Menu
Is it possible to apply (and remove) Windows group policy settings using .NET?
I am working on an application that needs to temporarily put a machine into a restricted, kiosk-like state. One of the things I need to control is access to USB drives which I believe I can do through group policy. I'd like my app to set the policy when it starts and revert the change when it exits... is this something I can do through .NET framework calls?
These are my primary requirements:
367
NOTE: I use two GroupPolicy assembly references: C:\Windows\assembly\GAC_MSIL\Microsoft.GroupPolicy.Management\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Management.dll and C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Management.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Management.Interop.dll This framework 2.0, so there are mixed code, and you must use app.config: http://msmvps.com/blogs/rfennell/archive/2010/03/27/mixed-mode-assembly-is-built-against-version-v2-0-50727-error-using-net-4-development-web-server.aspx
I made it like that.
using System.Collections.ObjectModel;
using Microsoft.GroupPolicy;
using Microsoft.Win32;
/// <summary>
/// Change user's registry policy
/// </summary>
/// <param name="gpoName">The name of Group Policy Object(DisplayName)</param>
/// <param name="keyPath">Is KeyPath(like string path=@"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer")</param>
/// <param name="typeOfKey">DWord, ExpandString,... e.t.c </param>
/// <param name="parameterName">Name of parameter</param>
/// <param name="value">Value</param>
/// <returns>result: true\false</returns>
public bool ChangePolicyUser(string gpoName, string keyPath, RegistryValueKind typeOfKey, string parameterName, object value)
{
try
{
RegistrySetting newSetting = new PolicyRegistrySetting();
newSetting.Hive = RegistryHive.CurrentUser;
newSetting.KeyPath = keyPath;
bool contains = false;
//newSetting.SetValue(parameterName, value, typeOfKey);
switch (typeOfKey)
{
case RegistryValueKind.String:
newSetting.SetValue(parameterName, (string)value, typeOfKey);
break;
case RegistryValueKind.ExpandString:
newSetting.SetValue(parameterName, (string)value, typeOfKey);
break;
case RegistryValueKind.DWord:
newSetting.SetValue(parameterName, (Int32)value);
break;
case RegistryValueKind.QWord:
newSetting.SetValue(parameterName, (Int64)value);
break;
case RegistryValueKind.Binary:
newSetting.SetValue(parameterName, (byte[])value);
break;
case RegistryValueKind.MultiString:
newSetting.SetValue(parameterName, (string[])value, typeOfKey);
break;
}
Gpo gpoTarget = _gpDomain.GetGpo(gpoName);
RegistryPolicy registry = gpoTarget.User.Policy.GetRegistry(false);
try
{
ReadOnlyCollection<RegistryItem> items = gpoTarget.User.Policy.GetRegistry(false).Read(newSetting.Hive, keyPath);
foreach (RegistryItem item in items)
{
if (((RegistrySetting) item).ValueName == parameterName)
{
contains = true;
}
}
registry.Write((PolicyRegistrySetting) newSetting, !contains);
registry.Save(false);
return true;
}
catch (ArgumentException)
{
registry.Write((PolicyRegistrySetting)newSetting, contains);
registry.Save(true);
return true;
}
}
catch (Exception)
{
return false;
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
