I'm setting ACL on the registry key by pinvoking this native method:
[DllImport(@"advapi32.dll", EntryPoint = "RegSetKeySecurity", SetLastError = true)]
internal static extern int RegSetKeySecurity(SafeRegistryHandle handle, uint securityInformation, IntPtr pSecurityDescriptor);
My SDDL sets required inheritance (AR) on child objects:
D:ARP(A;CI;KA;;;SY)(A;CI;KA;;;BA)
Everything works fine and new child subkeys that get created after this ACL is set on the parent inherit the ACL. However, the problem is with already existing subkeys that do not inherit this ACL. How to force propagation of this ACL to the existing child subkeys?
