还需要使用另一种本机方法并提供SDDL ，以下代码在正确的注册表项上设置ACL：

Another native method needs to be involved and given an SDDL, the following code sets ACLs on the right registry key:

[DllImport("Advapi32.dll", CallingConvention = CallingConvention.Winapi, SetLastError = true, CharSet = CharSet.Auto)]
internal static extern bool ConvertStringSecurityDescriptorToSecurityDescriptor(string stringSecurityDescriptor, int stringSDRevision, out IntPtr ppSecurityDescriptor, ref int securityDescriptorSize);

string sddl = "...";
IntPtr secDescriptor = IntPtr.Zero;
int size = 0;
ConvertStringSecurityDescriptorToSecurityDescriptor
   (
      sddl,
      1,                              // revision 1
      out secDescriptor,
      ref size
   );

// get handle with RegOpenKeyEx

RegSetKeySecurity
(
     handle,
     0x00000004,                      // DACL_SECURITY_INFORMATION
     secDescriptor
);