共用方式為


UWF_RegistryFilter

新增或移除統一寫入篩選器 (UWF) 篩選的登錄排除專案,也會認可登錄變更。

語法

class UWF_RegistryFilter{
    [key, Read] boolean CurrentSession;
    [Read, Write] boolean PersistDomainSecretKey;
    [Read, Write] boolean PersistTSCAL;

    UInt32 AddExclusion(
        string RegistryKey
    );
    UInt32 RemoveExclusion(
        string RegistryKey
    );
    UInt32 FindExclusion(
        [in] string RegistryKey,
        [out] boolean bFound
    );
    UInt32 GetExclusions(
        [out, EmbeddedInstance("UWF_ExcludedRegistryKey")] string ExcludedKeys[]
    );
    UInt32 CommitRegistry(
        [in] string RegistryKey,
        [in] string ValueName
    );
    UInt32 CommitRegistryDeletion(
        string Registrykey,
        string ValueName
    );
};

成員

下表列出屬於這個類別的方法和屬性。

方法 描述
UWF_RegistryFilter.AddExclusion 將登錄機碼新增至UWF的登錄排除清單。
UWF_RegistryFilter.CommitRegistry 認可對指定登錄機碼和值的變更。
UWF_RegistryFilter.CommitRegistryDeletion 刪除指定的登錄機碼或登錄值,並認可刪除。
UWF_RegistryFilter.FindExclusion 判斷特定登錄機碼是否排除在UWF篩選之外。
UWF_RegistryFilter.GetExclusions 從受UWF保護的系統擷取所有登錄機碼排除專案
UWF_RegistryFilter.RemoveExclusion 從統一寫入篩選器的登錄排除清單中移除登錄機碼 (UWF) 。

屬性

屬性 資料類型 限定 符 描述
CurrentSession 布林值 [索引鍵,讀取] 指出物件包含設定的會話。
- 如果目前會話
- 的設定為 False,則為 True,如果設定是針對重新啟動之後的下一個會話。
PersistDomainSecretKey 布林值 [讀取、寫入] 指出網域秘密登錄機碼是否在登錄排除清單中。 如果登錄機碼不在排除清單中,則在重新啟動之後不會保存變更。
- True 表示包含在排除清單
中 - 否則 為 False
PersistTSCAL 布林值 [讀取、寫入] 指出終端機伺服器用戶端存取授權 (TSCAL) 登錄機碼是否在 UWF 登錄排除清單中。 如果登錄機碼不在排除清單中,則在重新啟動之後不會保存變更。
- True 表示包含在排除清單
中- 否則,設定為 False

備註

新增或移除登錄排除專案,包括 PersistDomainSecretKeyPersistTSCAL 值的變更,會在啟用 UWF 的下一次重新啟動之後生效。

您只能將 HKLM 登錄根目錄中的登錄機碼新增至 UWF 登錄排除清單。

您也可以使用 UWF_RegistryFilter 從 UWF 篩選中排除網域秘密登錄機碼和 TSCAL 登錄機碼。

範例

下列範例示範如何在PowerShell腳本中使用Windows Management Instrumentation (WMI) 提供者來管理 UWF 登錄排除專案。

PowerShell 腳本會建立四個函式,然後示範如何使用它們。

第一個函 式 Get-RegistryExclusions 會顯示目前會話和重新啟動後下一個會話的 UWF 登錄排除清單。

第二個函 式 Add-RegistryExclusion 會在您重新啟動裝置之後,將登錄專案新增至 UWF 登錄排除清單。

第三個函 式 Remove-RegistryExclusion 會在您重新啟動裝置之後,從 UWF 排除清單中移除登錄專案。

第四個函 式 Clear-RegistryExclusions 會移除所有 UWF 登錄排除專案。 您必須在 UWF 停止篩選排除專案之前重新啟動裝置。

$COMPUTER = "EMBEDDEDDEVICE"
$NAMESPACE = "root\standardcimv2\embedded"

# Define common parameters

$CommonParams = @{"namespace"=$NAMESPACE; "computer"=$COMPUTER}

function Get-RegistryExclusions() {

# This function lists the UWF registry exclusions, both
# for the current session as well as the next session after a restart.


# Get the UWF_RegistryFilter configuration for the current session

    $currentConfig = Get-WMIObject -class UWF_RegistryFilter @CommonParams |
        where {
            $_.CurrentSession -eq $true
        };

# Get the UWF_RegistryFilter configuration for the next session after a restart

    $nextConfig = Get-WMIObject -class UWF_RegistryFilter @CommonParams |
        where {
            $_.CurrentSession -eq $false
        };

# Display registry exclusions for the current session

    if ($currentConfig) {

        Write-Host ""
        Write-Host "The following registry entries are currently excluded from UWF filtering:";

        $currentExcludedList = $currentConfig.GetExclusions()

        if ($currentExcludedList.ExcludedKeys) {
            foreach ($registryExclusion in $currentExcludedList.ExcludedKeys)  {
                Write-Host "  " $registryExclusion.RegistryKey
            }
        } else {
            Write-Host "  None"
        }
    } else {
        Write-Error "Could not retrieve UWF_RegistryFilter.";
}

# Display registry exclusions for the next session after a restart

    if ($nextConfig) {

        Write-Host ""
        Write-Host "The following registry entries will be excluded from UWF filtering after the next restart:";

        $nextExcludedList = $nextConfig.GetExclusions()

        if ($nextExcludedList.ExcludedKeys) {
            foreach ($registryExclusion in $nextExcludedList.ExcludedKeys)  {
                Write-Host "  " $registryExclusion.RegistryKey
            }
        } else {
            Write-Host "  None"
        }
        Write-Host ""
    }
}

function Add-RegistryExclusion($exclusion) {

# This function adds a new UWF registry exclusion.
# The new registry exclusion takes effect the next time the device is restarted and UWF is enabled.

# $exclusion is the path of the registry exclusion

# Get the UWF_RegistryFilter configuration for the next session after a restart

    $nextConfig = Get-WMIObject -class UWF_RegistryFilter @CommonParams |
        where {
            $_.CurrentSession -eq $false
        };

# Add the exclusion

    if ($nextConfig) {
        $nextConfig.AddExclusion($exclusion) | Out-Null;
        Write-Host "Added exclusion $exclusion.";
    } else {
        Write-Error "Could not retrieve UWF_RegistryFilter";
    }
}

function Remove-RegistryExclusion($exclusion) {

# This function removes a UWF registry exclusion.
# The registry exclusion is removed the next time the device is restarted

# $exclusion is the path of the registry exclusion

# Get the UWF_RegistryFilter configuration for the next session after a restart

    $nextConfig = Get-WMIObject -class UWF_RegistryFilter @CommonParams |
        where {
            $_.CurrentSession -eq $false
        };

# Try to remove the exclusion

    if ($nextConfig) {
        try {
            $nextConfig.RemoveExclusion($exclusion) | Out-Null;
            Write-Host "Removed exclusion $exclusion.";
        } catch {
            Write-Host "Could not remove exclusion $exclusion."
        }
    } else {
        Write-Error "Could not retrieve UWF_RegistryFilter";
    }
}

function Clear-RegistryExclusions() {

# This function removes all UWF registry exclusions
# The registry exclusions are removed the next time the device is restarted

# Get the configuration for the next session

    $nextConfig = Get-WMIObject -class UWF_RegistryFilter @CommonParams |
        where {
            $_.CurrentSession -eq $false
        };

# Remove all registry exclusions

    if ($nextConfig) {

        Write-Host "Removing all registry exclusions:";

        $nextExcludedList = $nextConfig.GetExclusions()

        if ($nextExcludedList) {
            foreach ($registryExclusion in $nextExcludedList.ExcludedKeys)  {
                Write-Host "Removing:" $registryExclusion.RegistryKey
                $nextConfig.RemoveExclusion($registryExclusion.RegistryKey) | Out-Null
            }
        } else {
            Write-Host "No registry exclusions to remove."
        }
        Write-Host ""
    }
}

# Some examples of using the functions

Clear-RegistryExclusions

Get-RegistryExclusions

Add-RegistryExclusion "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer"
Add-RegistryExclusion "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers\(Default)"

Get-RegistryExclusions

Remove-RegistryExclusion "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer"

Get-RegistryExclusions

Clear-RegistryExclusions

需求

Windows 版本 支援
Windows 首頁
Windows 專業版
Windows 企業版
Windows 教育版
Windows IoT 企業版