Menu
Home
Products
  WmiSet Components
    Release History
    TWmiQuery
    TWmiProcessControl
    TWmiOs
    TWmiRegistry
    TWmiConnection
    TWmiStorageInfo
    TWmiDiskQuotaControl
    TWmiSystemEvents
    TWmiMethod
    TWmiPerformanceMonitor
  NTSet components
  "How to" zone
Download
  Shareware
  Full version
  Archive
Register
  NTSet
  WmiSet
Contact us
Advanced search
Site map

Quick search

Advanced search

New version notify
e-mail address: Subscribe Unsubscribe
Privacy statement
TNTGroupPolicy component
TNTGroupPolicy is a part of NTSet Component Collection for Delphi, C++Builder. It manages Group Policy objects on local or network computers, as well as in Active Directory. The component provides the following capabilities:
  • Open a Group Policy on a local or remote computer, or in Active Directory;
  • Open a Group Policy in read-write or read-only mode;
  • Read *.adm template files to find the defined registry policies;
  • List available registry policy settings;
  • Disable parts of group policy objects: user- or computer-related settings;
  • Set the status of a registry based policy to "Enabled", "Disabled", or "Not configured";
  • Modify values of policy's parts;
  • Rename Group policy objects;
  • Save the modified policies;
  • Fire events when local computer detects changes in the group policy;
  • Create new Group Policy objects in Active Directory;
  • Delete existing Group Policy objects in Active Directory;
  • Link Group Policy objects to domains, sites, or organizations units;
  • Modify properties of GPO links;
The component relies on Windows API interface IGroupPolicyObject to perform its functions. The following examples demonstrate how to programmatically manipulate Group Policy objects.
Code Example #1: How to modify simple policy for local computer
This example modifies the policy on a local computer. It prevents a user from modifying the Internet connections properties by hiding the "Connections" page in the "Internet Options" property dialog. This is a command line utility that expects one parameter: "Enabled" or "Disabled". If parameter is not provided, the status of the policy will be set to "Not configured". 
program group_policy_internet_connections;

{$APPTYPE CONSOLE}

uses
  SysUtils, NTGroupPolicy, AdmFileObjects;

var
  GroupPolicy: TNTGroupPolicy;
  vParam: string;
begin
  GroupPolicy := TNTGroupPolicy.Create(nil);
  try
    GroupPolicy.Active := true;
    vParam := LowerCase(ParamStr(1));

    with GroupPolicy.RegistryPolicy do
    begin
      Section := secUser;
      PolicyName := 'Disable the Connections Page';
      if vParam = 'enabled' then Status := psEnabled
      else if vParam = 'disabled' then Status := psDisabled
      else Status := psNotConfigured;
    end;

    GroupPolicy.Save(secUser);
  finally
    GroupPolicy.Free;
  end;
end.
Code Example #2: How to modify policy with parts for remote computer.
This command line program connects to a remote computer and configures it to prevent a user from running certain programs. The first command line parameter must be a NetBIOS name of the destination computer, preceded with \\. The rest of the parameters are the names of prohibited programs. 
program group_policy_do_not_run;

{$APPTYPE CONSOLE}

uses
  Classes, SysUtils, NTGroupPolicy, AdmFileObjects;

var
  GroupPolicy: TNTGroupPolicy;
  vPart: TNTListboxPart;
  vPrograms: TStrings;
  i: integer;
begin
  if ParamCount < 2 then
  begin
    write('Usage: group_policy_do_not_run <\\computer> ');
    writeln('...');
    Exit;
  end;

  vPrograms := TStringList.Create;
  GroupPolicy := TNTGroupPolicy.Create(nil);
  try
    GroupPolicy.GpoPath := ParamStr(1);
    GroupPolicy.Active := true;
    for i := 2 to ParamCount do vPrograms.Add(ParamStr(i));

    with GroupPolicy.RegistryPolicy do
    begin
      PolicyName := 'Don''t run specified Windows applications';
      vPart := Parts[0] as TNTListboxPart;
      vPart.Value := vPrograms;
      Status := psEnabled;
    end;    
  finally
    GroupPolicy.Free;
    vPrograms.Free;
  end;
end.
Code Example #3: How to enumerate GPO links in Active Directory.
This command line program finds the specified Group Policy object in Active Directory, then prints out all the domains, sites, and organizational units that the GPO is linked to. Name of the GPO must be given as a command line parameter. 
program group_policy_list_links;

{$APPTYPE CONSOLE}

uses
  SysUtils, NTGroupPolicy, Classes;

var
  GroupPolicy: TNTGroupPolicy;
  vGpoPaths, vGpoNames: TStrings;
  i: integer;
begin
  GroupPolicy := TNTGroupPolicy.Create(nil);
  vGpoPaths   := TStringList.Create;
  vGpoNames   := TStringList.Create;
  try
    GroupPolicy.ListDsGPOs(vGpoPaths, vGpoNames);

    if ParamCount = 0 then
    begin
      writeln('Usage: group_policy_list_links ');
      writeln;
      writeln('Available policies');
      for i := 0 to vGpoNames.Count - 1 do writeln(vGpoNames[i]);
      Exit;
    end;

    i := vGpoNames.IndexOf(ParamStr(1));
    if i = -1 then
    begin
      writeln('Cannot find group policy '+ ParamStr(1));
    end else
    begin
      GroupPolicy.GpoPath := 'LDAP://' + vGpoPaths[i];
      GroupPolicy.ReadOnly := true;
      GroupPolicy.Active := true;
      for i:= 0 to GroupPolicy.GpoLinks.Count - 1 do
        writeln(GroupPolicy.GpoLinks[i].DisplayName);
    end;
  finally
    GroupPolicy.Free;
    vGpoPaths.Free;
    vGpoNames.Free;
  end;
end.
More examples.
NTSet component collection comes with an example that mimics the behavior of "Group Policy Editor" snap-in for Microsoft Management Console (MMC). Look in the examples\..\GroupPolicy directory.