是否可以使用.NET应用(和删除)
Windows组策略设置?
我正在开发一个应用程序,需要暂时将机器置于受限制的,类似于kiosk的状态.我需要控制的一件事是访问USB驱动器,我相信我可以通过组策略来实现.我希望我的应用程序在启动时设置策略并在退出时还原更改…这是我可以通过.NET框架调用执行的操作吗?
这些是我的主要要求:
>启动控制台应用程序时应用组策略设置.
>确定策略拒绝用户操作的时间并记录它.
>可以登录系统安全日志.
>当我的应用停止时,还原我的政策更改.
解决方法
尝试使用
IGroupPolicyObject
bool SetGroupPolicy(HKEY hKey,LPCTSTR subKey,LPCTSTR valueName,DWORD dwType,const BYTE* szkeyValue,DWORD dwkeyValue)
{
CoInitialize(NULL);
HKEY ghKey,ghSubKey,hSubKey;
LPDWORD flag = NULL;
IGroupPolicyObject *pGPO = NULL;
HRESULT hr = CoCreateInstance(CLSID_GroupPolicyObject,NULL,CLSCTX_ALL,IID_IGroupPolicyObject,(LPVOID*)&pGPO);
if(!SUCCEEDED(hr))
{
MessageBox(NULL,L"Failed to initialize GPO",L"",S_OK);
}
if (RegCreateKeyEx(hKey,subKey,REG_OPTION_NON_VOLATILE,KEY_WRITE,&hSubKey,flag) != ERROR_SUCCESS)
{
return false;
CoUninitialize();
}
if(dwType == REG_SZ)
{
if(RegSetValueEx(hSubKey,valueName,dwType,szkeyValue,strlen((char*)szkeyValue) + 1) != ERROR_SUCCESS)
{
RegCloseKey(hSubKey);
CoUninitialize();
return false;
}
}
else if(dwType == REG_DWORD)
{
if(RegSetValueEx(hSubKey,(BYTE*)&dwkeyValue,sizeof(dwkeyValue)) != ERROR_SUCCESS)
{
RegCloseKey(hSubKey);
CoUninitialize();
return false;
}
}
if(!SUCCEEDED(hr))
{
MessageBox(NULL,S_OK);
CoUninitialize();
return false;
}
if(pGPO->OpenLocalMachineGPO(GPO_OPEN_LOAD_REGISTRY) != S_OK)
{
MessageBox(NULL,L"Failed to get the GPO mapping",S_OK);
CoUninitialize();
return false;
}
if(pGPO->GetRegistryKey(GPO_SECTION_USER,&ghKey) != S_OK)
{
MessageBox(NULL,L"Failed to get the root key",S_OK);
CoUninitialize();
return false;
}
if(RegCreateKeyEx(ghKey,&ghSubKey,flag) != ERROR_SUCCESS)
{
RegCloseKey(ghKey);
MessageBox(NULL,L"Cannot create key",S_OK);
CoUninitialize();
return false;
}
if(dwType == REG_SZ)
{
if(RegSetValueEx(ghSubKey,strlen((char*)szkeyValue) + 1) != ERROR_SUCCESS)
{
RegCloseKey(ghKey);
RegCloseKey(ghSubKey);
MessageBox(NULL,L"Cannot create sub key",S_OK);
CoUninitialize();
return false;
}
}
else if(dwType == REG_DWORD)
{
if(RegSetValueEx(ghSubKey,sizeof(dwkeyValue)) != ERROR_SUCCESS)
{
RegCloseKey(ghKey);
RegCloseKey(ghSubKey);
MessageBox(NULL,L"Cannot set value",S_OK);
CoUninitialize();
return false;
}
}
if(pGPO->Save(false,true,const_cast<GUID*>(&EXTENSION_GUID),const_cast<GUID*>(&CLSID_GPESnapIn)) != S_OK)
{
RegCloseKey(ghKey);
RegCloseKey(ghSubKey);
MessageBox(NULL,L"Save Failed",S_OK);
CoUninitialize();
return false;
}
pGPO->Release();
RegCloseKey(ghKey);
RegCloseKey(ghSubKey);
CoUninitialize();
return true;
}
// Remove the Log Off in start menu SetGroupPolicy(HKEY_CURRENT_USER,L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",L"StartMenulogoff",REG_DWORD,1);
