1
uses
aclapi,AccCtrl;
2
3 var
4 lpObjectName:LPTSTR;
5 OldDACL,NewDACL:PACL ; // uses aclapi
6 ObjectType:SE_OBJECT_TYPE ; // uses AccCtrl
7 SD:PSECURITY_DESCRIPTOR;
8 ea: EXPLICIT_ACCESS;
9 label Cleanup;
10 begin
11 lpObjectName : = ' MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root ' ;
12
13 // ObjectType : = SE_REGISTRY_KEY;
14
15 // 建立一个空的ACL;
16 if SetEntriesInAcl( 0 , nil , nil , OldDACL) <> ERROR_SUCCESS then
17 exit;
18
19 if (SetEntriesInAcl( 0 , nil , nil , NewDACL) <> ERROR_SUCCESS) then
20 exit;
21
22 // 获取现有的ACL列表到OldDACL
23 if GetNamedSecurityInfo(lpObjectName, ObjectType,
24 DACL_SECURITY_INFORMATION,
25 nil , nil ,
26 OldDACL,
27 nil , SD) <> ERROR_SUCCESS then
28 Application.MessageBox( ' 指定的键不存在! ' , ' 提示 ' ,MB_OK);
29
30 // 设置用户名"Everyone"对指定的键有所有操作权到结构ea
31 ZeroMemory(@ea, sizeof(EXPLICIT_ACCESS));
32
33 BuildExplicitAccessWithName(@ea,
34 ' Everyone ' , // name of trustee
35 GENERIC_ALL, // type of access
36 SET_ACCESS, // access mode
37 SUB_CONTAINERS_AND_OBJECTS_INHERIT); // 让自健继承他的权限; inheritance mode
38
39 // 合并结构ea和OldDACL的权限列表到新的NewDACL
40 if SetEntriesInAcl( 1 , @ea, nil , NewDACL) <> ERROR_SUCCESS then
41 goto Cleanup;
42
43 // 把新的ACL写入到指定的键
44 SetNamedSecurityInfo(lpObjectName, ObjectType,
45 DACL_SECURITY_INFORMATION,
46 nil , nil ,
47 NewDACL,
48 nil );
49
50
51 /////// 开始操作注册表 //////////
52 // 恢复注册表的权限;
53
54 BuildExplicitAccessWithName(@ea,
55 ' Everyone ' , // name of trustee
56 GENERIC_READ, // type of access
57 SET_ACCESS, // access mode
58 NO_INHERITANCE); // 让自健继承他的权限; inheritance mode
59
60 if SetEntriesInAcl( 1 , @ea, nil , OldDACL) <> ERROR_SUCCESS then
61 goto Cleanup;
62
63 // 把旧的ACL写入到指定的键
64 SetNamedSecurityInfo(lpObjectName, ObjectType,
65 DACL_SECURITY_INFORMATION,
66 nil , nil ,
67 OldDACL,
68 nil );
69
70 // 释放指针
71 Cleanup:
72 if SD <> nil then
73 LocalFree(HLOCAL (SD));
74 if NewDACL <> nil then
75 LocalFree(HLOCAL (NewDACL));
76 if OldDACL <> nil then
77 LocalFree(HLOCAL( OldDACL));
78
以下为代码运行前后的对比图片.
2
3 var
4 lpObjectName:LPTSTR;
5 OldDACL,NewDACL:PACL ; // uses aclapi
6 ObjectType:SE_OBJECT_TYPE ; // uses AccCtrl
7 SD:PSECURITY_DESCRIPTOR;
8 ea: EXPLICIT_ACCESS;
9 label Cleanup;
10 begin
11 lpObjectName : = ' MACHINE\\SYSTEM\\ControlSet001\\Enum\\Root ' ;
12
13 // ObjectType : = SE_REGISTRY_KEY;
14
15 // 建立一个空的ACL;
16 if SetEntriesInAcl( 0 , nil , nil , OldDACL) <> ERROR_SUCCESS then
17 exit;
18
19 if (SetEntriesInAcl( 0 , nil , nil , NewDACL) <> ERROR_SUCCESS) then
20 exit;
21
22 // 获取现有的ACL列表到OldDACL
23 if GetNamedSecurityInfo(lpObjectName, ObjectType,
24 DACL_SECURITY_INFORMATION,
25 nil , nil ,
26 OldDACL,
27 nil , SD) <> ERROR_SUCCESS then
28 Application.MessageBox( ' 指定的键不存在! ' , ' 提示 ' ,MB_OK);
29
30 // 设置用户名"Everyone"对指定的键有所有操作权到结构ea
31 ZeroMemory(@ea, sizeof(EXPLICIT_ACCESS));
32
33 BuildExplicitAccessWithName(@ea,
34 ' Everyone ' , // name of trustee
35 GENERIC_ALL, // type of access
36 SET_ACCESS, // access mode
37 SUB_CONTAINERS_AND_OBJECTS_INHERIT); // 让自健继承他的权限; inheritance mode
38
39 // 合并结构ea和OldDACL的权限列表到新的NewDACL
40 if SetEntriesInAcl( 1 , @ea, nil , NewDACL) <> ERROR_SUCCESS then
41 goto Cleanup;
42
43 // 把新的ACL写入到指定的键
44 SetNamedSecurityInfo(lpObjectName, ObjectType,
45 DACL_SECURITY_INFORMATION,
46 nil , nil ,
47 NewDACL,
48 nil );
49
50
51 /////// 开始操作注册表 //////////
52 // 恢复注册表的权限;
53
54 BuildExplicitAccessWithName(@ea,
55 ' Everyone ' , // name of trustee
56 GENERIC_READ, // type of access
57 SET_ACCESS, // access mode
58 NO_INHERITANCE); // 让自健继承他的权限; inheritance mode
59
60 if SetEntriesInAcl( 1 , @ea, nil , OldDACL) <> ERROR_SUCCESS then
61 goto Cleanup;
62
63 // 把旧的ACL写入到指定的键
64 SetNamedSecurityInfo(lpObjectName, ObjectType,
65 DACL_SECURITY_INFORMATION,
66 nil , nil ,
67 OldDACL,
68 nil );
69
70 // 释放指针
71 Cleanup:
72 if SD <> nil then
73 LocalFree(HLOCAL (SD));
74 if NewDACL <> nil then
75 LocalFree(HLOCAL (NewDACL));
76 if OldDACL <> nil then
77 LocalFree(HLOCAL( OldDACL));
78
设置权限以前注册表的权限.
设置权限后未恢复的注册表权限
转载于:https://www.cnblogs.com/zhaoyong/archive/2009/07/03/1515994.html