AddDefaultRule Method

Adds a default rule.

Syntax

public boolean addDefaultRule(String mask, int accessFlags, String productGUID);

Remarks

This method adds a default rule for the registry keys that match the specified Mask. Each rule in a ruleset is uniquely identified by its mask; if a rule with the specified mask already exists, the new rule's parameters are merged into it.

If the rule is added successfully, this method returns true; otherwise, it returns false.

Default rules, like access rules, instruct the class's system driver to apply certain access restrictions to matching registry keys. However, unlike access rules, default rules are managed by the driver directly; they are activated as soon as the driver loads at boot time, and then continue to be enforced at all times, regardless of whether the application that added them is open.

The Mask parameter must be a valid registry key mask according to the Registry Key Masks topic. Only the registry keys which match the specified mask will be covered by the rule.

The AccessFlags parameter specifies which access restrictions the class's system driver should apply to matching registry keys. The value passed for this parameter should be constructed by OR'ing together zero or more of the following flags:

ACCESS_NONE0x00No access restrictions.

ACCESS_READ_ONLY0x01Read-only access; writing and deleting is prohibited.

ACCESS_WRITE_ONLY0x02Write-only access; reading and deleting is prohibited.

ACCESS_DELETE_PROTECT0x04Deletion and renaming is prohibited.

ACCESS_EXECUTE_PROTECT0x08Execution is prohibited.

ACCESS_NO_CHANGE_DAC0x10Change of security attributes is prohibited.

ACCESS_NO_CHANGE_OWNER0x20Change of owner is prohibited.

ACCESS_RENAME_PROTECT0x40Renaming is prohibited.

ACCESS_DELETE_ONLY_PROTECT0x80Deletion is prohibited (renaming is not affected).

ACCESS_REMOTE_ACCESS_PROTECT0x100Access from other systems is prohibited.

ACCESS_DENY_ALL0x200All access is denied.

ACCESS_ALL_FLAGS-1Used to denote all currently set access restriction flags.

The ProductGUID parameter identifies the application that the rule should be associated with in the registry. In most cases, the value passed for this parameter should be the same one that was used to call the Initialize method.

This method requires administrative rights to execute successfully. If the user account of the process that calls this method doesn't have such rights, the call will fail with an ERROR_PRIVILEGE_NOT_HELD (0x0522) error. Please refer to the Default Rules topic for more information.

Note: The methods and properties related to rule management are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of the rule lists occurs in a thread-safe manner.

Copyright (c) 2022 Callback Technologies, Inc. - All rights reserved.
CBFS Filter 2020 Java Edition - Version 20.0 [Build 8317]