diff --git a/src/StarfaceOutlookSync/Models/UserSettings.cs b/src/StarfaceOutlookSync/Models/UserSettings.cs index b3f85ea6..9ccb17b5 100644 --- a/src/StarfaceOutlookSync/Models/UserSettings.cs +++ b/src/StarfaceOutlookSync/Models/UserSettings.cs @@ -41,14 +41,7 @@ namespace StarfaceOutlookSync.Models public void ApplyOutlookSecuritySetting() { - // Alle Office-Versionen abdecken (16.0 = 2016/2019/2021/2024/365, 15.0 = 2013) - // Beide Pfade versuchen: Policies (GPO-Pfad) und direkt (normaler User-Pfad) var versions = new[] { "16.0", "15.0" }; - var prefixes = new[] - { - @"Software\Policies\Microsoft\Office", // GPO-Pfad (braucht ggf. Rechte) - @"Software\Microsoft\Office" // Normaler User-Pfad (immer schreibbar) - }; var securityValues = new (string name, int value)[] { @@ -65,32 +58,63 @@ namespace StarfaceOutlookSync.Models ("AdminSecurityMode", 3), }; + // In alle moeglichen Pfade schreiben (HKCU + HKLM, Policies + direkt) + var roots = new[] { Registry.CurrentUser, Registry.LocalMachine }; + var prefixes = new[] + { + @"Software\Policies\Microsoft\Office", + @"Software\Microsoft\Office" + }; + foreach (var ver in versions) { - foreach (var prefix in prefixes) + foreach (var root in roots) { - var regPath = $@"{prefix}\{ver}\Outlook\Security"; - - try + foreach (var prefix in prefixes) { - if (AutoAcceptOutlookPrompt) + var regPath = $@"{prefix}\{ver}\Outlook\Security"; + try { - var key = Registry.CurrentUser.CreateSubKey(regPath); - if (key != null) + if (AutoAcceptOutlookPrompt) { - foreach (var (name, value) in securityValues) - key.SetValue(name, value, RegistryValueKind.DWord); - key.Close(); + var key = root.CreateSubKey(regPath); + if (key != null) + { + foreach (var (name, value) in securityValues) + key.SetValue(name, value, RegistryValueKind.DWord); + key.Close(); + } + } + else + { + try { root.DeleteSubKey(regPath, false); } catch { } } } - else - { - try { Registry.CurrentUser.DeleteSubKey(regPath, false); } catch { } - } + catch { } // Kein Fehler wenn Rechte fehlen - naechsten Pfad versuchen } - catch { } } } } + + /// + /// Prueft ob die Outlook-Sicherheitseinstellung per GPO blockiert wird. + /// + public static bool IsOutlookSecurityLockedByPolicy() + { + try + { + // Wenn HKLM Policies gesetzt sind und wir dort nicht schreiben koennen + var key = Registry.LocalMachine.OpenSubKey( + @"Software\Policies\Microsoft\Office\16.0\Outlook\Security", false); + if (key != null) + { + var val = key.GetValue("AdminSecurityMode"); + key.Close(); + if (val != null) return true; + } + } + catch { } + return false; + } } } diff --git a/src/StarfaceOutlookSync/UI/SettingsForm.cs b/src/StarfaceOutlookSync/UI/SettingsForm.cs index beb3c0de..5d5e2d24 100644 --- a/src/StarfaceOutlookSync/UI/SettingsForm.cs +++ b/src/StarfaceOutlookSync/UI/SettingsForm.cs @@ -47,11 +47,15 @@ namespace StarfaceOutlookSync.UI Checked = _settings.AutoAcceptOutlookPrompt }; + var hintText = "Hinweis: Outlook muss nach Aenderung neu gestartet werden."; + if (UserSettings.IsOutlookSecurityLockedByPolicy()) + hintText += "\nAuf Domaenen-PCs: App einmalig als Admin starten!"; + var lblHint = new Label { - Text = "Hinweis: Outlook muss nach Aenderung dieser Option\nneu gestartet werden.", - Left = 38, Top = 102, Width = 300, Height = 32, - ForeColor = Color.Gray, + Text = hintText, + Left = 38, Top = 102, Width = 310, Height = 36, + ForeColor = UserSettings.IsOutlookSecurityLockedByPolicy() ? Color.OrangeRed : Color.Gray, Font = new Font("Segoe UI", 8) };