1

I have a C# Windows program that is reading custom group policy settings, set by Administrator with ADMX. Currently, the app is directly reading the registry values that reflect the group policy settings.

Now, I want to make a pure-UWP version of this app (preferably without using Desktop Bridge), which should be installed directly from Microsoft Store. I already saw in another question that this kind of apps cannot access Windows' registry. However, specifically for Group Policy there might be a dedicated API - but it's not well documented (see here).

So - is there any way for a pure UWP app to read the group policy settings?

Yoav Feuerstein
  • 1,925
  • 2
  • 22
  • 53
  • You can create a new project and then set the executable to run as admin. Then from the UWP call the new project. This way the main project which is not run as admin can read the Group Policy from new executable. – jdweng Feb 09 '20 at 13:38
  • If you could access either Group Policy or the Registry from a UWP app you would be violating the the purpose of these apps which is to prevent you from doing such things. The second link you pointed is for installers that are have "full trust" as @jdweng pointed out you will need to create an app that can be run as Admin to act as a service. Here is how you can do that: https://learn.microsoft.com/en-us/windows/uwp/launch-resume/how-to-create-and-consume-an-app-service – xsoftie Feb 09 '20 at 14:24
  • what you link is doing is exactly what I suggested. I says "This article focuses on creating and consuming an app service that runs in a separate background process". What I suggested is creating a "separate process". – jdweng Feb 09 '20 at 16:35
  • Group Policies are not consistent between desktop and other Universal platforms (like Xbox, Phone, and Windows 10X), so whatever you come up with will not be universal. The universal version is [Windows.Management.Policies](https://learn.microsoft.com/en-us/uwp/api/windows.management.policies). – Raymond Chen Feb 11 '20 at 06:31

1 Answers1

1

Reading Group Policy settings from pure UWP app

Currently, UWP does not support access Group policy directly. As mentioned from this case reply, you could make Brokered Windows Runtime Component or desk-bridge to access regedit indirectly. For pure UWP app, it could not do it, and if you do want this feature please feel free post your requirement with Windows Feed Hub app.

Update

Currently, there not such api that could access Group Policy directly within uwp platform. But the WACK list for APIs was updated to allow the registry APIs. (Actually, they will work on ANY version of Windows 10, not just 1809) that means you could use win32 api to access Group Policy. You could look at pinvoke for C# wrappers if you want to use from managed code. And please note if you have used pinvoke in your UWP app, it will not be allowed to publish to store.

Nico Zhu
  • 32,367
  • 2
  • 15
  • 36
  • Thanks, but you linked to the same discussion I was referring to in my original question - it says that UWP apps can't access the registry. But another article (by Microsoft) mentions that recent UWP apps should be able to access GP specifically - just unclear about how exactly. – Yoav Feuerstein Feb 10 '20 at 09:54
  • That is desktop-bridge app related not pure uwp app. – Nico Zhu Feb 10 '20 at 09:57
  • The better way is make win32 extension for your pure uwp app, for detail steps you could refer this [tutorial](https://stefanwick.com/2018/04/16/uwp-with-desktop-extension-part-3/). – Nico Zhu Feb 10 '20 at 10:06
  • Thanks. The article clearly states that `Starting in Windows 10 1809, if your app is a Universal Windows Platform (UWP) app it can access the same Group Policy keys`, so it sounds like UWP apps should be able to do so without relying on win32 extension, desktop bridge, etc. Maybe it's just poor phrasing :) – Yoav Feuerstein Feb 10 '20 at 10:33
  • Thanks for the update! Regarding `pinvoke`, will it prevent the app from publishing to the store even if it's an Enterprise app? – Yoav Feuerstein Feb 12 '20 at 13:54
  • 2
    @YoavFeuerstein If your Enterprise app is sideloaded or delivered through your Enterprise store, then it doesn't go through the Windows Store and therefore Windows Store acceptance is irrelevant. – Raymond Chen Feb 12 '20 at 15:47