How to assign new rights (ACL) to existing registry key without inheriting rights from parent

Question

New rights can be set using RegistryKey.SetAccessControl(new RegistrySecurity(...)). But after that the inheritance is turned on.

Is there a way to assign new rights without turning the inheritance on?

The whole code:

void test
{

    SecurityIdentifier sidAccUser = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
    NTAccount ntAccUser = sidAccUser.Translate(typeof(NTAccount)) as NTAccount;

    RegistryAccessRule regAcRule = new RegistryAccessRule(
      ntAccUser
    , RegistryRights.FullControl
    , InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit
    , PropagationFlags.None
    , AccessControlType.Allow);

    RegistrySecurity regSecurity = new RegistrySecurity();
    regSecurity.AddAccessRule(regAcRule);

    RegistryKey regKey = Registry.CurrentUser.OpenSubKey(@"ZZTEST", true);

    // after that the inheritance is turned on
    regKey.SetAccessControl(regSecurity);

}

I found this solution but don't want to use a COM-Server: Setting permissions and blocking inheritance from C# with SetACL

Answer 1

Use SetAccessRuleProtection to protect the DACL from inheritance..

regSecurity.SetAccessRuleProtection(true, false);

• http://msdn.microsoft.com/en-us/library/vstudio/system.security.accesscontrol.objectsecurity.setaccessruleprotection(v=vs.100).aspx