Three options:
1.Use System.DirectoryServices when running XP or higher.
As a sample, following retrieves a DACL from a registry key.
using System;
using System.DirectoryServices;
using System.Runtime.InteropServices;
// Use ADsSecurityUtilityClass available on XP and higher (activeds.dll)
// Interop Assembly created with tlbimp.exe from activeds.tlb,
// or by setting a reference to the typelib from within the IDE
using activedsnet;
class Tester {
public static void Main() {
// Local registry object
string regPath = @"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft";
SecurityDescriptor sd = null;
AccessControlList dacl = null;
ADsSecurityUtilityClass asu = new ADsSecurityUtilityClass();
// Get DACL Group and OWNER info
asu.SecurityMask = (int)(ADS_SECURITY_INFO_ENUM.ADS_SECURITY_INFO_DAC L) |
(int)(ADS_SECURITY_INFO_ENUM.ADS_SECURITY_INFO_GRO UP)|
(int)(ADS_SECURITY_INFO_ENUM.ADS_SECURITY_INFO_OWN ER);
try {
sd = asu.GetSecurityDescriptor(regPath,
(int)ADS_PATHTYPE_ENUM.ADS_PATH_REGISTRY,
(int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID) as SecurityDescriptor;
}
catch(COMException ce)
{
// Be sure logon user has access to local/remote system
Console.WriteLine(ce.Message);
return;
}
// Get DACL from SD
dacl = sd.DiscretionaryAcl as AccessControlList;
if (dacl != null) {
Console.WriteLine("Control: {0}", sd.Control);
Console.WriteLine("Owner: {0}", sd.Owner);
Console.WriteLine("Group: {0}", sd.Group);
Console.WriteLine("Revision: {0}", sd.Revision);
DumpDacl(dacl);
}
}
static void DumpDacl(IADsAccessControlList dacl)
{
IADsAccessControlEntry ace = null;
Console.WriteLine("------- No. of ACE's {0}-----------", dacl.AceCount);
foreach(object ac in dacl) {
ace = ac as IADsAccessControlEntry;
Console.WriteLine("Access : {0}", Enum.Format(typeof(ADS_RIGHTS_ENUM),
ace.AccessMask, "F"));
Console.WriteLine(ace.Trustee);
Console.WriteLine("ACE flags {0}",
Enum.Format(typeof(ADS_ACEFLAG_ENUM),ace.AceFlags, "x"));
Console.WriteLine("ACE type: {0}",
((ADS_ACETYPE_ENUM)ace.AceType).ToString());
Console.WriteLine("----------------");
}
}
}
//--------------
2. Use System.Management on W2K or higher
3. Use PInvoke interop to use Win32 API's.
Willy.
"Ashok" <as******@hotmail.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
Hello
I need to programmatically change the permissions (ACL) on a specific
registry key in a .NET app. Is there a way to do this in .NET?
Thanks for the help,
Ashok