Mega Code Archive

 

Categories / Delphi / System

 

Policy Register Administration Class W2000

Title: Policy Register Administration Class W2000 Question: There are many registry settings that affect system policy on the local machine. This class encompasses several of them into a single class. Policy registry entries can be changed individually (via properties) or multiple (via EnableStates and DisableStates) methods. You, of course have to have permissions to write to the Registry. Properties --------------------------- TaskManagerEnabled : Enable/Disable W2000 task manager from popping up. LockComputerEnabled : Enable/Disable "Lock Computer" button from Ctrl-Alt-Del Dialog Form. ChangePasswordEnabled : Enable/Disable "Change Password" button from Ctrl-Alt-Del Dialog Form. LogOffEnabled : Enable/Disable "Log Off" button from Ctrl-Alt-Del Dialog Form. ShutDownEnabled : Enable/Disable "Shut Down" button from Ctrl-Alt-Del Dialog Form. RegistryToolsEnabed : Enable/Disable access to Registry Tools such as REGEDIT.EXE etc. DispPropertiesEnabled : Enable/Disable Display Properties dialog box. Methods ------------------- EnableStates : Enable multi states by passing a set of TRegPolicy DisableStates : Disable multi states by passing a set of TRegPolicy Example ------------------------ var PolicyAdm : TPolicyAdmin; begin PolicyAdm := TPolicyAdmin.Create; PolicyAdm.TaskManagerEnabled := false; if PolicyAdm.LogOffEnabled then label1.Caption := 'True' else label1.Caption := 'False'; PolicyAdm.DisableStates([rpTaskManager, rpShutDown,rpLogOff]); PolicyAdm.Free; end. Answer: unit MahPolicyControl; interface uses Windows, SysUtils, Registry; // ========================================================================== // Class TPolicyAdmin : Encapsulate setting of registry for various Win 2000 // system policies. // // Mike Heydon 2004 // // Properties // ---------- // TaskManagerEnabled : Enable/Disable W2000 task manager from popping up. // LockComputerEnabled : Enable/Disable "Lock Computer" button from // Ctrl-Alt-Del Dialog Form. // ChangePasswordEnabled : Enable/Disable "Change Password" button from // Ctrl-Alt-Del Dialog Form. // LogOffEnabled : Enable/Disable "Log Off" button from // Ctrl-Alt-Del Dialog Form. // ShutDownEnabled : Enable/Disable "Shut Down" button from // Ctrl-Alt-Del Dialog Form. // RegistryToolsEnabed : Enable/Disable access to Registry Tools such as // REGEDIT.EXE etc. // DispPropertiesEnabled : Enable/Disable Display Properties dialog box. // // Methods // ------- // EnableStates : Enable multi states by passing a set of TRegPolicy // DisableStates : Disable multi states by passing a set of TRegPolicy // // ========================================================================== // ========================================================================== // NOTES : // ------- // There are other registry entries that may be set, but I have not had a // need to implement them yet. Here is a listing if you wish to implement // any of them. // // Hide display appearance tab in display properties // C_REG_SYSTEM\NoDispAppearancePage // // Hide background tab in display properties // C_REG_SYSTEM\NoDispBackgroundPage // // Hide screen-saver settings tab in display properties // C_REG_SYSTEM\NoDispScrSavPage // // Hide display settings tab in display properties // C_REG_SYSTEM\NoDispSettingsPage // // Remove Control Panel and Printers from Settings menu // C_REG_EXPLORER\NoSetFolders // // Remove Taskbar settings from Settings menu // C_REG_EXPLORER\NoSetTaskbar // // Disable context menus for taskbar // C_REG_EXPLORER\NoTrayContextMenu // // Disable explorer's default context menus // C_REG_EXPLORER\NoViewContextMenu // // ========================================================================== type // Registry Setting Type and Set TRegPolicy = (rpTaskManager,rpLockComputer,rpChangePassword,rpLogOff, rpShutDown,rpRegistryTools,rpDispProperties); TRegPolicySet = set of TRegPolicy; // Main Class TPolicyAdmin TPolicyAdmin = class(TObject) private FReg,FKey : string; FWinReg : TRegistry; protected // Internal Routines procedure _SetRegKeyInfo(ARegPolicy : TRegPolicy); procedure _SetState(ARegPolicy : TRegPolicy; AState : boolean); function _GetState(ARegPolicy : TRegPolicy) : boolean; procedure _DisableStates(ARegPolicySet : TRegPolicySet); procedure _EnableStates(ARegPolicySet : TRegPolicySet); // Set Methods procedure SetTaskManagerEnabled(AValue : boolean); procedure SetLockComputerEnabled(AValue : boolean); procedure SetChangePasswordEnabled(AValue : boolean); procedure SetLogOffEnabled(AValue : boolean); procedure SetShutDownEnabled(AValue : boolean); procedure SetRegistryToolsEnabled(AValue : boolean); procedure SetDispPropertiesEnabled(AValue : boolean); // Get Methods function GetTaskManagerEnabled : boolean; function GetLockComputerEnabled : boolean; function GetChangePasswordEnabled : boolean; function GetLogOffEnabled : boolean; function GetShutDownEnabled : boolean; function GetRegistryToolsEnabled : boolean; function GetDispPropertiesEnabled : boolean; public constructor Create; destructor Destroy; override; // Methods procedure DisableStates(ARegPolicySet : TRegPolicySet); procedure EnableStates(ARegPolicySet : TRegPolicySet); // Properties property TaskManagerEnabled : boolean read GetTaskManagerEnabled write SetTaskManagerEnabled; property LockComputerEnabled : boolean read GetLockComputerEnabled write SetLockComputerEnabled; property ChangePasswordEnabled : boolean read GetChangePasswordEnabled write SetChangePasswordEnabled; property LogOffEnabled : boolean read GetLogOffEnabled write SetLogOffEnabled; property ShutDownEnabled : boolean read GetShutDownEnabled write SetShutDownEnabled; property RegistryToolsEnabled : boolean read GetRegistryToolsEnabled write SetRegistryToolsEnabled; property DispPropertiesEnabled : boolean read GetDispPropertiesEnabled write SetDispPropertiesEnabled; end; // -------------------------------------------------------------------------- implementation const // Registry and Key constants C_REG_POLICIES = '\Software\Microsoft\Windows\CurrentVersion\Policies'; C_REG_SYSTEM = C_REG_POLICIES + '\System'; C_REG_EXPLORER = C_REG_POLICIES + '\Explorer'; C_KEY_TASKMANAGER = 'DisableTaskMgr'; C_KEY_LOCKCOMPUTER = 'DisableLockWorkstation'; C_KEY_CHANGEPASSWORD = 'DisableChangePassword'; C_KEY_LOGOFF = 'NoLogoff'; C_KEY_SHUTDOWN = 'NoClose'; C_KEY_REGISTRYTOOLS = 'DisableRegistryTools'; C_KEY_DISPPROPERTIES = 'NoDispCPL'; // Reverse boolean logic for "ENABLED in proprties" // to "DISABLED in Registry entries" C_ENABLE = false; C_DISABLE = true; // ================================= // Create and Destroy the Class // ================================= constructor TPolicyAdmin.Create; begin FWinReg := TRegistry.Create; end; destructor TPolicyAdmin.Destroy; begin FWinReg.Free; inherited Destroy; end; // ==================================================== // Internal Procedures to handle Registry settings // NOTE : We use ENABLED properties, but the Registry // stores the settings as Disabled TRUE/FALSE // so we use NOT logic to convert for our use // ==================================================== // Set Registry key information into Privates procedure TPolicyAdmin._SetRegKeyInfo(ARegPolicy : TRegPolicy); begin case ARegPolicy of rpTaskManager : begin FReg := C_REG_SYSTEM; FKey := C_KEY_TASKMANAGER; end; rpLockComputer : begin FReg := C_REG_SYSTEM; FKey := C_KEY_LOCKCOMPUTER; end; rpChangePassword : begin FReg := C_REG_SYSTEM; FKey := C_KEY_CHANGEPASSWORD; end; rpLogOff : begin FReg := C_REG_EXPLORER; FKey := C_KEY_LOGOFF; end; rpShutDown : begin FReg := C_REG_EXPLORER; FKey := C_KEY_SHUTDOWN; end; rpRegistryTools : begin FReg := C_REG_SYSTEM; FKey := C_KEY_REGISTRYTOOLS; end; rpDispProperties : begin FReg := C_REG_SYSTEM; FKey := C_KEY_DISPPROPERTIES; end; else raise Exception.Create('Internal TPolicyAdmin Error'); end; end; // Read Current Enabled State function TPolicyAdmin._GetState(ARegPolicy : TRegPolicy) : boolean; var bResult : boolean; begin bResult := true; _SetRegKeyInfo(ARegPolicy); FWinReg.RootKey := HKEY_CURRENT_USER; if FWinReg.OpenKey(FReg,false) then begin if FWinReg.ValueExists(FKey) then bResult := boolean(FWinReg.ReadInteger(FKey)) else bResult := true; FWinReg.CloseKey; end; // Registry stores state related to "DISABLED", we requiire logic // related to "ENABLED" - so reverse boolean result Result := not bResult; end; // Set Current State (Using Disabled logic) procedure TPolicyAdmin._SetState(ARegPolicy : TRegPolicy; AState : boolean); begin _SetRegKeyInfo(ARegPolicy); FWinReg.RootKey := HKEY_CURRENT_USER; if FWinReg.OpenKey(FReg,true) then begin FWinReg.WriteInteger(FKey,integer(AState)); FWinReg.CloseKey; end; end; // Internal enable states from a TRegPolicySet procedure TPolicyAdmin._EnableStates(ARegPolicySet : TRegPolicySet); begin if rpTaskManager in ARegPolicySet then _SetState(rpTaskManager,C_ENABLE); if rpLockComputer in ARegPolicySet then _SetState(rpLockComputer,C_ENABLE); if rpChangePassword in ARegPolicySet then _SetState(rpChangePassword,C_ENABLE); if rpLogOff in ARegPolicySet then _SetState(rpLogOff,C_ENABLE); if rpShutDown in ARegPolicySet then _SetState(rpShutDown,C_ENABLE); if rpRegistryTools in ARegPolicySet then _SetState(rpRegistryTools,C_ENABLE); if rpDispProperties in ARegPolicySet then _SetState(rpDispProperties,C_ENABLE); end; // Internal disable states from a TRegPolicySet procedure TPolicyAdmin._DisableStates(ARegPolicySet : TRegPolicySet); begin if rpTaskManager in ARegPolicySet then _SetState(rpTaskManager,C_DISABLE); if rpLockComputer in ARegPolicySet then _SetState(rpLockComputer,C_DISABLE); if rpChangePassword in ARegPolicySet then _SetState(rpChangePassword,C_DISABLE); if rpLogOff in ARegPolicySet then _SetState(rpLogOff,C_DISABLE); if rpShutDown in ARegPolicySet then _SetState(rpShutDown,C_DISABLE); if rpRegistryTools in ARegPolicySet then _SetState(rpRegistryTools,C_DISABLE); if rpDispProperties in ARegPolicySet then _SetState(rpDispProperties,C_DISABLE); end; // =============================== // Get/Set Property Methods // =============================== // Task Manager procedure TPolicyAdmin.SetTaskManagerEnabled(AValue : boolean); begin if AValue then _EnableStates([rpTaskManager]) else _DisableStates([rpTaskManager]); end; function TPolicyAdmin.GetTaskManagerEnabled : boolean; begin Result := _GetState(rpTaskManager); end; // Lock Computer Button procedure TPolicyAdmin.SetLockComputerEnabled(AValue : boolean); begin if AValue then _EnableStates([rpLockComputer]) else _DisableStates([rpLockComputer]); end; function TPolicyAdmin.GetLockComputerEnabled : boolean; begin Result := _GetState(rpLockComputer); end; // Change Password Button procedure TPolicyAdmin.SetChangePasswordEnabled(AValue : boolean); begin if AValue then _EnableStates([rpChangePassword]) else _DisableStates([rpChangePassword]); end; function TPolicyAdmin.GetChangePasswordEnabled : boolean; begin Result := _GetState(rpChangePassword); end; // Log Off Button procedure TPolicyAdmin.SetLogOffEnabled(AValue : boolean); begin if AValue then _EnableStates([rpLogOff]) else _DisableStates([rpLogOff]); end; function TPolicyAdmin.GetLogOffEnabled : boolean; begin Result := _GetState(rpLogOff); end; // Shut Down Button procedure TPolicyAdmin.SetShutDownEnabled(AValue : boolean); begin if AValue then _EnableStates([rpShutDown]) else _DisableStates([rpShutDown]); end; function TPolicyAdmin.GetShutDownEnabled : boolean; begin Result := _GetState(rpShutDown); end; // Registry Tools (REGEDIT) procedure TPolicyAdmin.SetRegistryToolsEnabled(AValue : boolean); begin if AValue then _EnableStates([rpRegistryTools]) else _DisableStates([rpRegistryTools]); end; function TPolicyAdmin.GetRegistryToolsEnabled : boolean; begin Result := _GetState(rpRegistryTools); end; // Display Properties Dialog procedure TPolicyAdmin.SetDispPropertiesEnabled(AValue : boolean); begin if AValue then _EnableStates([rpDispProperties]) else _DisableStates([rpDispproperties]); end; function TPolicyAdmin.GetDispPropertiesEnabled : boolean; begin Result := _GetState(rpDispProperties); end; // ============================== // User Callabel Methods // ============================== procedure TPolicyAdmin.DisableStates(ARegPolicySet : TRegPolicySet); begin _DisableStates(ARegPolicySet); end; procedure TPolicyAdmin.EnableStates(ARegPolicySet : TRegPolicySet); begin _EnableStates(ARegPolicySet); end; end.