Remove a 'Deny' rule (permission) from the 'UserChoice' key in the Registry via C#

Asked 24/5, 2011 at 9:6 Answered 22/12, 2016 at 19:14

I am working on File Associations. I have identified that there is a key called UserChoice in:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\[ext].

I have been able to read from and write to the UserChoice key provided that I create it and that it has not already been created by Windows. However, if the UserChoice key has already been created by Windows, then I need to run as Administrator to get access to the key. My ultimate goal is to delete the UserChoice key.

I have noted that Windows places a Deny rule on the UserChoice key which is preventing me from deleting that key. If I can succeed in removing that rule, I believe that I'll be able to delete the UserChoice key. Here is the code that I have tried:

public static void ShowSecurity(RegistryKey regKeyRoot, string user) {
    RegistrySecurity security = regKeyRoot.GetAccessControl(AccessControlSections.All);

    foreach (RegistryAccessRule ar in
        security.GetAccessRules(true, true, typeof(NTAccount))) {

        if (ar.IdentityReference.Value.Contains(User) &&
                ar.AccessControlType.ToString().ToLower() == "deny") {

            security.RemoveAccessRuleSpecific(ar);
            regKeyRoot.SetAccessControl(security);
        }
    }
}

When Windows creates the UserChoice key it adds a security rule for the current user of Type Deny; permission: Special. This rule is not inherited and applies to the UserChoice key only.

With some messing about and running as Administrator I am able to access that RegistryAccessRule. However even running as Administrator, I cannot remove this rule. I have read somewhere in my research that there is not a programmatic way to do it. I can remove this rule via RegEdit. I can also remove the UserChoice key using File Types Manager from NirSoft. So I assume there is some way to do this.

Summary: Is there a way that I can remove the Deny rule so that I can delete the UserChoice key?

Pender answered 24/5, 2011 at 9:6 Comment(3)

Anyone found a way to do this? I am running into the same issue. – Brandt 31/5, 2011 at 16:0

Unfortunately not so far as I know. I have done some more work on it but I think it will need unmanaged code.......... – Pender 2/6, 2011 at 18:3

@Pender Your code is definitely on the right track. Your code and the revised code provided in the answer by ali lead me to success. It is not necessary to resort to unmanaged code. Please see my answer. – Segment 22/12, 2016 at 19:51

Your code example and the revisions suggested in the answer by @ali lead me to a solution for overcoming the security setting that Windows places on the UserChoice key which enabled me to delete that key.

My solution presumes that the UserChoice key is present in the HKEY_CURRENT_USER (HKCU) hive. If that is the case, the user owns the UserChoice key and therefore has the necessary privileges to change the security settings on that key and ultimately delete it. (This means that the user does not need to be a member of the Administrators group.)

The extensionKey parameter of this method is the parent key of the UserChoice key.

static void DeleteUserChoiceKey(RegistryKey extensionKey)
{
    const string userChoiceKeyName = "UserChoice";

    using (RegistryKey userChoiceKey =
        extensionKey.OpenSubKey(userChoiceKeyName,
            RegistryKeyPermissionCheck.ReadWriteSubTree,
            RegistryRights.ChangePermissions))
    {
        if (userChoiceKey == null) { return; }
        string userName = WindowsIdentity.GetCurrent().Name;
        RegistrySecurity security = userChoiceKey.GetAccessControl();

        AuthorizationRuleCollection accRules =
            security.GetAccessRules(true, true, typeof(NTAccount));

        foreach (RegistryAccessRule ar in accRules)
        {
            if (ar.IdentityReference.Value == userName &&
                ar.AccessControlType == AccessControlType.Deny)
            {
                security.RemoveAccessRuleSpecific(ar); // remove the 'Deny' permission
            }
        }

        userChoiceKey.SetAccessControl(security); // restore all original permissions
                                                  // *except* for the 'Deny' permission
    }

    extensionKey.DeleteSubKeyTree(userChoiceKeyName, true);
}

Segment answered 22/12, 2016 at 19:14 Comment(0)

A quick thought. Does it work if you take ownership og the regKey, before changing the rules on it

Knott answered 12/8, 2011 at 11:18 Comment(1)

Can you expand on that a bit please? Thanks – Pender 12/8, 2011 at 11:51

public static void ShowSecurity(RegistryKey regKeyRoot, string user) 
{

regKeyRoot.OpenSubKey("", RegistryKeyPermissionCheck.ReadWriteSubTree,
                    RegistryRights.ChangePermissions);

RegistrySecurity security = regKeyRoot.GetAccessControl(AccessControlSections.All);

security.SetGroup( new NTAccount("Administrators") );
security.SetOwner( new NTAccount("ali") ); //Your account name
security.SetAccessRuleProtection(true, false);
regKeyRoot.SetAccessControl(security);

//---------

  foreach (RegistryAccessRule ar in security.GetAccessRules(true, true, typeof(NTAccount))) 
  {
    if (ar.IdentityReference.Value.Contains(User) && ar.AccessControlType ==  AccessControlType.Deny )
       security.RemoveAccessRuleSpecific(ar);
  }

regKeyRoot.SetAccessControl(security);


}

Mayle answered 1/2, 2015 at 21:22 Comment(0)

Recommended topics

Hot tags