Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Processing group policy with GP Extension

I created a Group Policy extension that implements ProcessGroupPolicyEx. I sucesfully am notified when I receive a group policy.

I am however at a loss to how to read the policy from inside the GPO. The example stops at looping through GPOs:

 for( pCurGPO = pChangedGPOList; pCurGPO; pCurGPO = pCurGPO->pNext )
   {
       if( *pbAbort )
       {
           // Abort.
           break;
       }
       // ...
   }

That is fine, but how do I get the policy (the actual settings) inside the pCurGPO? I need to get either the settings that this GPO contains, or the registry key where it stores them. This is because I created multiple ADMX templates that target my extension, so I need to tell them apart.

So far, I've found some samples, but they assume that the extension knows what registries will be changed, in advance. However, in my case, I do not want the extension to make this assumption, I want it to check the updated GPO and determine exactly what is being changed.

Any pointers would be greatly appreciated.

like image 439
Will I Am Avatar asked May 24 '17 23:05

Will I Am


1 Answers

So after squirreling through the Chromium code (per amritanshu comment), I found one way which seems to work, however I am not yet understanding what exceptions there may be (if any):

  1. get lpFileSysPath field of the pCurObj which will be a UNC path.
  2. Append "\Registry.pol" to the path.
  3. Read and parse the resulting file, which will be a PReg file.

The PReg file is documented here: https://msdn.microsoft.com/en-us/library/aa374407(v=vs.85).aspx

If anyone sees anything wrong with this approach, or knows of any exceptions for this algorithm, please let me know.

EDIT: Also found this blog with a better written, though similar explanation: https://redsigil.weebly.com/home/group-policy-callbacks-the-missing-documentation

like image 134
Will I Am Avatar answered Sep 20 '22 17:09

Will I Am