如何利用.NET应用的Windows组策略? [英] How to apply Windows group policy using .NET?
本文介绍了如何利用.NET应用的Windows组策略?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
是否可以申请(和删除)的Windows组策略设置使用.NET?
Is it possible to apply (and remove) Windows group policy settings using .NET?
我的工作,需要的暂时的把机器变成一个受限制的,自助式服务的状态的应用程序。其中一个我需要控制的事情是获得USB驱动器,我相信我可以通过组策略做。我想我的应用程序来设置策略时启动,并恢复了变化,当它退出...这是我能够做到的,通过.NET框架调用?
I am working on an application that needs to temporarily put a machine into a restricted, kiosk-like state. One of the things I need to control is access to USB drives which I believe I can do through group policy. I'd like my app to set the policy when it starts and revert the change when it exits... is this something I can do through .NET framework calls?
这是我的基本要求:
- 在应用组策略设置时,我的控制台应用程序已启动。
- 确定当用户操作由策略拒绝并记录它。
- 记录到系统安全日志是可以接受的。
- Apply group policy settings when my console app is started.
- Identify when a user action is denied by the policy and log it.
- Logging to the system security log is acceptable.
推荐答案
尝试使用的 IGroupPolicyObject
bool SetGroupPolicy(HKEY hKey, LPCTSTR subKey, LPCTSTR valueName, DWORD dwType, const BYTE* szkeyValue, DWORD dwkeyValue) { CoInitialize(NULL); HKEY ghKey, ghSubKey, hSubKey; LPDWORD flag = NULL; IGroupPolicyObject *pGPO = NULL; HRESULT hr = CoCreateInstance(CLSID_GroupPolicyObject, NULL, CLSCTX_ALL, IID_IGroupPolicyObject, (LPVOID*)&pGPO); if(!SUCCEEDED(hr)) { MessageBox(NULL, L"Failed to initialize GPO", L"", S_OK); } if (RegCreateKeyEx(hKey, subKey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hSubKey, flag) != ERROR_SUCCESS) { return false; CoUninitialize(); } if(dwType == REG_SZ) { if(RegSetValueEx(hSubKey, valueName, 0, dwType, szkeyValue, strlen((char*)szkeyValue) + 1) != ERROR_SUCCESS) { RegCloseKey(hSubKey); CoUninitialize(); return false; } } else if(dwType == REG_DWORD) { if(RegSetValueEx(hSubKey, valueName, 0, dwType, (BYTE*)&dwkeyValue, sizeof(dwkeyValue)) != ERROR_SUCCESS) { RegCloseKey(hSubKey); CoUninitialize(); return false; } } if(!SUCCEEDED(hr)) { MessageBox(NULL, L"Failed to initialize GPO", L"", S_OK); CoUninitialize(); return false; } if(pGPO->OpenLocalMachineGPO(GPO_OPEN_LOAD_REGISTRY) != S_OK) { MessageBox(NULL, L"Failed to get the GPO mapping", L"", S_OK); CoUninitialize(); return false; } if(pGPO->GetRegistryKey(GPO_SECTION_USER,&ghKey) != S_OK) { MessageBox(NULL, L"Failed to get the root key", L"", S_OK); CoUninitialize(); return false; } if(RegCreateKeyEx(ghKey, subKey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &ghSubKey, flag) != ERROR_SUCCESS) { RegCloseKey(ghKey); MessageBox(NULL, L"Cannot create key", L"", S_OK); CoUninitialize(); return false; } if(dwType == REG_SZ) { if(RegSetValueEx(ghSubKey, valueName, 0, dwType, szkeyValue, strlen((char*)szkeyValue) + 1) != ERROR_SUCCESS) { RegCloseKey(ghKey); RegCloseKey(ghSubKey); MessageBox(NULL, L"Cannot create sub key", L"", S_OK); CoUninitialize(); return false; } } else if(dwType == REG_DWORD) { if(RegSetValueEx(ghSubKey, valueName, 0, dwType, (BYTE*)&dwkeyValue, sizeof(dwkeyValue)) != ERROR_SUCCESS) { RegCloseKey(ghKey); RegCloseKey(ghSubKey); MessageBox(NULL, L"Cannot set value", L"", S_OK); CoUninitialize(); return false; } } if(pGPO->Save(false, true, const_cast<GUID*>(&EXTENSION_GUID), const_cast<GUID*>(&CLSID_GPESnapIn)) != S_OK) { RegCloseKey(ghKey); RegCloseKey(ghSubKey); MessageBox(NULL, L"Save failed", L"", S_OK); CoUninitialize(); return false; } pGPO->Release(); RegCloseKey(ghKey); RegCloseKey(ghSubKey); CoUninitialize(); return true; }
您可以调用这个函数这样的..
You can call this function like this..
// Remove the Log Off in start menu SetGroupPolicy(HKEY_CURRENT_USER, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", L"StartMenuLogOff", REG_DWORD, NULL, 1);
这篇关于如何利用.NET应用的Windows组策略?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文