利用组策略API 编辑GPO(Group Policy Object)
用windows自带的GPO Editor编辑修改,然后利用注册表监控器regFromApp监视注册表的改动,就知道某个策略修改了注册表的哪个字段了。
下面是禁止U盘访问的例子:
1 #include <gpedit.h> 2 #include <windows.h> 3 #include <objbase.h> 4 #include <comdef.h> 5 #include <sstream> 6 #include <iostream> 7 8 int main() 9 { 10 DWORD val, val_size = sizeof(DWORD); 11 HRESULT hr; 12 IGroupPolicyObject* pLGPO; 13 HKEY machine_key, dsrkey; 14 // MSVC is finicky about these ones => redefine them 15 const IID my_IID_IGroupPolicyObject = 16 { 0xea502723, 0xa23d, 0x11d1, { 0xa7, 0xd3, 0x0, 0x0, 0xf8, 0x75, 0x71, 0xe3 } }; 17 const IID my_CLSID_GroupPolicyObject = 18 { 0xea502722, 0xa23d, 0x11d1, { 0xa7, 0xd3, 0x0, 0x0, 0xf8, 0x75, 0x71, 0xe3 } }; 19 GUID ext_guid = REGISTRY_EXTENSION_GUID; 20 // This next one can be any GUID you want 21 GUID snap_guid = { 0x3d271cfc, 0x2bc6, 0x4ac2, { 0xb6, 0x33, 0x3b, 0xdf, 0xf5, 0xbd, 0xab, 0x2a } }; 22 23 // Create an instance of the IGroupPolicyObject class 24 hr = CoInitializeEx(NULL, COINIT_APARTMENTTHREADED); 25 if (FAILED(hr)) 26 { 27 std::ostringstream errorStream; 28 errorStream << "Failed to initialize COM library. Error code = 0x" << std::hex << hr << std::endl; 29 std::cout << errorStream.str() << std::endl; 30 return 0; 31 } 32 33 hr = CoCreateInstance(my_CLSID_GroupPolicyObject, NULL, CLSCTX_INPROC_SERVER, 34 my_IID_IGroupPolicyObject, (LPVOID*)&pLGPO); 35 36 // We need the machine LGPO (if C++, no need to go through the lpVtbl table) 37 pLGPO->OpenLocalMachineGPO(GPO_OPEN_LOAD_REGISTRY); 38 pLGPO->GetRegistryKey(GPO_SECTION_MACHINE, &machine_key); 39 40 // The disable System Restore is a DWORD value of Policies\Microsoft\Windows\DeviceInstall\Settings 41 RegCreateKeyEx(machine_key, "SOFTWARE\\Policies\\Microsoft\\Windows\\DeviceInstall\\Restrictions", 42 0, NULL, 0, KEY_SET_VALUE | KEY_QUERY_VALUE, NULL, &dsrkey, NULL); 43 44 // Create the value 45 val = 1; 46 RegSetKeyValue(dsrkey, NULL, "DenyRemovableDevices", REG_DWORD, &val, sizeof(val)); 47 RegCloseKey(dsrkey); 48 49 // Apply policy and free resources 50 pLGPO->Save(TRUE, TRUE, &ext_guid, &snap_guid); 51 RegCloseKey(machine_key); 52 pLGPO->Release(); 53 return 0; 54 }
rereferences:
http://pete.akeo.ie/2011/03/porgramatically-setting-and-applying.html
http://www.nirsoft.net/utils/reg_file_from_application.html
http://blog.sina.com.cn/s/blog_4e0987310101irm8.html