使用VBScript或其他方法从文本文件填充GPO

时间:2015-06-04 16:51:16

标签: vbscript text-files group-policy gpo

好的,我们需要创建一个GPO,允许我们的用户只使用特定的程序。

GPO位置:

  • 用户配置
    • 策略
      • 管理模板[...]
        • 系统
          • 仅运行指定的Windows应用程序

然后将GPO设置为启用并单击允许的应用程序列表 - >节目...

我创建了一个excel电子表格,其中包含所有程序及其相关可执行文件的名称以及其他相关信息,以便我们可以轻松地组织,添加,删除等我们需要允许用户访问的可执行文件

然后,此电子表格会将所有可执行文件转储到文本文件中。

以下是文本文件的示例:

Acrobat.exe
chrome.exe
calc.exe

.
.
.

有很多条目,这些条目可能会有所变化。我要做的是创建一个脚本,该脚本将获取该文本文件并自动填充GPO。我不在乎我们是否必须打开窗口然后运行它,它不需要从任务调度程序运行(尽管如果有人准备好代码那将是惊人的)。我们只需要将这些荒谬的可执行文件名填充到字段中。

以下是我发现的代码(VBScript),在运行时,应该自动填充字段,但是我无法让它在组策略管理编辑器中运行(它在Windows资源管理器窗口中运行而不是搜索一些文件)

' Open the text file, located in the same path as the script
Set objFSO = CreateObject("Scripting.FileSystemObject")
strPath = Mid(Wscript.ScriptFullName, 1, InStrRev(Wscript.ScriptFullName, wscript.ScriptName) -1)
Set objFile = objFSO.OpenTextFile(strPath & "appList.txt")

' Activate the "Show Contents" window with the "List of allowed applications".
' Note the window must be opened already and we should have selected where in 
' the list we want to enter the data before running the script
set WshShell = WScript.CreateObject("WScript.Shell")
WScript.Sleep 1000
WshShell.AppActivate "Show Contents"

' Read the file line by line
Do While objFile.AtEndOfStream <> True

    ' Each line contains one EXE name
    exeName = objFile.ReadLine

    ' Escape forbidden chars { } [ ] ( ) + ^ % ~
    exeName = Replace(exeName, "[", "{[}")
    exeName = Replace(exeName, "]", "{]}")
    exeName = Replace(exeName, "(", "{(}")
    exeName = Replace(exeName, ")", "{)}")
    exeName = Replace(exeName, "+", "{+}")
    exeName = Replace(exeName, "^", "{^}")
    exeName = Replace(exeName, "%", "{%}")
    exeName = Replace(exeName, "~", "{~}") 

    ' Send the EXE name to the window
    WScript.Sleep 100
    WshShell.SendKeys exeName

    ' Move to the next one
    WshShell.SendKeys "{TAB}"    

Loop

objFile.Close

来自:http://blogs.msdn.com/b/alejacma/archive/2011/03/24/how-to-update-quot-run-only-specified-windows-applications-quot-gpo-programmatically-vbscript.aspx

2 个答案:

答案 0 :(得分:0)

"C:\Windows\System32\GroupPolicy\User\Registry.pol"

我的政策存储在哪里。它是一个半文本文件。尝试写入该文件。

答案 1 :(得分:0)

好的,所以我尝试了很多不同的方法。如果有人正在寻找这样做的答案,这就是我想出来的方式以及我决定继续进行的方式。我将在下面发布所有相关代码。

在Excel中,我的表格格式如下: enter image description here (显然有更多条目)

以下是我用来将此文件中的数据转换为注册表项的正确格式的VBA代码:

VBA - 在Excel中 

Public Sub ExportToTextFile(FName As String, _
    Sep As String, SelectionOnly As Boolean, _
    AppendData As Boolean)
    Dim WholeLine As String
    Dim FNum As Integer
    Dim RowNdx As Long
    Dim ColNdx As Integer
    Dim StartRow As Long
    Dim EndRow As Long
    Dim StartCol As Integer
    Dim EndCol As Integer
    Dim CellValue As String

    Application.ScreenUpdating = False
On Error GoTo EndMacro:
    FNum = FreeFile
    StartRow = 2
    If SelectionOnly = True Then
        With Selection
            StartCol = .Cells(2).Column
            EndRow = .Cells(.Cells.Count).Row
            EndCol = .Cells(2).Column
        End With
    Else
        With ActiveSheet.UsedRange
            StartCol = .Cells(2).Column
            EndRow = .Cells(.Cells.Count).Row
            EndCol = .Cells(2).Column
        End With

    End If
    If AppendData = True Then
        Open FName For Append Access Write As #FNum
    Else
        Open FName For Output Access Write As #FNum
    End If
    For RowNdx = StartRow To EndRow
        WholeLine = ""
        For ColNdx = StartCol To EndCol
            If Cells(RowNdx, ColNdx).Value = "" Then
                CellValue = ""
            Else
                CellValue = Cells(RowNdx, ColNdx).Value
            End If
            WholeLine = WholeLine & Chr(34) & CellValue & ".exe" & Chr(34) & "=" & Chr(34) & CellValue & ".exe" & Chr(34) & Sep
        Next ColNdx
        WholeLine = Left(WholeLine, Len(WholeLine) - Len(Sep))
        Print #FNum, WholeLine; ""

    Next RowNdx

EndMacro:
    On Error GoTo 0
    Application.ScreenUpdating = True
    Close #FNum
End Sub
Sub PipeExport()
    Dim FileName As Variant
    Dim Sep As String

    FileName = Application.GetSaveAsFilename(InitialFileName:="appList", filefilter:="Text (*.txt),*.txt")
    If FileName = False Then
         ''''''''''''''''''''''''''
         ' user cancelled, get out
         ''''''''''''''''''''''''''
        Exit Sub
    End If
    Sep = "|"
    If Sep = vbNullString Then
         ''''''''''''''''''''''''''
         ' user cancelled, get out
         ''''''''''''''''''''''''''
        Exit Sub
    End If
    Debug.Print "FileName: " & FileName, "Extension: " & Sep
    ExportToTextFile FName:=CStr(FileName), Sep:=CStr(Sep), _
    SelectionOnly:=False, AppendData:=False

End Sub
Private Sub Workbook_BeforeSave(ByVal SaveAsUI As Boolean, Cancel As Boolean)
    PipeExport
End Sub

创建的文件是 appList.txt ,其格式与注册表项的格式相同:

"Acrobat.exe"="Acrobat.exe"
"AcroRd32.exe"="AcroRd32.exe"

现在,在您的GPO中,将唯一的程序名称添加到允许的应用程序列表(例如 test1234.exe ),然后在注册表编辑器中转到“编辑”按钮。找到 test1234.exe 。 在File&gt;下导出该注册表项出口。删除 test1234.exe 行并粘贴到您的文本文件中。然后重新导入该文件,您就完成了!

相关问题
最新问题