Previous Topic: PROCESS ClassNext Topic: REGVAL Class


REGKEY Class

Each record in the REGKEY class defines a key in the Windows registry.

The key to the REGKEY record is the full registry path to the Windows registry key.

Note: You can use wildcard characters as part of the path specification.

The following definitions describe the properties contained in a REGKEY record. Most properties are modifiable and can be manipulated using selang or the administration interfaces. Non-modifiable properties are marked informational.

DACL

The standard access control list that contains the user names and group names authorized to access the resource and the level of access granted to each.

Users who want to modify this property must be the owner of the resource or have special access to the resource (to modify the ACL).

Each element in the access control list contains the following information:

Access Type

Specifies permissions to the resource:

  • Allowed-Permits special access to the resource
  • Denied-Denies special access to the resource
Accessor

The name of the user or group for whom the access rights are allowed or denied.

Access

The access authority the accessor has to the resource. Valid access authorities for the REGKEY class are:

  • all-Allows or denies the accessor to perform all operations permissible for the class
  • append/create/subkey-Allows or denies the accessor to create or modify a subkey of the registry key
  • changeperm/sec/dac/writedac/perm-Allows or denies the accessor to modify the ACL (that is, add or remove accessors) of a resource.
  • chown/owner/takeownership-Allows or denies the accessor to change the owner of the resource
  • delete-Allows or denies the accessor to delete a resource
  • enum-Allows or denies the accessor to enumerate subkeys of the registry key
  • link-Allows or denies the accessor to create link to a registry key
  • notify-Allows or denies the accessor to request change notifications for a registry key or for subkeys of a registry key
  • query-Allows or denies the accessor to query a value of the registry key
  • read-Allows or denies the accessor to read the key's contents, but prevents changes from being saved
  • readcontrol/manage-Allows or denies the accessor to read the information in the registry key's security descriptor, not including the information in the system (audit) ACL
  • set-Allows or denies the accessor to create or set a value of the registry key
  • write-Allows or denies the accessor to change the registry key and its subkeys

Note: It is important to note the differences between an ACL that is empty (that is, one that has no entries) and a resource without an ACL. In the case of an empty ACL, no accesses are explicitly granted, so access is implicitly denied. For a resource that has no ACL, no protection is assigned to the object, so any access request is granted.

Use auth or auth- command to modify this property.

OWNER

The user or group designated as the owner of the resource.

Use the owner parameter with the newres, chres, and editres commands to modify this property.

SACL

Windows System Access Control List specifies audit directives.

SUBKEYS

(Informational). A list of registry keys (subkeys) located under the key.

SUBVALUES

(Informational). A list of registry values described in the current registry key.