File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/__pycache__/win_lgpo.cpython-310.pyc
o
�N�g�� � @ s� d Z ddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl
Z
ddlZddlZddl
m mZ ddlZddlZddlZddlZddlZddlmZmZ ddlmZ ddlmZmZmZmZm Z e�!e"�Z#dZ$ddiZ%e�&� j'Z(i i d �Z)d
Z*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3dZ4dZ5dZ6dZ7dZ8dZ9dZ:dZ;dZ<dZ=dZ>dZ?z�ddl@Z@ddlAZAddlBZBddlCZCddlAmDZD ddlEmFZF d
Z*eD�Gd�Z+eD�Gd�Z,eD�Gd�Z-eD�Gd�Z.eD�Gd�Z/eD�Gd�Z0eD�Gd�Z1eD�Gd�Z2eD�Gd�Z3eD�Gd�Z4eD�Gd�Z5eD�Gd�Z6eD�Gd�Z7eD�Gd�Z8eD�Gd�Z9eD�Gd�Z:eD�Gd�Z;eD�Gd�Z<eD�Gd �Z=eD�Gd!�Z>eD�Gd"�Z?ejHjIZHejJ�KeH�L� d#��Md$d%�ZNW n eO�yR d
Z*Y nw G d&d'� d'�ZPd(d)� ZQd*d+� ZRd,d-� ZSd.d/� ZTd0d1� ZUd2d3� ZVd4d5� ZWd�d8d9�ZXd�d:d;�ZYd<d=� ZZd�d>d?�Z[d@dA� Z\d�dBdC�Z]dDdE� Z^d�dFdG�Z_dHdI� Z`dJdK� ZadLdM� ZbdNdO� ZcdPdQ� ZddRdS� Zed�dTdU�ZfdVdW� ZgdXdY� ZhdZd[� Zid\d]� Zjd^d_� Zkd`da� Zldbdc� Zmddde� Zndfdg� Zodhdi� Zpd�djdk�Zq
d�dldm�Zr
d�dndo�Zsdpdq� Zt
d�drds�Zu
d�dtdu�Zv 7
d�dvdw�Zwdxdy� Zxdzd{� Zyd|d}� Zzd~d� Z{d�d�d��Z| �d�d�d��Z}d�d�� Z~d�d�d��Zd�d�d��Z�d�d�d��Z�
7
d�d�d��ZKd�d�� Z� 7
d�d�d��Z� 7
d�d�d��Z� 7d�d�d��Z�d�d�d��Z�
7d�d�d�Z�dS )�a
Manage Local Policy on Windows
This module allows configuring local group policy (i.e. ``gpedit.msc``) on a
Windows machine.
.. versionadded:: 2016.11.0
.. warning::
Local Group Policy will always be superseded by Domain Group policy. If
policies are configured with Local Group Policy that are also configured
with Domain Group policy, the Domain Group policy will take precedence.
Administrative Templates
========================
Administrative template policies are dynamically read from ADMX/ADML files on
the server.
Windows Settings
================
Policies contained in the "Windows Settings" section of the ``gpedit.msc`` GUI
are statically defined in this module. Each policy is configured for the section
(Machine/User) in the module's _policy_info class. The ``_policy_info`` class
contains a "policies" dict on how the module will configure the policy, where
the policy resides in the GUI (for display purposes), data validation data, data
transformation data, etc.
Current known limitations
=========================
- At this time, start/shutdown scripts policies are displayed, but are not
configurable.
- Not all "Security Settings" policies exist in the _policy_info class
:depends:
- pywin32 Python module
- lxml
- uuid
- struct
- salt.utils.win_reg
� N)�CommandExecutionError�SaltInvocationError)�deserialize)�
CLASS_INFO�REG_POL_HEADER�read_reg_pol_file�search_reg_pol�write_reg_pol_data�lgpo�set_�set)TFF)�etree)�RegistryTz .//*[local-name() = "trueValue"]z!.//*[local-name() = "falseValue"]z.//*[local-name() = "elements"]z#.//*[local-name() = "enabledValue"]z$.//*[local-name() = "disabledValue"]z".//*[local-name() = "enabledList"]z#.//*[local-name() = "disabledList"]z.//*[local-name() = "value"]z.//*[local-name() = "trueList"]z .//*[local-name() = "falseList"]z//*[@key = $keyvalue]z$ancestor::*[local-name() = "policy"]zv//*[local-name() = "policy" and (@*[local-name() = "class"] = "Both" or @*[local-name() = "class"] = $registry_class)]zQ//*[local-name() = $displayNameType and @*[local-name() = "id"] = $displayNameId]z .//*[local-name() = "valueList"]zP.//*[local-name() = "item" and @*[local-name() = "displayName" = $display_name]]z�//*[local-name() = "policy" and @*[local-name() = "name"] = $policy_name and (@*[local-name() = "class"] = "Both" or @*[local-name() = "class"] = $registry_class)]zB//*[starts-with(text(), $policy_name) and @*[local-name() = "id"]]z�//*[local-name() = "policy" and @*[local-name() = "displayName"] = $display_name and (@*[local-name() = "class"] = "Both" or @*[local-name() = "class"] = $registry_class) ]z*ancestor::*[local-name() = "presentation"]z.//*[local-name() = "text"]�en_US�_�-c @ s, e Zd ZdZdd� Zedd� �Zedd� �Zedd � �Zed
d� �Z edd
� �Z
edd� �Zedd� �Zedd� �Z
edd� �Zedd� �Zedd� �Zedd� �Zedd� �Zedd� �Zed d!� �Zed"d#� �Zed$d%� �Zed&d'� �Zed(d)� �Zed*d+� �Zed,d-� �Zed.d/� �Zed0d1� �Zd2S )3�_policy_infoam
Policy Helper Class
===================
The format of the policy dict is as follows:
The top most two key/value pairs in the dict divide the policies object into
the two sections of local group policy, using the keys "Machine" and "User".
The value make-up of these dicts are described below in "Policy Section
Definition"
Policy Section Definition
-------------------------
A policy section dict has two required key/value pairs:
============ ==============================================================
Key
============ ==============================================================
lgpo_section String matching how the policy section is displayed in the mmc
snap-in ("Computer Configuration" for "Machine" and "User
Configuration" for "User")
policies a dict containing the non-Administrative template policy
definitions, the key for each item is a short/unique
identifier for the policy, the value is described below in
"Policies Definition"
============ ==============================================================
Policies Definition
-------------------
A policies definition item describes the particular policy. There are three
child key/value pairs shared with all policy types:
============ ==============================================================
Key Value
============ ==============================================================
lgpo_section A list containing the hierarchical path to the policy in the
gpedit mmc snap-in.
Policy A string containing the name of the policy in the gpedit mmc
snap-in
Settings An object which describes valid settings for the policy. This
can be None for no validation, a list of possible settings, or
a dict with the following key/value pairs:
- **Function:** The class function to use to validate the
setting
- **Args:** A dict of kwargs to pass to the class function
============ ==============================================================
Additionally, each policies definition will contain a key/value pair that
defines the mechanism that will be used to configure the policy. The
available mechanisms are: NetUserModal, Registry, Secedit, and LsaRights
Registry Mechanism
------------------
Some policies simply set values in the Windows registry. The value of this
key is a dict with the following make-up:
===== =====================================================================
Key Value
===== =====================================================================
Hive A string containing the Registry hive, such as ``HKEY_LOCAL_MACHINE``
Path A string containing the registry key path, such as
``SYSTEM\\CurrentControlSet\\Control\\Lsa``
Value A string containing the name of the registry value, such as
**restrictanonymous**
Type A string containing the registry type of the value, such as
``REG_DWORD``
===== =====================================================================
Secedit Mechanism
-----------------
Some policies are configurable via the "secedit.exe" executable. The value
of this key is a dict with the following make-up:
======= ===================================================================
Key Value
======= ===================================================================
Option A string containing the name of the policy as it appears in an
export from secedit, such as **PasswordComplexity**
Section A string containing the name of the section in which the "Option"
value appears in an export from ``secedit``, such as "System
Access"
======= ===================================================================
LsaRights Mechanism
-------------------
LSA Rights policies are configured via the LsaRights mechanism. The value of
this key is a dict with the following make-up:
====== ====================================================================
Key Value
====== ====================================================================
Option A string containing the programmatic name of the Lsa Right, such as
**SeNetworkLogonRight**
====== ====================================================================
NetUserModal Mechanism
----------------------
Some policies are configurable by the **NetUserModalGet** and
**NetUserModalSet** function from pywin32. The value of this key is a dict
with the following make-up:
====== ====================================================================
Key Value
====== ====================================================================
Modal The modal "level" that the particular option is specified in (0-3),
see `here <https://msdn.microsoft.com/en-us/library/windows/desktop/
aa370656(v=vs.85).aspx>`_
Option The name of the structure member which contains the data for the
policy, for example **max_passwd_age**
====== ====================================================================
NetSH Mechanism
---------------
The firewall policies are configured by the ``netsh.exe`` executable. The
value of this key is a dict with the following make-up:
======= ===================================================================
Key Value
======= ===================================================================
Profile The firewall profile to modify. Can be one of Domain, Private, or
Public
Section The section of the firewall to modify. Can be one of state,
firewallpolicy, settings, or logging.
Option The setting within that section
Value The value of the setting
======= ===================================================================
More information can be found in the advfirewall context in netsh. This can
be access by opening a netsh prompt. At a command prompt type the following:
c:\>netsh
netsh>advfirewall
netsh advfirewall>set help
netsh advfirewall>set domain help
AdvAudit Mechanism
------------------
The Advanced Audit Policies are configured using a combination of the
auditpol command-line utility and modifying the audit.csv file in two
locations. The value of this key is a dict with the following make-up:
====== ===================================
Key Value
====== ===================================
Option The Advanced Audit Policy to modify
====== ===================================
Transforms
----------
Optionally, each policy definition can contain a "Transform" key. The
Transform key is used to handle data that is stored and viewed differently.
This key's value is a dict with the following key/value pairs:
=== =======================================================================
Key Value
=== =======================================================================
Get The name of the class function to use to transform the data from the
stored value to how the value is displayed in the GUI
Put The name of the class function to use to transform the data supplied by
the user to the correct value that the policy is stored in
=== =======================================================================
For example, "Minimum password age" is stored in seconds, but is displayed
in days. Thus the "Get" and "Put" functions for this policy do these
conversions so the user is able to set and view the policy using the same
data that is shown in the GUI.
c C s�4 ddddddd�| _ ddddd d
�| _ddd
dddd�| _ddddddddd�| _dddddd�| _ddddd�| _dd| jdd�| jdd�d �| _d!ddddd"�| _dd| j dd�| j dd�d �| _dd| jdd�| jdd�d �| _ ddddd#�| _
dd| j
dd�| j
dd�d �| _g d$�| _g d%�| _
g d&�| _g d'�| _g d(�| _g d)�| _g d*�| _d+d,d-ddd�| _d.d/d0ddd"�| _d1d2ddd3�| _d4d5d6ddd"�| _d7d8d9ddd:�| _d;d<ddd�| _d=d>d?ddd"�| _d@dAdBdCdD�| _dEdFdCdG�| _dHdIdCdJ�| _dKdLdCdJ�| _dKdIdCdJ�| _dMd4dCdN�| _dOdPdQdRdSdTdUdddV� | _ dWdXdYdZd[d\ddd�| _!d1d]d2ddd"�| _"dOd^d_ddd`�| _#dadbdcddd"�| _$dadddedfdgdddh�| _%didjdkddd"�| _&dadldmdndodddh�| _'didpdoddd"�| _(dddq�| _)dd| j)dd�| j)dd�d �| _*dri dsdtg du�dvt+j,�-t+�.dw�dxdydzd{d|�d}�d~��dd�g du�dvt+j,�-t+�.dw�dxdydzd{d��d}�d~��d�d�g du�t+j,�-t+�.dw�dxdydzd{d��d�d�g d��d��d�d�d��d���d�d�g d��d�t+j,�-t+�.dw�dxdydzd{d|�d}�d~��d�d�g d��d�t+j,�-t+�.dw�dxdydzd{d��d}�d~��d�d�g d��t+j,�-t+�.dw�dxdydzd{d��d�d�g d��d��d�d�d��d���d�d�| j| j)�/� d�d�d��| j*d���d�d�| j| j�/� d�d�d�d�d��| jd���d�d�| jd�d�d�d�d��d�d�id���d�d�| j| j�/� d�d�d�d�d��| jd���d�d�| j| j�/� d�d�d�d�d��| jd���d�d�| j| j�/� d�d�d�d�d��| jd���d�d�| jd�d�d�d�d��d�d�d��d���d�d�| jd�d�dzd�d��d�d�d��d���d�d�| jd�d�dzd�d��d�d�d��d���d�d�| j| j�/� d�d�d�d�d��| jd���d�d�| jd�d�d�d�d��d�d�d��d���i d�d�| j| j�/� d�d�d�d�d��dd| jdd�| jdd�d �d���d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ��i d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
| j�/� d�d�d�dȜdd| jdd�| jdd�d �dɜ�d�d�| j
d d�d�d�dȜd���d�d�| j
d d�d�d�dȜd���d�d�| j
d d�d�d�dȜd���d�d�| j
d d�d��d dȜd����d�d| j
d d�d��d dȜd����d�d| j
d d�d��d dȜd����d�d| j
| j�/� d�d��ddȜdd| jdd�| jdd�d �dɜ��d�d | j
| j�/� d�d��ddȜdd| jdd�| jdd�d �dɜ��d
�d| j
| j�/� d�d��ddȜdd| jdd�| jdd�d �dɜ��d�d
| j
| j�/� d�d��ddȜdd| jdd�| jdd�d �dɜ��d�d| j
| j�/� d�d��ddȜdd| jdd�| jdd�d �dɜ��d�d| j
| j�/� d�d��ddȜdd| jdd�| jdd�d �dɜ��d�d| j�d�d�d�d��d��d�d�d��d���d�d| j�d�d�d �d!�d"��d��d�d#�d��d$�d%�d&�d!i�d&�d!id ��d'���d(�d)| j�d�d�d �d��d��d�d*�d��d$�d%d���d'���i �d+�d,| j�d�d�d-�d��d��d�d.�d��d���d/�d0| j| j)�/� �d/d�d��| j*d����d1�d2| j| j)�/� �d3d�d��| j*d����d4�d5| j| j�/� d��d6�d4d�d��| jd����d7�d8| j)�/� | j�d9d�d��| j*�d:���d;�d<| j�/� | jd��d=�d;d�d��dd| jdd�| jdd�d ��d>���d?�d@| j)�/� | j�dAd�d��| j*�d:���dB�dC| j| j�/� d�d��dDd�d��| jd����dE�dFd | j�dGd�d���dH�dId���d:���dJ�dKd | j�dLd�d���dH�dId���d:���dM�dN| j�/� | jd�d��dMd�d��| j�d>���dO�dP| j�/� | jd�d��dQd�d��| j�d>���dR�dS| j�/� | jd��dT�dRd�d��| j�d>���dU�dV�d�d�dW�d��d�| jd��dX�dUd�d���dY���dZ�d[| j�/� | jd��dX�dZd�d��| j�d>���d\�d]| j�/� | jd��dX�d\d�d��dd| jdd�| jdd�d ��d>���d^�d_| j�/� | jd��dT�d^d�d��| j�d>���i �d`�da| j�/� | jd��dT�d`d�d��| j�d>���db�dc| j�/� | jd��dT�dbd�d��| j�d>���dd�de| j�/� | jd��dT�ddd�d��dd| jdd�| jdd�d ��d>���df�dg| j�/� | jd��dT�dfd�d��dd| jdd�| jdd�d ��d>���dh�di| j�/� | jd��dT�dhd�d��| j�d>���dj�dk| j�/� | jd��dT�djd�d��| j�d>���dl�dm| j�/� | jd��dT�dld�d��| j�d>���dn�do| j�/� | jd��dT�dnd�d��| j�d>���dp�dq| j�/� | jd��dT�dpd�d��| j�d>���dr�ds| j�/� | jd��dT�drd�d��| j�d>���dt�du�d�d�dv�d��d�| jd��dX�dtd�d���dY���dw�dx�d�d�dv�d��d�| jd��d=�dwd�d���dY���dy�dz�d�d�d{�d��d�| jd��d=�dyd�d���dY���d|�d}| jd��d=�d|d�d��d�d�id����d~�d| jd��d=�d~d�d��d�d�id����d��d�| j�/� | jd��d=�d�d�d��dd| jdd�| jdd�d ��d>���d��d�| j�/� | jd��dT�d�d�d��| j�d>���i �d��d�| j�/� | jd��d��d�d�d��| j�d>���d��d�| j�/� | jd��d��d�d�d��| j�d>���d��d�| j�/� | jd��d��d�d�d��| j�d>���d��d��d�d�d��d��d�| jd�d��d�d�d���dY���d��d�| j�/� | jd�d��d�d�d��dd| jdd�| jdd�d ��d>���d��d�| j�/� | jd�d��d�d�d��| j�d>���d��d�| j�/� | jd�d��d�d�d��| j�d>���d��d�| j�/� | jd�d��d�d�d��| j�d>���d��d�| j�/� | jd�d��d�d�d��dd| jdd�| jdd�d ��d>���d��d�t0�d�t0�d�g| jd�d��d��d�d���d��d�d���d>���d��d�| j�/� | jd�d��d�d�d��| j�d>���d��d�| j�/� | jd��dT�d�d�d��| j�d>���d��d�| j
�/� | jd��d��d�d�d��| j�d>���d��d�g �d��| jd��dX�d�d�d���d��d�d���d>���d��d�| j
�/� | jd��dX�d�d�d��| j�d>���d��d�| j
�/� | jd��dX�d�d�d��| j�d>���d��d��d��d�t0�d� �d�t0�d�� g| j�d��d�d���d��d�d���d:���i �d��d�| j
�/� | jd�d��d�d�d��| j�d>���d��d�| jd��d��d�d�d��d�d�id����d��d�| j�/� | jd��d��d�d�d��dd| jdd�| jdd�d ��d>���d��d�| j�/� | jd��d��d�d�d��dd| jdd�| jdd�d ��d>���dd�| j
�/� | jd��d��d�d�d��| j�d>���dĐd�| j
�/� | jd��dƐd�d�d��| j�d>���dǐd�| j
�/� | jd��dƐd�d�d��| j�d>���dɐd�| j
�/� | jd��dƐd�d�d��| j�d>���dːd�| j
�/� | jd��dƐd�d�d��| j�d>���d͐dΐd�d�dv�d��d�| jd��dƐd�d�d���dY���dϐd�| j
�/� | jd��dƐd�d�d��| j�d>���dѐd�| j�d�d�dӐd!�d"��d��dԐdՐd��ddאd&�d!i�d&�d!id ��d'���dؐd�| j�d�d�dڐd��d��dԐdېd��d���dܐd�| j�d�d�dӐd��d��dԐdސd��dd�d���d'���dߐd�| j| j �/� �dߐd�d��| jd����d�d�| j| j �/� �d�d�d��| jd����d�d�| j| j �/� �d�d�d��| jd����i �d�d�| j| j �/� �d�d�d��| jd����d�d�| j| j �/� �d�d�d��| jd����d�d�| j| j �/� �d�d�d��| jd����d�d�| j| j �/� �d�d�d��| jd����d�d�| j| j �/� �d�d�d��| jd����d�d�| j| j �/� �d�d�d��| jd����d�d�| j| j�/� �d�d�i| j �d����d��d�| j| j�/� �d�d�i| j �d����d��d�| j| j�/� �d�d�i| j �d����d��d�| j| j�/� �d�d�i| j �d����d��d�| j| j�/� �d�d�i| j �d����d��d�| j| j�/� �d�d�i| j �d����d �d| j| j�/� �d�di| j �d����d�d| j| j�/� �d�di| j �d����d�d| j| j�/� �d�di| j �d����d�d| j| j�/� �d�di| j �d����d�d | j| j�/� �d�d i| j �d����i �d
�d| j| j�/� �d�di| j �d����d�d
| j| j�/� �d�d
i| j �d����d�d| j| j�/� �d�di| j �d����d�d| j| j�/� �d�di| j �d����d�d| j| j�/� �d�di| j �d����d�d| j| j�/� �d�di| j �d����d�d| j| j�/� �d�di| j �d����d�d| j| j�/� �d�di| j �d����d�d| j| j�/� �d�di| j �d����d�d| j| j�/� �d�di| j �d����d�d| j| j�/� �d�di| j �d����d �d!| j| j�/� �d�d!i| j �d����d"�d#| j| j�/� �d�d#i| j �d����d$�d%| j| j�/� �d�d%i| j �d����d&�d'| j| j�/� �d�d'i| j �d����d(�d)| j| j�/� �d�d)i| j �d����d*�d+| j| j�/� �d�d+i| j �d����i �d,�d-| j| j�/� �d�d-i| j �d����d.�d/| j| j�/� �d�d/i| j �d����d0�d1| j| j�/� �d�d1i| j �d����d2�d3| j| j�/� �d�d3i| j �d����d4�d5| j| j�/� �d�d5i| j �d����d6�d7| j| j�/� �d�d7i| j �d����d8�d9| j| j�/� �d�d9i| j �d����d:�d;| j| j�/� �d�d;i| j �d����d<�d=| j| j�/� �d�d=i| j �d����d>�d?| j| j�/� �d�d?i| j �d����d@�dA| j| j�/� �d�dAi| j �d����dB�dC| j| j�/� �d�dCi| j �d����dD�dE| j| j�/� �d�dEi| j �d����dF�dG| j| j�/� �d�dGi| j �d����dH�dI| j| j�/� �d�dIi| j �d����dJ�dK| j| j�/� �d�dKi| j �d����dL�dM| j| j�/� �d�dMi| j �d����i �dN�dO| j| j�/� �d�dOi| j �d����dP�dQ| j| j�/� �d�dQi| j �d����dR�dS| j| j�/� �d�dSi| j �d����dT�dU| j| j�/� �d�dUi| j �d����dV�dW| j| j�/� �d�dWi| j �d����dX�dY| j| j�/� �d�dYi| j �d����dZ�d[| j| j�/� �d�d[i| j �d����d\�d]| j| j�/� �d�d]i| j �d����d^�d_| j| j�/� �d�d_i| j �d����d`�da| j| j�/� �d�dai| j �d����db�dc| j| j�/� �d�dci| j �d����dd�de| j| j�/� �d�dei| j �d����df�dg| j| j�/� �d�dgi| j �d����dh�di| j| j�/� �d�dii| j �d����dj�dk| jdd �d�dji�dl�dmd���dn���do�dp| jdd �d�doi�dl�dmd���dn���dq�dr| jdd �d�dqi�dl�dmd���dn���i �ds�dt| jdd �d�dsi�dl�dmd���dn���du�dv| jdd �d�dui�dl�dmd���dn���dw�dx| jdd �d�dwi�dl�dmd���dn���dy�dz| jdd �d�dyi�dl�dmd���dn���d{�d|| jdd �d�d{i�dl�dmd���dn���d}�d~| jdd �d�d}i�dl�dmd���dn���d�d�| jdd �d�di�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���i �d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�d| jd �d�d�i�dl�dmd���d����d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���i �d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���d��d�| jdd �d�d�i�dl�dmd���dn���dd�| jdd �d�d�i�dl�dmd���dn���dĐd�| jdd �d�d�i�dl�dmd���dn���dƐd�| j�/� | jd��dȐd�d�d��| j�d>���dʐd�| j�/� | jd��dȐd�d�d��| j�d>���d͐d�| j�/� | jd��dϐd�d�d��dd| jdd�| jdd�d ��d>���dАd�| j�/� | jd��d�dd�d��| j�d>���dӐd�d | jd��dՐd�d�d��d�d�i�d>���dd�d | jd��dՐd�d�d��d�d�i�d>���dؐd�| j�/� | jd�d��d�d�d��| j�d>���dڐd�| j�/� | jd��dܐd�d�d��| j�d>���dݐd�| j�/� | jd��dߐd�d�d��| j�d>���d�d�d | jd��d�d�d�d���d�d�| j dd�| j dd�d ��d>���i �d�d�| j�/� | jd�d��d�d�d��| j�d>���d�d�| j| j)�/� �d�d�d��| j*d����d�d�| j!�/� | jd�d��d�d�d��dd| j!dd�| j!dd�d ��d>���d�d�| j"�/� | jd��d�d�d�d��dd| j"dd�| j"dd�d ��d>���d�d�d | jd��d�d�d�d���d�d�| j#dd�| j#dd�d ��d>���d�d�d | jd��d�d�d�d���d�d�| j#dd�| j#dd�d ��d>���d�d�| jd��d�d�d�d��d�d�d��d����d��d�| jd��dƐd�d�d��d�d�d��d����d��d�| j$�/� | jd��d��d�d�d��dd| j$dd�| j$dd�d ��d>���d��d�| j%�/� | jd��d��d�d�d��dd| j%dd�| j%dd�d ��d>���d��d�| j&�/� | jd��d��d�d�d��dd| j&dd�| j&dd�d ��d>���d��d�| j'�/� | jd��d��d�d�d��dd| j'dd�| j'dd�d ��d>���d �d| j(�/� | jd��dܐd d�d��dd| j(dd�| j(dd�d ��d>���d�d| j�/� | jd��d=�dd�d��| j�d>���d�d| j�/� | jd��d�dd�d��| j�d>���d�d| j�/� | jd��d �dd�d��| j�d>���d
�d| j�/� | jd��d�d
d�d��| j�d>����d
| jd��d�dd�d��d�d�d��d���d| j�/� | jd��d�dd�d��| j�d>��d���d��di �d��d�| _1d S ( NzNo auditing�Success�FailurezSuccess, Failure�Not Defined)r � � � r N�No Auditing�Success and Failure�Not Configured)r r r r Nz No ActionzLock WorkstationzForce Logoffz/Disconnect if a Remote Desktop Services session)�0�1�2�3N�(value not set)zElevate without promptingz,Prompt for credentials on the secure desktopz(Prompt for consent on the secure desktopzPrompt for credentialszPrompt for consentz+Prompt for consent for non-Windows binaries)r r r r � � Nr z%Automatically deny elevation requests)r r r Nr �Disabled�Enabled)r r Nr �_dict_lookupF)�lookup�value_lookupT)�Get�PutZGetArgsZPutArgsZDefault)r r r Nr )r r Nr )�Computer Configuration�Windows Settings�Security Settings�Local PolicieszSecurity Options)r* r+ r, z'Windows Firewall with Advanced SecurityzCWindows Firewall with Advanced Security - Local Group Policy Object)r* r+ r, �Account PolicieszPassword Policy)r* r+ r, r- zAudit Policy)r* r+ r, z#Advanced Audit Policy Configurationz1System Audit Policies - Local Group Policy Object)r* r+ r, r. zAccount Lockout Policy)r* r+ r, r- zUser Rights AssignmentzThis policy is disabledz"Users can't add Microsoft accountsz1Users can't add or log on with Microsoft accountsZNeverzWhen supportedZAlways�NonezRequire signing)r r Nr ZOffzAccept if provided by clientzRequired from clientz(User display name, domain and user nameszUser display name onlyzDo not display user information)r r r Nr z0Classic - local users authenticate as themselvesz.Guest only - local users authenticate as Guestz<User input is not required when new keys are stored and usedz+User is prompted when the key is first usedz3User must enter a password each time they use a keyzBlock (default)zBlock all connectionsZAllow�Not configured)ZblockinboundZblockinboundalwaysZallowinbound�
notconfiguredZBlockzAllow (default))Z
blockoutboundZ
allowoutboundr1 z
Yes (default)ZNo)�enable�disabler1 ZYeszNo (default)zOn (recommended))�onZoffr1 z
No minimumZDES_CBC_CRCZDES_CBD_MD5ZRC4_HMAC_MD5ZAES128_HMAC_SHA1ZAES256_HMAC_SHA1zFuture Encryption Types) r r r r! � � i�Nr zSend LM & NTLM responsez:Send LM & NTLM - use NTLMv2 session security if negotiatedzSend NTLM response onlyzSend NTLMv2 response onlyz$Send NTLMv2 response only. Refuse LMz+Send NTLMv2 response only. Refuse LM & NTLMzNegotiate signingzRequire NTLMv2 session securityzRequire 128-bit encryption)r i i Nr ZDisablez#Enable auditing for domain accountsz Enable auditing for all accountsz,Enable for domain accounts to domain serverszEnable for domain accountszEnable for domain serversz
Enable all)r r r r"