大大好,
近日接獲任務要用程式來控制外接裝置的使用權限,目前知道有兩種方式可以 DISABLE 裝置, registry 和 group policy,registry 的方式會把整台電腦的裝置權限都拿掉,可是我所要做的是對特定 users,而不是整台電腦的 user,所以應該是要用到 group policy object 的東西,去設定哪個群組會受到限制、哪些不會等等,使用 GUI 的話就是叫出 mmc ,然後從中去新增一個新的群組,想請問有沒有可以使用 c++ 的方式來達到這件事情,要使用哪個 api、哪個 function?
小弟在網路上搜尋了許久,這部分的資訊相對少,microsoft doc 也看了很多,但是不太清楚 function 的使用方法,希望有大大能給我一些意見,十分感謝!!
已邀請的邦友 {{ invite_list.length }}/5
可以使用 Windows Management Instrumentation (WMI) 來控制 Group Policy
C++
#include <iostream>
#include <windows.h>
#include <comdef.h>
#include <Wbemidl.h>
#pragma comment(lib, "wbemuuid.lib")
int main()
{
// 初始化 COM 環境
HRESULT hr = CoInitializeEx(nullptr, COINIT_MULTITHREADED);
if (FAILED(hr))
{
std::cout << "CoInitializeEx failed: " << hr << std::endl;
return 1;
}
// 設定 WMI 設定
hr = CoInitializeSecurity(
nullptr,
-1,
nullptr,
nullptr,
RPC_C_AUTHN_LEVEL_DEFAULT,
RPC_C_IMP_LEVEL_IMPERSONATE,
nullptr,
EOAC_NONE,
nullptr);
if (FAILED(hr))
{
std::cout << "CoInitializeSecurity failed: " << hr << std::endl;
CoUninitialize();
return 1;
}
// 建立 WMI 服務
IWbemLocator* pLocator = nullptr;
hr = CoCreateInstance(
CLSID_WbemLocator,
nullptr,
CLSCTX_INPROC_SERVER,
IID_IWbemLocator,
(LPVOID*)&pLocator);
if (FAILED(hr))
{
std::cout << "CoCreateInstance failed: " << hr << std::endl;
CoUninitialize();
return 1;
}
IWbemServices* pServices = nullptr;
hr = pLocator->ConnectServer(
L"root\\cimv2",
nullptr,
nullptr,
0,
nullptr,
0,
0,
&pServices);
if (FAILED(hr))
{
std::cout << "ConnectServer failed: " << hr << std::endl;
pLocator->Release();
CoUninitialize();
return 1;
}
// 建立新群組原則物件
IWbemClassObject* pClass = nullptr;
hr = pServices->GetObject(L"Win32_GroupPolicy", 0, nullptr, &pClass, nullptr);
if (FAILED(hr))
{
std::cout << "GetObject failed: " << hr << std::endl;
pServices->Release();
pLocator->Release();
CoUninitialize();
return 1;
}
IWbemClassObject* pInstance = nullptr;
hr = pClass->SpawnInstance(0, &pInstance);
if (FAILED(hr))
{
std::cout << "SpawnInstance failed: " << hr << std::endl;
pClass->Release();
pServices->Release();
pLocator->Release();
CoUninitialize();
return 1;
}
// 設定群組原則設定
VARIANT vtPath;
VariantInit(&vtPath);
vtPath.vt = VT_BSTR;
vtPath.bstrVal = SysAllocString(L"NewGroupPolicy");
hr = pInstance->Put(L"GPOName", 0, &vtPath, 0);
if (FAILED(hr))
{
std::cout << "Put failed: " << hr << std::endl;
pInstance->Release();
pClass->Release();
pServices->Release();
pLocator->Release();
CoUninitialize();
return 1;
}
// 建立新群組原則物件
IWbemCallResult* pResult = nullptr;
hr = pServices->ExecMethod(L"Win32_GroupPolicy", L"Create", 0, nullptr, pInstance, &pResult, nullptr);
if (FAILED(hr))
{
std::cout << "ExecMethod failed: " << hr << std::endl;
pInstance->Release();
pClass->Release();
pServices->Release();
pLocator->Release();
CoUninitialize();
return 1;
}
// 取得群組原則設定
VARIANT vtPolicy;
VariantInit(&vtPolicy);
hr = pResult->GetCallStatus(0, &vtPolicy);
if (FAILED(hr))
{
std::cout << "GetCallStatus failed: " << hr << std::endl;
pResult->Release();
pInstance->Release();
pClass->Release();
pServices->Release();
pLocator->Release();
CoUninitialize();
return 1;
}
std::wcout << "Group policy settings: " << vtPolicy.bstrVal << std::endl;
// 清除資源
VariantClear(&vtPolicy);
pResult->Release();
pInstance->Release();
pClass->Release();
pServices->Release();
pLocator->Release();
// 卸載 COM 環境
CoUninitialize();
return 0;
}
iThome鐵人賽
看影片追技術