRuleAll(allowRead);

                    // Apply the rules..
                    key.SetAccessControl(keySec);
                }
            }
        }
Exemplo n.º 3
0
    public static void Main()
    {
        string user = Environment.UserDomainName + "\\"
                      + Environment.UserName;

        // Create a security object that grants no access.
        RegistrySecurity mSec = new RegistrySecurity();

        // Add a rule that grants the current user the right
        // to read and enumerate the name/value pairs in a key,
        // to read its access and audit rules, to enumerate
        // its subkeys, to create subkeys, and to delete the key.
        // The rule is inherited by all contained subkeys.
        //
        RegistryAccessRule rule = new RegistryAccessRule(user,
                                                         RegistryRights.ReadKey | RegistryRights.WriteKey
                                                         | RegistryRights.Delete,
                                                         InheritanceFlags.ContainerInherit,
                                                         PropagationFlags.None,
                                                         AccessControlType.Allow);

        mSec.AddAccessRule(rule);

        // Add a rule that allows the current user the right
        // right to set the name/value pairs in a key.
        // This rule is inherited by contained subkeys, but
        // propagation flags limit it to immediate child
        // subkeys.
        rule = new RegistryAccessRule(user,
                                      RegistryRights.ChangePermissions,
                                      InheritanceFlags.ContainerInherit,
                                      PropagationFlags.InheritOnly | PropagationFlags.NoPropagateInherit,
                                      AccessControlType.Allow);
        mSec.AddAccessRule(rule);

        // Add a rule that denies the current user the right
        // to set the name/value pairs in a key. This rule
        // has no inheritance or propagation flags, so it
        // affects only the key itself.
        rule = new RegistryAccessRule(user,
                                      RegistryRights.SetValue,
                                      AccessControlType.Deny);
        mSec.AddAccessRule(rule);

        // Display the rules in the security object.
        ShowSecurity(mSec);

        // Create a rule that allows the current user the
        // right to change the ownership of the key, with
        // no inheritance or propagation flags. The rights
        // and flags are ignored by RemoveAccessRuleAll,
        // and all rules that allow access for the current
        // user are removed.
        rule = new RegistryAccessRule(user,
                                      RegistryRights.TakeOwnership,
                                      AccessControlType.Allow);
        mSec.RemoveAccessRuleAll(rule);

        // Show that all rules that allow access have been
        // removed.
        ShowSecurity(mSec);
    }
Exemplo n.º 4
0
 private void RemoveRegistryAccessRuleAll(RegistrySecurity permissions, SecurityIdentifier securityIdentifier)
 {
     permissions.RemoveAccessRuleAll(new RegistryAccessRule(securityIdentifier, RegistryRights.FullControl, AccessControlType.Allow));
 }