How to assign new rights (ACL) to existing registry key without inheriting rights from parent

Question

New rights can be set using RegistryKey.SetAccessControl(new RegistrySecurity(...)) . But after that the inheritance is turned on .

Is there a way to assign new rights without turning the inheritance on?

The whole code:

void test
{

    SecurityIdentifier sidAccUser = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
    NTAccount ntAccUser = sidAccUser.Translate(typeof(NTAccount)) as NTAccount;

    RegistryAccessRule regAcRule = new RegistryAccessRule(
      ntAccUser
    , RegistryRights.FullControl
    , InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
    , PropagationFlags.None
    , AccessControlType.Allow);

    RegistrySecurity regSecurity = new RegistrySecurity();
    regSecurity.AddAccessRule(regAcRule);

    RegistryKey regKey = Registry.CurrentUser.OpenSubKey(@"ZZTEST", true);

    // after that the inheritance is turned on
    regKey.SetAccessControl(regSecurity);

}

I found this solution but don't want to use a COM-Server: Setting permissions and blocking inheritance from C# with SetACL

Answer 1

Use SetAccessRuleProtection to protect the DACL from inheritance..

regSecurity.SetAccessRuleProtection(true, false);

• http://msdn.microsoft.com/en-us/library/vstudio/system.security.accesscontrol.objectsecurity.setaccessruleprotection(v=vs.100).aspx