Today I finally got a start on raw POL editing features for Policy Plus. There is now an Edit Raw POL entry under File. When clicked, it prompts for a section (user or computer) and then opens a dialog with a tree of keys and values. Windows Forms doesn't actually have a combined tree/details control, so I rigged up a decent-looking structure by using the IndentCount property on ListView. There currently aren't any editing capabilities, but it does indeed show the contents of the POL file independent of the policies.
The tree starts up at SOFTWARE and there are a few other high-up keys in the tree, so the ones shown are indented a lot. Apparently empty keys appear because there is, for reasons unclear to me, a zero-length entry with a zero-length name in some places.
While working on this, I discovered two other problems. The code in PolicySource to translate DWord and QWord numbers to and from the raw bytes had errors that led to incorrect numbers being reported and crashes when inputting large numbers. That's fixed.
More subtly, I discovered while exploring this new form that the behavior of check boxes with implicit Registry effects is not quite what I assumed. I thought such a checkbox would produce a 1 when checked and nothing when unchecked, but the LGPE sets an active deletion on the value when unchecked. To accommodate that, I updated PolicyProcessing's saving routine and the basic state heuristics to not consider a deletion of a checkbox's value as evidence for the policy being disabled.
No comments:
Post a Comment