利用组策略API 编辑GPO(Group Policy Object)

用windows自带的GPO Editor编辑修改,然后利用注册表监控器regFromApp监视注册表的改动,就知道某个策略修改了注册表的哪个字段了。

下面是禁止U盘访问的例子:

 
 1 #include <gpedit.h>
 2 #include <windows.h>
 3 #include <objbase.h>
 4 #include <comdef.h>
 5 #include <sstream>
 6 #include <iostream>
 7 
 8 int main()
 9 {
10     DWORD val, val_size = sizeof(DWORD);
11     HRESULT hr;
12     IGroupPolicyObject* pLGPO;
13     HKEY machine_key, dsrkey;
14     // MSVC is finicky about these ones => redefine them
15     const IID my_IID_IGroupPolicyObject =
16     { 0xea502723, 0xa23d, 0x11d1, { 0xa7, 0xd3, 0x0, 0x0, 0xf8, 0x75, 0x71, 0xe3 } };
17     const IID my_CLSID_GroupPolicyObject =
18     { 0xea502722, 0xa23d, 0x11d1, { 0xa7, 0xd3, 0x0, 0x0, 0xf8, 0x75, 0x71, 0xe3 } };
19     GUID ext_guid = REGISTRY_EXTENSION_GUID;
20     // This next one can be any GUID you want
21     GUID snap_guid = { 0x3d271cfc, 0x2bc6, 0x4ac2, { 0xb6, 0x33, 0x3b, 0xdf, 0xf5, 0xbd, 0xab, 0x2a } };
22 
23     // Create an instance of the IGroupPolicyObject class
24     hr = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED);
25     if (FAILED(hr))
26     {
27         std::ostringstream errorStream;
28         errorStream << "Failed to initialize COM library. Error code = 0x" << std::hex << hr << std::endl;
29         std::cout << errorStream.str() << std::endl;
30         return 0;
31     }
32 
33     hr = CoCreateInstance(my_CLSID_GroupPolicyObject, NULL, CLSCTX_INPROC_SERVER,
34         my_IID_IGroupPolicyObject, (LPVOID*)&pLGPO);
35 
36     // We need the machine LGPO (if C++, no need to go through the lpVtbl table)
37     pLGPO->OpenLocalMachineGPO(GPO_OPEN_LOAD_REGISTRY);
38     pLGPO->GetRegistryKey(GPO_SECTION_MACHINE, &machine_key);
39 
40     // The disable System Restore is a DWORD value of Policies\Microsoft\Windows\DeviceInstall\Settings
41     RegCreateKeyEx(machine_key, "SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions",
42         0, NULL, 0, KEY_SET_VALUE | KEY_QUERY_VALUE, NULL, &dsrkey, NULL);
43 
44     // Create the value
45     val = 1;
46     RegSetKeyValue(dsrkey, NULL, "DenyRemovableDevices", REG_DWORD, &val, sizeof(val));
47     RegCloseKey(dsrkey);
48 
49     // Apply policy and free resources
50     pLGPO->Save(TRUE, TRUE, &ext_guid, &snap_guid);
51     RegCloseKey(machine_key);
52     pLGPO->Release();
53     return 0;
54 }

 

rereferences:

http://pete.akeo.ie/2011/03/porgramatically-setting-and-applying.html

http://www.nirsoft.net/utils/reg_file_from_application.html

http://blog.sina.com.cn/s/blog_4e0987310101irm8.html

posted @ 2017-04-24 18:10  foo__hack  阅读(2802)  评论(0编辑  收藏  举报