Group policy editor api
-
Hello. I need your help. First of all, I hope you understand that the sentence structure can be strange as I ask questions using a translator machine. I'm looking for group policy editor api. Especially, Local Computer Policy/Computer Configuration/Administrative Templates/System/Removable Stroage Access area. When I changed this part, I found a registry that was created or disappeared. But what I want is to be able to modify this group policy directly. Because even if the registry is modified, as a result, the registry is changed to data corresponding to the group policy. If you know the api that can modify the group policy editor, please let me know. Thank you.
-
Hello. I need your help. First of all, I hope you understand that the sentence structure can be strange as I ask questions using a translator machine. I'm looking for group policy editor api. Especially, Local Computer Policy/Computer Configuration/Administrative Templates/System/Removable Stroage Access area. When I changed this part, I found a registry that was created or disappeared. But what I want is to be able to modify this group policy directly. Because even if the registry is modified, as a result, the registry is changed to data corresponding to the group policy. If you know the api that can modify the group policy editor, please let me know. Thank you.
-
First Google result: Group Policy API - Win32 apps | Microsoft Docs[^]
Thanks your reply. I checked the link you gave me. But I'm not sure which method to use in the meantime. I don't see any method to change the content of Group Policy anywhere. Of course there is a 100 percent chance that I will not find it. A little more specific, I would really appreciate if you let me know which method I should use. Thank you.
-
Thanks your reply. I checked the link you gave me. But I'm not sure which method to use in the meantime. I don't see any method to change the content of Group Policy anywhere. Of course there is a 100 percent chance that I will not find it. A little more specific, I would really appreciate if you let me know which method I should use. Thank you.
-
Take a look at IGroupPolicyObject (gpedit.h) - Win32 apps | Microsoft Docs[^]
Thanks to reply. I went to the link you gave me, but what method should I use there? If I knew after seeing the answer, I would not request received the answer again. I don't really know what to use at that link. There is no setting method anywhere. I want to set 'Local Computer Policy/Computer Configuration/Administrative Templates/System/Removable Stroage Access' this area below. Thanks.
-
Thanks to reply. I went to the link you gave me, but what method should I use there? If I knew after seeing the answer, I would not request received the answer again. I don't really know what to use at that link. There is no setting method anywhere. I want to set 'Local Computer Policy/Computer Configuration/Administrative Templates/System/Removable Stroage Access' this area below. Thanks.
-
Hello. I need your help. First of all, I hope you understand that the sentence structure can be strange as I ask questions using a translator machine. I'm looking for group policy editor api. Especially, Local Computer Policy/Computer Configuration/Administrative Templates/System/Removable Stroage Access area. When I changed this part, I found a registry that was created or disappeared. But what I want is to be able to modify this group policy directly. Because even if the registry is modified, as a result, the registry is changed to data corresponding to the group policy. If you know the api that can modify the group policy editor, please let me know. Thank you.
Hi, You should add more error handling, this is just a code sample:
#include #include #include #include #include #include #include #include #pragma comment(lib,"gpedit.lib")
int main()
{
HKEY key;
HKEY pol;
DWORD val = 1;
DWORD disp = 0;
GUID ext = REGISTRY_EXTENSION_GUID;CoInitializeEx(NULL, COINIT\_APARTMENTTHREADED); CComPtr lgp; HRESULT hr = CoCreateInstance(CLSID\_GroupPolicyObject, NULL, CLSCTX\_INPROC\_SERVER, IID\_IGroupPolicyObject, (LPVOID\*)&lgp); if (SUCCEEDED(lgp->OpenLocalMachineGPO(GPO\_OPEN\_LOAD\_REGISTRY))) { if (SUCCEEDED(lgp->GetRegistryKey(GPO\_SECTION\_MACHINE, &key))) { //All Removable Storage classes: Deny All access RegCreateKeyExW(key, L"SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\RemovableStorageDevices", 0, NULL, REG\_OPTION\_NON\_VOLATILE, KEY\_WRITE | KEY\_QUERY\_VALUE, NULL, &pol, &disp); RegSetValueEx(pol, L"Deny\_All", 0, REG\_DWORD, (BYTE\*)&val, sizeof(val)); RegCreateKeyExW(key, L"SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\RemovableStorageDevices\\\\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}", 0, NULL, REG\_OPTION\_NON\_VOLATILE, KEY\_WRITE | KEY\_QUERY\_VALUE, NULL, &pol, &disp); //Removable Disks: Deny write access RegSetValueEx(pol, L"Deny\_Write", 0, REG\_DWORD, (BYTE\*)&val, sizeof(val)); //Removable Disks: Deny read access RegSetValueEx(pol, L"Deny\_Read", 0, REG\_DWORD, (BYTE\*)&val, sizeof(val)); //Removable Disks: Deny execute access RegSetValueEx(pol, L"Deny\_Execute", 0, REG\_DWORD, (BYTE\*)&val, sizeof(val)); RegCloseKey(key); hr = lgp->Save(TRUE, TRUE, &ext, const\_cast(&CLSID\_GPESnapIn)); \_com\_error err(hr); wprintf(L"%s", err.ErrorMessage()); } } lgp.Release(); CoUninitialize(); return 0;}
It will set the following policies: - All Removable Storage classes: Deny All access - Removable Disks: Deny execute access - Removable Disks: Deny read access - Removable Disks: Deny write access Best Wishes, -David Delaune [Edit two days later] You can also add an attack surface reduction policy via Windows Defender that requires anything that executes from USB to be signed:
powershell.exe Add-MpPreference -AttackSurfaceReductionRules_Ids b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 -AttackSurfaceReductionRules_Actions Enabled