Problem/Question/Abstract:
There are many registry settings that affect system policy on the local machine. This class encompasses several of them into a single class. Policy registry entries can be changed individually (via properties) or multiple (via EnableStates and DisableStates) methods. You, of course have to have permissions to write to the Registry.
Properties
TaskManagerEnabled : Enable/Disable W2000 task manager from popping up.
LockComputerEnabled : Enable/Disable "Lock Computer" button from Ctrl-Alt-Del Dialog Form.
ChangePasswordEnabled : Enable/Disable "Change Password" button from Ctrl-Alt-Del Dialog Form.
LogOffEnabled : Enable/Disable "Log Off" button from Ctrl-Alt-Del Dialog Form.
ShutDownEnabled : Enable/Disable "Shut Down" button from Ctrl-Alt-Del Dialog Form.
RegistryToolsEnabed : Enable/Disable access to Registry Tools such as REGEDIT.EXE etc.
DispPropertiesEnabled : Enable/Disable Display Properties dialog box.
Methods
EnableStates : Enable multi states by passing a set of TRegPolicy
DisableStates : Disable multi states by passing a set of TRegPolicy
Example
var
PolicyAdm: TPolicyAdmin;
begin
PolicyAdm := TPolicyAdmin.Create;
PolicyAdm.TaskManagerEnabled := false;
if PolicyAdm.LogOffEnabled then
label1.Caption := 'True'
else
label1.Caption := 'False';
PolicyAdm.DisableStates([rpTaskManager,
rpShutDown, rpLogOff]);
PolicyAdm.Free;
end.
Answer:
unit MahPolicyControl;
interface
uses Windows, SysUtils, Registry;
// ==========================================================================
// Class TPolicyAdmin : Encapsulate setting of registry for various Win 2000
// system policies.
//
// Mike Heydon 2004
//
// Properties
// ----------
// TaskManagerEnabled : Enable/Disable W2000 task manager from popping up.
// LockComputerEnabled : Enable/Disable "Lock Computer" button from
// Ctrl-Alt-Del Dialog Form.
// ChangePasswordEnabled : Enable/Disable "Change Password" button from
// Ctrl-Alt-Del Dialog Form.
// LogOffEnabled : Enable/Disable "Log Off" button from
// Ctrl-Alt-Del Dialog Form.
// ShutDownEnabled : Enable/Disable "Shut Down" button from
// Ctrl-Alt-Del Dialog Form.
// RegistryToolsEnabed : Enable/Disable access to Registry Tools such as
// REGEDIT.EXE etc.
// DispPropertiesEnabled : Enable/Disable Display Properties dialog box.
//
// Methods
// -------
// EnableStates : Enable multi states by passing a set of TRegPolicy
// DisableStates : Disable multi states by passing a set of TRegPolicy
//
// ==========================================================================
// ==========================================================================
// NOTES :
// -------
// There are other registry entries that may be set, but I have not had a
// need to implement them yet. Here is a listing if you wish to implement
// any of them.
//
// Hide display appearance tab in display properties
// C_REG_SYSTEM\NoDispAppearancePage
//
// Hide background tab in display properties
// C_REG_SYSTEM\NoDispBackgroundPage
//
// Hide screen-saver settings tab in display properties
// C_REG_SYSTEM\NoDispScrSavPage
//
// Hide display settings tab in display properties
// C_REG_SYSTEM\NoDispSettingsPage
//
// Remove Control Panel and Printers from Settings menu
// C_REG_EXPLORER\NoSetFolders
//
// Remove Taskbar settings from Settings menu
// C_REG_EXPLORER\NoSetTaskbar
//
// Disable context menus for taskbar
// C_REG_EXPLORER\NoTrayContextMenu
//
// Disable explorer's default context menus
// C_REG_EXPLORER\NoViewContextMenu
//
// ==========================================================================
type
// Registry Setting Type and Set
TRegPolicy = (rpTaskManager, rpLockComputer, rpChangePassword, rpLogOff,
rpShutDown, rpRegistryTools, rpDispProperties);
TRegPolicySet = set of TRegPolicy;
// Main Class TPolicyAdmin
TPolicyAdmin = class(TObject)
private
FReg, FKey: string;
FWinReg: TRegistry;
protected
// Internal Routines
procedure _SetRegKeyInfo(ARegPolicy: TRegPolicy);
procedure _SetState(ARegPolicy: TRegPolicy;
AState: boolean);
function _GetState(ARegPolicy: TRegPolicy): boolean;
procedure _DisableStates(ARegPolicySet: TRegPolicySet);
procedure _EnableStates(ARegPolicySet: TRegPolicySet);
// Set Methods
procedure SetTaskManagerEnabled(AValue: boolean);
procedure SetLockComputerEnabled(AValue: boolean);
procedure SetChangePasswordEnabled(AValue: boolean);
procedure SetLogOffEnabled(AValue: boolean);
procedure SetShutDownEnabled(AValue: boolean);
procedure SetRegistryToolsEnabled(AValue: boolean);
procedure SetDispPropertiesEnabled(AValue: boolean);
// Get Methods
function GetTaskManagerEnabled: boolean;
function GetLockComputerEnabled: boolean;
function GetChangePasswordEnabled: boolean;
function GetLogOffEnabled: boolean;
function GetShutDownEnabled: boolean;
function GetRegistryToolsEnabled: boolean;
function GetDispPropertiesEnabled: boolean;
public
constructor Create;
destructor Destroy; override;
// Methods
procedure DisableStates(ARegPolicySet: TRegPolicySet);
procedure EnableStates(ARegPolicySet: TRegPolicySet);
// Properties
property TaskManagerEnabled: boolean read GetTaskManagerEnabled
write SetTaskManagerEnabled;
property LockComputerEnabled: boolean read GetLockComputerEnabled
write SetLockComputerEnabled;
property ChangePasswordEnabled: boolean read GetChangePasswordEnabled
write SetChangePasswordEnabled;
property LogOffEnabled: boolean read GetLogOffEnabled
write SetLogOffEnabled;
property ShutDownEnabled: boolean read GetShutDownEnabled
write SetShutDownEnabled;
property RegistryToolsEnabled: boolean read GetRegistryToolsEnabled
write SetRegistryToolsEnabled;
property DispPropertiesEnabled: boolean read GetDispPropertiesEnabled
write SetDispPropertiesEnabled;
end;
// --------------------------------------------------------------------------
implementation
const
// Registry and Key constants
C_REG_POLICIES = '\Software\Microsoft\Windows\CurrentVersion\Policies';
C_REG_SYSTEM = C_REG_POLICIES + '\System';
C_REG_EXPLORER = C_REG_POLICIES + '\Explorer';
C_KEY_TASKMANAGER = 'DisableTaskMgr';
C_KEY_LOCKCOMPUTER = 'DisableLockWorkstation';
C_KEY_CHANGEPASSWORD = 'DisableChangePassword';
C_KEY_LOGOFF = 'NoLogoff';
C_KEY_SHUTDOWN = 'NoClose';
C_KEY_REGISTRYTOOLS = 'DisableRegistryTools';
C_KEY_DISPPROPERTIES = 'NoDispCPL';
// Reverse boolean logic for "ENABLED in proprties"
// to "DISABLED in Registry entries"
C_ENABLE = false;
C_DISABLE = true;
// =================================
// Create and Destroy the Class
// =================================
constructor TPolicyAdmin.Create;
begin
FWinReg := TRegistry.Create;
end;
destructor TPolicyAdmin.Destroy;
begin
FWinReg.Free;
inherited Destroy;
end;
// ====================================================
// Internal Procedures to handle Registry settings
// NOTE : We use ENABLED properties, but the Registry
// stores the settings as Disabled TRUE/FALSE
// so we use NOT logic to convert for our use
// ====================================================
// Set Registry key information into Privates
procedure TPolicyAdmin._SetRegKeyInfo(ARegPolicy: TRegPolicy);
begin
case ARegPolicy of
rpTaskManager:
begin
FReg := C_REG_SYSTEM;
FKey := C_KEY_TASKMANAGER;
end;
rpLockComputer:
begin
FReg := C_REG_SYSTEM;
FKey := C_KEY_LOCKCOMPUTER;
end;
rpChangePassword:
begin
FReg := C_REG_SYSTEM;
FKey := C_KEY_CHANGEPASSWORD;
end;
rpLogOff:
begin
FReg := C_REG_EXPLORER;
FKey := C_KEY_LOGOFF;
end;
rpShutDown:
begin
FReg := C_REG_EXPLORER;
FKey := C_KEY_SHUTDOWN;
end;
rpRegistryTools:
begin
FReg := C_REG_SYSTEM;
FKey := C_KEY_REGISTRYTOOLS;
end;
rpDispProperties:
begin
FReg := C_REG_SYSTEM;
FKey := C_KEY_DISPPROPERTIES;
end;
else
raise Exception.Create('Internal TPolicyAdmin Error');
end;
end;
// Read Current Enabled State
function TPolicyAdmin._GetState(ARegPolicy: TRegPolicy): boolean;
var
bResult: boolean;
begin
bResult := true;
_SetRegKeyInfo(ARegPolicy);
FWinReg.RootKey := HKEY_CURRENT_USER;
if FWinReg.OpenKey(FReg, false) then
begin
if FWinReg.ValueExists(FKey) then
bResult := boolean(FWinReg.ReadInteger(FKey))
else
bResult := true;
FWinReg.CloseKey;
end;
// Registry stores state related to "DISABLED", we requiire logic
// related to "ENABLED" - so reverse boolean result
Result := not bResult;
end;
// Set Current State (Using Disabled logic)
procedure TPolicyAdmin._SetState(ARegPolicy: TRegPolicy; AState: boolean);
begin
_SetRegKeyInfo(ARegPolicy);
FWinReg.RootKey := HKEY_CURRENT_USER;
if FWinReg.OpenKey(FReg, true) then
begin
FWinReg.WriteInteger(FKey, integer(AState));
FWinReg.CloseKey;
end;
end;
// Internal enable states from a TRegPolicySet
procedure TPolicyAdmin._EnableStates(ARegPolicySet: TRegPolicySet);
begin
if rpTaskManager in ARegPolicySet then
_SetState(rpTaskManager, C_ENABLE);
if rpLockComputer in ARegPolicySet then
_SetState(rpLockComputer, C_ENABLE);
if rpChangePassword in ARegPolicySet then
_SetState(rpChangePassword, C_ENABLE);
if rpLogOff in ARegPolicySet then
_SetState(rpLogOff, C_ENABLE);
if rpShutDown in ARegPolicySet then
_SetState(rpShutDown, C_ENABLE);
if rpRegistryTools in ARegPolicySet then
_SetState(rpRegistryTools, C_ENABLE);
if rpDispProperties in ARegPolicySet then
_SetState(rpDispProperties, C_ENABLE);
end;
// Internal disable states from a TRegPolicySet
procedure TPolicyAdmin._DisableStates(ARegPolicySet: TRegPolicySet);
begin
if rpTaskManager in ARegPolicySet then
_SetState(rpTaskManager, C_DISABLE);
if rpLockComputer in ARegPolicySet then
_SetState(rpLockComputer, C_DISABLE);
if rpChangePassword in ARegPolicySet then
_SetState(rpChangePassword, C_DISABLE);
if rpLogOff in ARegPolicySet then
_SetState(rpLogOff, C_DISABLE);
if rpShutDown in ARegPolicySet then
_SetState(rpShutDown, C_DISABLE);
if rpRegistryTools in ARegPolicySet then
_SetState(rpRegistryTools, C_DISABLE);
if rpDispProperties in ARegPolicySet then
_SetState(rpDispProperties, C_DISABLE);
end;
// ===============================
// Get/Set Property Methods
// ===============================
// Task Manager
procedure TPolicyAdmin.SetTaskManagerEnabled(AValue: boolean);
begin
if AValue then
_EnableStates([rpTaskManager])
else
_DisableStates([rpTaskManager]);
end;
function TPolicyAdmin.GetTaskManagerEnabled: boolean;
begin
Result := _GetState(rpTaskManager);
end;
// Lock Computer Button
procedure TPolicyAdmin.SetLockComputerEnabled(AValue: boolean);
begin
if AValue then
_EnableStates([rpLockComputer])
else
_DisableStates([rpLockComputer]);
end;
function TPolicyAdmin.GetLockComputerEnabled: boolean;
begin
Result := _GetState(rpLockComputer);
end;
// Change Password Button
procedure TPolicyAdmin.SetChangePasswordEnabled(AValue: boolean);
begin
if AValue then
_EnableStates([rpChangePassword])
else
_DisableStates([rpChangePassword]);
end;
function TPolicyAdmin.GetChangePasswordEnabled: boolean;
begin
Result := _GetState(rpChangePassword);
end;
// Log Off Button
procedure TPolicyAdmin.SetLogOffEnabled(AValue: boolean);
begin
if AValue then
_EnableStates([rpLogOff])
else
_DisableStates([rpLogOff]);
end;
function TPolicyAdmin.GetLogOffEnabled: boolean;
begin
Result := _GetState(rpLogOff);
end;
// Shut Down Button
procedure TPolicyAdmin.SetShutDownEnabled(AValue: boolean);
begin
if AValue then
_EnableStates([rpShutDown])
else
_DisableStates([rpShutDown]);
end;
function TPolicyAdmin.GetShutDownEnabled: boolean;
begin
Result := _GetState(rpShutDown);
end;
// Registry Tools (REGEDIT)
procedure TPolicyAdmin.SetRegistryToolsEnabled(AValue: boolean);
begin
if AValue then
_EnableStates([rpRegistryTools])
else
_DisableStates([rpRegistryTools]);
end;
function TPolicyAdmin.GetRegistryToolsEnabled: boolean;
begin
Result := _GetState(rpRegistryTools);
end;
// Display Properties Dialog
procedure TPolicyAdmin.SetDispPropertiesEnabled(AValue: boolean);
begin
if AValue then
_EnableStates([rpDispProperties])
else
_DisableStates([rpDispproperties]);
end;
function TPolicyAdmin.GetDispPropertiesEnabled: boolean;
begin
Result := _GetState(rpDispProperties);
end;
// ==============================
// User Callabel Methods
// ==============================
procedure TPolicyAdmin.DisableStates(ARegPolicySet: TRegPolicySet);
begin
_DisableStates(ARegPolicySet);
end;
procedure TPolicyAdmin.EnableStates(ARegPolicySet: TRegPolicySet);
begin
_EnableStates(ARegPolicySet);
end;
end.
Nincsenek megjegyzések:
Megjegyzés küldése