代码之家  ›  专栏  ›  技术社区  ›  Seth Petry-Johnson

如何使用.NET应用Windows组策略?

windows-security .net c#
  •  6
  • Seth Petry-Johnson  · 技术社区  · 15 年前

    是否可以使用.NET应用(和删除)Windows组策略设置?

    暂时 把一台机器放进一个受限的,类似亭的状态。我需要控制的事情之一是访问USB驱动器,我相信我可以通过组策略来实现。我希望我的应用程序在启动时设置策略,并在退出时还原更改。。。这是我可以通过.NETFramework调用实现的吗?

    这些是我的主要要求:

    • 标识用户操作何时被策略拒绝并记录它。
      • 可以记录到系统安全日志。
    4 回复  |  直到 15 年前
        1
  •  4
  •   Arseni Mourzenko    13 年前

    尝试使用 IGroupPolicyObject 

    bool SetGroupPolicy(HKEY hKey, LPCTSTR subKey, LPCTSTR valueName, DWORD dwType, const BYTE* szkeyValue, DWORD dwkeyValue)
{
    CoInitialize(NULL);
    HKEY ghKey, ghSubKey, hSubKey;
    LPDWORD flag = NULL;
    IGroupPolicyObject *pGPO = NULL;
    HRESULT hr = CoCreateInstance(CLSID_GroupPolicyObject, NULL, CLSCTX_ALL, IID_IGroupPolicyObject, (LPVOID*)&pGPO);

    if(!SUCCEEDED(hr))
    {
        MessageBox(NULL, L"Failed to initialize GPO", L"", S_OK);
    }

    if (RegCreateKeyEx(hKey, subKey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hSubKey, flag) != ERROR_SUCCESS)
    {
        return false;
        CoUninitialize();
    }

    if(dwType == REG_SZ)
    {
        if(RegSetValueEx(hSubKey, valueName, 0, dwType, szkeyValue, strlen((char*)szkeyValue) + 1) != ERROR_SUCCESS)
        {
            RegCloseKey(hSubKey);
            CoUninitialize();
            return false;
        }
    }

    else if(dwType == REG_DWORD)
    {
        if(RegSetValueEx(hSubKey, valueName, 0, dwType, (BYTE*)&dwkeyValue, sizeof(dwkeyValue)) != ERROR_SUCCESS)
        {
            RegCloseKey(hSubKey);
            CoUninitialize();
            return false;
        }
    }

    if(!SUCCEEDED(hr))
    {
        MessageBox(NULL, L"Failed to initialize GPO", L"", S_OK);
        CoUninitialize();
        return false;
    }

    if(pGPO->OpenLocalMachineGPO(GPO_OPEN_LOAD_REGISTRY) != S_OK)
    {
        MessageBox(NULL, L"Failed to get the GPO mapping", L"", S_OK);
        CoUninitialize();
        return false;
    }

    if(pGPO->GetRegistryKey(GPO_SECTION_USER,&ghKey) != S_OK)
    {
        MessageBox(NULL, L"Failed to get the root key", L"", S_OK);
        CoUninitialize();
        return false;
    }

    if(RegCreateKeyEx(ghKey, subKey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &ghSubKey, flag) != ERROR_SUCCESS)
    {
        RegCloseKey(ghKey);
        MessageBox(NULL, L"Cannot create key", L"", S_OK);
        CoUninitialize();
        return false;
    }

    if(dwType == REG_SZ)
    {
        if(RegSetValueEx(ghSubKey, valueName, 0, dwType, szkeyValue, strlen((char*)szkeyValue) + 1) != ERROR_SUCCESS)
        {
            RegCloseKey(ghKey);
            RegCloseKey(ghSubKey);
            MessageBox(NULL, L"Cannot create sub key", L"", S_OK);
            CoUninitialize();
            return false;
        }
    }

    else if(dwType == REG_DWORD)
    {
        if(RegSetValueEx(ghSubKey, valueName, 0, dwType, (BYTE*)&dwkeyValue, sizeof(dwkeyValue)) != ERROR_SUCCESS)
        {
            RegCloseKey(ghKey);
            RegCloseKey(ghSubKey);
            MessageBox(NULL, L"Cannot set value", L"", S_OK);
            CoUninitialize();
            return false;
        }
    }

    if(pGPO->Save(false, true, const_cast<GUID*>(&EXTENSION_GUID), const_cast<GUID*>(&CLSID_GPESnapIn)) != S_OK)
    {
        RegCloseKey(ghKey);
        RegCloseKey(ghSubKey);
        MessageBox(NULL, L"Save failed", L"", S_OK);
        CoUninitialize();
        return false;
    }

    pGPO->Release();
    RegCloseKey(ghKey);
    RegCloseKey(ghSubKey);
    CoUninitialize();
    return true;
}

    你可以这样调用这个函数。。 

    // Remove the Log Off in start menu
SetGroupPolicy(HKEY_CURRENT_USER,
    L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
    L"StartMenuLogOff", REG_DWORD, NULL, 1);
        2
  •  3
  •   Jonik    13 年前

    注意:我使用两个GroupPolicy程序集引用: C:\Windows\assembly\GAC\u 32\Microsoft.GroupPolicy.Management.Interop\2.0.0.0\u 31bf3856ad364e35\Microsoft.GroupPolicy.Management.Interop.dll 这是framework 2.0,所以有混合代码,您必须使用app.config: http://msmvps.com/blogs/rfennell/archive/2010/03/27/mixed-mode-assembly-is-built-against-version-v2-0-50727-error-using-net-4-development-web-server.aspx 

    using System.Collections.ObjectModel;
using Microsoft.GroupPolicy;
using Microsoft.Win32;

/// <summary>
/// Change user's registry policy
/// </summary>
/// <param name="gpoName">The name of Group Policy Object(DisplayName)</param>
/// <param name="keyPath">Is KeyPath(like string path=@"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")</param>
/// <param name="typeOfKey">DWord, ExpandString,... e.t.c </param>
/// <param name="parameterName">Name of parameter</param>
/// <param name="value">Value</param>
/// <returns>result: true\false</returns>
public bool ChangePolicyUser(string gpoName, string keyPath, RegistryValueKind typeOfKey, string parameterName, object value)
    {
        try
        {
            RegistrySetting newSetting = new PolicyRegistrySetting();
            newSetting.Hive = RegistryHive.CurrentUser;
            newSetting.KeyPath = keyPath;
            bool contains = false;
            //newSetting.SetValue(parameterName, value, typeOfKey);
            switch (typeOfKey)
            {
                case RegistryValueKind.String:
                    newSetting.SetValue(parameterName, (string)value, typeOfKey);
                    break;
                case RegistryValueKind.ExpandString:
                    newSetting.SetValue(parameterName, (string)value, typeOfKey);
                    break;
                case RegistryValueKind.DWord:
                    newSetting.SetValue(parameterName, (Int32)value);
                    break;
                case RegistryValueKind.QWord:
                    newSetting.SetValue(parameterName, (Int64)value);
                    break;
                case RegistryValueKind.Binary:
                    newSetting.SetValue(parameterName, (byte[])value);
                    break;
                case RegistryValueKind.MultiString:
                    newSetting.SetValue(parameterName, (string[])value, typeOfKey);
                    break;
            }
            Gpo gpoTarget = _gpDomain.GetGpo(gpoName);
            RegistryPolicy registry = gpoTarget.User.Policy.GetRegistry(false);
            try
            {
                ReadOnlyCollection<RegistryItem> items = gpoTarget.User.Policy.GetRegistry(false).Read(newSetting.Hive, keyPath);
                foreach (RegistryItem item in items)
                {
                    if (((RegistrySetting) item).ValueName == parameterName)
                    {
                        contains = true;
                    }
                }
                registry.Write((PolicyRegistrySetting) newSetting, !contains);
                registry.Save(false);
                return true;
            }
            catch (ArgumentException)
            {
                registry.Write((PolicyRegistrySetting)newSetting, contains);
                registry.Save(true);
                return true;
            }
        }
        catch (Exception)
        {
            return false;
        }
    }
    推荐文章
    A B  ·  C#Excel自动调整列避免长文本时出错
    4 月前
    Alireza Noori  ·  全局配置用于本地化的MudDontext验证消息?
    4 月前
    Martyn C  ·  自定义StringEnumConverter未拾取所有枚举
    4 月前
    Nwerx_user  ·  在C#中,如何在不使用static关键字的情况下使用类外的方法?
    4 月前
    pseudodev  ·  失败的测试仅显示堆栈跟踪,不显示完整日志
    4 月前
    user19291301  ·  平行。ForEachAsync不会更改IEnumerable项的属性
    5 月前
    CactusCake  ·  if语句中应有分号
    5 月前
    LemonPotion  ·  SaveChangesAsync期间EF Core中的DbUpdateConcurrenty异常
    6 月前
    Bin4ry  ·  子文件夹中的应用程序设置
    6 月前
    enflky  ·  如何修改Winforms TabControl中所有选项卡中的WebView2内容?
    6 月前
    关于  
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号