Write package
This commit is contained in:
parent
d1e7b9f655
commit
b05454796a
|
@ -1,13 +1,13 @@
|
|||
package : fws-lock-policy
|
||||
version : 1
|
||||
version : 9
|
||||
architecture : all
|
||||
section : base
|
||||
priority :
|
||||
maintainer : Daniel Berteaud
|
||||
description : Screen locking policy
|
||||
depends :
|
||||
conflicts :
|
||||
maturity : DEV
|
||||
conflicts : fws-disable-sleepmode
|
||||
maturity : PROD
|
||||
locale : all
|
||||
target_os : windows
|
||||
min_os_version : 5.0
|
||||
|
@ -29,4 +29,4 @@ package_uuid :
|
|||
signer : Daniel Berteaud
|
||||
signer_fingerprint:
|
||||
signature_date :
|
||||
signed_attributes :
|
||||
signed_attributes :
|
47
setup.py
47
setup.py
|
@ -2,9 +2,56 @@
|
|||
from setuphelpers import *
|
||||
|
||||
uninstallkey = []
|
||||
variables = {
|
||||
'screen_lock_enabled': True,
|
||||
'screen_lock_timeout': 900
|
||||
}
|
||||
|
||||
# Read local variables file if available
|
||||
if isfile(makepath(programfiles32,'wapt','private','symetric.txt')) and isfile(makepath(programfiles32,'wapt','private','variables.txt')):
|
||||
print('Reading local encrypted variables file')
|
||||
from cryptography.fernet import Fernet
|
||||
import yaml
|
||||
f = Fernet(open(makepath(programfiles32,'wapt','private','symetric.txt'),'r').read())
|
||||
variables.update(yaml.safe_load(f.decrypt(open(makepath(programfiles32,'wapt','private','variables.txt'),'r').read())))
|
||||
|
||||
def install():
|
||||
print('Configuring screen locking policy')
|
||||
if variables['screen_lock_enabled'] == True:
|
||||
registry_setstring(HKEY_LOCAL_MACHINE, r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E', 'ACSettingIndex', variables['screen_lock_timeout'], REG_DWORD)
|
||||
registry_setstring(HKEY_LOCAL_MACHINE, r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E', 'DCSettingIndex', variables['screen_lock_timeout'], REG_DWORD)
|
||||
registry_setstring(HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', 'NoDispScrSavPage', 1, REG_DWORD)
|
||||
else:
|
||||
for setting in ['ACSettingIndex','DCSettingIndex']:
|
||||
registry_delete(HKEY_LOCAL_MACHINE, r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\381b4222-f694-41f0-9685-ff5bb260df2e', setting)
|
||||
registry_delete(HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', 'NoDispScrSavPage')
|
||||
|
||||
def session_setup():
|
||||
# For Windows 10, ACSettingIndex / DCSettingIndex is enough. But on previous version, screen locking is controlled by the screen saver
|
||||
if variables['screen_lock_enabled'] == True:
|
||||
registry_setstring(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'ScreenSaveIsSecure', '1', REG_SZ)
|
||||
registry_setstring(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'ScreenSaveActive', '1', REG_SZ)
|
||||
registry_setstring(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'ScreenSaveTimeOut', str(variables['screen_lock_timeout']), REG_SZ)
|
||||
registry_setstring(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'SCRNSAVE.EXE', r'C:\Windows\system32\scrnsave.scr', REG_SZ)
|
||||
else:
|
||||
registry_delete(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'ScreenSaveIsSecure')
|
||||
registry_delete(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'ScreenSaveActive')
|
||||
registry_delete(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'ScreenSaveTimeOut')
|
||||
registry_delete(HKEY_CURRENT_USER, r'Control Panel\Desktop', 'SCRNSAVE.EXE')
|
||||
|
||||
def uninstall():
|
||||
print('Removing screen locking policy')
|
||||
for setting in ['ACSettingIndex','DCSettingIndex']:
|
||||
registry_delete(HKEY_LOCAL_MACHINE, r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\381b4222-f694-41f0-9685-ff5bb260df2e', setting)
|
||||
registry_delete(HKEY_LOCAL_MACHINE, r'SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System', 'NoDispScrSavPage')
|
||||
|
||||
def audit():
|
||||
for setting in ['ACSettingIndex','DCSettingIndex']:
|
||||
if not registry_readstring(HKEY_LOCAL_MACHINE,r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\381b4222-f694-41f0-9685-ff5bb260df2e\%s' % setting):
|
||||
print(r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\381b4222-f694-41f0-9685-ff5bb260df2e\%s does not exist' % setting)
|
||||
return "ERROR"
|
||||
value = registry_readstring(HKEY_LOCAL_MACHINE,r'SOFTWARE\Policies\Microsoft\Power\PowerSettings\381b4222-f694-41f0-9685-ff5bb260df2e\%s' % setting)
|
||||
if value != variables['screen_lock_timeout'] :
|
||||
print("Screen lock timeout is not %, it's % instead" % (variables['screen_lock_timeout'], value) )
|
||||
return "WARNING"
|
||||
|
||||
|
|
Loading…
Reference in New Issue