mirror of
https://github.com/microsoft/PowerToys.git
synced 2025-12-16 11:48:06 +01:00
[GPO][MWB]Add policy to disable service mode (#37366)
* [MWB]Add policy to disable service mode * Add restart note * Tweak settings to disable setting * Tweak infobars * Policy should be machine only
This commit is contained in:
Jaime Bernardo
@@ -200,6 +200,10 @@ namespace winrt::PowerToys::GPOWrapper::implementation
|
||||
{
|
||||
return static_cast<GpoRuleConfigured>(powertoys_gpo::getConfiguredMwbDisallowBlockingScreensaverValue());
|
||||
}
|
||||
GpoRuleConfigured GPOWrapper::GetConfiguredMwbAllowServiceModeValue()
|
||||
{
|
||||
return static_cast<GpoRuleConfigured>(powertoys_gpo::getConfiguredMwbAllowServiceModeValue());
|
||||
}
|
||||
GpoRuleConfigured GPOWrapper::GetConfiguredMwbSameSubnetOnlyValue()
|
||||
{
|
||||
return static_cast<GpoRuleConfigured>(powertoys_gpo::getConfiguredMwbSameSubnetOnlyValue());
|
||||
|
||||
@@ -56,6 +56,7 @@ namespace winrt::PowerToys::GPOWrapper::implementation
|
||||
static GpoRuleConfigured GetConfiguredMwbFileTransferEnabledValue();
|
||||
static GpoRuleConfigured GetConfiguredMwbUseOriginalUserInterfaceValue();
|
||||
static GpoRuleConfigured GetConfiguredMwbDisallowBlockingScreensaverValue();
|
||||
static GpoRuleConfigured GetConfiguredMwbAllowServiceModeValue();
|
||||
static GpoRuleConfigured GetConfiguredMwbSameSubnetOnlyValue();
|
||||
static GpoRuleConfigured GetConfiguredMwbValidateRemoteIpValue();
|
||||
static GpoRuleConfigured GetConfiguredMwbDisableUserDefinedIpMappingRulesValue();
|
||||
|
||||
@@ -60,6 +60,7 @@ namespace PowerToys
|
||||
static GpoRuleConfigured GetConfiguredMwbFileTransferEnabledValue();
|
||||
static GpoRuleConfigured GetConfiguredMwbUseOriginalUserInterfaceValue();
|
||||
static GpoRuleConfigured GetConfiguredMwbDisallowBlockingScreensaverValue();
|
||||
static GpoRuleConfigured GetConfiguredMwbAllowServiceModeValue();
|
||||
static GpoRuleConfigured GetConfiguredMwbSameSubnetOnlyValue();
|
||||
static GpoRuleConfigured GetConfiguredMwbValidateRemoteIpValue();
|
||||
static GpoRuleConfigured GetConfiguredMwbDisableUserDefinedIpMappingRulesValue();
|
||||
|
||||
@@ -79,6 +79,7 @@ namespace powertoys_gpo {
|
||||
const std::wstring POLICY_MWB_FILE_TRANSFER_ENABLED = L"MwbFileTransferEnabled";
|
||||
const std::wstring POLICY_MWB_USE_ORIGINAL_USER_INTERFACE = L"MwbUseOriginalUserInterface";
|
||||
const std::wstring POLICY_MWB_DISALLOW_BLOCKING_SCREENSAVER = L"MwbDisallowBlockingScreensaver";
|
||||
const std::wstring POLICY_MWB_ALLOW_SERVICE_MODE = L"MwbAllowServiceMode";
|
||||
const std::wstring POLICY_MWB_SAME_SUBNET_ONLY = L"MwbSameSubnetOnly";
|
||||
const std::wstring POLICY_MWB_VALIDATE_REMOTE_IP = L"MwbValidateRemoteIp";
|
||||
const std::wstring POLICY_MWB_DISABLE_USER_DEFINED_IP_MAPPING_RULES = L"MwbDisableUserDefinedIpMappingRules";
|
||||
@@ -558,6 +559,11 @@ namespace powertoys_gpo {
|
||||
return getConfiguredValue(POLICY_MWB_DISALLOW_BLOCKING_SCREENSAVER);
|
||||
}
|
||||
|
||||
inline gpo_rule_configured_t getConfiguredMwbAllowServiceModeValue()
|
||||
{
|
||||
return getConfiguredValue(POLICY_MWB_ALLOW_SERVICE_MODE);
|
||||
}
|
||||
|
||||
inline gpo_rule_configured_t getConfiguredMwbSameSubnetOnlyValue()
|
||||
{
|
||||
return getConfiguredValue(POLICY_MWB_SAME_SUBNET_ONLY);
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Copyright (c) Microsoft Corporation.
|
||||
Licensed under the MIT License. -->
|
||||
<policyDefinitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.15" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
|
||||
<policyDefinitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.16" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
|
||||
<policyNamespaces>
|
||||
<target prefix="powertoys" namespace="Microsoft.Policies.PowerToys" />
|
||||
</policyNamespaces>
|
||||
<resources minRequiredRevision="1.15"/><!-- Last changed with PowerToys v0.88.0 -->
|
||||
<resources minRequiredRevision="1.16"/><!-- Last changed with PowerToys v0.89.0 -->
|
||||
<supportedOn>
|
||||
<definitions>
|
||||
<definition name="SUPPORTED_POWERTOYS_0_64_0" displayName="$(string.SUPPORTED_POWERTOYS_0_64_0)"/>
|
||||
@@ -24,6 +24,7 @@
|
||||
<definition name="SUPPORTED_POWERTOYS_0_85_0" displayName="$(string.SUPPORTED_POWERTOYS_0_85_0)"/>
|
||||
<definition name="SUPPORTED_POWERTOYS_0_86_0" displayName="$(string.SUPPORTED_POWERTOYS_0_86_0)"/>
|
||||
<definition name="SUPPORTED_POWERTOYS_0_88_0" displayName="$(string.SUPPORTED_POWERTOYS_0_88_0)"/>
|
||||
<definition name="SUPPORTED_POWERTOYS_0_89_0" displayName="$(string.SUPPORTED_POWERTOYS_0_89_0)"/>
|
||||
<definition name="SUPPORTED_POWERTOYS_0_64_0_TO_0_87_1" displayName="$(string.SUPPORTED_POWERTOYS_0_64_0_TO_0_87_1)"/>
|
||||
</definitions>
|
||||
</supportedOn>
|
||||
@@ -602,6 +603,16 @@
|
||||
<decimal value="0" />
|
||||
</disabledValue>
|
||||
</policy>
|
||||
<policy name="MwbAllowServiceMode" class="Machine" displayName="$(string.MwbAllowServiceMode)" explainText="$(string.MwbAllowServiceModeDescription)" key="Software\Policies\PowerToys" valueName="MwbAllowServiceMode">
|
||||
<parentCategory ref="MouseWithoutBorders" />
|
||||
<supportedOn ref="SUPPORTED_POWERTOYS_0_89_0" />
|
||||
<enabledValue>
|
||||
<decimal value="1" />
|
||||
</enabledValue>
|
||||
<disabledValue>
|
||||
<decimal value="0" />
|
||||
</disabledValue>
|
||||
</policy>
|
||||
<policy name="MwbSameSubnetOnly" class="Both" displayName="$(string.MwbSameSubnetOnly)" explainText="$(string.MwbSameSubnetOnlyDescription)" key="Software\Policies\PowerToys" valueName="MwbSameSubnetOnly">
|
||||
<parentCategory ref="MouseWithoutBorders" />
|
||||
<supportedOn ref="SUPPORTED_POWERTOYS_0_83_0" />
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- Copyright (c) Microsoft Corporation.
|
||||
Licensed under the MIT License. -->
|
||||
<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.15" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
|
||||
<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" revision="1.16" schemaVersion="1.0" xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
|
||||
<displayName>PowerToys</displayName>
|
||||
<description>PowerToys</description>
|
||||
<resources>
|
||||
@@ -31,6 +31,7 @@
|
||||
<string id="SUPPORTED_POWERTOYS_0_85_0">PowerToys version 0.85.0 or later</string>
|
||||
<string id="SUPPORTED_POWERTOYS_0_86_0">PowerToys version 0.86.0 or later</string>
|
||||
<string id="SUPPORTED_POWERTOYS_0_88_0">PowerToys version 0.88.0 or later</string>
|
||||
<string id="SUPPORTED_POWERTOYS_0_89_0">PowerToys version 0.89.0 or later</string>
|
||||
<string id="SUPPORTED_POWERTOYS_0_64_0_TO_0_87_1">From PowerToys version 0.64.0 until PowerToys version 0.87.1</string>
|
||||
|
||||
<string id="ConfigureAllUtilityGlobalEnabledStateDescription">This policy configures the enabled state for all PowerToys utilities.
|
||||
@@ -169,7 +170,14 @@ If you enable this policy, the user won't be able to enable the "block screensav
|
||||
|
||||
If you disable or don't configure this policy, the user takes control over the setting and can block the screensaver.
|
||||
</string>
|
||||
<string id="MwbAllowServiceModeDescription">This policy configures if the user is allowed to use Mouse Without Borders in Service Mode.
|
||||
|
||||
If this setting is enabled or not configured, the user can enable and use Mouse Without Borders in Service Mode.
|
||||
|
||||
If this setting is disabled, the user won't be able to enable or use Mouse Without Borders in Service Mode.
|
||||
|
||||
Note: As most other PowerToys policies, a restart of PowerToys is required for a change in this policy to take full effect.
|
||||
</string>
|
||||
<string id="MwbSameSubnetOnlyDescription">This policy configures if connections are only allowed in the same subnet.
|
||||
|
||||
If you enable this policy, the setting is enabled and only connections in the same subnet are allowed.
|
||||
@@ -264,6 +272,7 @@ If you don't configure this policy, the user takes control over the setting and
|
||||
<string id="MwbFileTransferEnabled">File transfer enabled</string>
|
||||
<string id="MwbUseOriginalUserInterface">Original user interface is available</string>
|
||||
<string id="MwbDisallowBlockingScreensaver">Disallow blocking screensaver on other machines</string>
|
||||
<string id="MwbAllowServiceMode">Allow Service Mode</string>
|
||||
<string id="MwbSameSubnetOnly">Connect only in same subnet</string>
|
||||
<string id="MwbValidateRemoteIp">Validate remote machine IP Address</string>
|
||||
<string id="MwbDisableUserDefinedIpMappingRules">Disable user defined IP Address mapping rules</string>
|
||||
|
||||
@@ -92,6 +92,17 @@ namespace MouseWithoutBorders.Class
|
||||
|
||||
bool serviceMode = firstArg == ServiceModeArg;
|
||||
|
||||
if (PowerToys.GPOWrapper.GPOWrapper.GetConfiguredMwbAllowServiceModeValue() == PowerToys.GPOWrapper.GpoRuleConfigured.Disabled)
|
||||
{
|
||||
if (runningAsSystem)
|
||||
{
|
||||
Logger.Log("Can't run as a service. It's not allowed according to GPO policy. Please contact your systems administrator.");
|
||||
return;
|
||||
}
|
||||
|
||||
serviceMode = false;
|
||||
}
|
||||
|
||||
// If we're started from the .dll module or from the service process, we should
|
||||
// assume the service mode.
|
||||
if (serviceMode && !runningAsSystem)
|
||||
|
||||
@@ -1090,6 +1090,11 @@ namespace MouseWithoutBorders.Class
|
||||
{
|
||||
get
|
||||
{
|
||||
if (GPOWrapper.GetConfiguredMwbAllowServiceModeValue() == GpoRuleConfigured.Disabled)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
lock (_loadingSettingsLock)
|
||||
{
|
||||
return _properties.UseService;
|
||||
@@ -1098,6 +1103,11 @@ namespace MouseWithoutBorders.Class
|
||||
|
||||
set
|
||||
{
|
||||
if (AllowServiceModeIsGpoConfigured)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
lock (_loadingSettingsLock)
|
||||
{
|
||||
_properties.UseService = value;
|
||||
@@ -1109,6 +1119,10 @@ namespace MouseWithoutBorders.Class
|
||||
}
|
||||
}
|
||||
|
||||
[CmdConfigureIgnore]
|
||||
[JsonIgnore]
|
||||
internal bool AllowServiceModeIsGpoConfigured => GPOWrapper.GetConfiguredMwbAllowServiceModeValue() == GpoRuleConfigured.Disabled;
|
||||
|
||||
// Note(@htcfreek): Settings UI CheckBox is disabled in frmMatrix.cs > FrmMatrix_Load()
|
||||
internal bool SendErrorLogV2
|
||||
{
|
||||
|
||||
@@ -28,7 +28,8 @@ namespace MouseWithoutBordersService
|
||||
[STAThread]
|
||||
private static void Main()
|
||||
{
|
||||
if (PowerToys.GPOWrapper.GPOWrapper.GetConfiguredMouseWithoutBordersEnabledValue() == PowerToys.GPOWrapper.GpoRuleConfigured.Disabled)
|
||||
if (PowerToys.GPOWrapper.GPOWrapper.GetConfiguredMouseWithoutBordersEnabledValue() == PowerToys.GPOWrapper.GpoRuleConfigured.Disabled
|
||||
|| PowerToys.GPOWrapper.GPOWrapper.GetConfiguredMwbAllowServiceModeValue() == PowerToys.GPOWrapper.GpoRuleConfigured.Disabled )
|
||||
{
|
||||
// TODO: Add logging.
|
||||
// Logger.LogWarning("Tried to start with a GPO policy setting the utility to always be disabled. Please contact your systems administrator.");
|
||||
|
||||
@@ -363,7 +363,11 @@ private:
|
||||
|
||||
void update_state_from_settings(const PowerToysSettings::PowerToyValues& values)
|
||||
{
|
||||
const bool new_run_in_service_mode = values.get_bool_value(USE_SERVICE_PROPERTY_NAME).value_or(false);
|
||||
bool new_run_in_service_mode = values.get_bool_value(USE_SERVICE_PROPERTY_NAME).value_or(false);
|
||||
if (powertoys_gpo::getConfiguredMwbAllowServiceModeValue() == powertoys_gpo::gpo_rule_configured_disabled)
|
||||
{
|
||||
new_run_in_service_mode = false;
|
||||
}
|
||||
|
||||
if (new_run_in_service_mode != run_in_service_mode)
|
||||
{
|
||||
|
||||
@@ -186,12 +186,19 @@
|
||||
</tkcontrols:SettingsCard>
|
||||
</controls:SettingsGroup>
|
||||
<controls:SettingsGroup x:Uid="MouseWithoutBorders_ServiceSettings" IsEnabled="{x:Bind ViewModel.CanToggleUseService, Mode=OneWay}">
|
||||
<tkcontrols:SettingsCard x:Uid="MouseWithoutBorders_UseService">
|
||||
<ToggleSwitch
|
||||
x:Uid="MouseWithoutBorders_UseService_ToggleSwitch"
|
||||
IsEnabled="{x:Bind ViewModel.IsEnabled, Mode=OneWay}"
|
||||
IsOn="{x:Bind ViewModel.UseService, Mode=TwoWay}" />
|
||||
<tkcontrols:SettingsCard x:Uid="MouseWithoutBorders_UseService" IsEnabled="{x:Bind ViewModel.UseServiceSettingIsEnabled, Mode=OneWay}">
|
||||
<ToggleSwitch x:Uid="MouseWithoutBorders_UseService_ToggleSwitch" IsOn="{x:Bind ViewModel.UseService, Mode=TwoWay}" />
|
||||
</tkcontrols:SettingsCard>
|
||||
<InfoBar
|
||||
x:Uid="GPO_SettingIsManaged"
|
||||
IsClosable="False"
|
||||
IsOpen="{x:Bind ViewModel.ShowPolicyConfiguredInfoForServiceSettings, Mode=OneWay}"
|
||||
IsTabStop="{x:Bind ViewModel.ShowPolicyConfiguredInfoForServiceSettings, Mode=OneWay}"
|
||||
Severity="Informational">
|
||||
<InfoBar.IconSource>
|
||||
<FontIconSource FontFamily="{StaticResource SymbolThemeFontFamily}" Glyph="" />
|
||||
</InfoBar.IconSource>
|
||||
</InfoBar>
|
||||
<InfoBar
|
||||
x:Uid="MouseWithoutBorders_RunAsAdminText"
|
||||
IsClosable="False"
|
||||
|
||||
@@ -93,10 +93,23 @@ namespace Microsoft.PowerToys.Settings.UI.ViewModels
|
||||
|
||||
public bool UseService
|
||||
{
|
||||
get => Settings.Properties.UseService;
|
||||
get
|
||||
{
|
||||
if (_allowServiceModeGpoConfiguration == GpoRuleConfigured.Disabled)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return Settings.Properties.UseService;
|
||||
}
|
||||
|
||||
set
|
||||
{
|
||||
if (_allowServiceModeIsGPOConfigured)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
var valueChanged = Settings.Properties.UseService != value;
|
||||
|
||||
// Set the UI property itself instantly
|
||||
@@ -122,6 +135,8 @@ namespace Microsoft.PowerToys.Settings.UI.ViewModels
|
||||
}
|
||||
}
|
||||
|
||||
public bool UseServiceSettingIsEnabled => _allowServiceModeIsGPOConfigured == false;
|
||||
|
||||
public bool ConnectFieldsVisible
|
||||
{
|
||||
get => _connectFieldsVisible;
|
||||
@@ -185,6 +200,8 @@ namespace Microsoft.PowerToys.Settings.UI.ViewModels
|
||||
private bool _useOriginalUserInterfaceIsGPOConfigured;
|
||||
private GpoRuleConfigured _disallowBlockingScreensaverGpoConfiguration;
|
||||
private bool _disallowBlockingScreensaverIsGPOConfigured;
|
||||
private GpoRuleConfigured _allowServiceModeGpoConfiguration;
|
||||
private bool _allowServiceModeIsGPOConfigured;
|
||||
private GpoRuleConfigured _sameSubnetOnlyGpoConfiguration;
|
||||
private bool _sameSubnetOnlyIsGPOConfigured;
|
||||
private GpoRuleConfigured _validateRemoteIpGpoConfiguration;
|
||||
@@ -507,6 +524,8 @@ namespace Microsoft.PowerToys.Settings.UI.ViewModels
|
||||
_disableUserDefinedIpMappingRulesIsGPOConfigured = _disableUserDefinedIpMappingRulesGpoConfiguration == GpoRuleConfigured.Enabled;
|
||||
|
||||
// Policies supporting only disabled state
|
||||
_allowServiceModeGpoConfiguration = GPOWrapper.GetConfiguredMwbAllowServiceModeValue();
|
||||
_allowServiceModeIsGPOConfigured = _allowServiceModeGpoConfiguration == GpoRuleConfigured.Disabled;
|
||||
_clipboardSharingEnabledGpoConfiguration = GPOWrapper.GetConfiguredMwbClipboardSharingEnabledValue();
|
||||
_clipboardSharingEnabledIsGPOConfigured = _clipboardSharingEnabledGpoConfiguration == GpoRuleConfigured.Disabled;
|
||||
_fileTransferEnabledGpoConfiguration = GPOWrapper.GetConfiguredMwbFileTransferEnabledValue();
|
||||
@@ -1231,6 +1250,14 @@ namespace Microsoft.PowerToys.Settings.UI.ViewModels
|
||||
SendCustomAction("uninstall_service");
|
||||
}
|
||||
|
||||
public bool ShowPolicyConfiguredInfoForServiceSettings
|
||||
{
|
||||
get
|
||||
{
|
||||
return IsEnabled && _allowServiceModeIsGPOConfigured;
|
||||
}
|
||||
}
|
||||
|
||||
public bool ShowPolicyConfiguredInfoForBehaviorSettings
|
||||
{
|
||||
get
|
||||
@@ -1248,7 +1275,7 @@ namespace Microsoft.PowerToys.Settings.UI.ViewModels
|
||||
|
||||
public bool ShowInfobarRunAsAdminText
|
||||
{
|
||||
get { return !CanToggleUseService && IsEnabled; }
|
||||
get { return !CanToggleUseService && IsEnabled && !ShowPolicyConfiguredInfoForServiceSettings; }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -87,6 +87,7 @@ void ReportGPOValues(const std::filesystem::path &tmpDir)
|
||||
report << "getConfiguredMwbFileTransferEnabledValue: " << gpo_rule_configured_to_string(powertoys_gpo::getConfiguredMwbFileTransferEnabledValue()) << std::endl;
|
||||
report << "getConfiguredMwbUseOriginalUserInterfaceValue: " << gpo_rule_configured_to_string(powertoys_gpo::getConfiguredMwbUseOriginalUserInterfaceValue()) << std::endl;
|
||||
report << "getConfiguredMwbDisallowBlockingScreensaverValue: " << gpo_rule_configured_to_string(powertoys_gpo::getConfiguredMwbDisallowBlockingScreensaverValue()) << std::endl;
|
||||
report << "getConfiguredMwbAllowServiceModeValue: " << gpo_rule_configured_to_string(powertoys_gpo::getConfiguredMwbAllowServiceModeValue()) << std::endl;
|
||||
report << "getConfiguredMwbSameSubnetOnlyValue: " << gpo_rule_configured_to_string(powertoys_gpo::getConfiguredMwbSameSubnetOnlyValue()) << std::endl;
|
||||
report << "getConfiguredMwbValidateRemoteIpValue: " << gpo_rule_configured_to_string(powertoys_gpo::getConfiguredMwbValidateRemoteIpValue()) << std::endl;
|
||||
report << "getConfiguredMwbDisableUserDefinedIpMappingRulesValue: " << gpo_rule_configured_to_string(powertoys_gpo::getConfiguredMwbDisableUserDefinedIpMappingRulesValue()) << std::endl;
|
||||
|
||||
Reference in New Issue
Block a user