Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to make an application GPO aware?

Tags:

windows

delphi

group-policy

I'm writing an application in Delphi 2010, and I'd like to provide the option to the administrator to configure it via Group Policy. Any recommendations on good ways to make my application GPO aware? Note, I am only looking to create a computer based GPO, not user.

My current solution involves simply first determining if any values have been written to the registry at HKLM\software\policies\MyProgram. If they have, I assume that GPO has been applied and I use this location to read configuration.

If nothing exists at the above registry location, I proceed to reading configuration at the standard location, whether that's an INI file, or another reg key does not matter. At this point, I make the assumption in the program that group policies are not being used.

Would anyone suggest a better way to make this application GPO aware?

like image 686
Mick Avatar asked Dec 07 '10 16:12

Mick

1 Answers

It's not that you have to be group policy aware, it's that the group policy has to be aware of the registry keys your program uses.

The purpose of custom Group Policy Templates is to have a user-interface for managing a custom set of registry keys used by a particular program. The domain administrator sets the policy to the desired values, and the policy is pushed out to machines on the domain.

In your case, the custom policy template will define the corresponding HKLM registry keys that your program uses. You can now trust that the values stored in:

HKLM\Software\MickSoftware\My Program 2010

are what the administrator has desired be there.

Note: The following "policy" registry locations are non-persistent:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
HKEY_CURRENT_USER\SOFTWARE\Policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies

"This means that when you log off the computer or when you shut down the computer, the policy settings are removed."

So it seems to me you want to store your registry values where you normally store them, e.g.:

HKLM\Software\Avatar Software Creations\HelpDesk\DatabaseServer
    ServerName: REG_SZ = "lithium"
    UserID: REG_SZ = "helpdesk"
    Password: REG_SZ = "aSBsb3ZlIHlvdSBLaXJzdGVuIFNoZWxieSBHdXllcg=="
like image 159
Ian Boyd Avatar answered Sep 28 '22 17:09

Ian Boyd
Sign in to Comment

Related questions

How to add submenu items to the Windows Explorer context menu?
Random MoveFileEx failures on Vista
Are there C++ free and fast (maybe standalone) refactoring tools for Windows? [duplicate]
How to monitor memcached statistics on windows?
Properly notifying all listeners of a system wide named manual reset event and then immediately resetting it
Programmatically adding security permissions to files in C#
Best way to improve performance (and include somehow failover)
What's the cost (in cycles) to switch between Windows Kernel and User mode?
Split large file without copy?
Is there a way to hook or intercept CoGetClassObject and/or CoCreateInstance calls?
How can I detect all interfaces a COM object implements?
Can you see programmatically how much amperage a USB device is requesting in windows?
A simple way to convert to/from VARIANT types in C++
How to deal with Unicode strings in C/C++ in a cross-platform friendly way?
How to set input focus to a shown dialog in Qt?
IIS 7.5 Windows Authentication failed with 401
Avoiding Denial of Service attack
What is iTunes for Windows written of? [closed]
Analyze .exe/.dll (Windows PE) files for code bloats
What causes WriteFile to return ERROR_ACCESS_DENIED?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!