0

好的,所以我们需要创建一个允许我们的用户只使用特定程序的 GPO。

邮政总局地点:

  • 用户配置
    • 政策
      • 管理模板 [...]
        • 系统
          • 仅运行指定的 Windows 应用程序

然后将 GPO 设置为启用并单击允许的应用程序列表 --> 显示...

我创建了一个 Excel 电子表格,其中包含所有程序的名称及其关联的可执行文件以及其他相关信息,以便我们可以轻松地组织、添加、删除等我们需要允许用户访问的可执行文件。

然后,此电子表格将所有可执行文件转储到文本文件中。

以下是文本文件的示例:

Acrobat.exe
chrome.exe
calc.exe

.
.
.

有很多条目,这些可能会发生变化。我要做的是创建一个脚本,该脚本将采用该文本文件并自动填充 GPO。我不在乎我们是否必须打开窗口然后运行它,它不需要从任务调度程序运行(尽管如果有人准备好该代码,那将是惊人的)。我们只需要它来将这些荒谬的可执行文件名填充到字段中。

这是我发现的代码(VBScript),它在运行时应该自动填充字段,但是我无法让它在组策略管理编辑器中运行(它在 Windows 资源管理器窗口中运行并最终搜索一些文件)

' Open the text file, located in the same path as the script
Set objFSO = CreateObject("Scripting.FileSystemObject")
strPath = Mid(Wscript.ScriptFullName, 1, InStrRev(Wscript.ScriptFullName, wscript.ScriptName) -1)
Set objFile = objFSO.OpenTextFile(strPath & "appList.txt")

' Activate the "Show Contents" window with the "List of allowed applications".
' Note the window must be opened already and we should have selected where in 
' the list we want to enter the data before running the script
set WshShell = WScript.CreateObject("WScript.Shell")
WScript.Sleep 1000
WshShell.AppActivate "Show Contents"

' Read the file line by line
Do While objFile.AtEndOfStream <> True

    ' Each line contains one EXE name
    exeName = objFile.ReadLine

    ' Escape forbidden chars { } [ ] ( ) + ^ % ~
    exeName = Replace(exeName, "[", "{[}")
    exeName = Replace(exeName, "]", "{]}")
    exeName = Replace(exeName, "(", "{(}")
    exeName = Replace(exeName, ")", "{)}")
    exeName = Replace(exeName, "+", "{+}")
    exeName = Replace(exeName, "^", "{^}")
    exeName = Replace(exeName, "%", "{%}")
    exeName = Replace(exeName, "~", "{~}") 

    ' Send the EXE name to the window
    WScript.Sleep 100
    WshShell.SendKeys exeName

    ' Move to the next one
    WshShell.SendKeys "{TAB}"    

Loop

objFile.Close

来自:http: //blogs.msdn.com/b/alejacma/archive/2011/03/24/how-to-update-quot-run-only-specified-windows-applications-quot-gpo-programmatically-vbscript。 aspx

4

2 回答 2

0 
"C:\Windows\System32\GroupPolicy\User\Registry.pol"

是存储我的策略的地方。这是一个半文本文件。尝试写入该文件。

于 2015-06-04T21:03:59.303 回答
0

好的,所以我尝试了很多不同的方法。如果有人正在寻找这样做的答案,这就是我想出来的方式,也是我决定继续的方式。我将在下面发布所有相关代码。

在 Excel 中,我的表格格式如下:( 在此处输入图像描述 显然有更多条目)

这是我用来将此文件中的数据转换为注册表项的正确格式的 VBA 代码:

VBA - 在 Excel 中

Public Sub ExportToTextFile(FName As String, _
    Sep As String, SelectionOnly As Boolean, _
    AppendData As Boolean)
    Dim WholeLine As String
    Dim FNum As Integer
    Dim RowNdx As Long
    Dim ColNdx As Integer
    Dim StartRow As Long
    Dim EndRow As Long
    Dim StartCol As Integer
    Dim EndCol As Integer
    Dim CellValue As String

    Application.ScreenUpdating = False
On Error GoTo EndMacro:
    FNum = FreeFile
    StartRow = 2
    If SelectionOnly = True Then
        With Selection
            StartCol = .Cells(2).Column
            EndRow = .Cells(.Cells.Count).Row
            EndCol = .Cells(2).Column
        End With
    Else
        With ActiveSheet.UsedRange
            StartCol = .Cells(2).Column
            EndRow = .Cells(.Cells.Count).Row
            EndCol = .Cells(2).Column
        End With

    End If
    If AppendData = True Then
        Open FName For Append Access Write As #FNum
    Else
        Open FName For Output Access Write As #FNum
    End If
    For RowNdx = StartRow To EndRow
        WholeLine = ""
        For ColNdx = StartCol To EndCol
            If Cells(RowNdx, ColNdx).Value = "" Then
                CellValue = ""
            Else
                CellValue = Cells(RowNdx, ColNdx).Value
            End If
            WholeLine = WholeLine & Chr(34) & CellValue & ".exe" & Chr(34) & "=" & Chr(34) & CellValue & ".exe" & Chr(34) & Sep
        Next ColNdx
        WholeLine = Left(WholeLine, Len(WholeLine) - Len(Sep))
        Print #FNum, WholeLine; ""

    Next RowNdx

EndMacro:
    On Error GoTo 0
    Application.ScreenUpdating = True
    Close #FNum
End Sub
Sub PipeExport()
    Dim FileName As Variant
    Dim Sep As String

    FileName = Application.GetSaveAsFilename(InitialFileName:="appList", filefilter:="Text (*.txt),*.txt")
    If FileName = False Then
         ''''''''''''''''''''''''''
         ' user cancelled, get out
         ''''''''''''''''''''''''''
        Exit Sub
    End If
    Sep = "|"
    If Sep = vbNullString Then
         ''''''''''''''''''''''''''
         ' user cancelled, get out
         ''''''''''''''''''''''''''
        Exit Sub
    End If
    Debug.Print "FileName: " & FileName, "Extension: " & Sep
    ExportToTextFile FName:=CStr(FileName), Sep:=CStr(Sep), _
    SelectionOnly:=False, AppendData:=False

End Sub
Private Sub Workbook_BeforeSave(ByVal SaveAsUI As Boolean, Cancel As Boolean)
    PipeExport
End Sub

创建的文件是appList.txt,其格式与注册表项的格式相同:

"Acrobat.exe"="Acrobat.exe"
"AcroRd32.exe"="AcroRd32.exe"

现在在您的 GPO 中,将唯一的程序名称添加到允许的应用程序列表(例如test1234.exe),然后在您的注册表编辑器中,转到 Edit > Find test1234.exe。在文件 > 导出下导出该注册表项。删除test1234.exe行并粘贴到您的文本文件中。然后重新导入该文件,您就完成了!

于 2015-06-04T21:05:48.743 回答