#include <Aclapi.h>
#include <shobjidl.h>
#include "Shlwapi.h"
#include "ShlGuid.h"
#pragma comment(lib,"Shlwapi.lib")
/****************************************************************/
//nFlags含义:
// 0 : 允许Admin_Name用户所有权限
// 1 : 拒绝Admin_Name设置值
// 2 : 拒绝Admin_Name读取
/****************************************************************/
BOOL SetRegJurisdiction(LPTSTR pObjectName, DWORD nFlags)
{
BOOL Result = FALSE;
TCHAR Admin_Name[]=_T("Administrators");
PACL pOldDacl = NULL;
PACL pNewDacl = NULL;
DWORD dRet;
EXPLICIT_ACCESS eia;
PSECURITY_DESCRIPTOR pSID = NULL;
dRet = GetNamedSecurityInfo(pObjectName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDacl, NULL, &pSID);// 获取SAM主键的DACL
if (dRet != ERROR_SUCCESS)
goto ret:
//创建一个ACE, 允许Administrators组成员完全控制对象, 并允许子对象继承此权限
ZeroMemory(&eia, sizeof(EXPLICIT_ACCESS));
switch (nFlags)
{
case 0:
BuildExplicitAccessWithName(&eia, Admin_Name, KEY_ALL_ACCESS, SET_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
break;
case 1:
BuildExplicitAccessWithName(&eia, Admin_Name, KEY_SET_VALUE, DENY_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
break;
case 2:
BuildExplicitAccessWithName(&eia, Admin_Name, KEY_READ, DENY_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT);
break;
default:
break;
}
// 将新的ACE加入DACL
dRet = SetEntriesInAcl(1, &eia, pOldDacl, &pNewDacl);
if (dRet != ERROR_SUCCESS)
goto ret:
// 更新主键的DACL
dRet = SetNamedSecurityInfo(pObjectName, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDacl, NULL);
if (dRet != ERROR_SUCCESS)
goto ret:
Result = TRUE;
ret:
//释放DACL和SID
if (pNewDacl)
LocalFree(pNewDacl);
if (pSID)
LocalFree(pSID);
return Result;;
}
VC注册表操作之设置权限
最新推荐文章于 2023-09-15 09:05:27 发布