|
|
;begin_both//=============================================================================// userenv.h - Header file for user environment API.// User Profiles, environment variables, and Group Policy//// Copyright (c) Microsoft Corporation 1995-2002// All rights reserved////=============================================================================
;end_both#ifndef _INC_USERENV#define _INC_USERENV#ifndef _INC_USERENVP ;internal#define _INC_USERENVP ;internal
#include <wbemcli.h>#include <profinfo.h>
//// Define API decoration for direct importing of DLL references.//
#if !defined(_USERENV_)#define USERENVAPI DECLSPEC_IMPORT#else#define USERENVAPI#endif
;begin_both
#ifdef __cplusplusextern "C" {#endif;end_both
//=============================================================================//// LoadUserProfile//// Loads the specified user's profile.//// Most applications should not need to use this function. It's used// when a user has logged onto the system or a service starts in a named// user account.//// hToken - Token for the user, returned from LogonUser()// lpProfileInfo - Address of a PROFILEINFO structure//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Note: The caller of this function must have admin privileges on the machine.//// Upon successful return, the hProfile member of the PROFILEINFO// structure is a registry key handle opened to the root// of the user's hive. It has been opened with full access. If// you need to read or write to the user's registry file, use// this key instead of HKEY_CURRENT_USER. Do not close this// handle. Instead pass it to UnloadUserProfile to close// the handle.////=============================================================================
//// Flags that can be set in the dwFlags field//
#define PI_NOUI 0x00000001 // Prevents displaying of messages#define PI_APPLYPOLICY 0x00000002 // Apply NT4 style policy#define PI_LITELOAD 0x00000004 // Lite load of the profile (for system use only) ;Internal#define PI_HIDEPROFILE 0x00000008 // Mark the profile as super hidden ;Internal
USERENVAPIBOOLWINAPILoadUserProfile%( IN HANDLE hToken, IN OUT LPPROFILEINFO% lpProfileInfo);
//=============================================================================//// UnloadUserProfile//// Unloads a user's profile that was loaded by LoadUserProfile()//// hToken - Token for the user, returned from LogonUser()// hProfile - hProfile member of the PROFILEINFO structure//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Note: The caller of this function must have admin privileges on the machine.////=============================================================================
USERENVAPIBOOLWINAPIUnloadUserProfile( IN HANDLE hToken, IN HANDLE hProfile);
//=============================================================================//// GetProfilesDirectory//// Returns the path to the root of where all user profiles are stored.//// lpProfilesDir - Receives the path// lpcchSize - Size of lpProfilesDir//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Note: If lpProfilesDir is not large enough, the function will fail,// and lpcchSize will contain the necessary buffer size.//// Example return value: C:\Documents and Settings////=============================================================================
USERENVAPIBOOLWINAPIGetProfilesDirectory%( OUT LPTSTR% lpProfilesDir, IN OUT LPDWORD lpcchSize);
//=============================================================================//// GetProfileType()//// Returns the type of the profile that is loaded for a user.//// dwFlags - Returns the profile flags//// Return: TRUE if successful// FALSE if an error occurs. Call GetLastError for more details//// Comments: if profile is not already loaded the function will return an error.// The caller needs to have access to HKLM part of the registry.// (exists by default)////=============================================================================
;begin_winver_500
//// Flags that can be set in the dwFlags field//
#define PT_TEMPORARY 0x00000001 // A profile has been allocated that will be deleted at logoff.#define PT_ROAMING 0x00000002 // The loaded profile is a roaming profile.#define PT_MANDATORY 0x00000004 // The loaded profile is mandatory.
USERENVAPIBOOLWINAPIGetProfileType( OUT DWORD *dwFlags);
;end_winver_500
//=============================================================================//// DeleteProfile()//// Deletes the profile and all other user related settings from the machine//// lpSidString - String form of the user sid.// lpProfilePath - ProfilePath (if Null, lookup in the registry)// lpComputerName - Computer Name from which profile has to be deleted//// Return: TRUE if successful// FALSE if an error occurs. Call GetLastError for more details//// Comments: Deletes the profile directory, registry and appmgmt stuff//=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIDeleteProfile% ( IN LPCTSTR% lpSidString, IN LPCTSTR% lpProfilePath, IN LPCTSTR% lpComputerName);
;end_winver_500
//=============================================================================//// GetDefaultUserProfilesDirectory//// Returns the path to the root of the default user profile//// lpProfileDir - Receives the path// lpcchSize - Size of lpProfileDir//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Note: If lpProfileDir is not large enough, the function will fail,// and lpcchSize will contain the necessary buffer size.//// Example return value: C:\Documents and Settings\Default User////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIGetDefaultUserProfileDirectory%( OUT LPTSTR% lpProfileDir, IN OUT LPDWORD lpcchSize);
;end_winver_500
//=============================================================================//// GetAllUsersProfilesDirectory//// Returns the path to the root of the All Users profile//// lpProfileDir - Receives the path// lpcchSize - Size of lpProfileDir//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Note: If lpProfileDir is not large enough, the function will fail,// and lpcchSize will contain the necessary buffer size.//// Example return value: C:\Documents and Settings\All Users////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIGetAllUsersProfileDirectory%( OUT LPTSTR% lpProfileDir, IN OUT LPDWORD lpcchSize);
;end_winver_500
//=============================================================================//// GetUserProfileDirectory//// Returns the path to the root of the requested user's profile//// hToken - User's token returned from LogonUser()// lpProfileDir - Receives the path// lpcchSize - Size of lpProfileDir//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Note: If lpProfileDir is not large enough, the function will fail,// and lpcchSize will contain the necessary buffer size.//// Example return value: C:\Documents and Settings\Joe////=============================================================================
USERENVAPIBOOLWINAPIGetUserProfileDirectory%( IN HANDLE hToken, OUT LPTSTR% lpProfileDir, IN OUT LPDWORD lpcchSize);
//=============================================================================//// CreateEnvironmentBlock//// Returns the environment variables for the specified user. This block// can then be passed to CreateProcessAsUser().//// lpEnvironment - Receives a pointer to the new environment block// hToken - User's token returned from LogonUser() (optional, can be NULL)// bInherit - Inherit from the current process's environment block// or start from a clean state.//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Note: If hToken is NULL, the returned environment block will contain// system variables only.//// Call DestroyEnvironmentBlock to free the buffer when finished.//// If this block is passed to CreateProcessAsUser, the// CREATE_UNICODE_ENVIRONMENT flag must also be set.////=============================================================================
USERENVAPIBOOLWINAPICreateEnvironmentBlock( OUT LPVOID *lpEnvironment, IN HANDLE hToken, IN BOOL bInherit);
//=============================================================================//// DestroyEnvironmentBlock//// Frees environment variables created by CreateEnvironmentBlock//// lpEnvironment - A pointer to the environment block//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details////=============================================================================
USERENVAPIBOOLWINAPIDestroyEnvironmentBlock( IN LPVOID lpEnvironment);
//=============================================================================//// ExpandEnvironmentStringsForUser//// Expands the source string using the environment block for the// specified user. If hToken is null, the system environment block// will be used (no user environment variables).//// hToken - User's token returned from LogonUser() (optional, can be NULL)// lpSrc - Pointer to the string with environment variables// lpDest - Buffer that receives the expanded string// dwSize - Size of lpDest in characters (max chars)//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Note: If the user profile for hToken is not loaded, this api will fail.////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIExpandEnvironmentStringsForUser%( IN HANDLE hToken, IN LPCTSTR% lpSrc, OUT LPTSTR% lpDest, IN DWORD dwSize);
;end_winver_500
//=============================================================================//// RefreshPolicy()//// Causes group policy to be applied immediately on the client machine//// bMachine - Refresh machine or user policy//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIRefreshPolicy( IN BOOL bMachine);
;end_winver_500
//=============================================================================//// RefreshPolicyEx()//// Causes group policy to be applied immediately on the client machine. //// bMachine - Refresh machine or user policy// dwOptions - Option specifying the kind of refresh that needs to be done.//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details////=============================================================================
;begin_winver_500
#define RP_FORCE 1 // Refresh policies without any optimisations.
USERENVAPIBOOLWINAPIRefreshPolicyEx( IN BOOL bMachine, IN DWORD dwOptions);
;end_winver_500
//=============================================================================//// EnterCriticalPolicySection//// Pauses the background application of group policy to allow safe// reading of the registry. Applications that need to read multiple// policy entries and ensure that the values are not changed while reading// them should use this function.//// The maximum amount of time an application can hold a critical section// is 10 minutes. After 10 minutes, policy can be applied again.//// bMachine - Pause machine or user policy//// Returns: Handle if successful// NULL if not. Call GetLastError() for more details//// Note 1: The handle returned should be passed to LeaveCriticalPolicySection// when finished. Do not close this handle, LeaveCriticalPolicySection// will do that.//// Note 2: If both user and machine critical sections need to be acquired then// they should be done in this order: first acquire user critical section and// then acquire machine critical section.////=============================================================================
;begin_winver_500
USERENVAPIHANDLEWINAPIEnterCriticalPolicySection( IN BOOL bMachine);
;end_winver_500
//=============================================================================//// LeaveCriticalPolicySection//// Resumes the background application of group policy. See// EnterCriticalPolicySection for more details.//// hSection - Handle returned from EnterCriticalPolicySection//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Note: This function will close the handle.////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPILeaveCriticalPolicySection( IN HANDLE hSection);
;end_winver_500
//=============================================================================//// RegisterGPNotification//// Entry point for registering for Group Policy change notification.//// Parameters: hEvent - Event to be notified, by calling SetEvent(hEvent)// bMachine - If true, then register machine policy notification// else register user policy notification//// Returns: True if successful// False if error occurs//// Notes: Group Policy Notifications. There are 2 ways an application can// be notify when Group Policy is finished being applied.//// 1) Using the RegisterGPNotifcation function and waiting for the// event to be signalled.//// 2) A WM_SETTINGCHANGE message is broadcast to all desktops.// wParam - 1 if machine policy was applied, 0 if user policy was applied.// lParam - Points to the string "Policy"////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIRegisterGPNotification( IN HANDLE hEvent, IN BOOL bMachine );
;end_winver_500
//=============================================================================//// UnregisterGPNotification//// Removes registration for a Group Policy change notification.//// Parameters: hEvent - Event to be removed//// Returns: True if successful// False if error occurs////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIUnregisterGPNotification( IN HANDLE hEvent );
;end_winver_500
//=============================================================================//// GPOptions flags//// These are the flags found in the GPOptions property of a DS object//// For a given DS object (Site, Domain, OU), the GPOptions property// contains options that effect all the GPOs link to this SDOU.//// This is a DWORD type////=============================================================================
;begin_winver_500
#define GPC_BLOCK_POLICY 0x00000001 // Block all non-forced policy from above
;end_winver_500
//=============================================================================//// GPLink flags//// These are the flags found on the GPLink property of a DS object after// the GPO path.//// For a given DS object (Site, Domain, OU), the GPLink property will// be in this text format//// [LDAP://CN={E615A0E3-C4F1-11D1-A3A7-00AA00615092},CN=Policies,CN=System,DC=mydomain,DC=Microsoft,DC=Com;1]//// The GUID is the GPO name, and the number following the LDAP path are the options// for that link from this DS object. Note, there can be multiple GPOs// each in their own square brackets in a prioritized list.////=============================================================================
;begin_winver_500
//// Options for a GPO link//
#define GPO_FLAG_DISABLE 0x00000001 // This GPO is disabled#define GPO_FLAG_FORCE 0x00000002 // Don't override the settings in // this GPO with settings from // a GPO below it.;end_winver_500
//=============================================================================//// GetGPOList////// Queries for the list of Group Policy Objects for the specified// user or machine. This function will return a link list// of Group Policy Objects. Call FreeGPOList to free the list.//// Note, most applications will not need to call this function.// This will primarily be used by services acting on behalf of// another user or machine. The caller of this function will// need to look in each GPO for their specific policy//// This function can be called in two different ways. Either the hToken for// a user or machine can be supplied and the correct name and domain// controller name will be generated, or hToken is NULL and the caller// must supply the name and the domain controller name.//// Calling this function with an hToken ensures the list of Group Policy// Objects is correct for the user or machine since security access checking// can be perfomed. If hToken is not supplied, the security of the caller// is used instead which means that list may or may not be 100% correct// for the intended user / machine. However, this is the fastest way// to call this function.//// hToken - User or machine token, if NULL, lpName and lpHostName must be supplied// lpName - User or machine name in DN format, if hToken is supplied, this must be NULL// lpHostName - Domain DN name or domain controller name. If hToken is supplied, this must be NULL// lpComputerName - Computer name to use to determine site location. If NULL,// the local computer is used as the reference. Format: \\machinename// dwFlags - Flags field. See flags definition below// pGPOList - Address of a pointer which receives the link list of GPOs////// Returns: TRUE if successful// FALSE if not. Use GetLastError() for more details.//// Examples://// Here's how this function will typically be called for// looking up the list of GPOs for a user://// LPGROUP_POLICY_OBJECT pGPOList;//// if (GetGPOList (hToken, NULL, NULL, NULL, 0, &pGPOList))// {// // do processing here...// FreeGPOList (pGPOList);// }////// Here's how this function will typically be called for// looking up the list of GPOs for a machine://// LPGROUP_POLICY_OBJECT pGPOList;//// if (GetGPOList (NULL, lpMachineName, lpHostName, lpMachineName,// GPO_LIST_FLAG_MACHINE, &pGPOList))// {// // do processing here...// FreeGPOList (pGPOList);// }////=============================================================================
;begin_winver_500
//// Each Group Policy Object is associated (linked) with a site, domain,// organizational unit, or machine.//
typedef enum _GPO_LINK { GPLinkUnknown = 0, // No link information available GPLinkMachine, // GPO linked to a machine (local or remote) GPLinkSite, // GPO linked to a site GPLinkDomain, // GPO linked to a domain GPLinkOrganizationalUnit // GPO linked to a organizational unit} GPO_LINK, *PGPO_LINK;
typedef struct _GROUP_POLICY_OBJECT% { DWORD dwOptions; // See GPLink option flags above DWORD dwVersion; // Revision number of the GPO LPTSTR% lpDSPath; // Path to the Active Directory portion of the GPO LPTSTR% lpFileSysPath; // Path to the file system portion of the GPO LPTSTR% lpDisplayName; // Friendly display name TCHAR% szGPOName[50]; // Unique name GPO_LINK GPOLink; // Link information LPARAM lParam; // Free space for the caller to store GPO specific information struct _GROUP_POLICY_OBJECT% * pNext; // Next GPO in the list struct _GROUP_POLICY_OBJECT% * pPrev; // Previous GPO in the list LPTSTR% lpExtensions; // Extensions that are relevant for this GPO LPARAM lParam2; // Free space for the caller to store GPO specific information LPTSTR% lpLink; // Path to the Active Directory site, domain, or organizational unit this GPO is linked to // If this is the local GPO, this points to the word "Local"} GROUP_POLICY_OBJECT%, *PGROUP_POLICY_OBJECT%;
//// dwFlags for GetGPOList()//
#define GPO_LIST_FLAG_MACHINE 0x00000001 // Return machine policy information#define GPO_LIST_FLAG_SITEONLY 0x00000002 // Return site policy information only
USERENVAPIBOOLWINAPIGetGPOList% ( IN HANDLE hToken, IN LPCTSTR% lpName, IN LPCTSTR% lpHostName, IN LPCTSTR% lpComputerName, IN DWORD dwFlags, OUT PGROUP_POLICY_OBJECT% *pGPOList);
;end_winver_500
//=============================================================================//// FreeGPOList////// Frees the linked list returned from GetGPOList//// pGPOList - Pointer to the linked list of GPOs////// Returns: TRUE if successful// FALSE if not////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIFreeGPOList% ( IN PGROUP_POLICY_OBJECT% pGPOList);
;end_winver_500
//=============================================================================//// GetAppliedGPOList//// Queries for the list of applied Group Policy Objects for the specified// user or machine and specified client side extension. This function will return// a linked list of Group Policy Objects. Call FreeGPOList to free the list.//// dwFlags - User or machine policy, if it is GPO_LIST_FLAG_MACHINE then// return machine policy information// pMachineName - Name of remote computer in the form \\computername. If null// then local computer is used.// pSidUser - Security id of user (relevant for user policy). If pMachineName is// null and pSidUser is null then it means current logged on user.// If pMachine is null and pSidUser is non-null then it means user// represented by pSidUser on local machine. If pMachineName is non-null// then and if dwFlags specifies user policy, then pSidUser must be// non-null.// pGuidExtension - Guid of the specified extension// ppGPOList - Address of a pointer which receives the link list of GPOs//// The return value is a Win32 error code. ERROR_SUCCESS means the GetAppliedGPOList// function completed successfully. Otherwise it indicates that the function failed.////=============================================================================
;begin_winver_500
USERENVAPIDWORDWINAPIGetAppliedGPOList% ( IN DWORD dwFlags, IN LPCTSTR% pMachineName, IN PSID pSidUser, IN GUID *pGuidExtension, OUT PGROUP_POLICY_OBJECT% *ppGPOList);
;end_winver_500
//=============================================================================//// Group Policy Object client side extension support//// Flags, data structures and function prototype//// To register your extension, create a subkey under this key//// Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions//// The subkey needs to be a guid so that it is unique. The noname value of the subkey// can be the friendly name of the extension. Then add these values://// DllName REG_EXPAND_SZ Path to your DLL// ProcessGroupPolicy REG_SZ Function name (see PFNPROCESSGROUPPOLICY prototype). This// is obsolete, it has been superseded by ProcessGroupPolicyEx.// It's here for backward compatibility reasons only.// ProcessGroupPolicyEx REG_SZ Function name (see PFNPROCESSGROUPPOLICYEX prototype)// GenerateGroupPolicy REG_SZ Function name for Rsop (see PFNGENERATEGROUPPOLICY prototype)// NoMachinePolicy REG_DWORD True, if extension does not have to be called when// machine policies are being processed.// NoUserPolicy REG_DWORD True, if extension does not have to be called when// user policies are being processed.// NoSlowLink REG_DWORD True, if extension does not have to be called on a slow link// NoBackgroundPolicy REG_DWORD True, if extension does not have to be called // for background policy processing.// NoGPOListChanges REG_DWORD True, if extension does not have to be called when// there are no changes between cached and current GPO lists.// PerUserLocalSettings REG_DWORD True, if user policies have to be cached on a per user and// per machine basis.// RequiresSuccessfulRegistry REG_DWORD True, if extension should be called only if registry extension// was successfully processed.// EnableAsynchronousProcessing REG_DWORD True, if registry extension will complete its processing// asynchronously.// NotifyLinkTransition REG_DWORD True, if extension should be called when a change in link// speed is detected between previous policy application and// current policy application.//// The return value is a Win32 error code. ERROR_SUCCESS means the ProcessGroupPolicy// function completed successfully. If return value is ERROR_OVERRIDE_NOCHANGES then it// means that the extension will be called the next time even if NoGPOListChanges is set// and there are no changes to the GPO list. Any other return value indicates that the// ProcessGroupPolicy or ProcessGroupPolicyEx function failed.////=============================================================================
;begin_winver_500
#define GP_DLLNAME TEXT("DllName")#define GP_ENABLEASYNCHRONOUSPROCESSING TEXT("EnableAsynchronousProcessing")#define GP_MAXNOGPOLISTCHANGESINTERVAL TEXT("MaxNoGPOListChangesInterval")#define GP_NOBACKGROUNDPOLICY TEXT("NoBackgroundPolicy")#define GP_NOGPOLISTCHANGES TEXT("NoGPOListChanges")#define GP_NOMACHINEPOLICY TEXT("NoMachinePolicy")#define GP_NOSLOWLINK TEXT("NoSlowLink")#define GP_NOTIFYLINKTRANSITION TEXT("NotifyLinkTransition")#define GP_NOUSERPOLICY TEXT("NoUserPolicy")#define GP_PERUSERLOCALSETTINGS TEXT("PerUserLocalSettings")#define GP_PROCESSGROUPPOLICY TEXT("ProcessGroupPolicy")#define GP_REQUIRESSUCCESSFULREGISTRY TEXT("RequiresSuccessfulRegistry")
#define GPO_INFO_FLAG_MACHINE 0x00000001 // Apply machine policy rather than user policy#define GPO_INFO_FLAG_BACKGROUND 0x00000010 // Background refresh of policy (ok to do slow stuff)#define GPO_INFO_FLAG_SLOWLINK 0x00000020 // Policy is being applied across a slow link#define GPO_INFO_FLAG_VERBOSE 0x00000040 // Verbose output to the eventlog#define GPO_INFO_FLAG_NOCHANGES 0x00000080 // No changes were detected to the Group Policy Objects#define GPO_INFO_FLAG_LINKTRANSITION 0x00000100 // A change in link speed was detected between previous policy // application and current policy application#define GPO_INFO_FLAG_LOGRSOP_TRANSITION 0x00000200 // A Change in Rsop Logging was detected between previous policy // application and current policy application, (new intf only)#define GPO_INFO_FLAG_FORCED_REFRESH 0x00000400 // Forced Refresh is being applied. redo policies.#define GPO_INFO_FLAG_SAFEMODE_BOOT 0x00000800 // windows safe mode boot flag#define GPO_INFO_FLAG_ASYNC_FOREGROUND 0x00001000 // Asynchronous foreground refresh of policy#define GPO_INFO_FLAG_REPORT 0x00002000 // Report all settings for one GPO rather than the resultant settings across multiple GPOs
typedef UINT_PTR ASYNCCOMPLETIONHANDLE;typedef DWORD (*PFNSTATUSMESSAGECALLBACK)(BOOL bVerbose, LPWSTR lpMessage);
typedef DWORD(*PFNPROCESSGROUPPOLICY)( IN DWORD dwFlags, // GPO_INFO_FLAGS IN HANDLE hToken, // User or machine token IN HKEY hKeyRoot, // Root of registry IN PGROUP_POLICY_OBJECT pDeletedGPOList, // Linked list of deleted GPOs IN PGROUP_POLICY_OBJECT pChangedGPOList, // Linked list of changed GPOs IN ASYNCCOMPLETIONHANDLE pHandle, // For asynchronous completion IN BOOL *pbAbort, // If true, then abort GPO processing IN PFNSTATUSMESSAGECALLBACK pStatusCallback); // Callback function for displaying status messages // Note, this can be NULL
typedef DWORD(*PFNPROCESSGROUPPOLICYEX)( IN DWORD dwFlags, // GPO_INFO_FLAGS IN HANDLE hToken, // User or machine token IN HKEY hKeyRoot, // Root of registry IN PGROUP_POLICY_OBJECT pDeletedGPOList, // Linked list of deleted GPOs IN PGROUP_POLICY_OBJECT pChangedGPOList, // Linked list of changed GPOs IN ASYNCCOMPLETIONHANDLE pHandle, // For asynchronous completion IN BOOL *pbAbort, // If true, then abort GPO processing IN PFNSTATUSMESSAGECALLBACK pStatusCallback, // Callback function for displaying status messages // Note, this can be NULL IN IWbemServices *pWbemServices, // Pointer to namespace to log diagnostic mode data // Note, this will be NULL when Rsop logging is disabled OUT HRESULT *pRsopStatus); // RSOP Logging succeeded or not.
typedef PVOID PRSOPTOKEN;
typedef struct _RSOP_TARGET { WCHAR * pwszAccountName; // Account name WCHAR * pwszNewSOM; // New domain or OU location for account SAFEARRAY * psaSecurityGroups; // New security groups PRSOPTOKEN pRsopToken; // Rsop token for use with Rsop security Api's PGROUP_POLICY_OBJECT pGPOList; // Linked list of GPOs IWbemServices * pWbemServices; // Pointer to namespace to log planning mode data} RSOP_TARGET, *PRSOP_TARGET;
typedef DWORD(*PFNGENERATEGROUPPOLICY)( IN DWORD dwFlags, // GPO_INFO_FLAGS IN BOOL *pbAbort, // If true, then abort GPO processing IN WCHAR *pwszSite, // Site the target computer is in IN PRSOP_TARGET pComputerTarget, // Computer target info, can be null IN PRSOP_TARGET pUserTarget ); // User target info, can be null
//// GUID that identifies the registry extension//
#define REGISTRY_EXTENSION_GUID { 0x35378EAC, 0x683F, 0x11D2, 0xA8, 0x9A, 0x00, 0xC0, 0x4F, 0xBB, 0xCF, 0xA2 }
;end_winver_500
//=============================================================================//// Group Policy Object client side asynchronous extension processing//// extensionId - Unique guid identifying the extension// pAsyncHandle - Asynchronous completion handle that was passed to extension in// ProcessGroupPolicy call// dwStatus - Completion status of asynchronous processing//// The return value is a Win32 error code. ERROR_SUCCESS means the ProcessGroupPolicyCompleted// function completed successfully. Otherwise it indicates that the function failed.////=============================================================================
;begin_winver_500
typedef GUID *REFGPEXTENSIONID;
USERENVAPIDWORDWINAPIProcessGroupPolicyCompleted( IN REFGPEXTENSIONID extensionId, IN ASYNCCOMPLETIONHANDLE pAsyncHandle, IN DWORD dwStatus);
;end_winver_500
//=============================================================================//// Group Policy Object client side asynchronous extension processing//// extensionId - Unique guid identifying the extension// pAsyncHandle - Asynchronous completion handle that was passed to extension in// ProcessGroupPolicy call// dwStatus - Completion status of asynchronous processing// RsopStatus - RSoP Logging status//// The return value is a Win32 error code. ERROR_SUCCESS means the ProcessGroupPolicyCompleted// function completed successfully. Otherwise it indicates that the function failed.////=============================================================================
;begin_winver_500
USERENVAPIDWORDWINAPIProcessGroupPolicyCompletedEx( IN REFGPEXTENSIONID extensionId, IN ASYNCCOMPLETIONHANDLE pAsyncHandle, IN DWORD dwStatus, IN HRESULT RsopStatus);
;end_winver_500
//=============================================================================//// Function: RsopAccessCheckByType//// Description: Determines whether the security descriptor pointed to by pSecurityDescriptor// grants the set of access rights specified in dwDesiredAccessMask// to the client identified by the RSOPTOKEN pointed to by pRsopToken.//// pSecurityDescriptor - Security Descriptor on the object// pPrincipalSelfSid - Principal Sid// pRsopToken - Pointer to a valid RSOPTOKEN against which access needs to be checked// dwDesiredAccessMask - Mask of requested generic and/or standard and or specific access rights// pObjectTypeList - Object Type List// ObjectTypeListLength - Object Type List Length// pGenericMapping - Generic Mapping// pPrivilegeSet - privilege set// pdwPrivilegeSetLength- privilege set length// pdwGrantedAccessMask - On success, if pbAccessStatus is true, it contains// the mask of standard and specific rights granted.// If pbAccessStatus is false, it is set to 0.// On failure, it is not modified.// pbAccessStatus - On success, indicates wether the requested set// of access rights was granted.// On failure, it is not modified//// Returns S_OK on success or appropriate error code.// For additional details, look at the documentation of AccessCheckByType//=============================================================================
;begin_winver_500
USERENVAPIHRESULT WINAPIRsopAccessCheckByType( IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN PSID pPrincipalSelfSid, IN PRSOPTOKEN pRsopToken, IN DWORD dwDesiredAccessMask, IN POBJECT_TYPE_LIST pObjectTypeList, IN DWORD ObjectTypeListLength, IN PGENERIC_MAPPING pGenericMapping, IN PPRIVILEGE_SET pPrivilegeSet, IN LPDWORD pdwPrivilegeSetLength, OUT LPDWORD pdwGrantedAccessMask, OUT LPBOOL pbAccessStatus);
;end_winver_500
//=============================================================================//// Function: RsopFileAccessCheck//// Description: Determines whether the security descriptor on the file grants the set of file access // rights specified in dwDesiredAccessMask// to the client identified by the RSOPTOKEN pointed to by pRsopToken.//// pszFileName - Name of an existing filename// pRsopToken - Pointer to a valid RSOPTOKEN against which access needs to be checked// dwDesiredAccessMask - Mask of requested generic and/or standard and or specific access rights// pdwGrantedAccessMask - On success, if pbAccessStatus is true, it contains// the mask of standard and specific rights granted.// If pbAccessStatus is false, it is set to 0.// On failure, it is not modified.// pbAccessStatus - On success, indicates wether the requested set// of access rights was granted.// On failure, it is not modified//// Returns S_OK on success or appropriate error code//=============================================================================
;begin_winver_500
USERENVAPIHRESULT WINAPIRsopFileAccessCheck( IN LPWSTR pszFileName, IN PRSOPTOKEN pRsopToken, IN DWORD dwDesiredAccessMask, OUT LPDWORD pdwGrantedAccessMask, OUT LPBOOL pbAccessStatus);
;end_winver_500
typedef enum _SETTINGSTATUS{ RSOPUnspecified = 0, RSOPApplied, RSOPIgnored, RSOPFailed, RSOPSubsettingFailed} SETTINGSTATUS;
//=============================================================================//// POLICYSETTINGSTATUSINFO//// Describes the instance of RSOP_PolicySettingStatus//// szKey - OPTIONAL, if NULL, the key is generated on the fly// szEventSource - name of the source generation event log messages// szEventLogName - name of the event log database where the messages are logged// dwEventID - event log message ID// status - status of the policy setting// timeLogged - time at which the event log message was logged////=============================================================================
typedef struct _POLICYSETTINGSTATUSINFO{ LPWSTR szKey; LPWSTR szEventSource; LPWSTR szEventLogName; DWORD dwEventID; DWORD dwErrorCode; SETTINGSTATUS status; SYSTEMTIME timeLogged;} POLICYSETTINGSTATUSINFO, *LPPOLICYSETTINGSTATUSINFO;
//=============================================================================//// RsopSetPolicySettingStatus//// Creates an instance of RSOP_PolicySettingStatus and RSOP_PolicySettingLink// and links RSOP_PolicySettingStatus to RSOP_PolicySetting//// dwFlags - flags// pServices - RSOP namespace// pSettingInstance - instance of RSOP_PolicySetting or its children// nInfo - number of PolicySettingStatusInfo// pStatus - array of PolicySettingStatusInfo//// Return: S_OK if successful, HRESULT otherwise////=============================================================================
USERENVAPIHRESULTWINAPIRsopSetPolicySettingStatus( DWORD dwFlags, IWbemServices* pServices, IWbemClassObject* pSettingInstance, DWORD nInfo, POLICYSETTINGSTATUSINFO* pStatus );
//=============================================================================//// RsopResetPolicySettingStatus//// Unlinks RSOP_PolicySettingStatus from RSOP_PolicySetting,// deletes the instance of RSOP_PolicySettingStatus and RSOP_PolicySettingLink// and optionally deletes the instance of RSOP_PolicySetting//// dwFlags - flags// pServices - RSOP namespace// pSettingInstance - instance of RSOP_PolicySetting or its children//// Return: S_OK if successful, HRESULT otherwise////=============================================================================
USERENVAPIHRESULTWINAPIRsopResetPolicySettingStatus( DWORD dwFlags, IWbemServices* pServices, IWbemClassObject* pSettingInstance );
//=============================================================================//// Flags for RSoP WMI providers////=============================================================================
// planning mode provider flags#define FLAG_NO_GPO_FILTER 0x80000000 // GPOs are not filtered, implies FLAG_NO_CSE_INVOKE#define FLAG_NO_CSE_INVOKE 0x40000000 // only GP processing done for planning mode#define FLAG_ASSUME_SLOW_LINK 0x20000000 // planning mode RSoP assumes slow link#define FLAG_LOOPBACK_MERGE 0x10000000 // planning mode RSoP assumes merge loop back#define FLAG_LOOPBACK_REPLACE 0x08000000 // planning mode RSoP assumes replace loop back
#define FLAG_ASSUME_USER_WQLFILTER_TRUE 0x04000000 // planning mode RSoP assumes all comp filters to be true#define FLAG_ASSUME_COMP_WQLFILTER_TRUE 0x02000000 // planning mode RSoP assumes all user filters to be true
#define FLAG_PLANNING_MODE 0x01000000 // flag that indicates that a given namespace was created // for planning mode. This flag cannot be passed in but the // relevant subnamespace will be marked with this flag
// diagnostic mode provider flags#define FLAG_NO_USER 0x00000001 // Don't get any user data#define FLAG_NO_COMPUTER 0x00000002 // Don't get any machine data#define FLAG_FORCE_CREATENAMESPACE 0x00000004 // Delete and recreate the namespace for this snapshot.
//=============================================================================//// Extended Errors returned by RSoP WMI Providers////=============================================================================
// User accessing the rsop provider doesn't have access to user data.#define RSOP_USER_ACCESS_DENIED 0x00000001
// User accessing the rsop provider doesn't have access to computer data.#define RSOP_COMPUTER_ACCESS_DENIED 0x00000002
// This user is an interactive non admin user, the temp snapshot namespace already exists// and the FLAG_FORCE_CREATENAMESPACE was not passed in#define RSOP_TEMPNAMESPACE_EXISTS 0x00000004
;begin_internal
#ifndef _USERENV_NO_LINK_APIS_
//=============================================================================//// Internal flags for RSoP WMI providers////=============================================================================
// planning mode provider flags#define FLAG_INTERNAL_MASK 0x01FFFFFF
//=============================w================================================//// CreateGroup//// Creates a program group on the start menu//// lpGroupName - Name of group// bCommonGroup - Common or personal group//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details////=============================================================================
USERENVAPIBOOLWINAPICreateGroup%( IN LPCTSTR% lpGroupName, IN BOOL bCommonGroup);
//=============================================================================//// CreateGroupEx//// Creates a program group on the start menu//// lpGroupName - Name of group// bCommonGroup - Common or personal group// lpResourceModuleName - Name of the resource module.// uResourceID - Resource ID for the MUI display name.//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details////=============================================================================
USERENVAPIBOOLWINAPICreateGroupEx%( IN LPCTSTR% lpGroupName, IN BOOL bCommonGroup, IN LPCTSTR% lpResourceModuleName, IN UINT uResourceID);
//=============================================================================//// DeleteGroup//// Deletes a program group on the start menu and all of its contents//// lpGroupName - Name of group// bCommonGroup - Common or personal group//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Note: This function uses a delnode routine. Make sure you really want// to delete the group before you call this function.////=============================================================================
USERENVAPIBOOLWINAPIDeleteGroup%( IN LPCTSTR% lpGroupName, IN BOOL bCommonGroup);
//=============================================================================//// AddItem//// Creates an item on the Programs portion of the Start Menu in the// requested group.//// lpGroupName - Name of group// bCommonGroup - Common or personal group// lpFileName - Name of link without the .lnk extension (eg: Notepad)// lpCommandLine - Command line of target path (eg: notepad.exe)// lpIconPath - Optional icon path, can be NULL.// iIconIndex - Optional icon index, default to 0.// lpWorkingDirectory - Working directory when target is invoked, can be NULL// wHotKey - Hot key for the link file, default to 0// iShowCmd - Specifies how the application should be launched.// Use a default of SW_SHOWNORMAL//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Notes: New applications should use the CreateLinkFile() function instead// of AddItem. This allows for friendly tooltip descriptions.//// The lpFileName argument should not include the .lnk extension.// This function will add the extension.//// If the lpWorkingDirectory parameter is NULL, this function will// insert the home directory environment variables//// If the requested group doesn't exist, it will be created.//// If the lpCommandLine target is located below the system root,// the SystemRoot environment variable will be inserted into the path//// Here's a sample of how this function is typically called://// AddItem (TEXT("Accessories"), FALSE, TEXT("Notepad"),// TEXT("notepad.exe"), NULL, 0, NULL, 0, SW_SHOWNORMAL);//// This function should only be used the Windows NT team. Developers// outside of the Windows NT team can use the IShellLink interface// to create link files.////=============================================================================
USERENVAPIBOOLWINAPIAddItem%( IN LPCTSTR% lpGroupName, IN BOOL bCommonGroup, IN LPCTSTR% lpFileName, IN LPCTSTR% lpCommandLine, IN LPCTSTR% lpIconPath, IN INT iIconIndex, IN LPCTSTR% lpWorkingDirectory, IN WORD wHotKey, IN INT iShowCmd);
//=============================================================================//// DeleteItem//// Deletes an item on the Programs portion of the Start Menu in the// requested group.//// lpGroupName - Name of group// bCommonGroup - Common or personal group// lpFileName - Name of link without the .lnk extension (eg: Notepad)// bDeleteGroup - After deleting the link, delete the group if its empty.//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Notes: New applications should use the DeleteLinkFile() function instead// of DeleteItem.//// The lpFileName argument should not include the .lnk extension.// This function will add the extension.//// Here's a sample of how this function is typically called://// DeleteItem (TEXT("Accessories"), FALSE, TEXT("Notepad"), TRUE);//// This function should only be used the Windows NT team. Developers// outside of the Windows NT team can use the IShellLink interface// to create link files and DeleteFile to delete them.////=============================================================================
USERENVAPIBOOLWINAPIDeleteItem%( IN LPCTSTR% lpGroupName, IN BOOL bCommonGroup, IN LPCTSTR% lpFileName, IN BOOL bDeleteGroup);
//=============================================================================//// AddDesktopItem//// Creates an item on desktop. This function is very similar to AddItem()// documented above. See that function for more information.//// Notes: New applications should use the CreateLinkFile() function instead// of AddItem. This allows for friendly tooltip descriptions.//// This function should only be used the Windows NT team. Developers// outside of the Windows NT team can use the IShellLink interface// to create link files.////=============================================================================
USERENVAPIBOOLWINAPIAddDesktopItem%( IN BOOL bCommonItem, IN LPCTSTR% lpFileName, IN LPCTSTR% lpCommandLine, IN LPCTSTR% lpIconPath, IN INT iIconIndex, IN LPCTSTR% lpWorkingDirectory, IN WORD wHotKey, IN INT iShowCmd);
//=============================================================================//// DeleteDesktopItem//// Deletes an item from the desktop. This function is very similar to DeleteItem()// documented above. See that function for more information.//// Notes: New applications should use the DeleteLinkFile() function instead// of DeleteDesktopItem.//// This function should only be used the Windows NT team. Developers// outside of the Windows NT team can use the IShellLink interface// to create link files and DeleteFile to delete them.////=============================================================================
USERENVAPIBOOLWINAPIDeleteDesktopItem%( IN BOOL bCommonItem, IN LPCTSTR% lpFileName);
//=============================================================================//// CreateLinkFile//// Creates a link file (aka shortcut) in the requested special folder or// subdirectory of a special folder.//// csidl - CSIDL_* constant of special folder. See shlobj.h// lpSubDirectory - Subdirectory name. See note below// lpFileName - Name of link without the .lnk extension (eg: Notepad)// lpCommandLine - Command line of target path (eg: notepad.exe)// lpIconPath - Optional icon path, can be NULL.// iIconIndex - Optional icon index, default to 0.// lpWorkingDirectory - Working directory when target is invoked, can be NULL// wHotKey - Hot key for the link file, default to 0// iShowCmd - Specifies how the application should be launched.// Use a default of SW_SHOWNORMAL// lpDescription - Friendly description of shortcut, can be NULL.//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Notes: New applications should use this function instead of AddItem or// AddDesktopItem. This allows for friendly tooltip descriptions.//// The link file name is a combination of the first three// parameters. If a csidl is given, that special folder is// looked up first, and then the lpSubDirectory is appended to// it followed by the lpFileName. If csidl is equal to 0, then// lpSubDirectory should contain the fully qualified path to the// directory the link file is to be placed in. This allows// for link files to be be created outside of the scope of a// shell special folder. The csidl constants are listed in// shlobj.h or in the Win32 documentation for SHGetSpecialFolderPath.// Commonly used csidl's will be://// CSIDL_PROGRAMS - Personal Program folder on Start Menu// CSIDL_COMMON_PROGRAMS - Common Program folder on Start Menu// CSIDL_DESKTOPDIRECTORY - Personal desktop folder// CSIDL_COMMON_DESKTOPDIRECTORY - Common desktop folder//// The lpFileName argument should not include the .lnk extension.// This function will add the extension.//// If the lpWorkingDirectory parameter is NULL, this function will// insert home directory environment variables.//// If the requested subdirectory doesn't exist, it will be created.//// If the lpCommandLine target is located below the system root,// the SystemRoot environment variable will be inserted into the path//// Here's a sample of how this function is typically called://// CreateLinkFile (CSIDL_PROGRAMS, TEXT("Accessories"), TEXT("Notepad"),// TEXT("notepad.exe"), NULL, 0, NULL, 0, SW_SHOWNORMAL,// TEXT("A simple word processor."));//// This function should only be used the Windows NT team. Developers// outside of the Windows NT team can use the IShellLink interface// to create link files.////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPICreateLinkFile%( IN INT csidl, IN LPCTSTR% lpSubDirectory, IN LPCTSTR% lpFileName, IN LPCTSTR% lpCommandLine, IN LPCTSTR% lpIconPath, IN INT iIconIndex, IN LPCTSTR% lpWorkingDirectory, IN WORD wHotKey, IN INT iShowCmd, IN LPCTSTR% lpDescription);
;end_winver_500
//=============================================================================//// CreateLinkFileEx//// Creates a link file (aka shortcut) in the requested special folder or// subdirectory of a special folder.//// csidl - CSIDL_* constant of special folder. See shlobj.h// lpSubDirectory - Subdirectory name. See note below// lpFileName - Name of link without the .lnk extension (eg: Notepad)// lpCommandLine - Command line of target path (eg: notepad.exe)// lpIconPath - Optional icon path, can be NULL.// iIconIndex - Optional icon index, default to 0.// lpWorkingDirectory - Working directory when target is invoked, can be NULL// wHotKey - Hot key for the link file, default to 0// iShowCmd - Specifies how the application should be launched.// Use a default of SW_SHOWNORMAL// lpDescription - Friendly description of shortcut, can be NULL.// lpResourceModuleName - Name of the resource module. Can be NULL// uResourceID - Resource ID for the MUI display name.//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// for additional descriptions look in the description of Createlinkfile above.//=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPICreateLinkFileEx%( IN INT csidl, IN LPCTSTR% lpSubDirectory, IN LPCTSTR% lpFileName, IN LPCTSTR% lpCommandLine, IN LPCTSTR% lpIconPath, IN INT iIconIndex, IN LPCTSTR% lpWorkingDirectory, IN WORD wHotKey, IN INT iShowCmd, IN LPCTSTR% lpDescription, IN LPCTSTR% lpResourceModuleName, IN UINT uResourceID);
;end_winver_500
//=============================================================================//// DeleteLinkFile//// Deletes a link file (aka shortcut) in the requested special folder or// subdirectory of a special folder.//// csidl - CSIDL_* constant of special folder. See shlobj.h// lpSubDirectory - Subdirectory name. See note below// lpFileName - Name of link without the .lnk extension (eg: Notepad)// bDeleteSubDirectory - After deleting the link, delete the subdirectory if its empty.//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Notes: New applications should use this function instead DeleteItem or// DeleteDesktopItem.//// The link file name is a combination of the first three// parameters. If a csidl is given, that special folder is// looked up first, and then the lpSubDirectory is appended to// it followed by the lpFileName. If csidl is equal to 0, then// lpSubDirectory should contain the fully qualified path to the// directory the link file is to be placed in. This allows// for link files to be be deleted outside of the scope of a// shell special folder. The csidl constants are listed in// shlobj.h or in the Win32 documentation for SHGetSpecialFolderPath.// Commonly used csidl's will be://// CSIDL_PROGRAMS - Personal Program folder on Start Menu// CSIDL_COMMON_PROGRAMS - Common Program folder on Start Menu// CSIDL_DESKTOPDIRECTORY - Personal desktop folder// CSIDL_COMMON_DESKTOPDIRECTORY - Common desktop folder//// The lpFileName argument should not include the .lnk extension.// This function will add the extension.//// This function should only be used the Windows NT team. Developers// outside of the Windows NT team can use the IShellLink interface// to create link files and DeleteFile to delete them.////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIDeleteLinkFile%( IN INT csidl, IN LPCTSTR% lpSubDirectory, IN LPCTSTR% lpFileName, IN BOOL bDeleteSubDirectory);
;end_winver_500
#endif // _USERENV_NO_LINK_APIS_
//=============================================================================//// InitializeProfiles//// This function is used by GUI mode setup only and setup repair. It initializes// the Default User and All User profiles and converts any common groups from// Program Manager.//// bGuiModeSetup - Gui Mode setup or not.////// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details////=============================================================================
USERENVAPIBOOLWINAPIInitializeProfiles( IN BOOL bGuiModeSetup);
//*************************************************************//// CopySystemProfile()//// Purpose: Create the system profile information under // ProfileList entry.// In case of upgrade copy system profile from older// location to new location and delete the old system // profile// // Parameters://// Return: TRUE if successful// FALSE if an error occurs. Call GetLastError()//// Comments: This should only be called by GUI mode setup!////*************************************************************
USERENVAPIBOOL WINAPI CopySystemProfile( IN BOOL bCleanInstall);
//=============================================================================//// DetermineProfilesLocation//// This function is used by winlogon when GUI mode setup is about to start.// It sets the correct user profile location in the registry.//// bCleanInstall - True if setup is performing a clean install//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIDetermineProfilesLocation( BOOL bCleanInstall);
;end_winver_500
//=============================================================================//// CreateUserProfile(Ex)//// Creates a user profile for the given user. Used by the Win95 -> NT5// migration code.//// pSid - SID of new user// lpUserName - User name of new user// lpUserHive - Registry hive to use (optional, can be NULL)// lpProfileDir - Receives the user's profile directory (can be NULL)// dwDirSize - Size of lpProfileDir// bWin9xUpg - Flag to say whether it is win9x upgrade//// Returns: TRUE if successful// FALSE if not.////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPICreateUserProfile%( IN PSID pSid, IN LPCTSTR% lpUserName, IN LPCTSTR% lpUserHive, OUT LPTSTR% lpProfileDir, IN DWORD dwDirSize);
USERENVAPIBOOLWINAPICreateUserProfileEx%( IN PSID pSid, IN LPCTSTR% lpUserName, IN LPCTSTR% lpUserHive, OUT LPTSTR% lpProfileDir, IN DWORD dwDirSize, IN BOOL bWin9xUpg);
;end_winver_500
//=============================================================================//// CopyProfileDirectory(Ex)//// Multi-threaded user profile coping algorithm.//// lpSourceDir - Source directory// lpDestinationDir - Destination directory// dwFlags - Flags (defined below)// ftDelRefTime - Reference time used when deleted extra files// in a CPD_SYNCHRONIZE operation// lpExclusionList - List of directories to exclude when copying the// profile//// Returns: TRUE if successful// FALSE if not.//// Notes: When CPD_SYNCHRONIZE is used to copy a profile from one// location to another, all the files / directories are copied first// and then extra files in the target directory are deleted. In the// case of 2 machines using the same roaming profile, it doesn't make// sense to delete the extra files everytime. If the CPD_USEDELREFTIME// flag is set, then before deleting a file or directory, the// time on that file or directory is compared with ftDelRefTime.// If the time is newer, the file / directory is not deleted because// it is probably a new file from a different machine. If the// time is older, the file / directory is deleted.//// CopyProfileDirectoryEx can also exclude certain directories// from the copy. If the CPD_USEEXCLUSIONLIST flag is set and// lpExclusionList is non-null, the specified directories (and// their children) will be excuded from the copy. The format// of this parameter is a semi-colon separated list of directories// relative to the root of the source profile. For example://// Temporary Internet Files;Temp;Foo\Bar////=============================================================================
//// Flags for CopyProfileDirectory(Ex)//
#define CPD_FORCECOPY 0x00000001 // Ignore time stamps and always copy the file#define CPD_IGNORECOPYERRORS 0x00000002 // Ignore errors and keep going#define CPD_IGNOREHIVE 0x00000004 // Don't copy registry hive#define CPD_WIN95HIVE 0x00000008 // Looking for Win 9x registry hive instead of NT registry hive#define CPD_COPYIFDIFFERENT 0x00000010 // If a file exists in both src and dest with different time stamps, always copy it.#define CPD_SYNCHRONIZE 0x00000020 // Make dest directory structure indentical to src directory structure (delete extra files and directories)#define CPD_SLOWCOPY 0x00000040 // Don't use multiple thread. Copy one file at a time.#define CPD_SHOWSTATUS 0x00000080 // Show progress dialog#define CPD_CREATETITLE 0x00000100 // Change progress dialog title to Creating... rather than Copying...#define CPD_COPYHIVEONLY 0x00000200 // Only copy the hive, no other files#define CPD_USEDELREFTIME 0x00000400 // Use ftDelRefTime parameter in CopyProfileDirectoryEx#define CPD_USEEXCLUSIONLIST 0x00000800 // Use lpExclusionList parameter in CopyProfileDirectoryEx#define CPD_SYSTEMFILES 0x00001000 // Only copy files and directories with the system file attribute set#define CPD_DELDESTEXCLUSIONS 0x00002000 // If a directory that is excluded in the source already exists in the destination, delete it#define CPD_NONENCRYPTEDONLY 0x00004000 // Copy only non encrypted files#define CPD_IGNORESECURITY 0x00008000 // Ignore the ACLs etc. on the source files#define CPD_NOERRORUI 0x00010000 // Do not show the UI if error occurs#define CPD_SYSTEMDIRSONLY 0x00020000 // Only copy directories with the system file attribute set#define CPD_IGNOREENCRYPTEDFILES 0x00040000 // Ignore Encrypted files#define CPD_IGNORELONGFILENAMES 0x00080000 // Ignore files with long file names#define CPD_USETMPHIVEFILE 0x00100000 // user hive is still loaded
USERENVAPIBOOLWINAPICopyProfileDirectory%( IN LPCTSTR% lpSourceDir, IN LPCTSTR% lpDestinationDir, IN DWORD dwFlags);
USERENVAPIBOOLWINAPICopyProfileDirectoryEx%( IN LPCTSTR% lpSourceDir, IN LPCTSTR% lpDestinationDir, IN DWORD dwFlags, IN LPFILETIME ftDelRefTime, IN LPCTSTR% lpExclusionList);
//=============================================================================//// MigrateNT4ToNT5//// Migrates a user's profile from NT4 to NT5. This function should// only be called by shmgrate.exe//// Returns: TRUE if successful// FALSE if not.////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIMigrateNT4ToNT5();
;end_winver_500
//=============================================================================//// ResetUserSpecialFolderPaths//// Sets all of the user special folder paths back to their defaults//// Returns: TRUE if successful// FALSE if not.////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIResetUserSpecialFolderPaths();
;end_winver_500
//=============================================================================//// GetSystemTempDirectory//// Gets the system wide temp directory in short form//// Returns: TRUE if successful// FALSE if not.////=============================================================================
USERENVAPIBOOLWINAPIGetSystemTempDirectory%( OUT LPTSTR% lpDir, IN OUT LPDWORD lpcchSize);
//=============================================================================//// ApplySystemPolicy////// Entry point for Windows NT4 System Policy.//// dwFlags - Flags// hToken - User's token// hKeyCurrentUser - Registry to the root of the user's hive// lpUserName - User's name// lpPolicyPath - Path to the policy file (ntconfig.pol). Can be NULL.// lpServerName - Domain controller name used for group// membership look up. Can be NULL.////// Returns: TRUE if successful// FALSE if not////=============================================================================
;begin_winver_500
#define SP_FLAG_APPLY_MACHINE_POLICY 0x00000001#define SP_FLAG_APPLY_USER_POLICY 0x00000002
USERENVAPIBOOLWINAPIApplySystemPolicy%( IN DWORD dwFlags, IN HANDLE hToken, IN HKEY hKeyCurrentUser, IN LPCTSTR% lpUserName, IN LPCTSTR% lpPolicyPath, IN LPCTSTR% lpServerName);
;end_winver_500
;begin_winver_500
//=============================================================================//// Data types and data structures for foreground policy refresh info.////=============================================================================
typedef enum _tagFgPolicyRefreshReason{ GP_ReasonUnknown = 0, GP_ReasonFirstPolicy, GP_ReasonCSERequiresSync, GP_ReasonCSESyncError, GP_ReasonSyncForced, GP_ReasonSyncPolicy, GP_ReasonNonCachedCredentials, GP_ReasonSKU} FgPolicyRefreshReason;
typedef enum _tagFgPolicyRefreshMode{ GP_ModeUnknown = 0, GP_ModeSyncForeground, GP_ModeAsyncForeground,} FgPolicyRefreshMode;
typedef struct _tagFgPolicyRefreshInfo{ FgPolicyRefreshReason reason; FgPolicyRefreshMode mode;} FgPolicyRefreshInfo, *LPFgPolicyRefreshInfo;
//=============================================================================//// SetNextFgPolicyRefreshInfo//// Sets information about the next foreground policy//// szUserSid - user's SID for user's info, 0 for machine info// info - FgPolicyRefreshInfo structure with the reason and mode info//// Returns: WIN32 error code////=============================================================================
USERENVAPIDWORDWINAPISetNextFgPolicyRefreshInfo( LPWSTR szUserSid, FgPolicyRefreshInfo info );
//=============================================================================//// GetPreviousFgPolicyRefreshInfo//// Gets information about the previous foreground policy//// szUserSid - user's SID for user's info, 0 for machine info// pInfo - pointer to the FgPolicyRefreshInfo structure; returns the info//// Returns: WIN32 error code////=============================================================================
USERENVAPIDWORDWINAPIGetPreviousFgPolicyRefreshInfo( LPWSTR szUserSid, FgPolicyRefreshInfo* pInfo );
//=============================================================================//// GetNextFgPolicyRefreshInfo//// Gets information about the previous foreground policy//// szUserSid - user's SID for user's info, 0 for machine info// pInfo - pointer to the FgPolicyRefreshInfo structure; returns info//// Returns: WIN32 error code////=============================================================================
USERENVAPIDWORDWINAPIGetNextFgPolicyRefreshInfo( LPWSTR szUserSid, FgPolicyRefreshInfo* pInfo );
//=============================================================================//// ForceSyncFgPolicy//// Forces the next foreground policy to be Synchronous//// szUserSid - user's SID for user's info, 0 for machine info//// Returns: WIN32 error code////=============================================================================
USERENVAPIDWORDWINAPIForceSyncFgPolicy( LPWSTR szUserSid );
//=============================================================================//// WaitForUserPolicyForegroundProcessing//// Blocks the caller until the user foreground policy is finished//// Returns: WIN32 error code////=============================================================================
USERENVAPIDWORDWINAPIWaitForUserPolicyForegroundProcessing();
//=============================================================================//// WaitForMachinePolicyForegroundProcessing//// Blocks the caller until the machine foreground policy is finished//// Returns: WIN32 error code////=============================================================================
USERENVAPIDWORDWINAPIWaitForMachinePolicyForegroundProcessing();
//=============================================================================//// IsSyncForegroundPolicyRefresh//// Called during foreground refresh to determine whether the refresh is sync or// async//// bMachine - user or machine// hToken - User or machine token//// Returns: TRUE if foreground policy should be applied synchronously,// FALSE otherwise////=============================================================================
USERENVAPIBOOLWINAPIIsSyncForegroundPolicyRefresh( BOOL bMachine, HANDLE hToken );
;end_winver_500
//=============================================================================//// ApplyGroupPolicy////// Entry point for Group Policy. Causes either machine or user// policy to be applied.//// dwFlags - Flags defined below// hToken - User or machine token// hEvent - Handle to an event which causes the policy thread to// terminate when signaled.// hKeyRoot - Registry to the root of the correspond hive// eg: HKLM or HKCU for the user that matches hToken// pStatusCallback - Callback function for displaying status messages////// Returns: If GP_BACKGROUND_REFRESH is set, a thread handle// the process can wait until after signaling for policy// to stop. If GPT_BACKGROUND_REFRESH is not set, the// return value is 1.//// In the case of failure, NULL will be returned.////=============================================================================
;begin_winver_500
//// Flags to the ApplyGroupPolicy() function//
#define GP_MACHINE 0x00000001 // Process for machine (vs user)#define GP_BACKGROUND_REFRESH 0x00000002 // Use background thread#define GP_APPLY_DS_POLICY 0x00000004 // Apply policy from the DS also#define GP_ASYNC_FOREGROUND 0x00000008 // don't wait on network services
//// Flags set by ApplyGroupPolicy() function (do not pass these in)//
#define GP_BACKGROUND_THREAD 0x00010000 // Background thread processing#define GP_REGPOLICY_CPANEL 0x00020000 // Something changed in the CP settings#define GP_SLOW_LINK 0x00040000 // Slow network connection#define GP_VERBOSE 0x00080000 // Verbose output to eventlog#define GP_FORCED_REFRESH 0x00100000 // Forced Refresh// The 2 bit values were briefly used. #define GP_PLANMODE 0x00800000 // Planning mode flag
USERENVAPIHANDLEWINAPIApplyGroupPolicy( IN DWORD dwFlags, IN HANDLE hToken, IN HANDLE hEvent, IN HKEY hKeyRoot, IN PFNSTATUSMESSAGECALLBACK pStatusCallback);
//=============================================================================//// GenerateRsopPolicy//// Generates planning mode Rsop policy for specified target//// dwFlags - Processing flags// bstrMachName - Target computer name// bstrNewMachSOM - New machine domain or OU// psaMachSecGroups - New machine security groups// bstrUserName - Target user name// psaUserSecGroups - New user security groups// bstrSite - Site of target computer// pwszNameSpace - Namespace to write Rsop data// pProgress - Progress indicator info// pMachGpoFilter - GPO Filters that pass in machine processing// pUserGpoFilter - GPO Filters that pass in user processing//// Return: True if successful, False otherwise////=============================================================================
USERENVAPIBOOLWINAPIGenerateRsopPolicy( IN DWORD dwFlags, IN BSTR bstrMachName, IN BSTR bstrNewMachSOM, IN SAFEARRAY *psaMachSecGroups, IN BSTR bstrUserName, IN BSTR bstrNewUserSOM, IN SAFEARRAY *psaUserSecGroups, IN BSTR bstrSite, IN WCHAR *pwszNameSpace, IN LPVOID pProgress, IN LPVOID pMachGpoFilter, IN LPVOID pUserGpoFilter);
;end_winver_500
//=============================================================================//// ShutdownGPOProcessing()//// Entry point for aborting GPO processing//// bMachine - Shutdown machine or user processing ?//// Returns: void////=============================================================================
;begin_winver_500
USERENVAPIvoidWINAPIShutdownGPOProcessing( IN BOOL bMachine);
;end_winver_500
//=============================================================================//// PingComputer()//// Pings the specified computer//// ipaddr - IP address of the computer in unsigned long form// ulSpeed - Data transfer rate//// Notes: For fast connections (eg: LAN), it isn't possible// to get accurate transfer rates since the response// time from the computer is less than 10ms. In// this case, the function returns ERROR_SUCCESS// and ulSpeed is set to 0. If the function returns// ERROR_SUCCESS and the ulSpeed argument is non-zero// the connections is slower//// Returns: ERROR_SUCCESS if successful// Win32 error code if not////=============================================================================
;begin_winver_500
USERENVAPIDWORDWINAPIPingComputer( IN ULONG ipaddr, OUT ULONG *ulSpeed);
;end_winver_500
//=============================================================================//// InitializeUserProfile()//// Called by winlogon to initialize userenv.dll for loading/unloading user// profiles.//// Returns: fvoid////=============================================================================
;begin_winver_500
USERENVAPIvoidWINAPIInitializeUserProfile();
;end_winver_500
//=============================================================================//// EnterUserProfileLock()//// Get the user profile synchronization lock for a user//// Returns: HRESULT////=============================================================================
;begin_winver_500
USERENVAPIDWORDWINAPIEnterUserProfileLock(LPTSTR pSid);
;end_winver_500
//=============================================================================//// LeaveUserProfileLock()//// Release the user profile synchronization lock for a user//// Returns: HRESULT////=============================================================================
;begin_winver_500
USERENVAPIDWORDWINAPILeaveUserProfileLock(LPTSTR pSid);
;end_winver_500
//*************************************************************************//// SecureUserProfiles()//// Routine Description : // This function secures user profiles during FAT->NTFS conversion.// The function loops through all profiles registered under current // OS and sets the security for the corresponding profile directory // and nested subdirs. Assumption is the function will be called // only during FAT->NTFS conversion.//// Arguments : // None.//// Return Value : // None.//// History: Date Author Comment// 8/8/00 santanuc Created////*************************************************************************
;begin_winver_500
USERENVAPIvoidWINAPISecureUserProfiles(void);
;end_winver_500
//*************************************************************************//// CheckAccessForPolicyGeneration()//// Routine Description : // This function checks whether the given user represented by the token// has access to generate rsop data (planning or logging)//// Arguments : // hToken - Token of the user// szContainer - Container for which access needs to be checked. // Should be OU or domain container// szDomain - Domaindns where the container exists// bLogging - True if the rsop data is to be genearated for // logging mode// pbAccessGranted - Access Granted or not// //// Return Value : // ERROR_SUCCESS on success. Appropriate error code otherwise////*************************************************************************
;begin_winver_500
USERENVAPIDWORD WINAPICheckAccessForPolicyGeneration( HANDLE hToken, LPCWSTR szContainer, LPWSTR szDomain, BOOL bLogging, BOOL* pbAccessGranted);
;end_winver_500
//*************************************************************************//// GetGroupPolicyNetworkName()//// Routine Description : // This function returns the name of the network from which policy// was applied.//// Arguments : // szNetworkName - unicode string buffer representing the network name// pdwByteCount - size in bytes of the unicode string buffer//// Return Value : // ERROR_SUCCESS if successful, error code otherwise.////*************************************************************************
;begin_winver_500
USERENVAPIDWORD WINAPIGetGroupPolicyNetworkName( LPWSTR szNetworkName, LPDWORD pdwByteCount );
;end_winver_500
//*************************************************************//// GetUserAppDataPath()//// Purpose: Returns the path for user's Appdata.//// Parameters: hToken - User's token// lpFolderPath - Output buffer//// Return: ERROR_SUCCESS if successful// otherwise the error code//// Comments: If error occurs then lpFolderPath set to empty.// Used by Crypto guys to avoid calling SHGetFolderPath.////*************************************************************
;begin_winver_500
USERENVAPIDWORD WINAPIGetUserAppDataPath%( IN HANDLE hToken, IN BOOL fLocalAppData, OUT LPTSTR% lpFolderPath );
;end_winver_500
//=============================================================================//// GetUserProfileDirFromSid//// Returns the path to the root of the requested user's profile//// pSid - User's SID returned from LookupAccountName()// lpProfileDir - Receives the path// lpcchSize - Size of lpProfileDir//// Returns: TRUE if successful// FALSE if not. Call GetLastError() for more details//// Note: If lpProfileDir is not large enough, the function will fail,// and lpcchSize will contain the necessary buffer size.//// Example return value: C:\Documents and Settings\Joe////=============================================================================
;begin_winver_500
USERENVAPIBOOLWINAPIGetUserProfileDirFromSid%( IN PSID pSid, OUT LPTSTR% lpProfileDir, IN OUT LPDWORD lpcchSize);
;end_winver_500
//=============================================================================//// CheckXForestLogon()//// Purpose: Check if the user is logged on to a different forest, if yes, we// should disable roaming user profile for the user because of // protential security risks. Administrator can set a policy// "AllowX-ForestPolicy-and-RUP" to disable this check.//// Parameters: // hTokenUser - user's token//// Return: S_OK on not x-forest logon, S_FALSE on x-forest logon,// else for failure//// Comments://// History: Date Author Comment// 05/08/2002 mingzhu Created////=============================================================================
;begin_winver_500
USERENVAPIHRESULTWINAPICheckXForestLogon(IN HANDLE hTokenUser);
;end_winver_500
;end_internal
;begin_both#ifdef __cplusplus}#endif
;end_both
#endif // _INC_USERENV#endif // _INC_USERENVP ;internal
|
