AddDefaultRule Method
Adds a default rule.
Syntax
public boolean addDefaultRule(String mask, int accessFlags, String productGUID);
Remarks
This method adds a default rule for the files and directories that match the specified Mask. Each rule in a ruleset is uniquely identified by its mask; if a rule with the specified mask already exists, the new rule's parameters are merged into it.
If the rule is added successfully, this method returns true; otherwise, it returns false.
Default rules, like access rules, instruct the class's system driver to apply certain access restrictions to matching files and directories. However, unlike access rules, default rules are managed by the driver directly; they are activated as soon as the driver loads at boot time, and then continue to be enforced at all times, regardless of whether the application that added them is open.
The Mask parameter must be a valid file mask according to the File Masks topic. Only the files and directories which match the specified mask will be covered by the rule.
The AccessFlags parameter specifies which access restrictions the class's system driver should apply to matching files and directories. The value passed for this parameter should be constructed by OR'ing together zero or more of the following flags:
| ACCESS_NONE | 0x00 | No access restrictions. |
| ACCESS_READ_ONLY | 0x01 | Read-only access; writing and deleting is prohibited. |
| ACCESS_WRITE_ONLY | 0x02 | Write-only access; reading and deleting is prohibited. |
| ACCESS_DELETE_PROTECT | 0x04 | Deletion and renaming is prohibited. |
| ACCESS_EXECUTE_PROTECT | 0x08 | Execution is prohibited. |
| ACCESS_NO_CHANGE_DAC | 0x10 | Change of security attributes is prohibited. |
| ACCESS_NO_CHANGE_OWNER | 0x20 | Change of owner is prohibited. |
| ACCESS_RENAME_PROTECT | 0x40 | Renaming is prohibited. |
| ACCESS_DELETE_ONLY_PROTECT | 0x80 | Deletion is prohibited (renaming is not affected). |
| ACCESS_REMOTE_ACCESS_PROTECT | 0x100 | Access from other systems is prohibited. |
| ACCESS_DENY_ALL | 0x200 | All access is denied. |
| ACCESS_ALL_FLAGS | -1 | Used to denote all currently set access restriction flags. |
The ProductGUID parameter identifies the application that the rule should be associated with in the registry. In most cases, the value passed for this parameter should be the same one that was used to call the Initialize method.
This method requires administrative rights to execute successfully. If the user account of the process that calls this method doesn't have such rights, the call will fail with an ERROR_PRIVILEGE_NOT_HELD (0x0522) error. Please refer to the Default Rules topic for more information.
Note: The methods and properties related to rule management are not intended to be used from multiple threads at once. Applications that wish to use said methods and properties from multiple threads (such as, e.g., during the AfterFilterAttachToVolume and AfterFilterDetachFromVolume events) are responsible for employing proper thread synchronization techniques to ensure that manipulation and enumeration of the rule lists occurs in a thread-safe manner.