def create(self): userData = {} userData['name'] = self.name if self.infos.has_key("displayName"): userData['full_name'] = self.infos["displayName"] if self.infos.has_key("password"): userData['password'] = self.infos["password"] userData['flags'] = win32netcon.UF_DONT_EXPIRE_PASSWD userData['flags'] |= win32netcon.UF_NORMAL_ACCOUNT userData['flags'] |= win32netcon.UF_PASSWD_CANT_CHANGE userData['flags'] |= win32netcon.UF_SCRIPT userData['priv'] = win32netcon.USER_PRIV_USER userData['primary_group_id'] = ntsecuritycon.DOMAIN_GROUP_RID_USERS userData['password_expired'] = 0 # password never expire userData['acct_expires'] = win32netcon.TIMEQ_FOREVER if self.infos.has_key("locale"): userData['country_code'] = Langs.getLCID(self.infos["locale"]) try: win32net.NetUserAdd(None, 3, userData) except Exception, e: Logger.error("unable to create user: " + str(e)) return False
def create(self): userData = {} userData['name'] = self.name if self.infos.has_key("displayName"): userData['full_name'] = self.infos["displayName"] if self.infos.has_key("password"): userData['password'] = self.infos["password"] userData['flags'] = win32netcon.UF_DONT_EXPIRE_PASSWD userData['flags'] |= win32netcon.UF_NORMAL_ACCOUNT userData['flags'] |= win32netcon.UF_PASSWD_CANT_CHANGE userData['flags'] |= win32netcon.UF_SCRIPT userData['priv'] = win32netcon.USER_PRIV_USER userData['primary_group_id'] = ntsecuritycon.DOMAIN_GROUP_RID_USERS userData['password_expired'] = 0 # password never expire userData['acct_expires'] = win32netcon.TIMEQ_FOREVER if self.infos.has_key("locale"): userData['country_code'] = Langs.getLCID(self.infos["locale"]) try: win32net.NetUserAdd(None, 3, userData) except Exception: Logger.exception("unable to create user") return False self.post_create() return True
def overwriteDefaultRegistry(self, directory): registryFile = os.path.join(directory, "NTUSER.DAT") hiveName = "OVD_%s_%d" % (str(self.id), random.randrange(10000, 50000)) # Load the hive win32api.RegLoadKey(win32con.HKEY_USERS, hiveName, registryFile) # Set the OVD Environnment path = r"%s\Environment" % (hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) hkey = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: hkey = None if hkey is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx( hkey, "OVD_SESSION_DIR", 0, win32con.REG_SZ, os.path.join(self.appDataDir, "ulteo", "ovd")) win32api.RegCloseKey(hkey) # Set the language if self.parameters.has_key("locale"): cl = Langs.getLCID(self.parameters["locale"]) wl = Langs.unixLocale2WindowsLocale(self.parameters["locale"]) path = r"%s\Control Panel\Desktop" % (hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) hkey = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: hkey = None if hkey is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx(hkey, "MUILanguagePending", 0, win32con.REG_SZ, "%08X" % (cl)) win32api.RegSetValueEx(hkey, "PreferredUILanguagesPending", 0, win32con.REG_MULTI_SZ, [wl]) win32api.RegCloseKey(hkey) # Policies update path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" % ( hiveName) restrictions = [ "DisableFavoritesDirChange", "DisableLocalMachineRun", "DisableLocalMachineRunOnce", "DisableMachineRunOnce", "DisableMyMusicDirChange", "DisableMyPicturesDirChange", "DisablePersonalDirChange", "EnforceShellExtensionSecurity", #"ForceStartMenuLogOff", "Intellimenus", "NoChangeStartMenu", "NoClose", "NoCommonGroups", "NoControlPanel", "NoDFSTab", "NoFind", "NoFolderOptions", "NoHardwareTab", "NoInstrumentation", "NoIntellimenus", "NoInternetIcon", # remove the IE icon "NoManageMyComputerVerb", "NonEnum", "NoNetworkConnections", "NoResolveSearch", "NoSetFolders", "NoSetTaskbar", #"NoStartMenuSubFolders", # should remove the folders from startmenu but doesn't work + On 2008, start menu is empty if this key is set "NoSMBalloonTip", "NoStartMenuEjectPC", "NoStartMenuNetworkPlaces", "NoTrayContextMenu", "NoWindowsUpdate", #"NoViewContextMenu", # Mouse right clic #"StartMenuLogOff", ] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) # Enable to use of lnk file from share without popup path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" % ( hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx(key, "ModRiskFileTypes", 0, win32con.REG_SZ, ".exe;.msi;.vbs") win32api.RegCloseKey(key) # start menu customization path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" % ( hiveName) restrictions = [ "Start_ShowRun", "StartMenuAdminTools", "Start_AdminToolsRoot" ] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 0) win32api.RegCloseKey(key) if self.profile is not None: # http://support.microsoft.com/kb/810869 # Do not show recycle bin path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" % ( hiveName) restrictions = ["{645FF040-5081-101B-9F08-00AA002F954E}"] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\System" % ( hiveName) restrictions = [ "DisableRegistryTools", "DisableTaskMgr", "DisableLockWorkstation", "NoDispCPL", ] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) # Remove Windows startup sound keys = [ "WindowsLogon", "WindowsLogoff", "SystemStart", # old Windows 2003, not used anymore in 2008 ] for k in keys: path = r"%s\AppEvents\Schemes\Apps\.Default\%s\.Current" % ( hiveName, k) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx(key, None, 0, win32con.REG_EXPAND_SZ, "") win32api.RegCloseKey(key) # Desktop customization path = r"%s\Control Panel\Desktop" % (hiveName) items = ["ScreenSaveActive", "ScreenSaverIsSecure"] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in items: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 0) win32api.RegCloseKey(key) # Overwrite Active Setup: works partially try: Reg.UpdateActiveSetup(self.user.name, hiveName, r"Software\Microsoft\Active Setup") # On 64 bits architecture, Active Setup is already present in path "Software\Wow6432Node\Microsoft\Active Setup" if "PROGRAMW6432" in os.environ.keys(): Reg.UpdateActiveSetup( self.user.name, hiveName, r"Software\Wow6432Node\Microsoft\Active Setup") except Exception, err: Logger.warn("Unable to reset ActiveSetup") Logger.debug("Unable to reset ActiveSetup: " + str(err))
# Overwrite Active Setup: works partially try: Reg.UpdateActiveSetup(self.user.name, hiveName, r"Software\Microsoft\Active Setup") # On 64 bits architecture, Active Setup is already present in path "Software\Wow6432Node\Microsoft\Active Setup" if "PROGRAMW6432" in os.environ.keys(): Reg.UpdateActiveSetup( self.user.name, hiveName, r"Software\Wow6432Node\Microsoft\Active Setup") except Exception, err: Logger.warn("Unable to reset ActiveSetup") Logger.debug("Unable to reset ActiveSetup: " + str(err)) if self.profile is not None: self.profile.overrideRegistry(hiveName, self.user.name) self.domain.doCustomizeRegistry(hiveName) # Timezone override if self.parameters.has_key("timezone"): tz_name = Langs.getWinTimezone(self.parameters["timezone"]) ret = Reg.setTimezone(hiveName, tz_name) if ret is False: Logger.warn("Unable to set TimeZone (%s, %s)" % (self.parameters["timezone"], tz_name)) # Unload the hive win32api.RegUnLoadKey(win32con.HKEY_USERS, hiveName)
def overwriteDefaultRegistry(self, directory): registryFile = os.path.join(directory, "NTUSER.DAT") hiveName = "OVD_%s_%d" % (str(self.id), random.randrange(10000, 50000)) # Load the hive win32api.RegLoadKey(win32con.HKEY_USERS, hiveName, registryFile) # Set the OVD Environnment path = r"%s\Environment" % (hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) hkey = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: hkey = None if hkey is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx( hkey, "OVD_SESSION_DIR", 0, win32con.REG_SZ, os.path.join(self.appDataDir, "ulteo", "ovd") ) win32api.RegCloseKey(hkey) # Set the language if self.parameters.has_key("locale"): cl = Langs.getLCID(self.parameters["locale"]) wl = Langs.unixLocale2WindowsLocale(self.parameters["locale"]) path = r"%s\Control Panel\Desktop" % (hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) hkey = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: hkey = None if hkey is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx(hkey, "MUILanguagePending", 0, win32con.REG_SZ, "%08X" % (cl)) win32api.RegSetValueEx(hkey, "PreferredUILanguagesPending", 0, win32con.REG_MULTI_SZ, [wl]) win32api.RegCloseKey(hkey) # Policies update path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" % (hiveName) restrictions = [ "DisableFavoritesDirChange", "DisableLocalMachineRun", "DisableLocalMachineRunOnce", "DisableMachineRunOnce", "DisableMyMusicDirChange", "DisableMyPicturesDirChange", "DisablePersonalDirChange", "EnforceShellExtensionSecurity", # "ForceStartMenuLogOff", "Intellimenus", "NoChangeStartMenu", "NoClose", "NoCommonGroups", "NoControlPanel", "NoDFSTab", "NoFind", "NoFolderOptions", "NoHardwareTab", "NoInstrumentation", "NoIntellimenus", "NoInternetIcon", # remove the IE icon "NoManageMyComputerVerb", "NonEnum", "NoNetworkConnections", "NoResolveSearch", "NoSetFolders", "NoSetTaskbar", # "NoStartMenuSubFolders", # should remove the folders from startmenu but doesn't work + On 2008, start menu is empty if this key is set "NoSMBalloonTip", "NoStartMenuEjectPC", "NoStartMenuNetworkPlaces", "NoTrayContextMenu", "NoWindowsUpdate", # "NoViewContextMenu", # Mouse right clic # "StartMenuLogOff", ] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) # Enable to use of lnk file from share without popup path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" % (hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx(key, "ModRiskFileTypes", 0, win32con.REG_SZ, ".exe;.msi;.vbs") win32api.RegCloseKey(key) # start menu customization path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" % (hiveName) restrictions = ["Start_ShowRun", "StartMenuAdminTools", "Start_AdminToolsRoot"] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 0) win32api.RegCloseKey(key) if self.profile is not None: # http://support.microsoft.com/kb/810869 # Do not show recycle bin path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" % (hiveName) restrictions = ["{645FF040-5081-101B-9F08-00AA002F954E}"] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\System" % (hiveName) restrictions = ["DisableRegistryTools", "DisableTaskMgr", "DisableLockWorkstation", "NoDispCPL"] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) # Remove Windows startup sound keys = ["WindowsLogon", "WindowsLogoff", "SystemStart"] # old Windows 2003, not used anymore in 2008 for k in keys: path = r"%s\AppEvents\Schemes\Apps\.Default\%s\.Current" % (hiveName, k) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx(key, None, 0, win32con.REG_EXPAND_SZ, "") win32api.RegCloseKey(key) # Desktop customization path = r"%s\Control Panel\Desktop" % (hiveName) items = ["ScreenSaveActive", "ScreenSaverIsSecure"] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in items: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 0) win32api.RegCloseKey(key) # Overwrite Active Setup: works partially try: Reg.UpdateActiveSetup(self.user.name, hiveName, r"Software\Microsoft\Active Setup") # On 64 bits architecture, Active Setup is already present in path "Software\Wow6432Node\Microsoft\Active Setup" if "PROGRAMW6432" in os.environ.keys(): Reg.UpdateActiveSetup(self.user.name, hiveName, r"Software\Wow6432Node\Microsoft\Active Setup") except Exception, err: Logger.warn("Unable to reset ActiveSetup") Logger.debug("Unable to reset ActiveSetup: " + str(err))
for item in items: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 0) win32api.RegCloseKey(key) # Overwrite Active Setup: works partially try: Reg.UpdateActiveSetup(self.user.name, hiveName, r"Software\Microsoft\Active Setup") # On 64 bits architecture, Active Setup is already present in path "Software\Wow6432Node\Microsoft\Active Setup" if "PROGRAMW6432" in os.environ.keys(): Reg.UpdateActiveSetup(self.user.name, hiveName, r"Software\Wow6432Node\Microsoft\Active Setup") except Exception, err: Logger.warn("Unable to reset ActiveSetup") Logger.debug("Unable to reset ActiveSetup: " + str(err)) if self.profile is not None: self.profile.overrideRegistry(hiveName, self.user.name) self.domain.doCustomizeRegistry(hiveName) # Timezone override if self.parameters.has_key("timezone"): tz_name = Langs.getWinTimezone(self.parameters["timezone"]) ret = Reg.setTimezone(hiveName, tz_name) if ret is False: Logger.warn("Unable to set TimeZone (%s, %s)" % (self.parameters["timezone"], tz_name)) # Unload the hive win32api.RegUnLoadKey(win32con.HKEY_USERS, hiveName)
def overwriteDefaultRegistry(self, directory): registryFile = os.path.join(directory, "NTUSER.DAT") hiveName = "OVD_%s_%d" % (str(self.id), random.randrange(10000, 50000)) # Load the hive win32api.RegLoadKey(win32con.HKEY_USERS, hiveName, registryFile) # Set the OVD Environnment path = r"%s\Environment" % (hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) hkey = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: hkey = None if hkey is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx(hkey, "OVD_SESSION_DIR", 0, win32con.REG_SZ, self.user_session_dir) win32api.RegCloseKey(hkey) # Set the language if self.parameters.has_key("locale"): cl = Langs.getLCID(self.parameters["locale"]) wl = Langs.unixLocale2WindowsLocale(self.parameters["locale"]) path = r"%s\Control Panel\Desktop" % (hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) hkey = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: hkey = None if hkey is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx(hkey, "MUILanguagePending", 0, win32con.REG_SZ, "%08X" % (cl)) win32api.RegSetValueEx(hkey, "PreferredUILanguagesPending", 0, win32con.REG_MULTI_SZ, [wl]) win32api.RegCloseKey(hkey) # Policies update path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" % ( hiveName) restrictions = [ "DisableFavoritesDirChange", "DisableLocalMachineRun", "DisableLocalMachineRunOnce", "DisableMachineRunOnce", "DisableMyMusicDirChange", "DisableMyPicturesDirChange", "DisablePersonalDirChange", "EnforceShellExtensionSecurity", #"ForceStartMenuLogOff", "Intellimenus", "NoChangeStartMenu", "NoClose", "NoCommonGroups", "NoControlPanel", "NoDFSTab", "NoFind", "NoFolderOptions", "NoHardwareTab", "NoInstrumentation", "NoIntellimenus", "NoInternetIcon", # remove the IE icon "NoManageMyComputerVerb", "NonEnum", "NoNetworkConnections", "NoResolveSearch", "NoSetFolders", "NoSetTaskbar", #"NoStartMenuSubFolders", # should remove the folders from startmenu but doesn't work + On 2008, start menu is empty if this key is set "NoSMBalloonTip", "NoStartMenuEjectPC", "NoStartMenuNetworkPlaces", "NoTrayContextMenu", "NoWindowsUpdate", #"NoViewContextMenu", # Mouse right clic #"StartMenuLogOff", ] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) # Hide local drives value = 0 drives = win32api.GetLogicalDriveStrings() drives = drives.split('\000')[:-1] for drive in drives: t = win32file.GetDriveType(drive) if t not in [ win32con.DRIVE_CDROM, win32con.DRIVE_REMOVABLE, win32con.DRIVE_FIXED ]: continue # Transform the drive letter into a bit value according to # http://technet.microsoft.com/en-us/library/cc959437.aspx value += 1 << (ord(drive.lower()[0]) - 97) path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" % ( hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx(key, "NoDrives", 0, win32con.REG_DWORD, value) # win32api.RegSetValueEx(key, "NoViewOnDrive", 0, win32con.REG_DWORD, value) win32api.RegCloseKey(key) # Enable to use of lnk file from share without popup path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" % ( hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx(key, "ModRiskFileTypes", 0, win32con.REG_SZ, ".exe;.msi;.vbs") win32api.RegCloseKey(key) # start menu customization path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" % ( hiveName) restrictions = [ "Start_ShowRun", "StartMenuAdminTools", "Start_AdminToolsRoot" ] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 0) win32api.RegCloseKey(key) if self.profile is not None: # http://support.microsoft.com/kb/810869 # Do not show recycle bin path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" % ( hiveName) restrictions = ["{645FF040-5081-101B-9F08-00AA002F954E}"] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\System" % ( hiveName) restrictions = [ "DisableRegistryTools", "DisableTaskMgr", "DisableLockWorkstation", "NoDispCPL", ] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) # Remove Windows startup sound keys = [ "WindowsLogon", "WindowsLogoff", "SystemStart", # old Windows 2003, not used anymore in 2008 ] for k in keys: path = r"%s\AppEvents\Schemes\Apps\.Default\%s\.Current" % ( hiveName, k) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx(key, None, 0, win32con.REG_EXPAND_SZ, "") win32api.RegCloseKey(key) # Desktop customization path = r"%s\Control Panel\Desktop" % (hiveName) items = ["ScreenSaveActive", "ScreenSaverIsSecure"] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: for item in items: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 0) win32api.RegCloseKey(key) # Overwrite Active Setup: works partially try: Reg.UpdateActiveSetup(self.user.name, hiveName, r"Software\Microsoft\Active Setup") # On 64 bits architecture, Active Setup is already present in path "Software\Wow6432Node\Microsoft\Active Setup" if "PROGRAMW6432" in os.environ.keys(): Reg.UpdateActiveSetup( self.user.name, hiveName, r"Software\Wow6432Node\Microsoft\Active Setup") except Exception: Logger.exception("Unable to reset ActiveSetup") if self.profile is not None: self.profile.overrideRegistry(hiveName, self.user.name) self.domain.doCustomizeRegistry(hiveName) # Timezone override if self.parameters.has_key("timezone"): tz_name = Langs.getWinTimezone(self.parameters["timezone"]) ret = Reg.setTimezone(hiveName, tz_name) if ret is False: Logger.warn("Unable to set TimeZone (%s, %s)" % (self.parameters["timezone"], tz_name)) # Hack for Windows 2012R2 relative to StartScreen integration. path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage" % ( hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'" % (path)) else: win32api.RegSetValueEx(key, "MakeAllAppsDefault", 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) # Unload the hive win32api.RegUnLoadKey(win32con.HKEY_USERS, hiveName)
def overwriteDefaultRegistry(self, directory): registryFile = os.path.join(directory, "NTUSER.DAT") hiveName = "OVD_%s_%d"%(str(self.id), random.randrange(10000, 50000)) # Load the hive win32api.RegLoadKey(win32con.HKEY_USERS, hiveName, registryFile) # Set the OVD Environnment path = r"%s\Environment"%(hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) hkey = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: hkey = None if hkey is None: Logger.error("Unable to open key '%s'"%(path)) else: win32api.RegSetValueEx(hkey, "OVD_SESSION_DIR", 0, win32con.REG_SZ, self.user_session_dir) win32api.RegCloseKey(hkey) # Set the language if self.parameters.has_key("locale"): cl = Langs.getLCID(self.parameters["locale"]) wl = Langs.unixLocale2WindowsLocale(self.parameters["locale"]) path = r"%s\Control Panel\Desktop"%(hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) hkey = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: hkey = None if hkey is None: Logger.error("Unable to open key '%s'"%(path)) else: win32api.RegSetValueEx(hkey, "MUILanguagePending", 0, win32con.REG_SZ, "%08X"%(cl)) win32api.RegSetValueEx(hkey, "PreferredUILanguagesPending", 0, win32con.REG_MULTI_SZ, [wl]) win32api.RegCloseKey(hkey) # Policies update path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"%(hiveName) restrictions = ["DisableFavoritesDirChange", "DisableLocalMachineRun", "DisableLocalMachineRunOnce", "DisableMachineRunOnce", "DisableMyMusicDirChange", "DisableMyPicturesDirChange", "DisablePersonalDirChange", "EnforceShellExtensionSecurity", #"ForceStartMenuLogOff", "Intellimenus", "NoChangeStartMenu", "NoClose", "NoCommonGroups", "NoControlPanel", "NoDFSTab", "NoFind", "NoFolderOptions", "NoHardwareTab", "NoInstrumentation", "NoIntellimenus", "NoInternetIcon", # remove the IE icon "NoManageMyComputerVerb", "NonEnum", "NoNetworkConnections", "NoResolveSearch", "NoSetFolders", "NoSetTaskbar", #"NoStartMenuSubFolders", # should remove the folders from startmenu but doesn't work + On 2008, start menu is empty if this key is set "NoSMBalloonTip", "NoStartMenuEjectPC", "NoStartMenuNetworkPlaces", "NoTrayContextMenu", "NoWindowsUpdate", #"NoViewContextMenu", # Mouse right clic #"StartMenuLogOff", ] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'"%(path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) # Hide local drives value = 0 drives = win32api.GetLogicalDriveStrings() drives = drives.split('\000')[:-1] for drive in drives: t = win32file.GetDriveType(drive) if t not in [win32con.DRIVE_CDROM, win32con.DRIVE_REMOVABLE, win32con.DRIVE_FIXED]: continue # Transform the drive letter into a bit value according to # http://technet.microsoft.com/en-us/library/cc959437.aspx value += 1 << (ord(drive.lower()[0]) - 97) path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"%(hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'"%(path)) else: win32api.RegSetValueEx(key, "NoDrives", 0, win32con.REG_DWORD, value) # win32api.RegSetValueEx(key, "NoViewOnDrive", 0, win32con.REG_DWORD, value) win32api.RegCloseKey(key) # Enable to use of lnk file from share without popup path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Associations"%(hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'"%(path)) else: win32api.RegSetValueEx(key, "ModRiskFileTypes", 0, win32con.REG_SZ, ".exe;.msi;.vbs") win32api.RegCloseKey(key) # start menu customization path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"%(hiveName) restrictions = ["Start_ShowRun", "StartMenuAdminTools", "Start_AdminToolsRoot"] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'"%(path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 0) win32api.RegCloseKey(key) if self.profile is not None: # http://support.microsoft.com/kb/810869 # Do not show recycle bin path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel"%(hiveName) restrictions = ["{645FF040-5081-101B-9F08-00AA002F954E}"] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'"%(path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\System"%(hiveName) restrictions = ["DisableRegistryTools", "DisableTaskMgr", "DisableLockWorkstation", "NoDispCPL", ] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'"%(path)) else: for item in restrictions: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) # Remove Windows startup sound keys = ["WindowsLogon", "WindowsLogoff", "SystemStart", # old Windows 2003, not used anymore in 2008 ] for k in keys: path = r"%s\AppEvents\Schemes\Apps\.Default\%s\.Current"%(hiveName, k) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'"%(path)) else: win32api.RegSetValueEx(key, None, 0, win32con.REG_EXPAND_SZ, "") win32api.RegCloseKey(key) # Desktop customization path = r"%s\Control Panel\Desktop"%(hiveName) items = ["ScreenSaveActive", "ScreenSaverIsSecure"] try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'"%(path)) else: for item in items: win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 0) win32api.RegCloseKey(key) # Overwrite Active Setup: works partially try: Reg.UpdateActiveSetup(self.user.name, hiveName, r"Software\Microsoft\Active Setup") # On 64 bits architecture, Active Setup is already present in path "Software\Wow6432Node\Microsoft\Active Setup" if "PROGRAMW6432" in os.environ.keys(): Reg.UpdateActiveSetup(self.user.name, hiveName, r"Software\Wow6432Node\Microsoft\Active Setup") except Exception: Logger.exception("Unable to reset ActiveSetup") if self.profile is not None: self.profile.overrideRegistry(hiveName, self.user.name) self.domain.doCustomizeRegistry(hiveName) # Timezone override if self.parameters.has_key("timezone"): tz_name = Langs.getWinTimezone(self.parameters["timezone"]) ret = Reg.setTimezone(hiveName, tz_name) if ret is False: Logger.warn("Unable to set TimeZone (%s, %s)"%(self.parameters["timezone"], tz_name)) # Hack for Windows 2012R2 relative to StartScreen integration. path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage"%(hiveName) try: Reg.CreateKeyR(win32con.HKEY_USERS, path) key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0, win32con.KEY_SET_VALUE) except: key = None if key is None: Logger.error("Unable to open key '%s'"%(path)) else: win32api.RegSetValueEx(key, "MakeAllAppsDefault", 0, win32con.REG_DWORD, 1) win32api.RegCloseKey(key) # Unload the hive win32api.RegUnLoadKey(win32con.HKEY_USERS, hiveName)