public static void SetPolicySetting(string key, string item, object value, RegistryValueKind kind)
{
// C# 不像 Python 那样有方便的 AOP,没法用注解来切STA线程,还得缩进一层挺难看的。
STAExecutor.Run(() =>
{
var gpo = new ComputerGroupPolicyObject();
var section = Key(key, out string subkey);
using var root = gpo.GetRootRegistryKey(section);
// Data can't be null so we can use this value to indicate key must be delete
if (value == null)
{
using var subKey = root.OpenSubKey(subkey, true);
if (subKey != null)
{
subKey.DeleteValue(item);
}
}
else
{
using var subKey = root.CreateSubKey(subkey);
subKey.SetValue(item, value, kind);
}
gpo.Save();
});
}
public static object GetPolicySetting(string registryInformation)
{
string valueName;
GroupPolicySection section;
string key = Key(registryInformation, out valueName, out section);
// Thread must be STA
object result = null;
var t = new Thread(() =>
{
var gpo = new ComputerGroupPolicyObject();
using (RegistryKey rootRegistryKey = gpo.GetRootRegistryKey(section))
{
// Data can't be null so we can use this value to indicate key must be delete
using (RegistryKey subKey = rootRegistryKey.OpenSubKey(key, true))
{
if (subKey == null)
{
result = null;
}
else
{
result = subKey.GetValue(valueName);
}
}
}
});
t.SetApartmentState(ApartmentState.STA);
t.Start();
t.Join();
return(result);
}
internal static void Lock()
{
#if DEBUG
return;
#endif
try
{
var gpo = new ComputerGroupPolicyObject();
using (var machine = gpo.GetRootRegistryKey(GroupPolicySection.User))
{
using (
var terminalServicesKey =
machine.CreateSubKey(@"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"))
{
terminalServicesKey?.SetValue("NoViewOnDrive", 0x03FFFFFF, RegistryValueKind.DWord);
}
using (
var terminalServicesKey =
machine.CreateSubKey(
@"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun")
)
{
terminalServicesKey?.SetValue("1", "iexplore.exe", RegistryValueKind.String);
}
}
gpo.Save();
}
catch
{
}
}
public void GroupPolicyEdit()
{
var gpo = new ComputerGroupPolicyObject();
const string keyPath =
@"Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{9FD4B3FF-CE5D-4436-9FF1-F9EC607330D3}User\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1";
using (RegistryKey machine = gpo.GetRootRegistryKey(GroupPolicySection.Machine))
{
using (RegistryKey terminalServicesKey = machine.CreateSubKey(keyPath))
{
try
{
if (terminalServicesKey != null)
{
terminalServicesKey.SetValue
(
"1804",
2,
RegistryValueKind.DWord);
}
}
catch (Exception)
{
//
}
}
}
gpo.Save();
}
static private void TimerElapsed(Object obj)
{
DisposeTimer();
dispatcher.Invoke(new Action(() => {
gpoLocker.EnterWriteLock();
for (int i = 1; i <= 30; i++)
{
try
{
gpoObject.Save();
gpoObject = null;
break;
}
catch (FileLoadException)
{
AppLog.Debug("Retrying gpo.Save() ({0})", i);
Thread.Sleep(100 * i);
}
}
gpoLocker.ExitWriteLock();
}));
}
public void toggleTSK(bool enable)
{
if (enable)
{
try
{
// System.Windows.Forms.MessageBox.Show("Task manager enable");
ComputerGroupPolicyObject.SetPolicySetting("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System!DisableTaskMgr", "0", RegistryValueKind.DWord);
}
catch (Exception ex)
{
System.Windows.Forms.MessageBox.Show("Task manager enable" + ex);
}
}
else
{
try
{
// System.Windows.Forms.MessageBox.Show("Task manager disable" );
ComputerGroupPolicyObject.SetPolicySetting("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System!DisableTaskMgr", "1", RegistryValueKind.DWord);
}
catch (Exception ex)
{
System.Windows.Forms.MessageBox.Show("Task manager edisable" + ex);
}
}
}
/// <remarks>引用组件来自:https://bitbucket.org/MartinEden/local-policy/overview </remarks>
private static void DeletePolicyKey(string path)
{
var gpo = new ComputerGroupPolicyObject();
using (var machine = gpo.GetRootRegistryKey(GroupPolicySection.Machine))
{
machine.DeleteSubKey(path, false);
}
gpo.Save();
}
/// <remarks>引用组件来自: https://bitbucket.org/MartinEden/local-policy/overview </remarks>
private static void DeletePolicyKey(string path)
{
var gpo = new ComputerGroupPolicyObject();
using (var machine = gpo.GetRootRegistryKey(GroupPolicySection.Machine))
{
machine.DeleteSubKey(path, false);
}
gpo.Save();
}
// edit group policy to disable Registry editor
public static void PreventAccessRegistryEditor(bool enable)
{
if (enable == true)
{
ComputerGroupPolicyObject.SetPolicySetting(@"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableRegistryTools", "1", RegistryValueKind.DWord);
}
else
{
ComputerGroupPolicyObject.SetPolicySetting(@"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableRegistryTools", "0", RegistryValueKind.DWord);
}
}
public static void SetPolicySetting(string registryInformation, string settingValue, RegistryValueKind registryValueKind)
{
string valueName;
GroupPolicySection section;
string key = Key(registryInformation, out valueName, out section);
// Thread must be STA
Exception exception = null;
var t = new Thread(() =>
{
try
{
var gpo = new ComputerGroupPolicyObject();
// System.Windows.Forms.MessageBox.Show("?????+gpo " + gpo);
using (RegistryKey rootRegistryKey = gpo.GetRootRegistryKey(section))
{
//System.Windows.Forms.MessageBox.Show("?????+rootkey " + rootRegistryKey);
// Data can't be null so we can use this value to indicate key must be delete
if (settingValue == null)
{
using (RegistryKey subKey = rootRegistryKey.OpenSubKey(key, true))
{
if (subKey != null)
{
subKey.DeleteValue(valueName);
}
}
}
else
{
using (RegistryKey subKey = rootRegistryKey.CreateSubKey(key))
{
subKey.SetValue(valueName, settingValue, registryValueKind);
}
}
}
gpo.Save();
}
catch (Exception ex)
{
exception = ex;
}
});
t.SetApartmentState(ApartmentState.STA);
t.Start();
t.Join();
if (exception != null)
{
throw exception;
}
}
public static object GetPolicySetting(string key, string item)
{
return(STAExecutor.Run(() =>
{
var gpo = new ComputerGroupPolicyObject();
var section = Key(key, out string subkey);
using var root = gpo.GetRootRegistryKey(section);
using var subKey = root.OpenSubKey(subkey, true);
return subKey?.GetValue(item);
}));
}
/// <remarks>引用组件来自:https://bitbucket.org/MartinEden/local-policy/overview </remarks>
private static void SetPolicyKey(string path, string name, object value, RegistryValueKind kind)
{
var gpo = new ComputerGroupPolicyObject();
using (var machine = gpo.GetRootRegistryKey(GroupPolicySection.Machine))
{
using (var cerKey = machine.CreateSubKey(path))
{
if (cerKey != null) cerKey.SetValue(name, value, kind);
}
}
gpo.Save();
}
// *** GPO ***
static public bool TestGPOTweak(string path, string name, object value, bool usrLevel = false)
{
try
{
var gpo = new ComputerGroupPolicyObject(new GroupPolicyObjectSettings(true, true)); // read only so it does not fail without admin rights
var key = gpo.GetRootRegistryKey(usrLevel ? GroupPolicySection.User : GroupPolicySection.Machine);
var subKey = key.CreateSubKey(path);
return(CmpRegistryValue(subKey, name, value));
}
catch (Exception err)
{
AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message);
}
return(false);
}
/// <remarks>引用组件来自: https://bitbucket.org/MartinEden/local-policy/overview </remarks>
private static void SetPolicyKey(string path, string name, object value, RegistryValueKind kind)
{
var gpo = new ComputerGroupPolicyObject();
using (var machine = gpo.GetRootRegistryKey(GroupPolicySection.Machine))
{
using (var cerKey = machine.CreateSubKey(path))
{
if (cerKey != null)
{
cerKey.SetValue(name, value, kind);
}
}
}
gpo.Save();
}
static public bool UndoGPOTweak(string path, string name, bool usrLevel = false)
{
try
{
var gpo = new ComputerGroupPolicyObject();
var key = gpo.GetRootRegistryKey(usrLevel ? GroupPolicySection.User : GroupPolicySection.Machine);
var subKey = key.CreateSubKey(path);
subKey.DeleteValue(name, false);
gpo.Save();
return(true);
}
catch (Exception err)
{
AppLog.Exception(err);
}
return(false);
}
static public bool SetGPOTweak(string path, string name, object value, bool usrLevel = false)
{
try
{
var gpo = new ComputerGroupPolicyObject();
var key = gpo.GetRootRegistryKey(usrLevel ? GroupPolicySection.User : GroupPolicySection.Machine);
var subKey = key.CreateSubKey(path);
SetRegistryValue(subKey, name, value);
gpo.Save();
return(true);
}
catch (Exception err)
{
AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message);
}
return(false);
}
/// <summary>
/// Disable or enable task manager. need to restart to confirm
/// </summary>
/// <param name="enable"></param> if enable = true => delete registry and restart
public static void SetTaskManager(bool enable)
{
//RegistryKey objRegistryKey = Registry.CurrentUser.CreateSubKey(
// @"Software\Microsoft\Windows\CurrentVersion\Policies\System");
//if (enable && objRegistryKey.GetValue("DisableTaskMgr") != null)
// objRegistryKey.DeleteValue("DisableTaskMgr");
//else
// objRegistryKey.SetValue("DisableTaskMgr", "1");
//objRegistryKey.Close();
if (enable == true)
{
ComputerGroupPolicyObject.SetPolicySetting(@"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableTaskMgr", "0", RegistryValueKind.DWord);
}
else
{
ComputerGroupPolicyObject.SetPolicySetting(@"HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableTaskMgr", "1", RegistryValueKind.DWord);
}
}
static ComputerGroupPolicyObject GetGPO(bool Writeable = true)
{
Debug.Assert(gpoLocker.IsReadLockHeld || gpoLocker.IsWriteLockHeld);
if (gpoObject != null)
{
return(gpoObject);
}
if (!Writeable)
{
return(new ComputerGroupPolicyObject(new GroupPolicyObjectSettings(true, true))); // read only so it does not fail without admin rights
}
if (gpoObject == null)
{
gpoObject = new ComputerGroupPolicyObject();
}
return(gpoObject);
}
public void GroupPolicyEdit()
{
var gpo = new ComputerGroupPolicyObject();
const string keyPath =
@"Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{9FD4B3FF-CE5D-4436-9FF1-F9EC607330D3}User\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1";
using (RegistryKey machine = gpo.GetRootRegistryKey(GroupPolicySection.Machine))
{
using (RegistryKey terminalServicesKey = machine.CreateSubKey(keyPath))
{
try
{
terminalServicesKey.SetValue
(
"1804",
2,
RegistryValueKind.DWord);
}
catch (Exception e)
{
//
}
}
}
gpo.Save();
}