[File] [PATCH] Support Windows AD GPO Registry Policy files (Registry.pol)
Yuuta Liang
yuuta at yuuta.moe
Sat Jun 24 04:13:28 UTC 2023
Hello,
The attached patch adds basic support for Registry.pol files (Windows
Active Directory Group Policy Registry Policy). Thanks!
Registry.pol files store GPO-configured registry values, and they are
located in the AD sysvol, such as \\<Domain FQDN>\\sysvol\\<Domain
FQDN>\\policies\<GUID>\Machine\Registry.pol.
Docs on the file format:
https://learn.microsoft.com/en-us/previous-versions/windows/desktop/policy/registry-policy-file-format.
Best regards,
Yuuta Liang
---
magic/Magdir/windows | 6 ++++++
tests/registry-pol.result | 1 +
tests/registry-pol.testfile | Bin 0 -> 7094 bytes
3 files changed, 7 insertions(+)
create mode 100644 tests/registry-pol.result
create mode 100644 tests/registry-pol.testfile
diff --git a/magic/Magdir/windows b/magic/Magdir/windows
index 12976c88..d6e254b8 100644
--- a/magic/Magdir/windows
+++ b/magic/Magdir/windows
@@ -1814,3 +1814,9 @@
0 string MetaView\x20Service\x20Assurance\x20Export\x20File
MetaView SAS export
>39 string Version\x20
>>47 byte x
\b, version %c
+
+# Active Directory Group Policy Registry Policy File Format
+# From: Yuuta Liang <yuuta at yuuta.moe>
+# URL:
https://learn.microsoft.com/en-us/previous-versions/windows/desktop/policy/registry-policy-file-format
+0 string PReg
+>4 lelong x Group Policy Registry Policy, Version=%d
diff --git a/tests/registry-pol.result b/tests/registry-pol.result
new file mode 100644
index 00000000..7ca512f0
--- /dev/null
+++ b/tests/registry-pol.result
@@ -0,0 +1 @@
+Group Policy Registry Policy, Version=1
diff --git a/tests/registry-pol.testfile b/tests/registry-pol.testfile
new file mode 100644
index
0000000000000000000000000000000000000000..643e4a6dffd7f9302ed408723622dc5a904671db
GIT binary patch
literal 7094
zcmds+U279j5Qaw)1 at Y1!&}*U4CT-f7t0YaN^uv%;L5xU at o3@Z<rJJZh#9uD;nc0Rt
z(Tz8{J%<p^+1aya*>~ohuibRI(fK_Qc`H4MWh7JiA_KXWNcz%YWh|F6WJHp%a$;xK
ztS7g-`_g3hTt0DUEa%7r<O^0rYVwTV0r!p>Q^pZv&b at j~pIVcN&Hww^F7`Q^Md12u
zvp)M>0owMZE;F-13!T(LV}4gWbHb`>T9=k%(bPT<>`FR6@`mgsypN3O33yxb6$USj
z$tlMe4LWAKp`(q9{Bgj at d&Y_S^C_OGe7N5C(CmLAZwk{Oi=jXLux3wB<KWcfZ?Y#P
z*_DcHNn0ASFPkPeWgBUSYh{xfL{*c0n^I-9fp3*K-?mZZyd>W}Y1GD#2IPU%%C46H
zsG!JOZR0-n+9Q8e<s)+$tB$bE7HfLcxq{UO$RpcVMvmCK%N_g370yb?dd~+|cZ{W1
z(v at SAQtqCZd<-XbBIWto=;_+^5bd(8y$;@5jBm8bn_4X=c+r?zx5zq~?b>F?I{v8H
zRjbklw$*$a*;<S=XDzReZ2VS1im7BS at 5{BbD4VUy8Bf<HmeTIvf~>wu*ZXUuYm=TK
zx$Sz~3h?vh=EuKyY|nZ}?IW+KblTHt1dSL&a<#5&k6Pzim!3~M)BHUei|NSbyTzsT
zBdw4b0w96wZgHG>#L<MQ&^TIP^2yHvgHLX>9wo$-zQe at 45o%8q8ds|@`s8jECcj*E
z=t5qQ6T^$Q1Ns>kn_uphvH0YyEwAbSLW{Tzl~0~B6#f}{kM|zo!(lSzqVvy~i^eB&
zT`F2kw-_2{E-s&Jxj20CbVh$av-gP5m|8~WldEMUVX&pWqJA%q`HHOH{ljH14`~=|
h<{=A--5Fm)^`D`He|q#CJ9Lio at P@>69=^Zv{R^y6)}{ae
literal 0
HcmV?d00001
--
2.40.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x07000ADCB05A5BC4.asc
Type: application/pgp-keys
Size: 1810 bytes
Desc: OpenPGP public key
URL: <https://mailman.astron.com/pipermail/file/attachments/20230623/8bb36622/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://mailman.astron.com/pipermail/file/attachments/20230623/8bb36622/attachment-0001.asc>
More information about the File
mailing list