From 53ca4611d10b0557aa9948b3f7511215686bba69 Mon Sep 17 00:00:00 2001 From: duffyduck Date: Fri, 3 Apr 2026 19:48:09 +0200 Subject: [PATCH] Write Outlook security keys to HKLM for domain environments On domain PCs, HKCU policies are controlled by GPO and the Trust Center settings are greyed out. Now also writes to HKLM (requires admin rights) which overrides GPO settings. Shows orange hint in settings when GPO lock is detected: "Auf Domaenen-PCs: App einmalig als Admin starten!" The app tries all 8 combinations: HKCU/HKLM x Policies/direct x 16.0/15.0. Silently skips paths where permissions are denied. Co-Authored-By: Claude Opus 4.6 (1M context) --- .../Models/UserSettings.cs | 68 +++++++++++++------ src/StarfaceOutlookSync/UI/SettingsForm.cs | 10 ++- 2 files changed, 53 insertions(+), 25 deletions(-) diff --git a/src/StarfaceOutlookSync/Models/UserSettings.cs b/src/StarfaceOutlookSync/Models/UserSettings.cs index b3f85ea6..9ccb17b5 100644 --- a/src/StarfaceOutlookSync/Models/UserSettings.cs +++ b/src/StarfaceOutlookSync/Models/UserSettings.cs @@ -41,14 +41,7 @@ namespace StarfaceOutlookSync.Models public void ApplyOutlookSecuritySetting() { - // Alle Office-Versionen abdecken (16.0 = 2016/2019/2021/2024/365, 15.0 = 2013) - // Beide Pfade versuchen: Policies (GPO-Pfad) und direkt (normaler User-Pfad) var versions = new[] { "16.0", "15.0" }; - var prefixes = new[] - { - @"Software\Policies\Microsoft\Office", // GPO-Pfad (braucht ggf. Rechte) - @"Software\Microsoft\Office" // Normaler User-Pfad (immer schreibbar) - }; var securityValues = new (string name, int value)[] { @@ -65,32 +58,63 @@ namespace StarfaceOutlookSync.Models ("AdminSecurityMode", 3), }; + // In alle moeglichen Pfade schreiben (HKCU + HKLM, Policies + direkt) + var roots = new[] { Registry.CurrentUser, Registry.LocalMachine }; + var prefixes = new[] + { + @"Software\Policies\Microsoft\Office", + @"Software\Microsoft\Office" + }; + foreach (var ver in versions) { - foreach (var prefix in prefixes) + foreach (var root in roots) { - var regPath = $@"{prefix}\{ver}\Outlook\Security"; - - try + foreach (var prefix in prefixes) { - if (AutoAcceptOutlookPrompt) + var regPath = $@"{prefix}\{ver}\Outlook\Security"; + try { - var key = Registry.CurrentUser.CreateSubKey(regPath); - if (key != null) + if (AutoAcceptOutlookPrompt) { - foreach (var (name, value) in securityValues) - key.SetValue(name, value, RegistryValueKind.DWord); - key.Close(); + var key = root.CreateSubKey(regPath); + if (key != null) + { + foreach (var (name, value) in securityValues) + key.SetValue(name, value, RegistryValueKind.DWord); + key.Close(); + } + } + else + { + try { root.DeleteSubKey(regPath, false); } catch { } } } - else - { - try { Registry.CurrentUser.DeleteSubKey(regPath, false); } catch { } - } + catch { } // Kein Fehler wenn Rechte fehlen - naechsten Pfad versuchen } - catch { } } } } + + /// + /// Prueft ob die Outlook-Sicherheitseinstellung per GPO blockiert wird. + /// + public static bool IsOutlookSecurityLockedByPolicy() + { + try + { + // Wenn HKLM Policies gesetzt sind und wir dort nicht schreiben koennen + var key = Registry.LocalMachine.OpenSubKey( + @"Software\Policies\Microsoft\Office\16.0\Outlook\Security", false); + if (key != null) + { + var val = key.GetValue("AdminSecurityMode"); + key.Close(); + if (val != null) return true; + } + } + catch { } + return false; + } } } diff --git a/src/StarfaceOutlookSync/UI/SettingsForm.cs b/src/StarfaceOutlookSync/UI/SettingsForm.cs index beb3c0de..5d5e2d24 100644 --- a/src/StarfaceOutlookSync/UI/SettingsForm.cs +++ b/src/StarfaceOutlookSync/UI/SettingsForm.cs @@ -47,11 +47,15 @@ namespace StarfaceOutlookSync.UI Checked = _settings.AutoAcceptOutlookPrompt }; + var hintText = "Hinweis: Outlook muss nach Aenderung neu gestartet werden."; + if (UserSettings.IsOutlookSecurityLockedByPolicy()) + hintText += "\nAuf Domaenen-PCs: App einmalig als Admin starten!"; + var lblHint = new Label { - Text = "Hinweis: Outlook muss nach Aenderung dieser Option\nneu gestartet werden.", - Left = 38, Top = 102, Width = 300, Height = 32, - ForeColor = Color.Gray, + Text = hintText, + Left = 38, Top = 102, Width = 310, Height = 36, + ForeColor = UserSettings.IsOutlookSecurityLockedByPolicy() ? Color.OrangeRed : Color.Gray, Font = new Font("Segoe UI", 8) };