locked
How to create Group Policy Object programmatically using .NET and c#? RRS feed

  • Question

  • We can create and edit Group Policy Object using Microsoft Group Policy Management tool. I am wondering is there a way to do the same thing programmatically using .Net and c#? If yes, where can I find the APIs and some sample code?

    Thanks

    John

    Monday, November 20, 2006 8:25 PM

Answers

  • I was looking for the same solution, and I found an interesting link: 
    http://www.microsoft.com/downloads/details.aspx?FamilyId=38C1A89B-A6D2-4F2A-A944-9236999AEE65&displaylang=en

    The IGPMGPO interface supports methods that enable you to manage Group Policy Objects (GPOs) in the directory service.

    Note that you cannot use this interface to manage local GPOs (LGPOs).

    You can instantiate a GPMGPO object by creating a new one with a call to IGPMDomain::CreateGPO, retrieving an existing one with a call to IGPMDomain::GetGPO, or by searching for one with a call to IGPMDomain::SearchGPOs. After creating the object, you can query the GPO and set properties related to the GPO.


    This is my sample code in C# (note you have to add a COM reference: "GPO Admin 1.0 Type Library" from "GPOAdmin.dll"):
    I borrowed the idea from "ListAllGPOs.wsf" and it works..

    1         private void button1_Click(object sender, EventArgs e)  
    2         {  
    3             GPMGMTLib.GPM gpm = new GPMGMTLib.GPM();  
    4             GPMGMTLib.GPMConstants gpc = gpm.GetConstants();  
    5             GPMGMTLib.GPMDomain gpd = gpm.GetDomain(Environment.GetEnvironmentVariable("USERDNSDOMAIN"), "", gpc.UseAnyDC);  
    6             GPMGMTLib.GPMSearchCriteria gps = gpm.CreateSearchCriteria();  
    7  
    8             GPMGMTLib.IGPMGPOCollection gpoc = gpd.SearchGPOs(gps);  
    9  
    10             string outputString = "";  
    11             foreach (GPMGMTLib.GPMGPO name in gpoc)  
    12             {  
    13                 outputString += "ID: " + name.ID + "\tName: " + name.DisplayName + "\r\n";  
    14             }  
    15             MessageBox.Show(outputString);  
    16         } 

    Have fun ;-)
    • Proposed as answer by nfsRagnar Thursday, September 4, 2008 3:56 PM
    • Marked as answer by liurong luo Sunday, January 18, 2009 8:07 AM
    Thursday, September 4, 2008 3:45 PM

All replies

  • I am looking for the exact same thing. Searched google for 3 days now and still no answer.

    Guess it's something to do with Win32 WMI api but haven't found anything relevent yet. Keep looking..
    • Edited by Andrei COTIGA Monday, September 1, 2008 2:47 PM spelling mistake
    Monday, September 1, 2008 2:46 PM
  • I was looking for the same solution, and I found an interesting link: 
    http://www.microsoft.com/downloads/details.aspx?FamilyId=38C1A89B-A6D2-4F2A-A944-9236999AEE65&displaylang=en

    The IGPMGPO interface supports methods that enable you to manage Group Policy Objects (GPOs) in the directory service.

    Note that you cannot use this interface to manage local GPOs (LGPOs).

    You can instantiate a GPMGPO object by creating a new one with a call to IGPMDomain::CreateGPO, retrieving an existing one with a call to IGPMDomain::GetGPO, or by searching for one with a call to IGPMDomain::SearchGPOs. After creating the object, you can query the GPO and set properties related to the GPO.


    This is my sample code in C# (note you have to add a COM reference: "GPO Admin 1.0 Type Library" from "GPOAdmin.dll"):
    I borrowed the idea from "ListAllGPOs.wsf" and it works..

    1         private void button1_Click(object sender, EventArgs e)  
    2         {  
    3             GPMGMTLib.GPM gpm = new GPMGMTLib.GPM();  
    4             GPMGMTLib.GPMConstants gpc = gpm.GetConstants();  
    5             GPMGMTLib.GPMDomain gpd = gpm.GetDomain(Environment.GetEnvironmentVariable("USERDNSDOMAIN"), "", gpc.UseAnyDC);  
    6             GPMGMTLib.GPMSearchCriteria gps = gpm.CreateSearchCriteria();  
    7  
    8             GPMGMTLib.IGPMGPOCollection gpoc = gpd.SearchGPOs(gps);  
    9  
    10             string outputString = "";  
    11             foreach (GPMGMTLib.GPMGPO name in gpoc)  
    12             {  
    13                 outputString += "ID: " + name.ID + "\tName: " + name.DisplayName + "\r\n";  
    14             }  
    15             MessageBox.Show(outputString);  
    16         } 

    Have fun ;-)
    • Proposed as answer by nfsRagnar Thursday, September 4, 2008 3:56 PM
    • Marked as answer by liurong luo Sunday, January 18, 2009 8:07 AM
    Thursday, September 4, 2008 3:45 PM
  • Hi,

    Can you clarify how you added the GPO admin reference?  I have tried a few things and none of them work, such as adding the GPOadmin.dll to the library, and other things.  We need to create GPO's in asp.net but i can seem to get this to work.

    Thanks,
    Eric
    Sunday, November 30, 2008 8:35 PM
  • I think the COM reference is for "gpmgmt 1.0 Type Library" from "gpmgmt.dll"

    that reference worked for me in a simple asp .net application

    Salvador

    Thursday, February 12, 2009 8:12 PM
  • thanks for all information, but i couldn't find GPOAdmin.dll on the net. If possible, can you send it to me or tell where it is on the net?
    Monday, July 20, 2009 6:07 AM
  • Hi

    I want to add Software installation group policy in C#

    Can anyone provide me some help regarding this?? I have searched different posts and from those posts i have just searched how to add a GPO. But there is no post on which i can find about Software installation in C#

    Try to help me in fixing this problem

    Any little help will be appreciated greatly

    Thanks in advance

    Regards

    Sohaib Qazi

    Wednesday, April 7, 2010 9:13 AM
  • Did you have any luck with this? I am wanting the same thing, to be able to create a software installation programatically. Thanks.
    Thursday, May 20, 2010 2:11 AM
  • Nopes George :(
    Thursday, May 20, 2010 8:40 AM
  • I don't know if this site can give you some help.

    http://msdn.microsoft.com/en-us/library/ff519502%28VS.85%29.aspx

    Tuesday, September 14, 2010 2:31 AM
  • Hi there,

     

    I just stumbled across this thread while trying to implement a group policy using C#.

    I was able to successfully import an existing (backuped) group policy using the GPMC Class Library and the examples mentioned on the Group Policy Team Blog.

    However, neither this thread nor the blog posts explain how to explicitly set group policy settings in a programmatically way. They just explain how to import/read existing group policies.

     

    Is there a way to specify those settings in C#/VB? In particular, I'd like to create a group policy for sofware installation on some clients in the same domain. 

     

    Best regards,

    Daniel

     

    Thursday, July 21, 2011 10:36 AM
  • as per my knowledge every policy create some keys in the registry. we can create that keys with the appropriate values to apply these keys. i have tried this way too block  access to task manager and other few policies. u can see bellow for my implementation

     public void LockSys(int key)
            {
                //TODO:
                //1.    Make a instence of SysTools
                //2.    disable TaskMan
                //3.    disable Lock
                //4.    Disable Change Password
                //5.    disable logoff
    
    
                ModifyRegistry regTool = new ModifyRegistry { BaseRegistryKey = Registry.CurrentUser, SubKey = @"Software\Microsoft\Windows\CurrentVersion\Policies\System" };
                regTool.Write("DisableTaskMgr", key);
                regTool.Write("DisableLockWorkstation", key);
                regTool.Write("DisableChangePassword", key);
                regTool.SubKey = @"Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"; //Diferent subkey for the NoLogoff key
                regTool.Write("NoLogoff", key);
    
    
            }
    


      i have done few of them in above code. u can get reference of policies at this link

    http://www.microsoft.com/download/en/details.aspx?id=25250

    well i m also searching for some lib with which i can do all this stuff easily.  

    if u guys have somthing pls let us know.

    thanks,

    manish

     

     

    Thursday, October 13, 2011 1:12 PM

  • 1         private void button1_Click(object sender, EventArgs e)  
    2         {  
    3             GPMGMTLib.GPM gpm = new GPMGMTLib.GPM();  
    4             GPMGMTLib.GPMConstants gpc = gpm.GetConstants();  
    5             GPMGMTLib.GPMDomain gpd = gpm.GetDomain(Environment.GetEnvironmentVariable("USERDNSDOMAIN"), "", gpc.UseAnyDC);  
    6             GPMGMTLib.GPMSearchCriteria gps = gpm.CreateSearchCriteria();  
    7  
    8             GPMGMTLib.IGPMGPOCollection gpoc = gpd.SearchGPOs(gps);  
    9  
    10             string outputString = "";  
    11             foreach (GPMGMTLib.GPMGPO name in gpoc)  
    12             {  
    13                 outputString += "ID: " + name.ID + "\tName: " + name.DisplayName + "\r\n";  
    14             }  
    15             MessageBox.Show(outputString);  
    16         } 

    when i try this code sampe, i get this error "The specified domain either does not exist or could not be contacted.(Exception from HRESULT: 0x8007054B)". What am i doing wrong? How can i fix it? Thanks. 
    Tuesday, January 29, 2013 8:39 AM