mir/PowerToys
2
0
Fork 0
mirror of https://github.com/microsoft/PowerToys synced 2025-08-22 01:58:04 +00:00
Code Issues Actions 19 Packages Projects Releases Wiki Activity
PowerToys/doc/devdocs/processes/gpo.md
Gleb Khmyznikov 725535b760
Some checks failed
Spell checking / Check Spelling (push) Has been cancelled
Details
Spell checking / Report (Push) (push) Has been cancelled
Details
Spell checking / Report (PR) (push) Has been cancelled
Details
Spell checking / Update PR (push) Has been cancelled
Details
[DevDocs] More content and restructure (#40165) 
## Summary of the Pull Request
Accumulated information from internal transition about the modules
development, and reworked it to be added in dev docs. Also the dev docs
intself was restructured to be more organized. New pages was
verified by transition team.

## PR Checklist
- [x] **Dev docs:** Added/updated

---------

Co-authored-by: Zhaopeng Wang (from Dev Box) <zhaopengwang@microsoft.com>
Co-authored-by: Hao Liu <liuhao3418@gmail.com>
Co-authored-by: Peiyao Zhao <105847726+zhaopy536@users.noreply.github.com>
Co-authored-by: Mengyuan <162882040+chenmy77@users.noreply.github.com>
Co-authored-by: zhaopeng wang <33367956+wang563681252@users.noreply.github.com>
Co-authored-by: Jaylyn Barbee <51131738+Jaylyn-Barbee@users.noreply.github.com>
2025-07-01 14:27:34 +02:00

4.2 KiB
Raw Permalink Blame History

PowerToys GPO (Group Policy Objects) Implementation

Group Policy Objects (GPOs) allow system administrators to control PowerToys settings across an organization. This document describes how GPOs are implemented in PowerToys.

GPO Overview

GPO policies allow system administrators to control PowerToys settings. PowerToys ships GPO files as part of the release zip, not installed directly.

GPO File Structure

ADMX File

  • Contains policy definitions
  • Defines which versions support each policy
  • Sets up folder structure
  • Defines each policy with:
    • Name
    • Class (user scope or machine scope)
    • Description
    • Registry location where policy is stored
    • Enabled/disabled values

ADML File

  • Contains localized strings for the ADMX file
  • Contains revision number that must be updated when changes are made
  • Stores strings for:
    • Folder names
    • Version definitions
    • Policy descriptions and titles
  • Currently only ships English US version (no localization story yet)

Installation Process

  • Files need to be placed in: C:\Windows\PolicyDefinitions\
  • ADMX file goes in the root folder
  • ADML file goes in the language subfolder (e.g., en-US)
  • After installation, policies appear in the Group Policy Editor (gpedit.msc)

Registry Implementation

  • Policies are stored as registry values
  • Location: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PowerToys or HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PowerToys
  • Machine scope takes precedence over user scope
  • Policy states:
    • Enabled: Registry value set to 1
    • Disabled: Registry value set to 0
    • Not Configured: Registry value does not exist

Code Integration

Common Files

  • Policy keys defined in common\utils\GPO.h
  • Contains functions to read registry values and get configured values
  • WinRT C++ adapter created for C# applications to access GPO settings

WPF Applications

  • WPF applications cannot directly load WinRT C++ projects
  • Additional library created to allow WPF applications to access GPO values

Module Interface

  • Each module must implement policy checking in its interface
  • Runner checks this to determine if module should be started or not

UI Implementation

  • When a policy disables a utility:
    • UI is locked (cannot be enabled)
    • Settings page shows a lock icon
    • Dashboard hides the module button
    • If user tries to start the executable directly, it exits and logs a message

Types of GPO Policies

Basic Module Enable/Disable Policy

  • Most common type
  • Controls whether a module can be enabled or disabled
  • Shared description text for these policies

Configuration Policies

  • Example: Run at startup setting
  • Controls specific settings rather than enabling/disabling modules
  • Custom description text explaining what happens when enabled/disabled/not configured

Machine-Scope Only Policies

  • Example: Mouse Without Borders service mode
  • Only makes sense at machine level (not user level)
  • Restricts functionality that requires elevated permissions

Steps to Add a New Policy

  1. Update ADMX file:

    • Increase revision number
    • Add supported version definition
    • Define the policy with registry location

  2. Update ADML file:

    • Increase revision number
    • Add strings for version, title, description

  3. Update code:

    • Add to GPO.h
    • Add to GPO wrapper for C# access
    • Update module interface
    • Modify settings UI to show lock when policy applied
    • Add checks in executable to prevent direct launching
    • Update dashboard helper to respect policy

  4. Add to bug report tool to capture policy state

Update-Related GPO Settings

  • disable automatic update download - Prevents automatic downloading
  • disable new update toast - Controls if toast notifications are shown
  • suspend new update toast - Suspends toast notifications for 2 minor releases

Testing GPO Settings

To test GPO settings locally:

  1. Run regedit as administrator
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PowerToys
  3. Create a new DWORD value with the name of the policy
  4. Set the value to 0 (disabled) or 1 (enabled)
  5. Restart PowerToys to see the effect

For user-scope policies, use HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\PowerToys instead.