System.Security.AccessControl.RegistryAuditRule Class

Represents a set of access rights to be audited for a user or group. This class cannot be inherited.

See Also: RegistryAuditRule Members


public sealed class RegistryAuditRule : AuditRule


The System.Security.AccessControl.RegistryAuditRule class is one of a set of classes that the .NET Framework provides for managing Windows access control security on registry keys. For an overview of these classes and their relationship to the underlying Windows access control structures, see System.Security.AccessControl.RegistrySecurity.


Windows access control security can only be applied to registry keys. It cannot be applied to individual key/value pairs stored in a key.

To get a list of the audit rules currently applied to a registry key, use the Microsoft.Win32.RegistryKey.GetAccessControl method to get a System.Security.AccessControl.RegistrySecurity object, and then use its CommonObjectSecurity.GetAuditRules(bool, bool, Type) method to obtain a collection of System.Security.AccessControl.RegistryAuditRule objects.

System.Security.AccessControl.RegistryAuditRule objects do not map one-to-one with access control entries in the underlying discretionary access control list (DACL). When you get the set of all audit rules for a registry key, the set contains the minimum number of rules currently required to express all the access control entries.


The underlying access control entries change as you apply and remove rules. The information in rules is merged if possible, to maintain the smallest number of access control entries. Thus, when you read the current list of rules, it might not look exactly like the list of all the rules you have added.

Use System.Security.AccessControl.RegistryAuditRule objects to specify access rights to be audited for a user or group. To apply a rule to a registry key, use the Microsoft.Win32.RegistryKey.GetAccessControl method to get the System.Security.AccessControl.RegistrySecurity object. Modify the System.Security.AccessControl.RegistrySecurity object by using its methods to add the rule, and then use the Microsoft.Win32.RegistryKey.SetAccessControl(RegistrySecurity) method to reattach the security object.


Changes you make to a System.Security.AccessControl.RegistrySecurity object do not affect the access levels of the registry key until you call the Microsoft.Win32.RegistryKey.SetAccessControl(RegistrySecurity) method to assign the altered security object to the registry key.

System.Security.AccessControl.RegistryAuditRule objects are immutable. Security for a registry key is modified by using the methods of the System.Security.AccessControl.RegistrySecurity class to add or remove rules; as you do this, the underlying access control entries are modified.


Namespace: System.Security.AccessControl
Assembly: mscorlib (in mscorlib.dll)
Assembly Versions:,
Since: .NET 2.0