SecEdit policies

Angelo Pascal · 01-11-2008 03:22AM #1

i've used secedit.msc to edit security policies, but wanted to use scripts/code to automate the process.

If you ask on MSDN "how can i edit security policies programatically?" - the usual response is "there aren't any api"

this isn't true, but the api that do exist are undocumented (unless someone here knows)

using the latest SDK

link /dump /exports c:\windows\system32\scecli.dll

[php]
Microsoft (R) COFF/PE Dumper Version 9.00.30729.01
Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file c:\\windows\\system32\\scecli.dll
File Type: DLL
Section contains the following exports for SCECLI.dll
00000000 characteristics
48025C20 time date stamp Sun Apr 13 20:16:48 2008
0.00 version
1 ordinal base
72 number of functions
72 number of names
ordinal hint RVA name
1 0 0001C455 DeltaNotify = ?DeltaNotify@@YGJPAXW4_SECURITY_DB_DELTA_TYPE@@W4_SECURITY_DB_OBJECT_TYPE@@KPAU_UNICODE_STRING@@PAT_LARGE_INTEGER@@Z (long __stdcall DeltaNotify(void *,enum _SECURITY_DB_DELTA_TYPE,enum _SECURITY_DB_OBJECT_TYPE,unsigned long,struct _UNICODE_STRING *,union _LARGE_INTEGER *,union _SAM_DELTA_DATA *))
11 1 0001C9D7 DllRegisterServer = _DllRegisterServer@0
12 2 0001D9A1 DllUnregisterServer = _DllUnregisterServer@0
2 3 00001EE6 InitializeChangeNotify = ?InitializeChangeNotify@@YGEXZ (unsigned char __stdcall InitializeChangeNotify(void))
13 4 00009D72 SceAddToNameList = _SceAddToNameList@12
14 5 00009D62 SceAddToNameStatusList = _SceAddToNameStatusList@16
15 6 00009D94 SceAddToObjectList = _SceAddToObjectList@24
16 7 00011815 SceAnalyzeSystem = _SceAnalyzeSystem@36
17 8 00010BFC SceAppendSecurityProfileInfo = _SceAppendSecurityProfileInfo@16
18 9 00012309 SceBrowseDatabaseTable = _SceBrowseDatabaseTable@20
19 A 00011061 SceCloseProfile = _SceCloseProfile@4
20 B 00011BF1 SceCommitTransaction = _SceCommitTransaction@4
21 C 00009DC1 SceCompareNameList = _SceCompareNameList@8
22 D 00009D02 SceCompareSecurityDescriptors = _SceCompareSecurityDescriptors@20
3 E 000142CF SceConfigureConvertedFileSecurity = ?SceConfigureConvertedFileSecurity@@YGKPAGK@Z (unsigned long __stdcall SceConfigureConvertedFileSecurity(unsigned short *,unsigned long))
23 F 00012C95 SceConfigureSystem = _SceConfigureSystem@36
24 10 00012995 SceCopyBaseProfile = _SceCopyBaseProfile@20
25 11 00009CF2 SceCreateDirectory = _SceCreateDirectory@12
26 12 000183B1 SceDcPromoCreateGPOsInSysvol = _SceDcPromoCreateGPOsInSysvol@16
27 13 00018161 SceDcPromoCreateGPOsInSysvolEx = _SceDcPromoCreateGPOsInSysvolEx@20
28 14 00018396 SceDcPromoteSecurity = _SceDcPromoteSecurity@8
29 15 00017F79 SceDcPromoteSecurityEx = _SceDcPromoteSecurityEx@12
30 16 000142C5 SceEnforceSecurityPolicyPropagation = _SceEnforceSecurityPolicyPropagation@0
31 17 0000A9C5 SceEnumerateServices = _SceEnumerateServices@8
32 18 000095C3 SceFreeMemory = _SceFreeMemory@8
33 19 00009B61 SceFreeProfileMemory = _SceFreeProfileMemory@4
4 1A 0001A7A7 SceGenerateGroupPolicy = ?SceGenerateGroupPolicy@@YGKKPAHPAGPAU_RSOP_TARGET@@2@Z (unsigned long __stdcall SceGenerateGroupPolicy(unsigned long,int *,unsigned short *,struct _RSOP_TARGET *,struct _RSOP_TARGET *))
34 1B 00011A25 SceGenerateRollback = _SceGenerateRollback@28
35 1C 000115E1 SceGetAnalysisAreaSummary = _SceGetAnalysisAreaSummary@12
36 1D 00018D57 SceGetAreas = _SceGetAreas@4
37 1E 000124EB SceGetDatabaseSetting = _SceGetDatabaseSetting@24
38 1F 000113C9 SceGetDbTime = _SceGetDbTime@12
39 20 00010DC9 SceGetObjectChildren = _SceGetObjectChildren@24
40 21 00011519 SceGetObjectSecurity = _SceGetObjectSecurity@20
41 22 000110F9 SceGetScpProfileDescription = _SceGetScpProfileDescription@8
42 23 00012741 SceGetSecurityProfileInfo = _SceGetSecurityProfileInfo@20
43 24 00011CD1 SceGetServerProductType = _SceGetServerProductType@8
44 25 00011181 SceGetTimeStamp = _SceGetTimeStamp@12
45 26 0000810B SceIsSystemDatabase = _SceIsSystemDatabase@4
46 27 00009BD5 SceLookupPrivRightName = _SceLookupPrivRightName@12
5 28 0001C505 SceNotifyPolicyDelta = ?SceNotifyPolicyDelta@@YGJW4_SECURITY_DB_TYPE@@W4_SECURITY_DB_DELTA_TYPE@@W4_SECURITY_DB_OBJECT_TYPE@@PAX@Z (long __stdcall SceNotifyPolicyDelta(enum _SECURITY_DB_TYPE,enum _SECURITY_DB_DELTA_TYPE,enum _SECURITY_DB_OBJECT_TYPE,void *))
6 29 0001BCFB SceOpenPolicy = ?SceOpenPolicy@@YGJXZ (long __stdcall SceOpenPolicy(void))
47 2A 00010EA9 SceOpenProfile = _SceOpenProfile@12
7 2B 00019249 SceProcessEFSRecoveryGPO = ?SceProcessEFSRecoveryGPO@@YGKKPAXPAUHKEY__@@PAU_GROUP_POLICY_OBJECTW@@2IPAHP6GKHPAG@Z@Z (unsigned long __stdcall SceProcessEFSRecoveryGPO(unsigned long,void *,struct HKEY__ *,struct _GROUP_POLICY_OBJECTW *,struct _GROUP_POLICY_OBJECTW *,unsigned int,int *,unsigned long (__stdcall*)(int,unsigned short *)))
8 2C 0001B0D1 SceProcessSecurityPolicyGPO = ?SceProcessSecurityPolicyGPO@@YGKKPAXPAUHKEY__@@PAU_GROUP_POLICY_OBJECTW@@2IPAHP6GKHPAG@Z@Z (unsigned long __stdcall SceProcessSecurityPolicyGPO(unsigned long,void *,struct HKEY__ *,struct _GROUP_POLICY_OBJECTW *,struct _GROUP_POLICY_OBJECTW *,unsigned int,int *,unsigned long (__stdcall*)(int,unsigned short *)))
9 2D 0001AA69 SceProcessSecurityPolicyGPOEx = ?SceProcessSecurityPolicyGPOEx@@YGKKPAXPAUHKEY__@@PAU_GROUP_POLICY_OBJECTW@@2IPAHP6GKHPAG@ZPAUIWbemServices@@PAJ@Z (unsigned long __stdcall SceProcessSecurityPolicyGPOEx(unsigned long,void *,struct HKEY__ *,struct _GROUP_POLICY_OBJECTW *,struct _GROUP_POLICY_OBJECTW *,unsigned int,int *,unsigned long (__stdcall*)(int,unsigned short *),struct IWbemServices *,long *))
48 2E 00011DF9 SceRegisterRegValues = _SceRegisterRegValues@4
49 2F 00011C61 SceRollbackTransaction = _SceRollbackTransaction@4
50 30 000125D9 SceSetDatabaseSetting = _SceSetDatabaseSetting@24
51 31 00015066 SceSetupBackupSecurity = _SceSetupBackupSecurity@4
52 32 000159AD SceSetupConfigureServices = _SceSetupConfigureServices@4
53 33 000166A3 SceSetupGenerateTemplate = _SceSetupGenerateTemplate@24
54 34 00014989 SceSetupMoveSecurityFile = _SceSetupMoveSecurityFile@12
55 35 00015D55 SceSetupRootSecurity = _SceSetupRootSecurity@0
56 36 000167C1 SceSetupSystemByInfName = _SceSetupSystemByInfName@24
57 37 00014AB1 SceSetupUnwindSecurityFile = _SceSetupUnwindSecurityFile@8
58 38 00014554 SceSetupUpdateSecurityFile = _SceSetupUpdateSecurityFile@12
59 39 00014691 SceSetupUpdateSecurityKey = _SceSetupUpdateSecurityKey@16
60 3A 000145F1 SceSetupUpdateSecurityService = _SceSetupUpdateSecurityService@12
61 3B 00011B85 SceStartTransaction = _SceStartTransaction@4
62 3C 000185C2 SceSvcConvertSDToText = _SceSvcConvertSDToText@16
63 3D 0001859D SceSvcConvertTextToSD = _SceSvcConvertTextToSD@16
64 3E 0001858D SceSvcFree = _SceSvcFree@4
65 3F 0000CF01 SceSvcGetInformationTemplate = _SceSvcGetInformationTemplate@16
66 40 000183D2 SceSvcQueryInfo = _SceSvcQueryInfo@24
67 41 000184BD SceSvcSetInfo = _SceSvcSetInfo@20
68 42 0000E517 SceSvcSetInformationTemplate = _SceSvcSetInformationTemplate@16
69 43 00011D79 SceSvcUpdateInfo = _SceSvcUpdateInfo@12
10 44 0001409E SceSysPrep = ?SceSysPrep@@YGKXZ (unsigned long __stdcall SceSysPrep(void))
70 45 00012DDB SceUpdateObjectInfo = _SceUpdateObjectInfo@36
71 46 00013044 SceUpdateSecurityProfile = _SceUpdateSecurityProfile@16
72 47 00010BDB SceWriteSecurityProfileInfo = _SceWriteSecurityProfileInfo@16
Summary
2000 .data
2000 .reloc
5000 .rsrc
25000 .text

[/php]

now i know of the key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values

but what about other systems? what if the key doesn't exist? the api would be useful..but its undocumented..oh well.