Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1581 lines
67 KiB

//+--------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1994 - 2001.
//
// File: delobjs.cpp
//
// Contents: Functions for handling the deletion of template objects
//
//---------------------------------------------------------------------------
#include "stdafx.h"
#include "afxdlgs.h"
#include "cookie.h"
#include "snapmgr.h"
#include "wrapper.h"
#include "util.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
HRESULT CSnapin::OnDeleteObjects(
LPDATAOBJECT pDataObj,
DATA_OBJECT_TYPES cctType,
MMC_COOKIE cookie,
LPARAM arg,
LPARAM param)
{
if ( 0 == cookie)
return S_OK;
if (NULL == pDataObj)
return S_OK;
INTERNAL *pAllInternals, *pInternal;
pAllInternals = ExtractInternalFormat( pDataObj );
//
// Find out if this is a mutli select item.
//
int iCnt = 1;
pInternal = pAllInternals;
if(!pInternal)
return S_OK;
if(pAllInternals && pAllInternals->m_cookie == (MMC_COOKIE)MMC_MULTI_SELECT_COOKIE)
{
pInternal = pAllInternals;
iCnt = (int)pInternal->m_type;
pInternal++;
}
CFolder *pFolder = m_pSelectedFolder;
BOOL bAsk = TRUE;
while( iCnt-- ){
cookie = pInternal->m_cookie;
cctType = pInternal->m_type;
if ( cctType == CCT_RESULT ) {
CResult* pResult = (CResult *)cookie;
RESULT_TYPES rsltType = pResult->GetType();
if ( rsltType == ITEM_PROF_GROUP ||
rsltType == ITEM_PROF_REGSD ||
rsltType == ITEM_PROF_FILESD
) {
if(bAsk ){
CString str,strFmt;
//
// The first cast asks the users if they wish to delete all selected items.
// the second case asks to delete one file.
//
if(bAsk && iCnt > 0 ){ //Raid #463490, Yang Gao, 9/6/2001
str.LoadString( IDS_DELETE_ALL_ITEMS);
} else {
strFmt.LoadString(IDS_QUERY_DELETE);
str.Format(strFmt,pResult->GetAttr());
if( str.GetLength() > MAX_PATH ) //Raid 567778, yanggao, 4/25/2002.
{
strFmt = str.Left(MAX_PATH);
str = strFmt + L"... ?";
}
}
//
// Ask the question. We only want to ask the question once, so set
// bAsk to false so that we neve enter this block again.
//
if ( IDNO == AfxMessageBox((LPCTSTR)str, MB_YESNO, 0) ) {
iCnt = 0;
continue;
}
bAsk = FALSE;
}
//
// free memory associated with the item
//
BOOL bDelete=FALSE;
TRACE(_T("CSnapin::OnDeleteObjects-pResult(%x)\n"),pResult);
if ( rsltType == ITEM_PROF_GROUP ) {
PSCE_GROUP_MEMBERSHIP pGroup, pParentGrp;
PEDITTEMPLATE pTemplate;
//
// delete this group from the template
//
pTemplate = pResult->GetBaseProfile();
if ( pResult->GetBase() != 0 && pTemplate && pTemplate->pTemplate &&
pTemplate->pTemplate->pGroupMembership ) {
for ( pGroup=pTemplate->pTemplate->pGroupMembership, pParentGrp=NULL;
pGroup != NULL; pParentGrp=pGroup, pGroup=pGroup->Next ) {
if ( pResult->GetBase() == (LONG_PTR)pGroup ) {
//
// remove this node from the list
//
if ( pParentGrp ) {
pParentGrp->Next = pGroup->Next;
} else {
pTemplate->pTemplate->pGroupMembership = pGroup->Next;
}
pGroup->Next = NULL;
TRACE(_T("CSnapin::OnDeleteObjects-pGroup(%x)\n"),pGroup);
//
// free the node
//
if ( pGroup ) {
SceFreeMemory((PVOID)pGroup, SCE_STRUCT_GROUP);
}
break;
}
}
}
if ( pTemplate ) {
(void)pTemplate->SetDirty(AREA_GROUP_MEMBERSHIP);
}
bDelete = TRUE;
} else if ( rsltType == ITEM_PROF_REGSD ||
rsltType == ITEM_PROF_FILESD
) {
PSCE_OBJECT_SECURITY pObject;
PSCE_OBJECT_ARRAY poa;
DWORD i,j;
PEDITTEMPLATE pTemplate;
AREA_INFORMATION Area;
pObject = (PSCE_OBJECT_SECURITY)(pResult->GetID());
pTemplate = pResult->GetBaseProfile();
if ( rsltType == ITEM_PROF_REGSD ) {
poa = pTemplate->pTemplate->pRegistryKeys.pAllNodes;
Area = AREA_REGISTRY_SECURITY;
} else if ( rsltType == ITEM_PROF_FILESD ) {
poa = pTemplate->pTemplate->pFiles.pAllNodes;
Area = AREA_FILE_SECURITY;
} else {
poa = pTemplate->pTemplate->pDsObjects.pAllNodes;
Area = AREA_DS_OBJECTS;
}
if ( pResult->GetID() != 0 && pTemplate &&
pTemplate->pTemplate && poa ) {
i=0;
while ( i < poa->Count &&
(pResult->GetID() != (LONG_PTR)(poa->pObjectArray[i])) )
i++;
if ( i < poa->Count ) {
//
// remove this node from the array, but the arry won't be reallocated
//
for ( j=i+1; j<poa->Count; j++ ) {
poa->pObjectArray[j-1] = poa->pObjectArray[j];
}
poa->pObjectArray[poa->Count-1] = NULL;
poa->Count--;
//
// free the node
//
TRACE(_T("CSnapin::OnDeleteObjects-pObject(%x)\n"),pObject);
if ( pObject ) {
if ( pObject->Name != NULL )
LocalFree( pObject->Name );
if ( pObject->pSecurityDescriptor != NULL )
LocalFree(pObject->pSecurityDescriptor);
LocalFree( pObject );
}
}
}
if ( pTemplate ) {
(void)pTemplate->SetDirty(Area);
}
bDelete = TRUE;
}
if ( bDelete ) {
//
// delete from the result pane
//
HRESULTITEM hItem = NULL;
if(m_pResult->FindItemByLParam( (LPARAM)pResult, &hItem) == S_OK){
m_pResult->DeleteItem(hItem, 0);
}
//
// delete the item from result list and free the buffer
//
POSITION pos=NULL;
//if ( FindResult((long)cookie, &pos) ) {
// if ( pos ) {
if (m_pSelectedFolder->RemoveResultItem(
m_resultItemHandle,
pResult
) == ERROR_SUCCESS) {
//
// delete the node
//
delete pResult;
}
//
// Notify any other views to also delete the item
//
m_pConsole->UpdateAllViews((LPDATAOBJECT)this, (LONG_PTR)pResult, UAV_RESULTITEM_REMOVE);
}
}
}
pInternal++;
}
if( pAllInternals )
{
FREE_INTERNAL(pAllInternals);
}
return S_OK;
}
CResult* CSnapin::FindResult(MMC_COOKIE cookie, POSITION* thePos)
{
POSITION pos = NULL; //m_resultItemList.GetHeadPosition();
POSITION curPos;
CResult* pResult = NULL;
if(!m_pSelectedFolder || !m_resultItemHandle)
{
return NULL;
}
do {
curPos = pos;
if( m_pSelectedFolder->GetResultItem(
m_resultItemHandle,
pos,
&pResult) != ERROR_SUCCESS )
{
break;
}
// pos is already updated to the next item after this call
//pResult = m_resultItemList.GetNext(pos);
// how to compare result item correctly ?
// for now, let's compare the pointer address.
if ((MMC_COOKIE)pResult == cookie)
{
if ( thePos )
{
*thePos = curPos;
}
return pResult;
}
} while( pos );
if ( thePos )
*thePos = NULL;
return NULL;
}
void
OnDeleteHelper(CRegKey& regkeySCE,CString tmpstr) {
//
// replace the "\" with "/" because registry does not take "\" in a single key
//
int npos = tmpstr.Find(L'\\');
while (npos != -1) {
*(tmpstr.GetBuffer(1)+npos) = L'/';
npos = tmpstr.Find(L'\\');
}
regkeySCE.DeleteSubKey(tmpstr);
regkeySCE.Close();
}
HRESULT CComponentDataImpl::OnDelete(LPDATAOBJECT lpDataObject, LPARAM arg, LPARAM param)
{
ASSERT(lpDataObject);
AFX_MANAGE_STATE(AfxGetStaticModuleState( ));
if ( lpDataObject == NULL ) {
return S_OK;
}
HRESULT hr = S_OK;
INTERNAL* pInternal = ExtractInternalFormat(lpDataObject);
if ( pInternal ) {
MMC_COOKIE cookie = pInternal->m_cookie;
CFolder* pFolder = (CFolder *)cookie;
FOLDER_TYPES fldType = pFolder->GetType();
if ( fldType == LOCATIONS ||
fldType == PROFILE ) {
//Raid #483251, Yanggao, 10/19/2001
//If there is any property page opened under this folder, this folder is not
//allowed to be deleted.
if( CSnapin::m_PropertyPageList.GetCount() > 0)
{
CString szInfFile = pFolder->GetInfFile();
if(fldType==LOCATIONS)
szInfFile = pFolder->GetName();
szInfFile.MakeLower();
POSITION newpos = CSnapin::m_PropertyPageList.GetHeadPosition();
int nCount = (int)CSnapin::m_PropertyPageList.GetCount();
CResult* pItem = NULL;
while( nCount > 0 && newpos )
{
pItem = CSnapin::m_PropertyPageList.GetNext(newpos);
if( pItem && szInfFile)
{
pItem->m_strInfFile.MakeLower();
if( _wcsicmp(pItem->m_strInfFile, szInfFile) == 0 ||
pItem->m_strInfFile.Find(szInfFile) == 0 )
{
CString msg;
msg.LoadString(IDS_NOT_DELETE_ITEM);
AfxMessageBox(msg, MB_OK|MB_ICONERROR); //Raid #491120, yanggao
return S_OK;
}
}
nCount--;
}
}
CString str;
str.Format(IDS_DELETE_CONFIRM,pFolder->GetName() );
if ( IDYES == AfxMessageBox((LPCTSTR)str, MB_YESNO, 0) ) {
//
// delete the nodes and all related children info
//
if ( fldType == PROFILE ) {
if (CAttribute::m_nDialogs > 0) {
CString str;
AfxFormatString1(str,IDS_CLOSE_PAGES,pFolder->GetName());
AfxMessageBox(str,MB_OK);
hr = S_FALSE;
} else {
//
// delete a single inf file
//
if( DeleteFile(pFolder->GetInfFile()) ) //Raid #668270, yanggao, 8/9/2002
{
hr = DeleteOneTemplateNodes(cookie);
}
else
{
LPTSTR lpMsgBuf;
FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
GetLastError(),
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR)&lpMsgBuf,
0,
NULL
);
AppMessageBox(NULL, lpMsgBuf, NULL, MB_ICONSTOP|MB_OK);
if ( lpMsgBuf != NULL )
{
LocalFree(lpMsgBuf);
}
hr = S_FALSE;
}
}
} else {
//
// delete a registry path from SCE
//
CRegKey regkeySCE;
CString tmpstr;
tmpstr.LoadString(IDS_TEMPLATE_LOCATION_KEY);
LONG lRes;
lRes = regkeySCE.Open(HKEY_LOCAL_MACHINE, tmpstr);
if (lRes == ERROR_SUCCESS) {
OnDeleteHelper(regkeySCE,pFolder->GetName());
}
//
// Bug 375324: Delete from HKCU as well as HKLM
//
lRes = regkeySCE.Open(HKEY_CURRENT_USER, tmpstr);
if (lRes == ERROR_SUCCESS) {
OnDeleteHelper(regkeySCE,pFolder->GetName());
}
MMC_COOKIE FindCookie=FALSE;
HSCOPEITEM pItemChild;
pItemChild = NULL;
hr = m_pScope->GetChildItem(pFolder->GetScopeItem()->ID, &pItemChild, &FindCookie);
//
// find a child item
//
while ( pItemChild ) {
if ( FindCookie ) {
//
// find a template, delete it
//
DeleteOneTemplateNodes(FindCookie);
}
// get next pointer
pItemChild = NULL;
FindCookie = FALSE;
hr = m_pScope->GetChildItem( pFolder->GetScopeItem()->ID, &pItemChild, &FindCookie);
}
//
// delete this location node
//
DeleteThisNode(pFolder);
}
}
}
FREE_INTERNAL(pInternal);
}
return hr;
}
HRESULT CComponentDataImpl::DeleteOneTemplateNodes(MMC_COOKIE cookie)
{
if ( !cookie ) {
return S_OK;
}
CFolder *pFolder = (CFolder *)cookie;
//
// delete the template info first, this will delete handles
// associated with any extension services
//
if ( pFolder->GetInfFile() ) {
DeleteTemplate(pFolder->GetInfFile());
}
//
// delete the scope items and m_scopeItemList (for all children)
//
DeleteChildrenUnderNode(pFolder);
//
// delete this location node
//
DeleteThisNode(pFolder);
return S_OK;
}
void CComponentDataImpl::DeleteTemplate(CString infFile)
{
PEDITTEMPLATE pTemplateInfo = NULL;
CString stri = infFile;
stri.MakeLower();
if ( m_Templates.Lookup(stri, pTemplateInfo) ) {
m_Templates.RemoveKey(stri);
if ( pTemplateInfo ) {
if ( pTemplateInfo->pTemplate ) //Raid 494837, yanggao
{
SceFreeProfileMemory(pTemplateInfo->pTemplate);
pTemplateInfo->pTemplate = NULL;
}
delete pTemplateInfo;
}
}
}
void CSnapin::CreateProfilePolicyResultList(MMC_COOKIE cookie,
FOLDER_TYPES type,
PEDITTEMPLATE pSceInfo,
LPDATAOBJECT pDataObj)
{
if ( !pSceInfo ) {
return;
}
bool bVerify=false;
UINT i;
DWORD curVal;
UINT IdsMax[]={IDS_SYS_LOG_MAX, IDS_SEC_LOG_MAX, IDS_APP_LOG_MAX};
UINT IdsRet[]={IDS_SYS_LOG_RET, IDS_SEC_LOG_RET, IDS_APP_LOG_RET};
UINT IdsDays[]={IDS_SYS_LOG_DAYS, IDS_SEC_LOG_DAYS, IDS_APP_LOG_DAYS};
UINT IdsGuest[]={IDS_SYS_LOG_GUEST, IDS_SEC_LOG_GUEST, IDS_APP_LOG_GUEST};
switch ( type ) {
case POLICY_PASSWORD:
// L"Maximum passage age", L"Days"
AddResultItem(IDS_MAX_PAS_AGE, SCE_NO_VALUE,
pSceInfo->pTemplate->MaximumPasswordAge, ITEM_PROF_DW, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Minimum passage age", L"Days"
AddResultItem(IDS_MIN_PAS_AGE, SCE_NO_VALUE,
pSceInfo->pTemplate->MinimumPasswordAge, ITEM_PROF_DW, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Minimum passage length", L"Characters"
AddResultItem(IDS_MIN_PAS_LEN, SCE_NO_VALUE,
pSceInfo->pTemplate->MinimumPasswordLength, ITEM_PROF_DW, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Password history size", L"Passwords"
AddResultItem(IDS_PAS_UNIQUENESS, SCE_NO_VALUE,
pSceInfo->pTemplate->PasswordHistorySize, ITEM_PROF_DW, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Password complexity", L""
AddResultItem(IDS_PAS_COMPLEX, SCE_NO_VALUE,
pSceInfo->pTemplate->PasswordComplexity, ITEM_PROF_BOOL, -1, cookie, bVerify,pSceInfo,pDataObj);
// NT5 new flag
// L"Clear Text Password", L""
AddResultItem(IDS_CLEAR_PASSWORD, SCE_NO_VALUE,
pSceInfo->pTemplate->ClearTextPassword, ITEM_PROF_BOOL, -1, cookie, bVerify,pSceInfo,pDataObj);
#if defined(USE_REQ_LOGON_ITEM)
// L"Require logon to change password", L""
AddResultItem(IDS_REQ_LOGON, SCE_NO_VALUE,
pSceInfo->pTemplate->RequireLogonToChangePassword, ITEM_PROF_BOOL, -1, cookie, bVerify,pSceInfo,pDataObj);
#endif
break;
case POLICY_KERBEROS:
if (!VerifyKerberosInfo(pSceInfo->pTemplate)) {
AddResultItem(IDS_CANT_DISPLAY_ERROR_OOM,NULL,NULL,ITEM_OTHER,-1,cookie);
break;
}
AddResultItem(IDS_KERBEROS_MAX_SERVICE,SCE_NO_VALUE,
pSceInfo->pTemplate->pKerberosInfo->MaxServiceAge,
ITEM_PROF_DW,-1,cookie,bVerify,pSceInfo,pDataObj);
AddResultItem(IDS_KERBEROS_MAX_CLOCK,SCE_NO_VALUE,
pSceInfo->pTemplate->pKerberosInfo->MaxClockSkew,
ITEM_PROF_DW,-1,cookie,bVerify,pSceInfo,pDataObj);
AddResultItem(IDS_KERBEROS_RENEWAL,SCE_NO_VALUE,
pSceInfo->pTemplate->pKerberosInfo->MaxRenewAge,
ITEM_PROF_DW,-1,cookie,bVerify,pSceInfo,pDataObj);
AddResultItem(IDS_KERBEROS_MAX_AGE,SCE_NO_VALUE,
pSceInfo->pTemplate->pKerberosInfo->MaxTicketAge,
ITEM_PROF_DW,-1,cookie,bVerify,pSceInfo,pDataObj);
AddResultItem(IDS_KERBEROS_VALIDATE_CLIENT,SCE_NO_VALUE,
pSceInfo->pTemplate->pKerberosInfo->TicketValidateClient,
ITEM_PROF_BOOL,-1,cookie,bVerify,pSceInfo,pDataObj);
break;
case POLICY_LOCKOUT:
// L"Account lockout count", L"Attempts"
AddResultItem(IDS_LOCK_COUNT, SCE_NO_VALUE,
pSceInfo->pTemplate->LockoutBadCount, ITEM_PROF_DW, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Reset lockout count after", L"Minutes"
AddResultItem(IDS_LOCK_RESET_COUNT, SCE_NO_VALUE,
pSceInfo->pTemplate->ResetLockoutCount, ITEM_PROF_DW, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Lockout duration", L"Minutes"
AddResultItem(IDS_LOCK_DURATION, SCE_NO_VALUE,
pSceInfo->pTemplate->LockoutDuration, ITEM_PROF_DW, -1, cookie, bVerify,pSceInfo,pDataObj);
break;
case POLICY_AUDIT:
//
// Event auditing
//
// if ( pSceInfo->pTemplate->EventAuditingOnOff)
// curVal = 1;
// else
// curVal = 0;
// L"Event Auditing Mode",
// AddResultItem(IDS_EVENT_ON, SCE_NO_VALUE,
// pSceInfo->pTemplate->EventAuditingOnOff, ITEM_PROF_BON, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Audit system events"
AddResultItem(IDS_SYSTEM_EVENT, SCE_NO_VALUE,
pSceInfo->pTemplate->AuditSystemEvents, ITEM_PROF_B2ON, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Audit logon events"
AddResultItem(IDS_LOGON_EVENT, SCE_NO_VALUE,
pSceInfo->pTemplate->AuditLogonEvents, ITEM_PROF_B2ON, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Audit Object Access"
AddResultItem(IDS_OBJECT_ACCESS, SCE_NO_VALUE,
pSceInfo->pTemplate->AuditObjectAccess, ITEM_PROF_B2ON, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Audit Privilege Use"
AddResultItem(IDS_PRIVILEGE_USE, SCE_NO_VALUE,
pSceInfo->pTemplate->AuditPrivilegeUse, ITEM_PROF_B2ON, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Audit policy change"
AddResultItem(IDS_POLICY_CHANGE, SCE_NO_VALUE,
pSceInfo->pTemplate->AuditPolicyChange, ITEM_PROF_B2ON, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Audit Account Manage"
AddResultItem(IDS_ACCOUNT_MANAGE, SCE_NO_VALUE,
pSceInfo->pTemplate->AuditAccountManage, ITEM_PROF_B2ON, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Audit process tracking"
AddResultItem(IDS_PROCESS_TRACK, SCE_NO_VALUE,
pSceInfo->pTemplate->AuditProcessTracking, ITEM_PROF_B2ON, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Audit directory service access"
AddResultItem(IDS_DIRECTORY_ACCESS, SCE_NO_VALUE,
pSceInfo->pTemplate->AuditDSAccess, ITEM_PROF_B2ON, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Audit Account Logon"
AddResultItem(IDS_ACCOUNT_LOGON, SCE_NO_VALUE,
pSceInfo->pTemplate->AuditAccountLogon, ITEM_PROF_B2ON, -1, cookie, bVerify,pSceInfo,pDataObj);
break;
case POLICY_OTHER:
//
// Account Logon category
//
// L"Force logoff when logon hour expire", L""
AddResultItem(IDS_FORCE_LOGOFF, SCE_NO_VALUE,
pSceInfo->pTemplate->ForceLogoffWhenHourExpire, ITEM_PROF_BOOL, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Accounts: Administrator account status", L""
AddResultItem(IDS_ENABLE_ADMIN, SCE_NO_VALUE,
pSceInfo->pTemplate->EnableAdminAccount, ITEM_PROF_BOOL, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"Accounts: Guest account status", L""
AddResultItem(IDS_ENABLE_GUEST, SCE_NO_VALUE,
pSceInfo->pTemplate->EnableGuestAccount, ITEM_PROF_BOOL, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"New Administrator account name"
AddResultItem(IDS_NEW_ADMIN, 0,
(LONG_PTR)(LPCTSTR)pSceInfo->pTemplate->NewAdministratorName,
ITEM_PROF_SZ, -1, cookie,bVerify,pSceInfo,pDataObj);
// L"New Guest account name"
AddResultItem(IDS_NEW_GUEST, NULL,
(LONG_PTR)(LPCTSTR)pSceInfo->pTemplate->NewGuestName,
ITEM_PROF_SZ, -1, cookie,bVerify,pSceInfo,pDataObj);
// L"Network access: Allow anonymous SID/Name translation"
AddResultItem(IDS_LSA_ANON_LOOKUP, SCE_NO_VALUE,
pSceInfo->pTemplate->LSAAnonymousNameLookup, ITEM_PROF_BOOL, -1, cookie, bVerify,pSceInfo,pDataObj);
CreateProfileRegValueList(cookie, pSceInfo, pDataObj);
break;
case POLICY_LOG:
//
// Event Log setting
//
for ( i=0; i<3; i++) {
// L"... Log Maximum Size", L"KBytes"
AddResultItem(IdsMax[i], SCE_NO_VALUE,
pSceInfo->pTemplate->MaximumLogSize[i], ITEM_PROF_DW, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"... Log Retention Method",
AddResultItem(IdsRet[i], SCE_NO_VALUE,
pSceInfo->pTemplate->AuditLogRetentionPeriod[i], ITEM_PROF_RET, -1, cookie, bVerify,pSceInfo,pDataObj);
//
// AuditLogRetentionPeriod has already been interpreted by the
// SCE engine into the RetentionDays setting. So, the RSOP UI
// should display RetentionDays if it exists in the WMI db.
//
// if ( pSceInfo->pTemplate->AuditLogRetentionPeriod[i] == 1) {
// curVal = pSceInfo->pTemplate->RetentionDays[i];
// } else {
// curVal = SCE_NO_VALUE;
// }
// L"... Log Retention days", "days"
// AddResultItem(IdsDays[i], SCE_NO_VALUE, curVal, ITEM_PROF_DW, -1, cookie, bVerify,pSceInfo,pDataObj);
AddResultItem(IdsDays[i], SCE_NO_VALUE,
pSceInfo->pTemplate->RetentionDays[i], ITEM_PROF_DW, -1, cookie, bVerify,pSceInfo,pDataObj);
// L"RestrictGuestAccess", L""
AddResultItem(IdsGuest[i], SCE_NO_VALUE,
pSceInfo->pTemplate->RestrictGuestAccess[i], ITEM_PROF_BOOL, -1, cookie, bVerify,pSceInfo,pDataObj);
}
break;
}
}
void
CSnapin::CreateAnalysisPolicyResultList(MMC_COOKIE cookie,
FOLDER_TYPES type,
PEDITTEMPLATE pSceInfo,
PEDITTEMPLATE pBase,
LPDATAOBJECT pDataObj )
{
if ( !pSceInfo || !pBase ) {
AddResultItem(IDS_ERROR_NO_ANALYSIS_INFO,NULL,NULL,ITEM_OTHER,-1,cookie);
return;
}
bool bVerify=true;
UINT i;
UINT IdsMax[]={IDS_SYS_LOG_MAX, IDS_SEC_LOG_MAX, IDS_APP_LOG_MAX};
UINT IdsRet[]={IDS_SYS_LOG_RET, IDS_SEC_LOG_RET, IDS_APP_LOG_RET};
UINT IdsDays[]={IDS_SYS_LOG_DAYS, IDS_SEC_LOG_DAYS, IDS_APP_LOG_DAYS};
UINT IdsGuest[]={IDS_SYS_LOG_GUEST, IDS_SEC_LOG_GUEST, IDS_APP_LOG_GUEST};
DWORD status;
LONG_PTR setting;
switch ( type ) {
case POLICY_PASSWORD_ANALYSIS:
//
// password category
//
// L"Maximum passage age", L"Days"
AddResultItem(IDS_MAX_PAS_AGE,
pSceInfo->pTemplate->MaximumPasswordAge,
pBase->pTemplate->MaximumPasswordAge,
ITEM_DW,
1,
cookie,
bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Minimum passage age", L"Days"
AddResultItem(IDS_MIN_PAS_AGE,
pSceInfo->pTemplate->MinimumPasswordAge,
pBase->pTemplate->MinimumPasswordAge,
ITEM_DW,
1,
cookie,
bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Minimum passage length", L"Characters"
AddResultItem(IDS_MIN_PAS_LEN,
pSceInfo->pTemplate->MinimumPasswordLength,
pBase->pTemplate->MinimumPasswordLength,
ITEM_DW,
1,
cookie,
bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Password history size", L"Passwords"
AddResultItem(IDS_PAS_UNIQUENESS,
pSceInfo->pTemplate->PasswordHistorySize,
pBase->pTemplate->PasswordHistorySize,
ITEM_DW,
1,
cookie,
bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Password complexity", L""
AddResultItem(IDS_PAS_COMPLEX,
pSceInfo->pTemplate->PasswordComplexity,
pBase->pTemplate->PasswordComplexity,
ITEM_BOOL,
1,
cookie,
bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Clear Text Password", L""
AddResultItem(IDS_CLEAR_PASSWORD,
pSceInfo->pTemplate->ClearTextPassword,
pBase->pTemplate->ClearTextPassword,
ITEM_BOOL,
1,
cookie,
bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
#if defined(USE_REQ_LOGON_ITEM)
// L"Require logon to change password", L""
AddResultItem(IDS_REQ_LOGON,
pSceInfo->pTemplate->RequireLogonToChangePassword,
pBase->pTemplate->RequireLogonToChangePassword,
ITEM_BOOL,
1,
cookie,
bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
#endif
break;
case POLICY_KERBEROS_ANALYSIS:
if (!VerifyKerberosInfo(pSceInfo->pTemplate) ||
!VerifyKerberosInfo(pBase->pTemplate)) {
AddResultItem(IDS_CANT_DISPLAY_ERROR_OOM,NULL,NULL,ITEM_OTHER,-1,cookie);
break;
}
AddResultItem(IDS_KERBEROS_MAX_SERVICE,
pSceInfo->pTemplate->pKerberosInfo->MaxServiceAge,
pBase->pTemplate->pKerberosInfo->MaxServiceAge,
ITEM_DW,-1,cookie,bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
AddResultItem(IDS_KERBEROS_MAX_CLOCK,
pSceInfo->pTemplate->pKerberosInfo->MaxClockSkew,
pBase->pTemplate->pKerberosInfo->MaxClockSkew,
ITEM_DW,-1,cookie,bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
AddResultItem(IDS_KERBEROS_VALIDATE_CLIENT,
pSceInfo->pTemplate->pKerberosInfo->TicketValidateClient,
pBase->pTemplate->pKerberosInfo->TicketValidateClient,
ITEM_BOOL,-1,cookie,bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
AddResultItem(IDS_KERBEROS_RENEWAL,
pSceInfo->pTemplate->pKerberosInfo->MaxRenewAge,
pBase->pTemplate->pKerberosInfo->MaxRenewAge,
ITEM_DW,-1,cookie,bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
AddResultItem(IDS_KERBEROS_MAX_AGE,
pSceInfo->pTemplate->pKerberosInfo->MaxTicketAge,
pBase->pTemplate->pKerberosInfo->MaxTicketAge,
ITEM_DW,-1,cookie,bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
break;
case POLICY_LOCKOUT_ANALYSIS:
//
// Account Lockout category
//
// L"Account lockout count", L"Attempts"
AddResultItem(IDS_LOCK_COUNT, pSceInfo->pTemplate->LockoutBadCount,
pBase->pTemplate->LockoutBadCount, ITEM_DW, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Reset lockout count after", L"Minutes"
AddResultItem(IDS_LOCK_RESET_COUNT, pSceInfo->pTemplate->ResetLockoutCount,
pBase->pTemplate->ResetLockoutCount, ITEM_DW, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Lockout duration", L"Minutes"
AddResultItem(IDS_LOCK_DURATION, pSceInfo->pTemplate->LockoutDuration,
pBase->pTemplate->LockoutDuration, ITEM_DW, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
break;
case POLICY_AUDIT_ANALYSIS:
//
// Event auditing
//
// L"Event Auditing Mode",
// AddResultItem(IDS_EVENT_ON, pSceInfo->pTemplate->EventAuditingOnOff,
// pBase->pTemplate->EventAuditingOnOff, ITEM_BON, 1, cookie, bVerify);
// L"Audit system events"
AddResultItem(IDS_SYSTEM_EVENT, pSceInfo->pTemplate->AuditSystemEvents,
pBase->pTemplate->AuditSystemEvents, ITEM_B2ON, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit logon events"
AddResultItem(IDS_LOGON_EVENT, pSceInfo->pTemplate->AuditLogonEvents,
pBase->pTemplate->AuditLogonEvents, ITEM_B2ON, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit Object Access"
AddResultItem(IDS_OBJECT_ACCESS, pSceInfo->pTemplate->AuditObjectAccess,
pBase->pTemplate->AuditObjectAccess, ITEM_B2ON, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit Privilege Use"
AddResultItem(IDS_PRIVILEGE_USE, pSceInfo->pTemplate->AuditPrivilegeUse,
pBase->pTemplate->AuditPrivilegeUse, ITEM_B2ON, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit policy change"
AddResultItem(IDS_POLICY_CHANGE, pSceInfo->pTemplate->AuditPolicyChange,
pBase->pTemplate->AuditPolicyChange, ITEM_B2ON, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit Account Manage"
AddResultItem(IDS_ACCOUNT_MANAGE, pSceInfo->pTemplate->AuditAccountManage,
pBase->pTemplate->AuditAccountManage, ITEM_B2ON, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit process tracking"
AddResultItem(IDS_PROCESS_TRACK, pSceInfo->pTemplate->AuditProcessTracking,
pBase->pTemplate->AuditProcessTracking, ITEM_B2ON, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit directory access "
AddResultItem(IDS_DIRECTORY_ACCESS, pSceInfo->pTemplate->AuditDSAccess,
pBase->pTemplate->AuditDSAccess, ITEM_B2ON, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit account logon"
AddResultItem(IDS_ACCOUNT_LOGON, pSceInfo->pTemplate->AuditAccountLogon,
pBase->pTemplate->AuditAccountLogon, ITEM_B2ON, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
break;
case POLICY_LOG_ANALYSIS:
//
// Event Log setting
//
for ( i=0; i<3; i++) {
// Maximum Log Size
AddResultItem(IdsMax[i], pSceInfo->pTemplate->MaximumLogSize[i],
pBase->pTemplate->MaximumLogSize[i], ITEM_DW, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"... Log Retention Method",
AddResultItem(IdsRet[i], pSceInfo->pTemplate->AuditLogRetentionPeriod[i],
pBase->pTemplate->AuditLogRetentionPeriod[i], ITEM_RET, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
if ( pSceInfo->pTemplate->AuditLogRetentionPeriod[i] == 1 ||
pBase->pTemplate->AuditLogRetentionPeriod[i] == 1)
// L"... Log Retention days", "days"
AddResultItem(IdsDays[i], pSceInfo->pTemplate->RetentionDays[i],
pBase->pTemplate->RetentionDays[i], ITEM_DW, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"RestrictGuestAccess", L""
AddResultItem(IdsGuest[i], pSceInfo->pTemplate->RestrictGuestAccess[i],
pBase->pTemplate->RestrictGuestAccess[i], ITEM_BOOL, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
}
break;
case POLICY_OTHER_ANALYSIS:
// L"Force logoff when logon hour expire", L""
AddResultItem(IDS_FORCE_LOGOFF, pSceInfo->pTemplate->ForceLogoffWhenHourExpire,
pBase->pTemplate->ForceLogoffWhenHourExpire, ITEM_BOOL, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Accounts: Administrator account status", L""
AddResultItem(IDS_ENABLE_ADMIN, pSceInfo->pTemplate->EnableAdminAccount,
pBase->pTemplate->EnableAdminAccount, ITEM_BOOL, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Accounts: Guest account status", L""
AddResultItem(IDS_ENABLE_GUEST, pSceInfo->pTemplate->EnableGuestAccount,
pBase->pTemplate->EnableGuestAccount, ITEM_BOOL, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Network access: Allow anonymous SID/Name translation"
AddResultItem(IDS_LSA_ANON_LOOKUP, pSceInfo->pTemplate->LSAAnonymousNameLookup,
pBase->pTemplate->LSAAnonymousNameLookup, ITEM_BOOL, 1, cookie, bVerify,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"New Administrator account name"
setting = (LONG_PTR)(pSceInfo->pTemplate->NewAdministratorName);
if ( !pBase->pTemplate->NewAdministratorName ) {
status = SCE_STATUS_NOT_CONFIGURED;
} else if ( pSceInfo->pTemplate->NewAdministratorName) {
status = SCE_STATUS_MISMATCH;
} else {
setting = (LONG_PTR)(pBase->pTemplate->NewAdministratorName);
status = SCE_STATUS_GOOD;
}
AddResultItem(IDS_NEW_ADMIN, setting,
(LONG_PTR)(LPCTSTR)pBase->pTemplate->NewAdministratorName,
ITEM_SZ, status, cookie,false,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"New Guest account name"
setting = (LONG_PTR)(pSceInfo->pTemplate->NewGuestName);
if ( !pBase->pTemplate->NewGuestName ) {
status = SCE_STATUS_NOT_CONFIGURED;
} else if ( pSceInfo->pTemplate->NewGuestName) {
status = SCE_STATUS_MISMATCH;
} else {
setting = (LONG_PTR)(pBase->pTemplate->NewGuestName);
status = SCE_STATUS_GOOD;
}
AddResultItem(IDS_NEW_GUEST, setting,
(LONG_PTR)(LPCTSTR)pBase->pTemplate->NewGuestName,
ITEM_SZ, status, cookie,false,
pBase, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
CreateAnalysisRegValueList(cookie, pSceInfo, pBase, pDataObj,ITEM_REGVALUE);
break;
}
}
void
CSnapin::CreateLocalPolicyResultList(MMC_COOKIE cookie,
FOLDER_TYPES type,
PEDITTEMPLATE pLocal,
PEDITTEMPLATE pEffective,
LPDATAOBJECT pDataObj )
{
if ( !pLocal || !pEffective ) {
AddResultItem(IDS_ERROR_NO_LOCAL_POLICY_INFO,NULL,NULL,ITEM_OTHER,-1,cookie);
return;
}
bool bVerify= false;
UINT i;
UINT IdsMax[]={IDS_SYS_LOG_MAX, IDS_SEC_LOG_MAX, IDS_APP_LOG_MAX};
UINT IdsRet[]={IDS_SYS_LOG_RET, IDS_SEC_LOG_RET, IDS_APP_LOG_RET};
UINT IdsDays[]={IDS_SYS_LOG_DAYS, IDS_SEC_LOG_DAYS, IDS_APP_LOG_DAYS};
UINT IdsGuest[]={IDS_SYS_LOG_GUEST, IDS_SEC_LOG_GUEST, IDS_APP_LOG_GUEST};
DWORD status;
LONG_PTR setting;
switch ( type ) {
case LOCALPOL_PASSWORD:
//
// password category
//
// L"Maximum passage age", L"Days"
AddResultItem(IDS_MAX_PAS_AGE,
pEffective->pTemplate->MaximumPasswordAge,
pLocal->pTemplate->MaximumPasswordAge,
ITEM_LOCALPOL_DW,
1,
cookie,
bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Minimum passage age", L"Days"
AddResultItem(IDS_MIN_PAS_AGE,
pEffective->pTemplate->MinimumPasswordAge,
pLocal->pTemplate->MinimumPasswordAge,
ITEM_LOCALPOL_DW,
1,
cookie,
bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Minimum passage length", L"Characters"
AddResultItem(IDS_MIN_PAS_LEN,
pEffective->pTemplate->MinimumPasswordLength,
pLocal->pTemplate->MinimumPasswordLength,
ITEM_LOCALPOL_DW,
1,
cookie,
bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Password history size", L"Passwords"
AddResultItem(IDS_PAS_UNIQUENESS,
pEffective->pTemplate->PasswordHistorySize,
pLocal->pTemplate->PasswordHistorySize,
ITEM_LOCALPOL_DW,
1,
cookie,
bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Password complexity", L""
AddResultItem(IDS_PAS_COMPLEX,
pEffective->pTemplate->PasswordComplexity,
pLocal->pTemplate->PasswordComplexity,
ITEM_LOCALPOL_BOOL,
1,
cookie,
bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Clear Text Password", L""
AddResultItem(IDS_CLEAR_PASSWORD,
pEffective->pTemplate->ClearTextPassword,
pLocal->pTemplate->ClearTextPassword,
ITEM_LOCALPOL_BOOL,
1,
cookie,
bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
#if defined(USE_REQ_LOGON_ITEM)
// L"Require logon to change password", L""
AddResultItem(IDS_REQ_LOGON,
pEffective->pTemplate->RequireLogonToChangePassword,
pLocal->pTemplate->RequireLogonToChangePassword,
ITEM_LOCALPOL_BOOL,
1,
cookie,
bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
#endif
break;
case LOCALPOL_KERBEROS:
if (!VerifyKerberosInfo(pLocal->pTemplate) ||
!VerifyKerberosInfo(pEffective->pTemplate)) {
AddResultItem(IDS_CANT_DISPLAY_ERROR_OOM,NULL,NULL,ITEM_OTHER,-1,cookie);
break;
}
AddResultItem(IDS_KERBEROS_MAX_SERVICE,
pEffective->pTemplate->pKerberosInfo->MaxServiceAge,
pLocal->pTemplate->pKerberosInfo->MaxServiceAge,
ITEM_LOCALPOL_DW,-1,cookie,bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
AddResultItem(IDS_KERBEROS_MAX_CLOCK,
pEffective->pTemplate->pKerberosInfo->MaxClockSkew,
pLocal->pTemplate->pKerberosInfo->MaxClockSkew,
ITEM_LOCALPOL_DW,-1,cookie,bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
AddResultItem(IDS_KERBEROS_VALIDATE_CLIENT,
pEffective->pTemplate->pKerberosInfo->TicketValidateClient,
pLocal->pTemplate->pKerberosInfo->TicketValidateClient,
ITEM_LOCALPOL_BOOL,-1,cookie,bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
AddResultItem(IDS_KERBEROS_RENEWAL,
pEffective->pTemplate->pKerberosInfo->MaxRenewAge,
pLocal->pTemplate->pKerberosInfo->MaxRenewAge,
ITEM_LOCALPOL_DW,-1,cookie,bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
AddResultItem(IDS_KERBEROS_MAX_AGE,
pEffective->pTemplate->pKerberosInfo->MaxTicketAge,
pLocal->pTemplate->pKerberosInfo->MaxTicketAge,
ITEM_LOCALPOL_DW,-1,cookie,bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
break;
case LOCALPOL_LOCKOUT:
//
// Account Lockout category
//
// L"Account lockout count", L"Attempts"
AddResultItem(IDS_LOCK_COUNT,
pEffective->pTemplate->LockoutBadCount,
pLocal->pTemplate->LockoutBadCount,ITEM_LOCALPOL_DW, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Reset lockout count after", L"Minutes"
AddResultItem(IDS_LOCK_RESET_COUNT,
pEffective->pTemplate->ResetLockoutCount,
pLocal->pTemplate->ResetLockoutCount,
ITEM_LOCALPOL_DW, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Lockout duration", L"Minutes"
AddResultItem(IDS_LOCK_DURATION,
pEffective->pTemplate->LockoutDuration,
pLocal->pTemplate->LockoutDuration,
ITEM_LOCALPOL_DW, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
break;
case LOCALPOL_AUDIT:
//
// Event auditing
//
// L"Event Auditing Mode",
// AddResultItem(IDS_EVENT_ON, pLocal->pTemplate->EventAuditingOnOff,
// pEffective->pTemplate->EventAuditingOnOff, ITEM_LOCALPOL_BON, 1, cookie, bVerify);
// L"Audit system events"
AddResultItem(IDS_SYSTEM_EVENT,
pEffective->pTemplate->AuditSystemEvents,
pLocal->pTemplate->AuditSystemEvents,
ITEM_LOCALPOL_B2ON, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit logon events"
AddResultItem(IDS_LOGON_EVENT,
pEffective->pTemplate->AuditLogonEvents,
pLocal->pTemplate->AuditLogonEvents,
ITEM_LOCALPOL_B2ON, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit Object Access"
AddResultItem(IDS_OBJECT_ACCESS,
pEffective->pTemplate->AuditObjectAccess,
pLocal->pTemplate->AuditObjectAccess,
ITEM_LOCALPOL_B2ON, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit Privilege Use"
AddResultItem(IDS_PRIVILEGE_USE,
pEffective->pTemplate->AuditPrivilegeUse,
pLocal->pTemplate->AuditPrivilegeUse,
ITEM_LOCALPOL_B2ON, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit policy change"
AddResultItem(IDS_POLICY_CHANGE,
pEffective->pTemplate->AuditPolicyChange,
pLocal->pTemplate->AuditPolicyChange,
ITEM_LOCALPOL_B2ON, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit Account Manage"
AddResultItem(IDS_ACCOUNT_MANAGE,
pEffective->pTemplate->AuditAccountManage,
pLocal->pTemplate->AuditAccountManage,
ITEM_LOCALPOL_B2ON, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit process tracking"
AddResultItem(IDS_PROCESS_TRACK,
pEffective->pTemplate->AuditProcessTracking,
pLocal->pTemplate->AuditProcessTracking,
ITEM_LOCALPOL_B2ON, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit directory access "
AddResultItem(IDS_DIRECTORY_ACCESS,
pEffective->pTemplate->AuditDSAccess,
pLocal->pTemplate->AuditDSAccess,
ITEM_LOCALPOL_B2ON, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Audit account logon"
AddResultItem(IDS_ACCOUNT_LOGON,
pEffective->pTemplate->AuditAccountLogon,
pLocal->pTemplate->AuditAccountLogon,
ITEM_LOCALPOL_B2ON, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
break;
case LOCALPOL_LOG:
//
// Event Log setting
//
for ( i=0; i<3; i++) {
// Maximum Log Size
AddResultItem(IdsMax[i],
pEffective->pTemplate->MaximumLogSize[i],
pLocal->pTemplate->MaximumLogSize[i],
ITEM_LOCALPOL_DW, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"... Log Retention Method",
AddResultItem(IdsRet[i],
pEffective->pTemplate->AuditLogRetentionPeriod[i],
pLocal->pTemplate->AuditLogRetentionPeriod[i],
ITEM_LOCALPOL_RET, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
if ( pLocal->pTemplate->AuditLogRetentionPeriod[i] == 1 ||
pEffective->pTemplate->AuditLogRetentionPeriod[i] == 1)
// L"... Log Retention days", "days"
AddResultItem(IdsDays[i],
pEffective->pTemplate->RetentionDays[i],
pLocal->pTemplate->RetentionDays[i],
ITEM_LOCALPOL_DW, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"RestrictGuestAccess", L""
AddResultItem(IdsGuest[i],
pEffective->pTemplate->RestrictGuestAccess[i],
pLocal->pTemplate->RestrictGuestAccess[i],
ITEM_LOCALPOL_BOOL, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
}
break;
case LOCALPOL_OTHER:
// L"Force logoff when logon hour expire", L""
AddResultItem(IDS_FORCE_LOGOFF,
pEffective->pTemplate->ForceLogoffWhenHourExpire,
pLocal->pTemplate->ForceLogoffWhenHourExpire,
ITEM_LOCALPOL_BOOL, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Accounts: Administrator account status", L""
AddResultItem(IDS_ENABLE_ADMIN,
pEffective->pTemplate->EnableAdminAccount,
pLocal->pTemplate->EnableAdminAccount,
ITEM_LOCALPOL_BOOL, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Accounts: Guest account status", L""
AddResultItem(IDS_ENABLE_GUEST,
pEffective->pTemplate->EnableGuestAccount,
pLocal->pTemplate->EnableGuestAccount,
ITEM_LOCALPOL_BOOL, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"Network access: Allow anonymous SID/Name translation"
AddResultItem(IDS_LSA_ANON_LOOKUP,
pEffective->pTemplate->LSAAnonymousNameLookup,
pLocal->pTemplate->LSAAnonymousNameLookup,
ITEM_LOCALPOL_BOOL, 1, cookie, bVerify,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"New Administrator account name"
setting = (LONG_PTR)(pEffective->pTemplate->NewAdministratorName);
if ( !pLocal->pTemplate->NewAdministratorName ) {
status = SCE_STATUS_NOT_CONFIGURED;
} else if ( pEffective->pTemplate->NewAdministratorName) {
status = SCE_STATUS_MISMATCH;
} else {
setting = (LONG_PTR)(pEffective->pTemplate->NewAdministratorName);
status = SCE_STATUS_GOOD;
}
AddResultItem(IDS_NEW_ADMIN, setting,
(LONG_PTR)(LPCTSTR)pLocal->pTemplate->NewAdministratorName,
ITEM_LOCALPOL_SZ, status, cookie,false,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
// L"New Guest account name"
setting = (LONG_PTR)(pEffective->pTemplate->NewGuestName);
if ( !pLocal->pTemplate->NewGuestName ) {
status = SCE_STATUS_NOT_CONFIGURED;
} else if ( pEffective->pTemplate->NewGuestName) {
status = SCE_STATUS_MISMATCH;
} else {
setting = (LONG_PTR)(pEffective->pTemplate->NewGuestName);
status = SCE_STATUS_GOOD;
}
AddResultItem(IDS_NEW_GUEST, setting,
(LONG_PTR)(LPCTSTR)pLocal->pTemplate->NewGuestName,
ITEM_LOCALPOL_SZ, status, cookie,false,
pLocal, //The template to save this attribute in
pDataObj); //The data object for the scope note who owns the result pane
CreateAnalysisRegValueList(cookie, pEffective, pLocal, pDataObj,ITEM_LOCALPOL_REGVALUE);
break;
case LOCALPOL_PRIVILEGE: {
// find in the current setting list
CString strDisp;
TCHAR szPriv[255];
TCHAR szDisp[255];
DWORD cbDisp;
DWORD dwMatch;
PSCE_PRIVILEGE_ASSIGNMENT pPrivLocal;
PSCE_PRIVILEGE_ASSIGNMENT pPrivEffective;
for ( i=0; i<cPrivCnt; i++ ) { //Raid #prefast
cbDisp = 255;
if ( SCESTATUS_SUCCESS == SceLookupPrivRightName(i,szPriv, (PINT)&cbDisp) ) {
// find the local setting
for (pPrivLocal=pLocal->pTemplate->OtherInfo.sap.pPrivilegeAssignedTo;
pPrivLocal!=NULL;
pPrivLocal=pPrivLocal->Next) {
if ( _wcsicmp(szPriv, pPrivLocal->Name) == 0 ) {
break;
}
}
// find the effective setting
for (pPrivEffective=pEffective->pTemplate->OtherInfo.smp.pPrivilegeAssignedTo;
pPrivEffective!=NULL;
pPrivEffective=pPrivEffective->Next) {
if ( _wcsicmp(szPriv, pPrivEffective->Name) == 0 ) {
break;
}
}
cbDisp = 255;
GetRightDisplayName(NULL,(LPCTSTR)szPriv,szDisp,&cbDisp);
LONG itemid = GetUserRightAssignmentItemID(szPriv);
//
// Status field is not loaded for local policy mode, except for not configured
//
dwMatch = CEditTemplate::ComputeStatus( pPrivLocal, pPrivEffective );
CResult *pResult = AddResultItem(szDisp, // The name of the attribute being added
(LONG_PTR)pPrivEffective, // The local policy setting of the attribute
(LONG_PTR)pPrivLocal, // The effective policy setting of the attribute
ITEM_LOCALPOL_PRIVS, // The type of of the attribute's data
dwMatch, // The mismatch status of the attribute
cookie, // The cookie for the result item pane
FALSE, // True if the setting is set only if it differs from base (so copy the data)
szPriv, // The units the attribute is set in
0, // An id to let us know where to save this attribute
pLocal, // The template to save this attribute in
pDataObj, // The data object for the scope note who owns the result pane
NULL,
itemid); // Assign an ID to this item
}
}
break;
}
}
}
//+--------------------------------------------------------------------------
//
// Method: TransferAnalysisName
//
// Synopsis: Copy a name data from the last inspection information to the
// computer template
//
// Arguments: [dwItem] - The id of the item to copy
//
// Returns: none
//
//---------------------------------------------------------------------------
void
CSnapin::TransferAnalysisName(LONG_PTR dwItem)
{
PEDITTEMPLATE pet;
PSCE_PROFILE_INFO pProfileInfo;
PSCE_PROFILE_INFO pBaseInfo;
pet = GetTemplate(GT_LAST_INSPECTION,AREA_SECURITY_POLICY);
if (!pet) {
return;
}
pProfileInfo = pet->pTemplate;
pet = GetTemplate(GT_COMPUTER_TEMPLATE,AREA_SECURITY_POLICY);
if (!pet) {
return;
}
pBaseInfo = pet->pTemplate;
switch ( dwItem ) {
case IDS_NEW_GUEST:
if ( pProfileInfo->NewGuestName ) {
LocalFree(pProfileInfo->NewGuestName);
}
pProfileInfo->NewGuestName = pBaseInfo->NewGuestName;
pBaseInfo->NewGuestName = NULL;
break;
case IDS_NEW_ADMIN:
if ( pProfileInfo->NewAdministratorName ) {
LocalFree(pProfileInfo->NewAdministratorName);
}
pProfileInfo->NewAdministratorName = pBaseInfo->NewAdministratorName;
pBaseInfo->NewAdministratorName = NULL;
break;
}
}