Home > front end >  MDM bridge WMI: How to allow camera MDM_Policy_Config01_Camera02
MDM bridge WMI: How to allow camera MDM_Policy_Config01_Camera02

Time:11-04

I would like to enable and disable windows devices as camera using WMI in C . For example I'm able to access to table MDM_Policy_Result01_Camera02 and get the property AllowCamera quite easily where on the documentation is specify "Access type: Read/write". So in my opinion I should be able to modify it.

But seems like WQL doesn't work with UPDATE.

This is my code to access to table MDM_Policy_Result01_Camera02 :

#include <iostream>
#define _WIN32_DCOM
#include <windows.h>
#include <Wbemidl.h>
#include <comdef.h>

# pragma comment(lib, "wbemuuid.lib")

bool initializeCom(){
    // Step 1: --------------------------------------------------
    // Initialize COM. ------------------------------------------

    HRESULT hres =  CoInitializeEx(0, COINIT_MULTITHREADED); 
    if (FAILED(hres))
    {
    std::cout << "Failed to initialize COM library. Error code = 0x" 
        << std::hex << hres << std::endl;
    return false;                  // Program has failed.
    }

    // Step 2: --------------------------------------------------
    // Set general COM security levels --------------------------

    hres =  CoInitializeSecurity(
        nullptr, 
        -1,                          // COM authentication
        nullptr,                        // Authentication services
        nullptr,                        // Reserved
        RPC_C_AUTHN_LEVEL_DEFAULT,   // Default authentication 
        RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation  
    nullptr,                        // Authentication info
        EOAC_NONE,                   // Additional capabilities 
        nullptr                         // Reserved
        );

    if (FAILED(hres))
    {
        std::cout << "Failed to initialize security. Error code = 0x" 
            << std::hex << hres << std::endl;
        CoUninitialize();
        return false;                    // Program has failed.
    }
    return true;
}

bool setUpWBEM(IWbemLocator*& wbemLocator, IWbemServices*& wbemServices){
    // Step 3: ---------------------------------------------------
    // Obtain the initial locator to WMI -------------------------
    HRESULT hres = CoCreateInstance(
        CLSID_WbemLocator,             
        0, 
        CLSCTX_INPROC_SERVER, 
        IID_IWbemLocator, (LPVOID *) &wbemLocator);

    if (FAILED(hres))
    {
        std::cout << "Failed to create IWbemLocator object."
            << " Err code = 0x"
            << std::hex << hres << std::endl;
        CoUninitialize();
        return false;                 // Program has failed.
    }

    // Step 4: -----------------------------------------------------
    // Connect to WMI through the IWbemLocator::ConnectServer method

    // Connect to the root\cimv2 namespace with
    // the current user and obtain pointer wbemServices
    // to make IWbemServices calls.

    hres = wbemLocator->ConnectServer(
         _bstr_t(L"Root\\CIMv2\\MDM\\DMMap"), // Object path of WMI namespace
         nullptr,                    // User name. NULL = current user
         nullptr,                    // User password. NULL = current
         0,                       // Locale. NULL indicates current
         0,                    // Security flags.
         0,                       // Authority (for example, Kerberos)
         0,                       // Context object 
        &wbemServices            // pointer to IWbemServices proxy
         );

    if (FAILED(hres))
    {
        std::cout << "Could not connect. Error code = 0x" << std::hex << hres << std::endl;
        wbemLocator->Release();     
        CoUninitialize();
        return false;                // Program has failed.
    }

    std::cout << "Connected to ROOT\\CIMV2 WMI namespace" << std::endl;


    // Step 5: --------------------------------------------------
    // Set security levels on the proxy -------------------------

    hres = CoSetProxyBlanket(
       wbemServices,                // Indicates the proxy to set
       RPC_C_AUTHN_WINNT,           // RPC_C_AUTHN_xxx
       RPC_C_AUTHZ_NONE,            // RPC_C_AUTHZ_xxx
       nullptr,                        // Server principal name 
       RPC_C_AUTHN_LEVEL_CALL,      // RPC_C_AUTHN_LEVEL_xxx 
       RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
       nullptr,                        // client identity
       EOAC_NONE                    // proxy capabilities 
    );

    if (FAILED(hres))
    {
        std::cout << "Could not set proxy blanket. Error code = 0x" 
            << std::hex << hres << std::endl;
        wbemServices->Release();
        wbemLocator->Release();     
        CoUninitialize();
        return false;               // Program has failed.
    }

    return true;
}

int main() {

    std::cout << "HelloWorld" << std::endl;
    IWbemLocator* wbemLocator{nullptr};
    IWbemServices* wbemServices{nullptr};

    try{
        if(!initializeCom())
            throw "initializeCom failed";

        if(!setUpWBEM(wbemLocator,wbemServices))
            throw "setUpWBEM failed";

        // Step 6: --------------------------------------------------
        // Use the IWbemServices pointer to make requests of WMI ----

        BSTR bstr_wql = SysAllocString(L"WQL" );
        BSTR bstr_sql = SysAllocString(L"SELECT AllowCamera FROM MDM_Policy_Result01_Camera02" ); 

        // For example, get the name of the operating system
        IEnumWbemClassObject* pEnumerator{nullptr};
        HRESULT hres = wbemServices->ExecQuery(
            bstr_wql, 
            bstr_sql,
            WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, 
            nullptr,
            &pEnumerator);
    
        if (FAILED(hres))
        {
            std::cout << "Query for operating system name failed."
                << " Error code = 0x" 
                << std::hex << hres << std::endl;
            wbemServices->Release();
            wbemLocator->Release();
            CoUninitialize();
            throw "ExecQuery failed";;               // Program has failed.
        }

        // Step 7: -------------------------------------------------
        // Get the data from the query in step 6 -------------------

        IWbemClassObject *pclsObj{nullptr};
        ULONG uReturn = 0;

        while (pEnumerator)
        {
            HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 1, 
                &pclsObj, &uReturn);

            if(0 == uReturn)
            {
                break;
            }

            VARIANT vtProp;

            // Get the value of the Name property
            hr = pclsObj->Get(L"AllowCamera", 0, &vtProp, 0, 0);

            if(FAILED(hr))
                std::cout << "Failed to get name " << std::endl;

            std::cout << "Camera allow : " << vtProp.intVal << std::endl;
            VariantClear(&vtProp);
        
            pclsObj->Release();
        }

        // Cleanup
        // ========
    
        wbemServices->Release();
        wbemLocator->Release();
        pEnumerator->Release();
        CoUninitialize();

    } catch(const std::string& error){
        std::cout << error << std::endl;
    }
    return 0;
}

Changing SELECT AllowCamera FROM MDM_Policy_Result01_Camera02 with UPDATE MDM_Policy_Result01_Camera02 SET AllowCamera=0 doesn't work ...

If you have any idea, let me know !

CodePudding user response:

Finally came out the MDM brigde WSI C example : https://docs.microsoft.com/fr-fr/windows/win32/wmisdk/example--calling-a-provider-method

  • Related