/// <summary>
/// sets user profile quota
/// </summary>
/// <param name="where">ROOTKEY hklm or hku</param>
/// <param name="name">SubKey name</param>
/// <param name="quota">if 0 means the profile quota GPO it will be deleted</param>
/// <returns>false on error</returns>
public static Boolean SetQuota(Abstractions.WindowsApi.pInvokes.structenums.RegistryLocation where, string name, uint quota)
{
LibraryLogging.Info("set Quota for {0}", name);
try
{
using (RegistryKey key = Abstractions.WindowsApi.pInvokes.GetRegistryLocation(where).CreateSubKey(name + @"\Software\Microsoft\Windows\CurrentVersion\Policies\System"))
{
if (quota > 0)
{
key.SetValue("EnableProfileQuota", 1, RegistryValueKind.DWord);
//key.SetValue("ProfileQuotaMessage", "You have exceeded your profile storage space. Before you can log off, you need to move some items from your profile to network or local storage.", RegistryValueKind.String);
key.SetValue("MaxProfileSize", quota, RegistryValueKind.DWord);
key.SetValue("IncludeRegInProQuota", 1, RegistryValueKind.DWord);
key.SetValue("WarnUser", 1, RegistryValueKind.DWord);
key.SetValue("WarnUserTimeout", 5, RegistryValueKind.DWord);
}
else
{
key.DeleteValue("EnableProfileQuota", false);
key.DeleteValue("ProfileQuotaMessage", false);
key.DeleteValue("MaxProfileSize", false);
key.DeleteValue("IncludeRegInProQuota", false);
key.DeleteValue("WarnUser", false);
key.DeleteValue("WarnUserTimeout", false);
}
}
}
catch (Exception ex)
{
LibraryLogging.Error("Can't set profile quota for {0} Error:{1}", name, ex.Message);
return(false);
}
return(true);
}
/// <summary>
/// apply registry security settings to user profiles
/// </summary>
public static bool RegSec(Abstractions.WindowsApi.pInvokes.structenums.RegistryLocation where, string keyname, SecurityIdentifier userSid)
{
try
{
using (RegistryKey key = Abstractions.WindowsApi.pInvokes.GetRegistryLocation(where).OpenSubKey(keyname, true))
{
RegistrySecurity keySecurity = key.GetAccessControl(AccessControlSections.Access);
string sddl = keySecurity.GetSecurityDescriptorSddlForm(AccessControlSections.All);
foreach (RegistryAccessRule user in keySecurity.GetAccessRules(true, true, typeof(SecurityIdentifier)))
{
if (user.IdentityReference.Value.StartsWith("S-1-5-21-") && !user.IdentityReference.Value.Equals(userSid.Value))
{
sddl = sddl.Replace(user.IdentityReference.Value, userSid.Value);
keySecurity.SetSecurityDescriptorSddlForm(sddl);
key.SetAccessControl(keySecurity);
break;
}
}
foreach (string subkey in key.GetSubKeyNames())
{
if (!RegSec(where, keyname + "\\" + subkey, userSid))
{
return(false);
}
}
}
}
catch (SystemException ex)
{
Log.WarnFormat("RegSec:{0} Warning {1}", keyname, ex.Message);
}
catch (Exception ex)
{
Log.ErrorFormat("RegSec:{0} Error:{1}", keyname, ex.Message);
return(false);
}
return(true);
}
/// <summary>
/// query for already set user profile quota
/// </summary>
/// <param name="where"></param>
/// <param name="name"></param>
/// <returns>true on already set</returns>
public static Boolean QueryQuota(Abstractions.WindowsApi.pInvokes.structenums.RegistryLocation where, string name)
{
LibraryLogging.Info("query Quota for {0}", name);
try
{
using (RegistryKey key = Abstractions.WindowsApi.pInvokes.GetRegistryLocation(where).OpenSubKey(name + @"\Software\Microsoft\Windows\CurrentVersion\Policies\System"))
{
if (key.GetValue("EnableProfileQuota") == null)
{
return(false);
}
}
}
catch (Exception ex)
{
LibraryLogging.Error("Can't get profile quota for {0} Error:{1}", name, ex.Message);
return(false);
}
return(true);
}
