Hacker-Software
/
starface-outlook-sync-addin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 22 Wiki Activity

Write Outlook security keys to HKLM for domain environments 

On domain PCs, HKCU policies are controlled by GPO and the
Trust Center settings are greyed out. Now also writes to HKLM
(requires admin rights) which overrides GPO settings.

Shows orange hint in settings when GPO lock is detected:
"Auf Domaenen-PCs: App einmalig als Admin starten!"

The app tries all 8 combinations: HKCU/HKLM x Policies/direct
x 16.0/15.0. Silently skips paths where permissions are denied.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
duffyduck 2026-04-03 19:48:09 +02:00
parent df13ddf6b1
commit 53ca4611d1
2 changed files with 53 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
src/StarfaceOutlookSync/Models/UserSettings.cs
View File

@ -41,14 +41,7 @@ namespace StarfaceOutlookSync.Models
public void ApplyOutlookSecuritySetting() public void ApplyOutlookSecuritySetting()
{ {
// Alle Office-Versionen abdecken (16.0 = 2016/2019/2021/2024/365, 15.0 = 2013)
// Beide Pfade versuchen: Policies (GPO-Pfad) und direkt (normaler User-Pfad)
var versions = new[] { "16.0", "15.0" }; var versions = new[] { "16.0", "15.0" };
var prefixes = new[]
{
@"Software\Policies\Microsoft\Office", // GPO-Pfad (braucht ggf. Rechte)
@"Software\Microsoft\Office" // Normaler User-Pfad (immer schreibbar)
};
var securityValues = new (string name, int value)[] var securityValues = new (string name, int value)[]
{ {
@ -65,17 +58,26 @@ namespace StarfaceOutlookSync.Models
("AdminSecurityMode", 3), ("AdminSecurityMode", 3),
}; };
// In alle moeglichen Pfade schreiben (HKCU + HKLM, Policies + direkt)
var roots = new[] { Registry.CurrentUser, Registry.LocalMachine };
var prefixes = new[]
{
@"Software\Policies\Microsoft\Office",
@"Software\Microsoft\Office"
};
foreach (var ver in versions) foreach (var ver in versions)
{
foreach (var root in roots)
{ {
foreach (var prefix in prefixes) foreach (var prefix in prefixes)
{ {
var regPath = $@"{prefix}\{ver}\Outlook\Security"; var regPath = $@"{prefix}\{ver}\Outlook\Security";
try try
{ {
if (AutoAcceptOutlookPrompt) if (AutoAcceptOutlookPrompt)
{ {
var key = Registry.CurrentUser.CreateSubKey(regPath); var key = root.CreateSubKey(regPath);
if (key != null) if (key != null)
{ {
foreach (var (name, value) in securityValues) foreach (var (name, value) in securityValues)
@ -85,12 +87,34 @@ namespace StarfaceOutlookSync.Models
} }
else else
{ {
try { Registry.CurrentUser.DeleteSubKey(regPath, false); } catch { } try { root.DeleteSubKey(regPath, false); } catch { }
}
}
catch { } // Kein Fehler wenn Rechte fehlen - naechsten Pfad versuchen
}
}
}
}
/// <summary>
/// Prueft ob die Outlook-Sicherheitseinstellung per GPO blockiert wird.
/// </summary>
public static bool IsOutlookSecurityLockedByPolicy()
{
try
{
// Wenn HKLM Policies gesetzt sind und wir dort nicht schreiben koennen
var key = Registry.LocalMachine.OpenSubKey(
@"Software\Policies\Microsoft\Office\16.0\Outlook\Security", false);
if (key != null)
{
var val = key.GetValue("AdminSecurityMode");
key.Close();
if (val != null) return true;
} }
} }
catch { } catch { }
} return false;
}
} }
} }
} }

10
src/StarfaceOutlookSync/UI/SettingsForm.cs
View File

@ -47,11 +47,15 @@ namespace StarfaceOutlookSync.UI
Checked = _settings.AutoAcceptOutlookPrompt Checked = _settings.AutoAcceptOutlookPrompt
}; };
var hintText = "Hinweis: Outlook muss nach Aenderung neu gestartet werden.";
if (UserSettings.IsOutlookSecurityLockedByPolicy())
hintText += "\nAuf Domaenen-PCs: App einmalig als Admin starten!";
var lblHint = new Label var lblHint = new Label
{ {
Text = "Hinweis: Outlook muss nach Aenderung dieser Option\nneu gestartet werden.", Text = hintText,
Left = 38, Top = 102, Width = 300, Height = 32, Left = 38, Top = 102, Width = 310, Height = 36,
ForeColor = Color.Gray, ForeColor = UserSettings.IsOutlookSecurityLockedByPolicy() ? Color.OrangeRed : Color.Gray,
Font = new Font("Segoe UI", 8) Font = new Font("Segoe UI", 8)
}; };