public void Configure(KeyManagementOptions options)
{
RegistryPolicy context = null;
if (_registryPolicyResolver != null)
{
context = _registryPolicyResolver.ResolvePolicy();
}
if (context != null)
{
if (context.DefaultKeyLifetime.HasValue)
{
options.NewKeyLifetime = TimeSpan.FromDays(context.DefaultKeyLifetime.Value);
}
options.AuthenticatedEncryptorConfiguration = context.EncryptorConfiguration;
var escrowSinks = context.KeyEscrowSinks;
if (escrowSinks != null)
{
foreach (var escrowSink in escrowSinks)
{
options.KeyEscrowSinks.Add(escrowSink);
}
}
}
if (options.AuthenticatedEncryptorConfiguration == null)
{
options.AuthenticatedEncryptorConfiguration = new AuthenticatedEncryptorConfiguration();
}
options.AuthenticatedEncryptorFactories.Add(new CngGcmAuthenticatedEncryptorFactory(_loggerFactory));
options.AuthenticatedEncryptorFactories.Add(new CngCbcAuthenticatedEncryptorFactory(_loggerFactory));
options.AuthenticatedEncryptorFactories.Add(new ManagedAuthenticatedEncryptorFactory(_loggerFactory));
options.AuthenticatedEncryptorFactories.Add(new AuthenticatedEncryptorFactory(_loggerFactory));
}
public static void SetSecurityTemplatePolicy(Guid gpoGuid, bool enable, Dictionary <string, string> defaultPolicy)
{
string gpoPath = GetExistingGPOPath(gpoGuid, true);
string regfile = Path.Combine(gpoPath, "registry.pol");
int lastError = 0;
if (File.Exists(regfile) == false)
{
bool successMakeSureDirectoryPathExists = true;
if (!Directory.Exists(gpoPath))
{
successMakeSureDirectoryPathExists = MakeSureDirectoryPathExists(gpoPath);
}
lastError = Marshal.GetLastWin32Error();
if (successMakeSureDirectoryPathExists)
{
using (FileStream stream = new FileStream(regfile, FileMode.CreateNew))
using (BinaryWriter binwriter = new BinaryWriter(stream))
{
binwriter.Write(RegFileSignature);
binwriter.Write(RegFileVersion);
binwriter.Flush();
binwriter.Close();
stream.Close();
}
}
else
{
throw new MultipleGroupPolicyObjectsFoundException(String.Format(CultureInfo.InvariantCulture, "registry.pol folder could not create with error code:{0:X}, make sure your AD is in correct status.", lastError));
}
}
using (RegistryPolicy regpol = new RegistryPolicy(Domain.GetCurrentDomain(), gpoGuid, false))
{
string key, name;
UInt32 value;
if (enable == true)
{
foreach (KeyValuePair <string, string> p in defaultPolicy)
{
// RegKeyBase = "Software\\Policies\\Microsoft"
string temp = p.Key;
key = Path.Combine(RegKeyBase, temp.Substring(0, temp.LastIndexOf('\\')));
name = temp.Substring(temp.LastIndexOf('\\') + 1);
value = UInt32.Parse(p.Value, System.Globalization.NumberStyles.AllowHexSpecifier, CultureInfo.InvariantCulture);
// sample
// key = "Software\\Policies\\Microsoft\\Windows Defender\\Scan";
// name = "CheckForSignaturesBeforeRunningScan";
regpol.WriteDWordValue(RegistryHive.LocalMachine, key, name, value);
}
}
else
{
if (defaultPolicy.Count > 0)
{
// RegKeyBase = "Software\\Policies\\Microsoft"
foreach (KeyValuePair <string, string> p in defaultPolicy)
{
// RegKeyBase = "Software\\Policies\\Microsoft"
string temp = p.Key;
key = Path.Combine(RegKeyBase, temp.Substring(0, temp.LastIndexOf('\\')));
name = temp.Substring(temp.LastIndexOf('\\') + 1);
// sample
// key = "Software\\Policies\\Microsoft\\Windows Defender\\Scan";
// name = "CheckForSignaturesBeforeRunningScan";
Console.WriteLine(String.Format(CultureInfo.InvariantCulture, "Delete(HKLM, \"{0}\", \"{1}\")", key, name));
try
{
regpol.Delete(RegistryHive.LocalMachine, key, name);
}
catch (ObjectDisposedException ex)
{
// some error, but not care
Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
}
catch (InvalidOperationException ex)
{
// some error, but not care
Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
}
catch (ArgumentNullException ex)
{
// some error, but not care
Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
}
catch (ArgumentException ex)
{
// some error, but not care
Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
}
}
}
}
Console.WriteLine(String.Format(CultureInfo.InvariantCulture, "Registry policy file is saved in \"{0}\".", regfile));
regpol.Save(true);
}
}
public static void SetSecurityTemplatePolicy(Guid gpoGuid, bool enable, Dictionary<string, string> defaultPolicy)
{
string gpoPath = GetExistingGPOPath(gpoGuid, true);
string regfile = Path.Combine(gpoPath, "registry.pol");
int lastError = 0;
if (File.Exists(regfile) == false)
{
bool successMakeSureDirectoryPathExists = true;
if (!Directory.Exists(gpoPath))
{
successMakeSureDirectoryPathExists = MakeSureDirectoryPathExists(gpoPath);
}
lastError = Marshal.GetLastWin32Error();
if (successMakeSureDirectoryPathExists)
{
using (FileStream stream = new FileStream(regfile, FileMode.CreateNew))
using (BinaryWriter binwriter = new BinaryWriter(stream))
{
binwriter.Write(RegFileSignature);
binwriter.Write(RegFileVersion);
binwriter.Flush();
binwriter.Close();
stream.Close();
}
}
else
{
throw new MultipleGroupPolicyObjectsFoundException(String.Format(CultureInfo.InvariantCulture, "registry.pol folder could not create with error code:{0:X}, make sure your AD is in correct status.", lastError));
}
}
using (RegistryPolicy regpol = new RegistryPolicy(Domain.GetCurrentDomain(), gpoGuid, false))
{
string key, name;
UInt32 value;
if (enable == true)
{
foreach (KeyValuePair<string, string> p in defaultPolicy)
{
// RegKeyBase = "Software\\Policies\\Microsoft"
string temp = p.Key;
key = Path.Combine(RegKeyBase, temp.Substring(0, temp.LastIndexOf('\\')));
name = temp.Substring(temp.LastIndexOf('\\') + 1);
value = UInt32.Parse(p.Value, System.Globalization.NumberStyles.AllowHexSpecifier, CultureInfo.InvariantCulture);
// sample
// key = "Software\\Policies\\Microsoft\\Windows Defender\\Scan";
// name = "CheckForSignaturesBeforeRunningScan";
regpol.WriteDWordValue(RegistryHive.LocalMachine, key, name, value);
}
}
else
{
if (defaultPolicy.Count > 0)
{
// RegKeyBase = "Software\\Policies\\Microsoft"
foreach (KeyValuePair<string, string> p in defaultPolicy)
{
// RegKeyBase = "Software\\Policies\\Microsoft"
string temp = p.Key;
key = Path.Combine(RegKeyBase, temp.Substring(0, temp.LastIndexOf('\\')));
name = temp.Substring(temp.LastIndexOf('\\') + 1);
// sample
// key = "Software\\Policies\\Microsoft\\Windows Defender\\Scan";
// name = "CheckForSignaturesBeforeRunningScan";
Console.WriteLine(String.Format(CultureInfo.InvariantCulture, "Delete(HKLM, \"{0}\", \"{1}\")", key, name));
try
{
regpol.Delete(RegistryHive.LocalMachine, key, name);
}
catch (ObjectDisposedException ex)
{
// some error, but not care
Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
}
catch (InvalidOperationException ex)
{
// some error, but not care
Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
}
catch (ArgumentNullException ex)
{
// some error, but not care
Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
}
catch (ArgumentException ex)
{
// some error, but not care
Console.WriteLine("RegistryPolicy.Delete() failed, but ignore: " + ex.Message);
}
}
}
}
Console.WriteLine(String.Format(CultureInfo.InvariantCulture, "Registry policy file is saved in \"{0}\".", regfile));
regpol.Save(true);
}
}