Set GPO through Registry Value using C#

Question

I try to restrict the access to removable storage devices through the Group Policy User Configuration\Administrative Templates\System\Removable Storage Access\All Removable Storage classes: Deny all access

Accoring to Group Policy Settings Reference for Windows and Windows Server the corresponding registry (and path) is setting a DWORD to 1 (enabled) or 0 (disabled) in HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!Deny_All

So far so good. When I try to change these settings through the Group Policy Editor everythings works fine. Even if the removable storage device is plugged in the policy works instantly.

When I try to change the value through the registry itself or using a self-written C# program it doesn't work the policy stays enabled (or disabled).

My C# Code

        using (RegistryKey key = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Policies\\Microsoft\\Windows\\RemovableStorageDevices", true))
        {
            if (key != null)
            {
                key.SetValue("Deny_All", "0", RegistryValueKind.DWord);
            }
        }

        Console.ReadKey();

Even if I try to update all polices through gpupdate /force nothing. It's quite the opposite, the old value is set in the registry regardless of whether I'm setting it through hand or through my program. What am I doing wrong?

Thanks in advance!

score 0 · Answer 1 · answered Apr 12 '17 at 20:11

0

Found a solution: I'm just using the code from meziantou from How to Programmatically Set GPO to Not Configured or Disabled

answered Apr 12 '17 at 20:11

Markus

310
1
3
17

Set GPO through Registry Value using C#

1 Answers1