0.13.0-alt1

- Implemented Local Administrator Password Solution (LAPS) functionality, including support for Group Policy Object (GPO) keys to configure LAPS settings - Added support for disabling cifsacl in autofs mounts (closes:52333) - Implemented the ability to merge computer and user GPO shortcuts - Added access restrictions to network directories of other users - Added cleaning functionality for the autofs configuration catalog - Added ability to configure KDE 6 files
Added ability to configure KDE 6 files
2025-03-14 16:58:25 +03:00 · 2025-03-07 12:24:28 +04:00 · 2025-03-07 12:22:46 +04:00 · 2025-03-06 15:52:26 +04:00 · 2025-03-06 15:45:19 +04:00 · 2025-03-05 10:29:10 +04:00
108 changed files with 9028 additions and 1740 deletions
--- a/completions/gpoa
+++ b/completions/gpoa
@ -0,0 +1,22 @@
+_gpoa()
+{
+    local cur prev words cword split
+    _init_completion -s || return
+
+    case $prev in
+        --dc)
+            _filedir
+            return
+            ;;
+        --loglevel)
+            COMPREPLY=($(compgen -W '0 1 2 3 4 5' -- "$cur"))
+            return
+            ;;
+        *)
+            COMPREPLY=($(compgen -W '--dc --nodomain --noupdate --noplugins --list-backends --loglevel --help --force' -- "$cur"))
+            return
+            ;;
+    esac
+}
+
+complete -F _gpoa gpoa
--- a/completions/gpupdate
+++ b/completions/gpupdate
@ -0,0 +1,27 @@
+_gpupdate()
+{
+    local cur prev words cword split
+    _init_completion -s || return
+
+    case $prev in
+        -u|--user)
+            _filedir
+            return
+            ;;
+        -t|--target)
+            COMPREPLY=($(compgen -W 'ALL USER COMPUTER' -- "$cur"))
+            return
+            ;;
+        -l|--loglevel)
+            COMPREPLY=($(compgen -W '0 1 2 3 4 5' -- "$cur"))
+            return
+            ;;
+        *)
+            COMPREPLY=($(compgen -W '--user --target --loglevel --system --help --force' -- "$cur"))
+            return
+            ;;
+    esac
+}
+
+complete -F _gpupdate gpupdate
+
--- a/completions/gpupdate-setup
+++ b/completions/gpupdate-setup
@ -0,0 +1,18 @@
+_gpupdate-setup()
+{
+    local cur prev words cword split
+    _init_completion -s || return
+
+    case $prev in
+        set-backend)
+            COMPREPLY=($(compgen -W 'local samba' -- "$cur"))
+            return
+            ;;
+        *)
+            COMPREPLY=($(compgen -W 'list list-backends status enable disable update write set-backend default-policy active-policy active-backend' -- "$cur"))
+            return
+            ;;
+    esac
+}
+
+complete -F _gpupdate-setup gpupdate-setup
--- a/dist/gpupdate-group-users
+++ b/dist/gpupdate-group-users
@ -0,0 +1,19 @@
+#!/bin/sh
+
+. /etc/control.d/functions
+
+CONFIG=/etc/pam.d/system-policy-gpupdate
+
+new_subst disabled \
+        '^[[:space:]]*session[[:space:]]+\[.*default=1.*\][[:space:]]+pam_succeed_if.so user ingroup users.*' \
+        's,^\([[:space:]]*session[[:space:]]\+\[.*\)default=[[:alnum:]]\+\(.*pam_succeed_if.so user ingroup users.*\)$,\1default=1\2,'
+new_subst enabled \
+        '^[[:space:]]*session[[:space:]]+\[.*default=ignore.*\][[:space:]]+pam_succeed_if.so user ingroup users.*' \
+        's,^\([[:space:]]*session[[:space:]]\+\[.*\)default=[[:alnum:]]\+\(.*pam_succeed_if.so user ingroup users.*\)$,\1default=ignore\2,'
+
+new_help disabled "Disable group policy applying for users in 'users' group only"
+new_help enabled "Enable group policy applying for users in 'users' group only"
+
+new_summary "Group policy applying for users in 'users' group only"
+
+control_subst "$CONFIG" "$*"
--- a/dist/gpupdate-localusers
+++ b/dist/gpupdate-localusers
@ -0,0 +1,19 @@
+#!/bin/sh
+
+. /etc/control.d/functions
+
+CONFIG=/etc/pam.d/system-policy-gpupdate
+
+new_subst disabled \
+        '^[[:space:]]*session[[:space:]]+\[.*success=2.*\][[:space:]]+pam_localuser.so' \
+        's,^\([[:space:]]*session[[:space:]]\+\[.*\)success=[[:alnum:]]\+\(.*pam_localuser.so.*\)$,\1success=2\2,'
+new_subst enabled \
+        '^[[:space:]]*session[[:space:]]+\[.*success=1.*\][[:space:]]+pam_localuser.so' \
+        's,^\([[:space:]]*session[[:space:]]\+\[.*\)success=[[:alnum:]]\+\(.*pam_localuser.so.*\)$,\1success=1\2,'
+
+new_help disabled 'Disable group policy applying for local users'
+new_help enabled 'Enable group policy applying for local users'
+
+new_summary 'Group policy applying for local users'
+
+control_subst "$CONFIG" "$*"
--- a/dist/gpupdate-remote-policy
+++ b/dist/gpupdate-remote-policy
@ -0,0 +1,4 @@
+#%PAM-1.0
+#auth		optional	pam_mount.so
+session		required	pam_mkhomedir.so silent
+#session		optional	pam_mount.so
--- a/dist/gpupdate-scripts-run-user.service
+++ b/dist/gpupdate-scripts-run-user.service
@ -0,0 +1,11 @@
+[Unit]
+Description=Run Group Policy scripts for a user
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+ExecStart=/usr/libexec/gpupdate/scripts_runner --mode USER --action LOGON --user %u
+ExecStop=/usr/libexec/gpupdate/scripts_runner --mode USER --action LOGOFF --user %u
+
+[Install]
+WantedBy=default.target
--- a/dist/gpupdate-scripts-run.service
+++ b/dist/gpupdate-scripts-run.service
@ -0,0 +1,15 @@
+[Unit]
+Description=Running Group Policy Scripts
+After=gpupdate.service
+
+[Service]
+Environment=PATH=/bin:/sbin:/usr/bin:/usr/sbin
+UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION
+Type=oneshot
+RemainAfterExit=true
+ExecStart=/usr/libexec/gpupdate/scripts_runner --mode MACHINE --action STARTUP
+ExecStop=/usr/libexec/gpupdate/scripts_runner --mode MACHINE --action SHUTDOWN
+StandardOutput=journal
+
+[Install]
+WantedBy=multi-user.target
--- a/dist/gpupdate-system-uids
+++ b/dist/gpupdate-system-uids
@ -0,0 +1,19 @@
+#!/bin/sh
+
+. /etc/control.d/functions
+
+CONFIG=/etc/pam.d/system-policy-gpupdate
+
+new_subst disabled \
+        '^[[:space:]]*session[[:space:]]+\[.*default=1.*\][[:space:]]+pam_succeed_if.so uid >= 500.*' \
+        's,^\([[:space:]]*session[[:space:]]\+\[.*\)default=[[:alnum:]]\+\(.*pam_succeed_if.so uid >= 500.*\)$,\1default=1\2,'
+new_subst enabled \
+        '^[[:space:]]*session[[:space:]]+\[.*default=ignore.*\][[:space:]]+pam_succeed_if.so uid >= 500.*' \
+        's,^\([[:space:]]*session[[:space:]]\+\[.*\)default=[[:alnum:]]\+\(.*pam_succeed_if.so uid >= 500.*\)$,\1default=ignore\2,'
+
+new_help disabled "Disable group policy applying for users with not system uids only"
+new_help enabled "Enable group policy applying for users with not system uids only"
+
+new_summary "Group policy applying for users with not system uids (greater or equal 500) only"
+
+control_subst "$CONFIG" "$*"
--- a/dist/gpupdate-user.service
+++ b/dist/gpupdate-user.service
@ -4,13 +4,10 @@ Description=gpupdate in userspace

 # gpupdate on Windows runs once per hour
 [Service]
-Environment="PATH=/bin:/sbin:/usr/bin:/usr/sbin"
-Type=simple
-RestartSec=3600
-TimeoutSec=3000
-Restart=always
-ExecStart=/usr/sbin/gpoa
+Environment=PATH=/bin:/sbin:/usr/bin:/usr/sbin
+UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION
+Type=oneshot
+ExecStart=/usr/bin/gpupdate --target USER

 [Install]
 WantedBy=default.target
-
--- a/dist/gpupdate-user.timer
+++ b/dist/gpupdate-user.timer
@ -0,0 +1,9 @@
+[Unit]
+Description=Run gpupdate-user every hour
+
+[Timer]
+OnStartupSec=60min
+OnUnitActiveSec=60min
+
+[Install]
+WantedBy=timers.target
--- a/dist/gpupdate.ini
+++ b/dist/gpupdate.ini
@ -1,4 +1,4 @@
 [gpoa]
-backend = samba
-local-policy = auto
+backend = local
+local-policy = default

--- a/dist/gpupdate.service
+++ b/dist/gpupdate.service
@ -1,13 +1,11 @@
 [Unit]
 Description=Group policy update for machine
-After=sssd.service
+After=syslog.target network-online.target sssd.service

 [Service]
-Environment="PATH=/bin:/sbin:/usr/bin:/usr/sbin"
-Type=simple
-RestartSec=3600
-TimeoutSec=3000
-Restart=always
+Environment=PATH=/bin:/sbin:/usr/bin:/usr/sbin
+UnsetEnvironment=LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION
+Type=oneshot
 ExecStart=/usr/bin/gpupdate
 StandardOutput=journal

--- a/dist/gpupdate.timer
+++ b/dist/gpupdate.timer
@ -0,0 +1,9 @@
+[Unit]
+Description=Run gpupdate every hour
+
+[Timer]
+OnStartupSec=60min
+OnUnitActiveSec=60min
+
+[Install]
+WantedBy=timers.target
--- a/dist/system-policy-gpupdate
+++ b/dist/system-policy-gpupdate
@ -1,4 +1,13 @@
 #%PAM-1.0
-session		required	pam_mkhomedir.so silent
+session		[success=2 perm_denied=ignore default=die]	pam_localuser.so
+session		substack	gpupdate-remote-policy
+session		[default=1]	pam_permit.so
+session		[default=7]	pam_permit.so
+session		[success=1 default=ignore]	pam_succeed_if.so user ingroup users quiet
+session		[default=5]	pam_permit.so
+session		[success=1 default=ignore]	pam_succeed_if.so uid >= 500 quiet
+session		[default=3]	pam_permit.so
+session		[success=1 default=ignore]	pam_succeed_if.so service = systemd-user quiet
 -session	required	pam_oddjob_gpupdate.so
 session		optional	pam_env.so user_readenv=1 conffile=/etc/gpupdate/environment user_envfile=.gpupdate_environment
+session		required	pam_permit.so
--- a/doc/gpoa.1
+++ b/doc/gpoa.1
@ -45,6 +45,9 @@ Don't run plugins.
 .TP
 \fB--loglevel \fILOGLEVEL\fP
 Set logging verbosity from 0 to 5.
+.TP
+\fB--force\fP
+Force GPT download.
 .
 .SH FILES
 \fB/usr/sbin/gpoa\fR utility uses \fB/usr/share/local-policy/default\fR
@ -55,8 +58,10 @@ All data is located in \fB/var/cache/gpupdate\fR. Also domain GPTs are
 taken from Samba's \fB/var/cache/samba\fR.
 .
 The settings read from Samba are stored in
-\fB/var/cache/gpupdate/registry.sqlite\fR and "Local Policy" settings
-read from \fB/usr/local/share/local-policy/default\fR are converted
+Dconf. Machine policies are stored in the \fB/etc/dconf/db/policy.d/policy.ini\fR file,
+user policies are stored in the \fB/etc/dconf/db/policy<UID>.d/policy<UID>.ini\fR file
+(where UID is the user ID in the system)."Local Policy" settings
+read from \fB/usr/share/local-policy/\fR are converted
 into GPT and stored as \fB/var/cache/gpupdate/local-policy\fR.
 .SH "SEE ALSO"
 gpupdate(1)
--- a/doc/gpupdate.1
+++ b/doc/gpupdate.1
@ -43,6 +43,9 @@ Show help.
 .TP
 \fB--user \fIusername\fR
 Run \fBgpupdate\fP for \fIusername\fP.
+.TP
+\fB--force\fP
+Force GPT download.
 .
 .SS "EXIT CODES"
 .TP
--- a/gpoa/backend/init.py
+++ b/gpoa/backend/init.py
@ -22,6 +22,9 @@ from .samba_backend import samba_backend
 from .nodomain_backend import nodomain_backend
 from util.logging import log
 from util.config import GPConfig
+from util.util import get_uid_by_username, touch_file
+from util.paths import get_dconf_config_file
+from storage.dconf_registry import Dconf_registry, create_dconf_ini_file, add_preferences_to_global_registry_dict

 def backend_factory(dc, username, is_machine, no_domain = False):
    '''
@ -41,7 +44,7 @@ def backend_factory(dc, username, is_machine, no_domain = False):
                log('D52', ld)
        sc = smbcreds(dc)
        domain = sc.get_domain()
-        ldata = dict({'domain': domain})
+        ldata = dict({'domain': domain, "username": username, 'is_machine': is_machine})
        log('D9', ldata)
        try:
            back = samba_backend(sc, username, domain, is_machine)
@ -59,3 +62,14 @@ def backend_factory(dc, username, is_machine, no_domain = False):

    return back

+def save_dconf(username, is_machine, nodomain=None):
+    if is_machine:
+        uid = None
+    else:
+        uid = get_uid_by_username(username) if not is_machine else None
+    target_file = get_dconf_config_file(uid)
+    touch_file(target_file)
+    Dconf_registry.apply_template(uid)
+    add_preferences_to_global_registry_dict(username, is_machine)
+    Dconf_registry.update_dict_to_previous()
+    create_dconf_ini_file(target_file,Dconf_registry.global_registry_dict, uid, nodomain)
--- a/gpoa/backend/nodomain_backend.py
+++ b/gpoa/backend/nodomain_backend.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -16,18 +16,14 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-import logging
-import os

 from .applier_backend import applier_backend
 from storage import registry_factory
-from gpt.gpt import gpt, get_local_gpt
+from gpt.gpt import get_local_gpt
 from util.util import (
    get_machine_name
 )
-from util.windows import get_sid
-import util.preg
-from util.logging import slogm
+from util.sid import get_sid

 class nodomain_backend(applier_backend):

@ -35,7 +31,7 @@ class nodomain_backend(applier_backend):
        domain = None
        machine_name = get_machine_name()
        machine_sid = get_sid(domain, machine_name, True)
-        self.storage = registry_factory('registry')
+        self.storage = registry_factory()
        self.storage.set_info('domain', domain)
        self.storage.set_info('machine_name', machine_name)
        self.storage.set_info('machine_sid', machine_sid)
@ -52,5 +48,6 @@ class nodomain_backend(applier_backend):
        self.storage.wipe_hklm()
        self.storage.wipe_user(self.storage.get_info('machine_sid'))
        local_policy = get_local_gpt(self.sid)
-        local_policy.merge()
+        local_policy.merge_machine()
+        local_policy.merge_user()

--- a/gpoa/backend/samba_backend.py
+++ b/gpoa/backend/samba_backend.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -18,29 +18,35 @@

 import os
 # Facility to determine GPTs for user
-from samba.gpclass import check_safe_path, check_refresh_gpo_list
+try:
+    from samba.gpclass import check_safe_path
+except ImportError:
+    from samba.gp.gpclass import check_safe_path

 from .applier_backend import applier_backend
-from storage import cache_factory, registry_factory
+from storage import registry_factory
 from gpt.gpt import gpt, get_local_gpt
+from gpt.gpo_dconf_mapping import GpoInfoDconf
 from util.util import (
-    get_machine_name,
-    is_machine_name
+    get_machine_name
 )
 from util.kerberos import (
      machine_kinit
    , machine_kdestroy
 )
-from util.windows import get_sid
-import util.preg
+from util.sid import get_sid
 from util.logging import log

 class samba_backend(applier_backend):
+    __user_policy_mode_key = '/SOFTWARE/Policies/Microsoft/Windows/System/UserPolicyMode'
+    __user_policy_mode_key_win = '/Software/Policies/Microsoft/Windows/System/UserPolicyMode'

    def __init__(self, sambacreds, username, domain, is_machine):
        self.cache_path = '/var/cache/gpupdate/creds/krb5cc_{}'.format(os.getpid())
        self.__kinit_successful = machine_kinit(self.cache_path)
-        self.storage = registry_factory('registry')
+        if not self.__kinit_successful:
+            raise Exception('kinit is not successful')
+        self.storage = registry_factory()
        self.storage.set_info('domain', domain)
        machine_name = get_machine_name()
        machine_sid = get_sid(domain, machine_name, is_machine)
@ -55,13 +61,13 @@ class samba_backend(applier_backend):
        else:
            self.sid = get_sid(self.storage.get_info('domain'), self.username)

-        self.cache = cache_factory('regpol_cache')
-        self.gpo_names = cache_factory('gpo_names')
-
        # Samba objects - LoadParm() and CredentialsOptions()
        self.sambacreds = sambacreds

        self.cache_dir = self.sambacreds.get_cache_dir()
+        self.gpo_cache_part ='gpo_cache'
+        self._cached = False
+        self.storage.set_info('cache_dir', os.path.join(self.cache_dir, self.gpo_cache_part))
        logdata = dict({'cachedir': self.cache_dir})
        log('D7', logdata)

@ -69,6 +75,24 @@ class samba_backend(applier_backend):
        if self.__kinit_successful:
            machine_kdestroy()

+    def get_policy_mode(self):
+        '''
+        Get UserPolicyMode parameter value in order to determine if it
+        is possible to work with user's part of GPT. This value is
+        checked only if working for user's SID.
+        '''
+        upm_key = self.storage.get_key_value(self.__user_policy_mode_key)
+        upm_win_key = self.storage.get_key_value(self.__user_policy_mode_key_win)
+        upm = upm_key if upm_key else upm_win_key
+        if upm:
+            upm = int(upm)
+            if upm < 0 or upm > 2:
+                upm = 0
+        else:
+            upm = 0
+
+        return upm
+
    def retrieve_and_store(self):
        '''
        Retrieve settings and strore it in a database
@ -80,42 +104,64 @@ class samba_backend(applier_backend):
        except Exception as exc:
            log('F2')
            raise exc
-        self.storage.wipe_hklm()
-        self.storage.wipe_user(self.storage.get_info('machine_sid'))
-        for gptobj in machine_gpts:
-            try:
-                gptobj.merge()
-            except Exception as exc:
-                logdata = dict()
-                logdata['msg'] = str(exc)
-                log('E26', logdata)
+
+        if self._is_machine_username:
+            for gptobj in machine_gpts:
+                try:
+                    gptobj.merge_machine()
+                except Exception as exc:
+                    logdata = dict()
+                    logdata['msg'] = str(exc)
+                    log('E26', logdata)

        # Load user GPT values in case user's name specified
        # This is a buggy implementation and should be tested more
-        if not self._is_machine_username:
+        else:
            user_gpts = list()
            try:
                user_gpts = self._get_gpts(self.username, self.sid)
            except Exception as exc:
                log('F3')
                raise exc
-            self.storage.wipe_user(self.sid)
-            for gptobj in user_gpts:
-                try:
-                    gptobj.merge()
-                except Exception as exc:
-                    logdata = dict()
-                    logdata['msg'] = str(exc)
-                    log('E27', logdata)
+
+            # Merge user settings if UserPolicyMode set accordingly
+            # and user settings (for HKCU) are exist.
+            policy_mode = self.get_policy_mode()
+            logdata = dict({'mode': upm2str(policy_mode), 'sid': self.sid})
+            log('D152', logdata)
+
+            if policy_mode < 2:
+                for gptobj in user_gpts:
+                    try:
+                        gptobj.merge_user()
+                    except Exception as exc:
+                        logdata = dict()
+                        logdata['msg'] = str(exc)
+                        log('E27', logdata)
+
+            if policy_mode > 0:
+                for gptobj in machine_gpts:
+                    try:
+                        gptobj.sid = self.sid
+                        gptobj.merge_user()
+                    except Exception as exc:
+                        logdata = dict()
+                        logdata['msg'] = str(exc)
+                        log('E63', logdata)

    def _check_sysvol_present(self, gpo):
        '''
        Check if there is SYSVOL path for GPO assigned
        '''
+        self._cached = False
        if not gpo.file_sys_path:
            # GPO named "Local Policy" has no entry by its nature so
            # no reason to print warning.
-            if 'Local Policy' != gpo.name:
+            if gpo.display_name in self.storage._dict_gpo_name_version_cache.keys():
+                gpo.file_sys_path = self.storage._dict_gpo_name_version_cache.get(gpo.display_name, {}).get('correct_path')
+                self._cached = True
+                return True
+            elif 'Local Policy' != gpo.name:
                logdata = dict({'gponame': gpo.name})
                log('W4', logdata)
            return False
@ -124,17 +170,24 @@ class samba_backend(applier_backend):
    def _get_gpts(self, username, sid):
        gpts = list()

-        log('D45')
+        log('D45', {'username': username, 'sid': sid})
        # util.windows.smbcreds
        gpos = self.sambacreds.update_gpos(username)
        log('D46')
        for gpo in gpos:
            if self._check_sysvol_present(gpo):
-                path = check_safe_path(gpo.file_sys_path).upper()
-                slogdata = dict({'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path})
-                log('D30', slogdata)
-                gpt_abspath = os.path.join(self.cache_dir, 'gpo_cache', path)
-                obj = gpt(gpt_abspath, sid)
+                if not self._cached:
+                    path = check_safe_path(gpo.file_sys_path).upper()
+                    slogdata = dict({'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path})
+                    log('D30', slogdata)
+                    gpt_abspath = os.path.join(self.cache_dir, self.gpo_cache_part, path)
+                else:
+                    gpt_abspath = gpo.file_sys_path
+                    log('D211', {'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name})
+                if self._is_machine_username:
+                    obj = gpt(gpt_abspath, sid, None, GpoInfoDconf(gpo))
+                else:
+                    obj = gpt(gpt_abspath, sid, self.username, GpoInfoDconf(gpo))
                obj.set_name(gpo.display_name)
                gpts.append(obj)
            else:
@ -143,3 +196,16 @@ class samba_backend(applier_backend):

        return gpts

+def upm2str(upm_num):
+    '''
+    Translate UserPolicyMode to string.
+    '''
+    result = 'Not configured'
+
+    if upm_num in [1, '1']:
+        result = 'Merge'
+
+    if upm_num in [2, '2']:
+        result = 'Replace'
+
+    return result
--- a/gpoa/frontend/applier_frontend.py
+++ b/gpoa/frontend/applier_frontend.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -18,32 +18,41 @@

 from abc import ABC

-import logging
-from util.logging import slogm

 def check_experimental_enabled(storage):
-    experimental_enable_flag = 'Software\\BaseALT\\Policies\\GPUpdate\\GlobalExperimental'
-    flag = storage.get_hklm_entry(experimental_enable_flag)
+    experimental_enable_flag = '/Software/BaseALT/Policies/GPUpdate/GlobalExperimental'
+    flag = storage.get_key_value(experimental_enable_flag)

    result = False

-    if flag and '1' == flag.data:
+    if flag and '1' == str(flag):
        result = True

    return result

+def check_windows_mapping_enabled(storage):
+    windows_mapping_enable_flag = '/Software/BaseALT/Policies/GPUpdate/WindowsPoliciesMapping'
+    flag = storage.get_key_value(windows_mapping_enable_flag)
+
+    result = True
+    flag = str(flag)
+    if flag and '0' == flag:
+        result = False
+
+    return result
+
 def check_module_enabled(storage, module_name):
-    gpupdate_module_enable_branch = 'Software\\BaseALT\\Policies\\GPUpdate'
-    gpupdate_module_flag = '{}\\{}'.format(gpupdate_module_enable_branch, module_name)
-    flag = storage.get_hklm_entry(gpupdate_module_flag)
+    gpupdate_module_enable_branch = '/Software/BaseALT/Policies/GPUpdate'
+    gpupdate_module_flag = '{}/{}'.format(gpupdate_module_enable_branch, module_name)
+    flag = storage.get_key_value(gpupdate_module_flag)

    result = None
-
-    if flag:
-        if '1' == flag.data:
+    flag = str(flag)
+    if flag and flag!='None':
+        if '1' == flag:
            result =  True
-        if '0' == flag.data:
-            result = False
+        else:
+            result =  False

    return result

--- a/gpoa/frontend/appliers/control.py
+++ b/gpoa/frontend/appliers/control.py
@ -17,9 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import subprocess
-import threading
-import logging
-from util.logging import slogm
+from util.logging import log

 def control_subst(preg_name):
    '''
@ -55,10 +53,12 @@ class control:
        values = list()

        popen_call = ['/usr/sbin/control', self.control_name, 'list']
-        with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
+        with subprocess.Popen(popen_call, stdout=subprocess.PIPE, stderr=subprocess.PIPE) as proc:
            values = proc.stdout.readline().decode('utf-8').split()
+            valErr = proc.stderr.readline().decode('utf-8')
+            if valErr:
+                raise ValueError(valErr)
            proc.wait()
-
        return values

    def _map_control_status(self, int_status):
@ -68,7 +68,11 @@ class control:
        try:
            str_status = self.possible_values[int_status]
        except IndexError as exc:
-            logging.error(slogm('Error getting control ({}) value from {} by index {}'.format(self.control_name, self.possible_values, int_status)))
+            logdata = dict()
+            logdata['control'] = self.control_name
+            logdata['value from'] = self.possible_values
+            logdata['by index'] = int_status
+            log('E41', )
            str_status = None

        return str_status
@ -93,20 +97,30 @@ class control:
        if type(self.control_value) == int:
            status = self._map_control_status(self.control_value)
            if status == None:
-                logging.error(slogm('\'{}\' is not in possible values for control {}'.format(self.control_value, self.control_name)))
+                logdata = dict()
+                logdata['control'] = self.control_name
+                logdata['inpossible values'] = self.control_value
+                log('E42', logdata)
                return
        elif type(self.control_value) == str:
            if self.control_value not in self.possible_values:
-                logging.error(slogm('\'{}\' is not in possible values for control {}'.format(self.control_value, self.control_name)))
+                logdata = dict()
+                logdata['control'] = self.control_name
+                logdata['inpossible values'] = self.control_value
+                log('E59', logdata)
                return
            status = self.control_value
-
-        logging.debug(slogm('Setting control {} to {}'.format(self.control_name, status)))
+        logdata = dict()
+        logdata['control'] = self.control_name
+        logdata['status'] = status
+        log('D68', logdata)

        try:
            popen_call = ['/usr/sbin/control', self.control_name, status]
            with subprocess.Popen(popen_call, stdout=subprocess.PIPE) as proc:
                proc.wait()
        except:
-            logging.error(slogm('Unable to set {} to {}'.format(self.control_name, status)))
-
+            logdata = dict()
+            logdata['control'] = self.control_name
+            logdata['status'] = status
+            log('E43', logdata)
--- a/gpoa/frontend/appliers/envvar.py
+++ b/gpoa/frontend/appliers/envvar.py
@ -0,0 +1,133 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from os.path import isfile
+
+from util.arguments import (
+      FileAction
+    , action_letter2enum
+)
+from util.windows import expand_windows_var
+from util.util import get_homedir
+from util.logging import log
+
+class Envvar:
+    __envvar_file_path = '/etc/gpupdate/environment'
+    __envvar_file_path_user = '/.gpupdate_environment'
+
+    def __init__(self, envvars, username=''):
+        self.username = username
+        self.envvars = envvars
+        if self.username == 'root':
+            self.envvar_file_path = Envvar.__envvar_file_path
+        else:
+            self.envvar_file_path = get_homedir(self.username) + Envvar.__envvar_file_path_user
+
+    @staticmethod
+    def clear_envvar_file(username = False):
+        if username:
+            file_path = get_homedir(username) + Envvar.__envvar_file_path_user
+        else:
+            file_path = Envvar.__envvar_file_path
+
+        try:
+            with open(file_path, 'w') as file:
+                file.write('')
+            log('D215', {'path':file_path})
+        except Exception as exc:
+            log('D216', {'path': file_path, 'exc': exc})
+
+    def _open_envvar_file(self):
+        fd = None
+        if isfile(self.envvar_file_path):
+            fd = open(self.envvar_file_path, 'r+')
+        else:
+            fd = open(self.envvar_file_path, 'w')
+            fd.close()
+            fd = open(self.envvar_file_path, 'r+')
+        return fd
+
+    def _create_action(self, create_dict, envvar_file):
+        lines_old = envvar_file.readlines()
+        lines_new = list()
+        for name in create_dict:
+            exist = False
+            for line in lines_old:
+                if line.startswith(name + '='):
+                    exist = True
+                    break
+            if not exist:
+                lines_new.append(name + '=' + create_dict[name] + '\n')
+        if len(lines_new) > 0:
+            envvar_file.writelines(lines_new)
+
+    def _delete_action(self, delete_dict, envvar_file):
+        lines = envvar_file.readlines()
+        deleted = False
+        for name in delete_dict:
+            for line in lines:
+                if line.startswith(name + '='):
+                    lines.remove(line)
+                    deleted = True
+                    break
+        if deleted:
+            envvar_file.writelines(lines)
+
+    def act(self):
+        if isfile(self.envvar_file_path):
+            with open(self.envvar_file_path, 'r') as f:
+                lines = f.readlines()
+        else:
+            lines = list()
+
+        file_changed = False
+        for envvar_object in self.envvars:
+            action = action_letter2enum(envvar_object.action)
+            name = envvar_object.name
+            value = expand_windows_var(envvar_object.value, self.username)
+            if value != envvar_object.value:
+                #slashes are replaced only if the change of variables was performed and we consider the variable as a path to a file or directory
+                value = value.replace('\\', '/')
+            exist_line = None
+            for line in lines:
+                if line == '\n':
+                    continue
+                if line.split()[0] == name:
+                    exist_line = line
+                    break
+            if exist_line != None:
+                if action == FileAction.CREATE:
+                    pass
+                if action == FileAction.DELETE:
+                    lines.remove(exist_line)
+                    file_changed = True
+                if action == FileAction.UPDATE or action == FileAction.REPLACE:
+                    if exist_line.split()[1].split('=')[1].replace('"', '') != value: #from 'NAME DEFAULT=value' cut value and compare, don`t change if it matches
+                        lines.remove(exist_line)
+                        lines.append(name + ' ' + 'DEFAULT=\"' + value + '\"\n')
+                        file_changed = True
+            else:
+                if action == FileAction.CREATE or action == FileAction.UPDATE or action == FileAction.REPLACE:
+                    lines.append(name + ' ' + 'DEFAULT=\"' + value + '\"\n')
+                    file_changed = True
+                if action == FileAction.DELETE:
+                    pass
+
+        if file_changed:
+            with open(self.envvar_file_path, 'w') as f:
+                f.writelines(lines)
--- a/gpoa/frontend/appliers/file_cp.py
+++ b/gpoa/frontend/appliers/file_cp.py
@ -0,0 +1,268 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2022 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+from util.arguments import (
+      FileAction
+    , action_letter2enum
+)
+from .folder import str2bool
+from util.logging import log
+import shutil
+from pathlib import Path
+from util.windows import expand_windows_var
+from util.util import get_homedir
+from util.exceptions import NotUNCPathError
+from util.paths import UNCPath
+import fnmatch
+
+class Files_cp:
+    def __init__(self, file_obj, file_cache, exe_check, username=None):
+        self.file_cache = file_cache
+        self.exe_check = exe_check
+        targetPath = expand_windows_var(file_obj.targetPath, username).replace('\\', '/')
+        self.targetPath = check_target_path(targetPath, username)
+        if not self.targetPath:
+            return
+        self.fromPath = (expand_windows_var(file_obj.fromPath, username).replace('\\', '/')
+                        if file_obj.fromPath else None)
+        self.isTargetPathDirectory = False
+        self.action = action_letter2enum(file_obj.action)
+        self.readOnly = str2bool(file_obj.readOnly)
+        self.archive = str2bool(file_obj.archive)
+        self.hidden = str2bool(file_obj.hidden)
+        self.suppress = str2bool(file_obj.suppress)
+        self.executable = str2bool(file_obj.executable)
+        self.username = username
+        self.fromPathFiles = list()
+        if self.fromPath:
+            if targetPath[-1] == '/' or self.is_pattern(Path(self.fromPath).name):
+                self.isTargetPathDirectory = True
+            self.get_list_files()
+        self.act()
+
+    def get_target_file(self, targetPath:Path, fromFile:str) -> Path:
+        try:
+            if fromFile:
+                fromFileName = Path(fromFile).name
+                if self.isTargetPathDirectory:
+                    targetPath.mkdir(parents = True, exist_ok = True)
+                else:
+                    targetPath.parent.mkdir(parents = True, exist_ok = True)
+                    targetPath = targetPath.parent
+                    fromFileName = self.targetPath.name
+                if self.hidden:
+                    return targetPath.joinpath('.' + fromFileName)
+                else:
+                    return targetPath.joinpath(fromFileName)
+
+            else:
+                if not self.hidden:
+                    return targetPath
+                else:
+                    return targetPath.parent.joinpath('.' + targetPath.name)
+        except Exception as exc:
+            logdata = dict()
+            logdata['targetPath'] = targetPath
+            logdata['fromFile'] = fromFile
+            logdata['exc'] = exc
+            log('D163', logdata)
+
+        return None
+
+    def copy_target_file(self, targetFile:Path, fromFile:str):
+        try:
+            uri_path = UNCPath(fromFile)
+            self.file_cache.store(fromFile, targetFile)
+        except NotUNCPathError as exc:
+            fromFilePath = Path(fromFile)
+            if fromFilePath.exists():
+                targetFile.write_bytes(fromFilePath.read_bytes())
+        except Exception as exc:
+            logdata = dict()
+            logdata['targetFile'] = targetFile
+            logdata['fromFile'] = fromFile
+            logdata['exc'] = exc
+            log('W15', logdata)
+
+    def set_exe_file(self, targetFile, fromFile):
+        if self.executable:
+            return True
+        if Path(fromFile).suffix in self.exe_check.get_list_markers():
+            targetPath = targetFile.parent
+            for i in self.exe_check.get_list_paths():
+                if targetPath == Path(i):
+                    return True
+        return False
+
+    def set_mod_file(self, targetFile, fromFile):
+        if not targetFile.is_file():
+            return
+        if self.set_exe_file(targetFile, fromFile):
+            if self.readOnly:
+                shutil.os.chmod(targetFile, 0o555)
+            else:
+                shutil.os.chmod(targetFile, 0o755)
+        else:
+            if self.readOnly:
+                shutil.os.chmod(targetFile, 0o444)
+            else:
+                shutil.os.chmod(targetFile, 0o644)
+
+    def _create_action(self):
+        logdata = dict()
+        for fromFile in self.fromPathFiles:
+            targetFile = None
+
+            try:
+                targetFile = self.get_target_file(self.targetPath, fromFile)
+                if targetFile and not targetFile.exists():
+                    self.copy_target_file(targetFile, fromFile)
+                    if self.username:
+                        shutil.chown(targetFile, self.username)
+                    self.set_mod_file(targetFile, fromFile)
+                    logdata['File'] = targetFile
+                    log('D191', logdata)
+            except Exception as exc:
+                logdata['exc'] = exc
+                logdata['fromPath'] = fromFile
+                logdata['targetPath'] = self.targetPath
+                logdata['targetFile'] = targetFile
+                log('D164', logdata)
+
+    def _delete_action(self):
+        list_target = [self.targetPath.name]
+        if self.is_pattern(self.targetPath.name) and self.targetPath.parent.exists() and self.targetPath.parent.is_dir():
+            list_target = fnmatch.filter([str(x.name) for x in self.targetPath.parent.iterdir() if x.is_file()], self.targetPath.name)
+        logdata = dict()
+        for targetFile in list_target:
+            targetFile = self.targetPath.parent.joinpath(targetFile)
+            try:
+                if targetFile.exists():
+                    targetFile.unlink()
+                    logdata['File'] = targetFile
+                    log('D193', logdata)
+
+            except Exception as exc:
+                logdata['exc'] = exc
+                logdata['targetPath'] = self.targetPath
+                logdata['targetFile'] = targetFile
+                log('D165', logdata)
+
+    def _update_action(self):
+        logdata = dict()
+        for fromFile in self.fromPathFiles:
+            targetFile = self.get_target_file(self.targetPath, fromFile)
+            try:
+                self.copy_target_file(targetFile, fromFile)
+                if self.username:
+                    shutil.chown(self.targetPath, self.username)
+                self.set_mod_file(targetFile, fromFile)
+                logdata['File'] = targetFile
+                log('D192', logdata)
+            except Exception as exc:
+                logdata['exc'] = exc
+                logdata['fromPath'] = self.fromPath
+                logdata['targetPath'] = self.targetPath
+                logdata['targetFile'] = targetFile
+                log('D166', logdata)
+
+    def act(self):
+        if self.action == FileAction.CREATE:
+            self._create_action()
+        if self.action == FileAction.UPDATE:
+            self._update_action()
+        if self.action == FileAction.DELETE:
+            self._delete_action()
+        if self.action == FileAction.REPLACE:
+            self._delete_action()
+            self._create_action()
+
+    def is_pattern(self, name):
+        if name.find('*') != -1 or name.find('?') != -1:
+            return True
+        else:
+            return False
+
+    def get_list_files(self):
+        logdata = dict()
+        logdata['targetPath'] = str(self.targetPath)
+        fromFilePath = Path(self.fromPath)
+        if not self.is_pattern(fromFilePath.name):
+            self.fromPathFiles.append(self.fromPath)
+        else:
+            fromPathDir = self.fromPath[:self.fromPath.rfind('/')]
+
+            try:
+                uri_path = UNCPath(fromPathDir)
+                ls_files = self.file_cache.get_ls_smbdir(fromPathDir)
+                if ls_files:
+                    filtered_ls_files = fnmatch.filter(ls_files, fromFilePath.name)
+                    if filtered_ls_files:
+                        self.fromPathFiles = [fromPathDir + '/' + file_s for file_s in filtered_ls_files]
+            except NotUNCPathError as exc:
+                try:
+                    exact_path = Path(fromPathDir)
+                    if exact_path.is_dir():
+                        self.fromPathFiles = [str(fromFile) for fromFile in exact_path.iterdir() if fromFile.is_file()]
+                except Exception as exc:
+                    logdata['fromPath'] = self.fromPath
+                    logdata['exc'] = exc
+                    log('W3316', logdata)
+            except Exception as exc:
+                logdata['fromPath'] = self.fromPath
+                logdata['exc'] = exc
+                log('W3317', logdata)
+
+def check_target_path(path_to_check, username = None):
+    '''
+    Function for checking the correctness of the path
+    '''
+    if not path_to_check:
+        return None
+
+    checking = Path(path_to_check)
+    rootpath = Path('/')
+    if username:
+        rootpath = Path(get_homedir(username))
+
+    return rootpath.joinpath(checking)
+
+class Execution_check():
+
+    __etension_marker_key_name = 'ExtensionMarker'
+    __marker_usage_path_key_name = 'MarkerUsagePath'
+    __hklm_branch = 'Software\\BaseALT\\Policies\\GroupPolicies\\Files'
+
+    def __init__(self, storage):
+        etension_marker_branch = '{}\\{}%'.format(self.__hklm_branch, self.__etension_marker_key_name)
+        marker_usage_path_branch = '{}\\{}%'.format(self.__hklm_branch, self.__marker_usage_path_key_name)
+        self.etension_marker = storage.filter_hklm_entries(etension_marker_branch)
+        self.marker_usage_path = storage.filter_hklm_entries(marker_usage_path_branch)
+        self.list_paths = list()
+        self.list_markers = list()
+        for marker in self.etension_marker:
+            self.list_markers.append(marker.data)
+        for usage_path in self.marker_usage_path:
+            self.list_paths.append(usage_path.data)
+
+    def get_list_paths(self):
+        return self.list_paths
+
+    def get_list_markers(self):
+        return self.list_markers
--- a/gpoa/frontend/appliers/folder.py
+++ b/gpoa/frontend/appliers/folder.py
@ -20,49 +20,69 @@
 from pathlib import Path


-from gpt.folders import (
+from util.arguments import (
      FileAction
    , action_letter2enum
 )
 from util.windows import expand_windows_var
+from util.util import get_homedir

 def remove_dir_tree(path, delete_files=False, delete_folder=False, delete_sub_folders=False):
+    content = list()
    for entry in path.iterdir():
-        if entry.is_file():
+        content.append(entry)
+        if entry.is_file() and delete_files:
            entry.unlink()
-        if entry.is_dir():
-            if delete_sub_folders:
-                remove_dir_tree(entry,
-                    delete_files,
-                    delete_folder,
-                    delete_sub_folders)
+            content.remove(entry)
+        if entry.is_dir() and delete_sub_folders:
+            content.remove(entry)
+            content.extend(remove_dir_tree(entry, delete_files, delete_folder, delete_sub_folders))

-    if delete_folder:
+    if delete_folder and not content:
        path.rmdir()

+    return content
+
 def str2bool(boolstr):
-    if boolstr.lower in ['true', 'yes', '1']:
+    if isinstance(boolstr, bool):
+        return boolstr
+    elif boolstr and boolstr.lower() in ['true', 'yes', '1']:
        return True
    return False

+
 class Folder:
-    def __init__(self, folder_object, username):
-        self.folder_path = Path(expand_windows_var(folder_object.path, username).replace('\\', '/'))
+    def __init__(self, folder_object, username=None):
+        folder_path = expand_windows_var(folder_object.path, username).replace('\\', '/').replace('//', '/')
+        if username:
+            folder_path = folder_path.replace(get_homedir(username), '')
+            self.folder_path = Path(get_homedir(username)).joinpath(folder_path if folder_path [0] != '/' else folder_path [1:])
+        else:
+            self.folder_path = Path(folder_path)
        self.action = action_letter2enum(folder_object.action)
        self.delete_files = str2bool(folder_object.delete_files)
        self.delete_folder = str2bool(folder_object.delete_folder)
        self.delete_sub_folders = str2bool(folder_object.delete_sub_folders)
+        self.hidden_folder = str2bool(folder_object.hidden_folder)

    def _create_action(self):
        self.folder_path.mkdir(parents=True, exist_ok=True)

    def _delete_action(self):
-        remove_dir_tree(self.folder_path,
-            self.delete_files,
-            self.delete_folders,
-            self.delete_sub_folders)
+        if self.folder_path.exists():
+            if self.action == FileAction.REPLACE:
+                self.delete_folder = True
+            remove_dir_tree(self.folder_path,
+                self.delete_files,
+                self.delete_folder,
+                self.delete_sub_folders)

    def act(self):
+        if self.hidden_folder == True and str(self.folder_path.name)[0] != '.':
+            path_components = list(self.folder_path.parts)
+            path_components[-1] = '.' + path_components[-1]
+            new_folder_path = Path(*path_components)
+            self.folder_path = new_folder_path
        if self.action == FileAction.CREATE:
            self._create_action()
        if self.action == FileAction.UPDATE:
--- a/gpoa/frontend/appliers/gsettings.py
+++ b/gpoa/frontend/appliers/gsettings.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2021 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -18,70 +18,158 @@

 import configparser
 import os
-import logging
 from gi.repository import Gio, GLib

-from util.logging import slogm
+from util.logging import log

 class system_gsetting:
-    __global_schema = '/usr/share/glib-2.0/schemas'
-
-    def __init__(self, schema, path, value, override_priority='0'):
+    def __init__(self, schema, path, value, lock, helper_function=None):
        self.schema = schema
        self.path = path
        self.value = value
-        self.override_priority = override_priority
-        self.filename = '{}_policy.gschema.override'.format(self.override_priority)
-        self.file_path = os.path.join(self.__global_schema, self.filename)
+        self.lock = lock
+        self.helper_function = helper_function
+
+    def apply(self, settings, config, locks):
+        try:
+            config.add_section(self.schema)
+        except configparser.DuplicateSectionError:
+            pass
+
+        value = self.value
+        if self.helper_function:
+            value = self.helper_function(self.schema, self.path, value)
+        result = glib_value(self.schema, self.path, value, settings)
+        config.set(self.schema, self.path, str(result))
+
+        if self.lock:
+            lock_path = dconf_path(settings, self.path)
+            locks.append(lock_path)
+
+class system_gsettings:
+    __path_local_dir = '/etc/dconf/db/local.d'
+    __path_locks = '/etc/dconf/db/policy.d/locks/policy'
+    __path_profile = '/etc/dconf/profile/user'
+    __profile_data = 'user-db:user\nsystem-db:policy\nsystem-db:local\n'
+
+    def __init__(self, override_file_path):
+        self.gsettings = list()
+        self.locks = list()
+        self.override_file_path = override_file_path
+
+    def append(self, schema, path, data, lock, helper):
+        if check_existing_gsettings(schema, path):
+            self.gsettings.append(system_gsetting(schema, path, data, lock, helper))
+        else:
+            logdata = dict()
+            logdata['schema'] = schema
+            logdata['path'] = path
+            logdata['data'] = data
+            logdata['lock'] = lock
+            log('D150', logdata)

    def apply(self):
        config = configparser.ConfigParser()
-        try:
-            config.read(self.file_path)
-        except Exception as exc:
-            logging.error(slogm(exc))
-        config.add_section(self.schema)
-        config.set(self.schema, self.path, self.value)

-        with open(self.file_path, 'w') as f:
+        for gsetting in self.gsettings:
+            logdata = dict()
+            logdata['gsetting.schema'] = gsetting.schema
+            logdata['gsetting.path'] = gsetting.path
+            logdata['gsetting.value'] = gsetting.value
+            logdata['gsetting.lock'] = gsetting.lock
+            settings = Gio.Settings(schema=gsetting.schema)
+            log('D89', logdata)
+            gsetting.apply(settings, config, self.locks)
+
+        with open(self.override_file_path, 'w') as f:
            config.write(f)

+        os.makedirs(self.__path_local_dir, mode=0o755, exist_ok=True)
+        os.makedirs(os.path.dirname(self.__path_locks), mode=0o755, exist_ok=True)
+        os.makedirs(os.path.dirname(self.__path_profile), mode=0o755, exist_ok=True)
+        try:
+            os.remove(self.__path_locks)
+        except OSError as error:
+            pass
+
+        file_locks = open(self.__path_locks,'w')
+        for lock in self.locks:
+            file_locks.write(lock +'\n')
+        file_locks.close()
+
+        profile = open(self.__path_profile ,'w')
+        profile.write(self.__profile_data)
+        profile.close()
+
 def glib_map(value, glib_type):
    result_value = value

-    if glib_type == 'i':
+    if glib_type == 'i' or glib_type == 'b' or glib_type == 'q':
        result_value = GLib.Variant(glib_type, int(value))
    else:
        result_value = GLib.Variant(glib_type, value)

    return result_value

+def dconf_path(settings, path):
+    return settings.get_property("path") + path
+
+def glib_value(schema, path, value, settings):
+    # Get the key to modify
+    key = settings.get_value(path)
+    # Query the data type for the key
+    glib_value_type = key.get_type_string()
+    # Build the new value with the determined type
+    return glib_map(value, glib_value_type)
+
+def check_existing_gsettings (schema, path):
+    source = Gio.SettingsSchemaSource.get_default()
+    sourceSchema = (source.lookup(schema, False))
+    if bool(sourceSchema) and sourceSchema.has_key(path):
+        return True
+    else:
+        return False
+
+class user_gsettings:
+    def __init__(self):
+        self.gsettings = list()
+
+    def append(self, schema, path, value, helper=None):
+        if check_existing_gsettings(schema, path):
+            self.gsettings.append(user_gsetting(schema, path, value, helper))
+        else:
+            logdata = dict()
+            logdata['schema'] = schema
+            logdata['path'] = path
+            logdata['data'] = value
+            log('D151', logdata)
+
+    def apply(self):
+        for gsetting in self.gsettings:
+            logdata = dict()
+            logdata['gsetting.schema'] = gsetting.schema
+            logdata['gsetting.path'] = gsetting.path
+            logdata['gsetting.value'] = gsetting.value
+            log('D85', logdata)
+            gsetting.apply()
+
+
 class user_gsetting:
    def __init__(self, schema, path, value, helper_function=None):
-        logging.debug('Creating GSettings element {} (in {}) with value {}'.format(path, schema, value))
        self.schema = schema
        self.path = path
        self.value = value
        self.helper_function = helper_function

    def apply(self):
-        logging.debug('Setting GSettings key {} (in {}) to {}'.format(self.path, self.schema, self.value))
-        if self.helper_function:
-            self.helper_function(self.schema, self.path, self.value)
        # Access the current schema
-        settings = Gio.Settings(self.schema)
-        # Get the key to modify
-        key = settings.get_value(self.path)
-        # Query the data type for the key
-        glib_value_type = key.get_type_string()
-        # Build the new value with the determined type
-        val = glib_map(self.value, glib_value_type)
+        settings = Gio.Settings(schema=self.schema)
+        # Update result with helper function
+        value = self.value
+        if self.helper_function:
+            value = self.helper_function(self.schema, self.path, value)
+        # Get typed value by schema
+        result = glib_value(self.schema, self.path, value, settings)
        # Set the value
-        settings.set_value(self.path, val)
-
-        #gso = Gio.Settings.new(self.schema)
-        #variants = gso.get_property(self.path)
-        #if (variants.has_key(self.path)):
-        #    key = variants.get_key(self.path)
-        #    print(key.get_range())
-
+        settings.set_value(self.path, result)
+        settings.sync()
--- a/gpoa/frontend/appliers/ini_file.py
+++ b/gpoa/frontend/appliers/ini_file.py
@ -0,0 +1,114 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2022 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+
+from util.arguments import (
+      FileAction
+    , action_letter2enum
+)
+from util.logging import log
+from pathlib import Path
+from util.windows import expand_windows_var
+from util.util import get_homedir
+from util.gpoa_ini_parsing import GpoaConfigObj
+
+
+class Ini_file:
+    def __init__(self, ini_obj, username=None):
+        path = expand_windows_var(ini_obj.path, username).replace('\\', '/')
+        self.path = check_path(path, username)
+        if not self.path:
+            logdata = {'path': ini_obj.path}
+            log('D175', logdata)
+            return None
+        self.section = ini_obj.section
+        self.action = action_letter2enum(ini_obj.action)
+        self.key = ini_obj.property
+        self.value = ini_obj.value
+        try:
+            self.config = GpoaConfigObj(str(self.path), unrepr=False)
+        except Exception as exc:
+            logdata = {'exc': exc}
+            log('D176', logdata)
+            return
+
+        self.act()
+
+    def _create_action(self):
+        if self.path.is_dir():
+            return
+        if self.section not in self.config:
+            self.config[self.section] = dict()
+
+        self.config[self.section][self.key] = self.value
+        self.config.write()
+
+
+    def _delete_action(self):
+        if not self.path.exists() or self.path.is_dir():
+            return
+        if not self.section:
+            self.path.unlink()
+            return
+        if self.section in self.config:
+            if not self.key:
+                self.config.pop(self.section)
+            elif self.key in self.config[self.section]:
+                self.config[self.section].pop(self.key)
+        self.config.write()
+
+
+    def act(self):
+        try:
+            if self.action == FileAction.CREATE:
+                self._create_action()
+            if self.action == FileAction.UPDATE:
+                self._create_action()
+            if self.action == FileAction.DELETE:
+                self._delete_action()
+            if self.action == FileAction.REPLACE:
+                self._create_action()
+        except Exception as exc:
+            logdata = dict()
+            logdata['action'] = self.action
+            logdata['exc'] = exc
+            log('W23', logdata)
+
+
+def check_path(path_to_check, username = None):
+    '''
+    Function for checking the right path for Inifile
+    '''
+    checking = Path(path_to_check)
+    if checking.exists():
+        if username and path_to_check == '/':
+            return Path(get_homedir(username))
+        return checking
+    #Check for path directory without '/nameIni' suffix
+    elif (len(path_to_check.split('/')) > 2
+          and Path(path_to_check.replace(path_to_check.split('/')[-1], '')).is_dir()):
+        return checking
+    elif username:
+        target_path = Path(get_homedir(username))
+        res = target_path.joinpath(path_to_check
+                                    if path_to_check[0] != '/'
+                                    else path_to_check[1:])
+        return check_path(str(res))
+    else:
+        return False
--- a/gpoa/frontend/appliers/netshare.py
+++ b/gpoa/frontend/appliers/netshare.py
@ -0,0 +1,90 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2022 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import subprocess
+
+from util.arguments import (
+      FileAction
+    , action_letter2enum
+)
+from util.logging import log
+from util.windows import expand_windows_var
+
+
+class Networkshare:
+
+    def __init__(self, networkshare_obj, username = None):
+        self.net_full_cmd = ['/usr/bin/net', 'usershare']
+        self.net_cmd_check = ['/usr/bin/net', 'usershare', 'list']
+        self.cmd = list()
+        self.name = networkshare_obj.name
+        self.path = expand_windows_var(networkshare_obj.path, username).replace('\\', '/') if networkshare_obj.path else None
+
+        self.action = action_letter2enum(networkshare_obj.action)
+        self.allRegular =  networkshare_obj.allRegular
+        self.comment = networkshare_obj.comment
+        self.limitUsers = networkshare_obj.limitUsers
+        self.abe = networkshare_obj.abe
+        self._guest = 'guest_ok=y'
+        self.acl = 'Everyone:'
+        self.act()
+
+    def check_list_net(self):
+        try:
+            res = subprocess.check_output(self.net_cmd_check, encoding='utf-8')
+            return res
+        except Exception as exc:
+            return exc
+
+    def _run_net_full_cmd(self):
+        logdata = dict()
+        try:
+            res = subprocess.check_output(self.net_full_cmd, stderr=subprocess.DEVNULL, encoding='utf-8')
+            if res:
+                logdata['cmd'] = self.net_full_cmd
+                logdata['answer'] = res
+            log('D190', logdata)
+        except Exception as exc:
+            logdata['cmd'] = self.net_full_cmd
+            logdata['exc'] = exc
+            log('D182', logdata)
+
+
+    def _create_action(self):
+        self.net_full_cmd.append('add')
+        self.net_full_cmd.append(self.name)
+        self.net_full_cmd.append(self.path)
+        self.net_full_cmd.append(self.comment)
+        self.net_full_cmd.append(self.acl + 'F')
+        self.net_full_cmd.append(self._guest)
+        self._run_net_full_cmd()
+
+    def _delete_action(self):
+        self.net_full_cmd.append('delete')
+        self.net_full_cmd.append(self.name)
+        self._run_net_full_cmd()
+
+    def act(self):
+        if self.action == FileAction.CREATE:
+            self._create_action()
+        if self.action == FileAction.UPDATE:
+            self._create_action()
+        if self.action == FileAction.DELETE:
+            self._delete_action()
+        if self.action == FileAction.REPLACE:
+            self._create_action()
--- a/gpoa/frontend/appliers/polkit.py
+++ b/gpoa/frontend/appliers/polkit.py
@ -18,9 +18,8 @@

 import os
 import jinja2
-import logging

-from util.logging import slogm
+from util.logging import log

 class polkit:
    __template_path = '/usr/share/gpupdate/templates'
@ -38,7 +37,19 @@ class polkit:
        else:
            self.outfile = os.path.join(self.__policy_dir, '{}.rules'.format(self.template_name))

+    def _is_empty(self):
+        for key, item in self.args.items():
+            if key == 'User':
+                continue
+            elif item:
+                return False
+        return True
+
    def generate(self):
+        if self._is_empty():
+            if os.path.isfile(self.outfile):
+                os.remove(self.outfile)
+            return
        try:
            template = self.__template_environment.get_template(self.infilename)
            text = template.render(**self.args)
@ -46,7 +57,13 @@ class polkit:
            with open(self.outfile, 'w') as f:
                f.write(text)

-            logging.debug(slogm('Generated file {} with arguments {}'.format(self.outfile, self.args)))
+            logdata = dict()
+            logdata['file'] = self.outfile
+            logdata['arguments'] = self.args
+            log('D77', logdata)
        except Exception as exc:
-            logging.error(slogm('Unable to generate file {} from {}'.format(self.outfile, self.infilename)))
+            logdata = dict()
+            logdata['file'] = self.outfile
+            logdata['arguments'] = self.args
+            log('E44', logdata)

--- a/gpoa/frontend/appliers/systemd.py
+++ b/gpoa/frontend/appliers/systemd.py
@ -17,9 +17,8 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import dbus
-import logging

-from util.logging import slogm
+from util.logging import log

 class systemd_unit:
    def __init__(self, unit_name, state):
@ -38,8 +37,13 @@ class systemd_unit:
        if self.desired_state == 1:
            self.manager.UnmaskUnitFiles([self.unit_name], dbus.Boolean(False))
            self.manager.EnableUnitFiles([self.unit_name], dbus.Boolean(False), dbus.Boolean(True))
+            if self.unit_name == 'gpupdate.service':
+                if self.manager.GetUnitFileState(dbus.String(self.unit_name)) == 'enabled':
+                    return
            self.manager.StartUnit(self.unit_name, 'replace')
-            logging.info(slogm('Starting systemd unit: {}'.format(self.unit_name)))
+            logdata = dict()
+            logdata['unit'] = self.unit_name
+            log('I6', logdata)

            # In case the service has 'RestartSec' property set it
            # switches to 'activating (auto-restart)' state instead of
@ -47,17 +51,27 @@ class systemd_unit:
            service_state = self._get_state()

            if not service_state in ['active', 'activating']:
-                logging.error(slogm('Unable to start systemd unit {}'.format(self.unit_name)))
+                service_timer_name =  self.unit_name.replace(".service", ".timer")
+                self.unit = self.manager.LoadUnit(dbus.String(service_timer_name))
+                service_state = self._get_state()
+                if not service_state in ['active', 'activating']:
+                    logdata = dict()
+                    logdata['unit'] = self.unit_name
+                    log('E46', logdata)
        else:
            self.manager.StopUnit(self.unit_name, 'replace')
            self.manager.DisableUnitFiles([self.unit_name], dbus.Boolean(False))
            self.manager.MaskUnitFiles([self.unit_name], dbus.Boolean(False), dbus.Boolean(True))
-            logging.info(slogm('Stopping systemd unit: {}'.format(self.unit_name)))
+            logdata = dict()
+            logdata['unit'] = self.unit_name
+            log('I6', logdata)

            service_state = self._get_state()

-            if not service_state in ['stopped']:
-                logging.error(slogm('Unable to stop systemd unit {}'.format(self.unit_name)))
+            if not service_state in ['stopped', 'deactivating', 'inactive']:
+                logdata = dict()
+                logdata['unit'] = self.unit_name
+                log('E46', logdata)

    def _get_state(self):
        '''
--- a/gpoa/frontend/chromium_applier.py
+++ b/gpoa/frontend/chromium_applier.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -21,133 +21,202 @@ from .applier_frontend import (
    , check_enabled
 )

-import logging
 import json
 import os
-
-from util.logging import slogm
-from util.util import is_machine_name
+from util.logging import log
+from util.util import is_machine_name, string_to_literal_eval

 class chromium_applier(applier_frontend):
    __module_name = 'ChromiumApplier'
-    __module_enabled = False
-    __module_experimental = True
-    __registry_branch = 'Software\\Policies\\Google\\Chrome'
+    __module_enabled = True
+    __module_experimental = False
+    __registry_branch = 'Software/Policies/Google/Chrome'
    __managed_policies_path = '/etc/chromium/policies/managed'
    __recommended_policies_path = '/etc/chromium/policies/recommended'
-    # JSON file where Chromium stores its settings (and which is
-    # overwritten every exit.
-    __user_settings = '.config/chromium/Default'

    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
        self._is_machine_name = is_machine_name(self.username)
-        self.policies = dict()
+        self.chromium_keys = self.storage.filter_hklm_entries(self.__registry_branch)
+
+        self.policies_json = dict()
+
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )

-    def get_hklm_string_entry(self, hive_subkey):
-        query_str = '{}\\{}'.format(self.__registry_branch, hive_subkey)
-        return self.storage.get_hklm_entry(query_str)
-
-    def get_hkcu_string_entry(self, hive_subkey):
-        query_str = '{}\\{}'.format(self.__registry_branch, hive_subkey)
-        return self.storage.get_hkcu_entry(sid, query_str)
-
-    def get_hklm_string_entry_default(self, hive_subkey, default):
-        '''
-        Return row from HKLM table identified by hive_subkey as string
-        or return supplied default value if such hive_subkey is missing.
-        '''
-
-        defval = str(default)
-        response = self.get_hklm_string_entry(hive_subkey)
-
-        if response:
-            return response.data
-
-        return defval
-
-    def get_hkcu_string_entry_default(self, hive_subkey, default):
-        defval = str(default)
-        response = self.get_hkcu_string_entry(hive_subkey)
-        if response:
-            return response.data
-        return defval
-
-    def set_policy(self, name, obj):
-        if obj:
-            self.policies[name] = obj
-            logging.info(slogm('Chromium policy \'{}\' set to {}'.format(name, obj)))
-
-    def set_user_policy(self, name, obj):
-        '''
-        Please not that writing user preferences file is not considered
-        a good practice and used mostly by various malware.
-        '''
-        if not self._is_machine_name:
-            prefdir = os.path.join(util.get_homedir(self.username), self.__user_settings)
-            os.makedirs(prefdir, exist_ok=True)
-
-            prefpath = os.path.join(prefdir, 'Preferences')
-            util.mk_homedir_path(self.username, self.__user_settings)
-            settings = dict()
-            try:
-                with open(prefpath, 'r') as f:
-                    settings = json.load(f)
-            except FileNotFoundError as exc:
-                logging.error(slogm('Chromium preferences file {} does not exist at the moment'.format(prefpath)))
-            except:
-                logging.error(slogm('Error during attempt to read Chromium preferences for user {}'.format(self.username)))
-
-            if obj:
-                settings[name] = obj
-
-                with open(prefpath, 'w') as f:
-                    json.dump(settings, f)
-                logging.info(slogm('Set user ({}) property \'{}\' to {}'.format(self.username, name, obj)))
-
-    def get_home_page(self, hkcu=False):
-        response = self.get_hklm_string_entry('HomepageLocation')
-        result = 'about:blank'
-        if response:
-            result = response.data
-        return result
-
    def machine_apply(self):
        '''
        Apply machine settings.
        '''
-        self.set_policy('HomepageLocation', self.get_home_page())

        destfile = os.path.join(self.__managed_policies_path, 'policies.json')

+        try:
+            recommended__json = self.policies_json.pop('Recommended')
+        except:
+            recommended__json = {}
+
+        #Replacing all nested dictionaries with a list
+        dict_item_to_list = (
+            lambda target_dict :
+                {key:[*val.values()] if type(val) == dict else string_to_literal_eval(val) for key,val in target_dict.items()}
+            )
        os.makedirs(self.__managed_policies_path, exist_ok=True)
        with open(destfile, 'w') as f:
-            json.dump(self.policies, f)
-            logging.debug(slogm('Wrote Chromium preferences to {}'.format(destfile)))
+            json.dump(dict_item_to_list(self.policies_json), f)
+            logdata = dict()
+            logdata['destfile'] = destfile
+            log('D97', logdata)
+
+        destfilerec = os.path.join(self.__recommended_policies_path, 'policies.json')
+        os.makedirs(self.__recommended_policies_path, exist_ok=True)
+        with open(destfilerec, 'w') as f:
+            json.dump(dict_item_to_list(recommended__json), f)
+            logdata = dict()
+            logdata['destfilerec'] = destfilerec
+            log('D97', logdata)

-    def user_apply(self):
-        '''
-        Apply settings for the specified username.
-        '''
-        self.set_user_policy('homepage', self.get_home_page(hkcu=True))

    def apply(self):
        '''
        All actual job done here.
        '''
        if self.__module_enabled:
-            logging.debug(slogm('Running Chromium applier for machine'))
+            log('D95')
+            self.create_dict(self.chromium_keys)
            self.machine_apply()
        else:
-            logging.debug(slogm('Chromium applier for machine will not be started'))
-        #if not self._is_machine_name:
-        #    logging.debug('Running user applier for Chromium')
-        #    self.user_apply()
+            log('D96')

+    def get_valuename_typeint(self):
+        '''
+        List of keys resulting from parsing chrome.admx with parsing_chrom_admx_intvalues.py
+        '''
+        valuename_typeint = (['DefaultClipboardSetting',
+                            'DefaultCookiesSetting',
+                            'DefaultFileSystemReadGuardSetting',
+                            'DefaultFileSystemWriteGuardSetting',
+                            'DefaultGeolocationSetting',
+                            'DefaultImagesSetting',
+                            'DefaultInsecureContentSetting',
+                            'DefaultJavaScriptJitSetting',
+                            'DefaultJavaScriptSetting',
+                            'DefaultLocalFontsSetting',
+                            'DefaultNotificationsSetting',
+                            'DefaultPopupsSetting',
+                            'DefaultSensorsSetting',
+                            'DefaultSerialGuardSetting',
+                            'DefaultThirdPartyStoragePartitioningSetting',
+                            'DefaultWebBluetoothGuardSetting',
+                            'DefaultWebHidGuardSetting',
+                            'DefaultWebUsbGuardSetting',
+                            'DefaultWindowManagementSetting',
+                            'DefaultMediaStreamSetting',
+                            'DefaultWindowPlacementSetting',
+                            'ProxyServerMode',
+                            'ExtensionManifestV2Availability',
+                            'ExtensionUnpublishedAvailability',
+                            'CreateThemesSettings',
+                            'DevToolsGenAiSettings',
+                            'GenAILocalFoundationalModelSettings',
+                            'HelpMeWriteSettings',
+                            'TabOrganizerSettings',
+                            'BrowserSwitcherParsingMode',
+                            'CloudAPAuthEnabled',
+                            'AdsSettingForIntrusiveAdsSites',
+                            'AmbientAuthenticationInPrivateModesEnabled',
+                            'BatterySaverModeAvailability',
+                            'BrowserSignin',
+                            'ChromeVariations',
+                            'DeveloperToolsAvailability',
+                            'DownloadRestrictions',
+                            'ForceYouTubeRestrict',
+                            'HeadlessMode',
+                            'IncognitoModeAvailability',
+                            'IntranetRedirectBehavior',
+                            'LensOverlaySettings',
+                            'MemorySaverModeSavings',
+                            'NetworkPredictionOptions',
+                            'ProfilePickerOnStartupAvailability',
+                            'ProfileReauthPrompt',
+                            'RelaunchNotification',
+                            'SafeSitesFilterBehavior',
+                            'ToolbarAvatarLabelSettings',
+                            'UserAgentReduction',
+                            'BatterySaverModeAvailability_recommended',
+                            'DownloadRestrictions_recommended',
+                            'NetworkPredictionOptions_recommended',
+                            'PrintPostScriptMode',
+                            'PrintRasterizationMode',
+                            'ChromeFrameRendererSettings',
+                            'DefaultFileHandlingGuardSetting',
+                            'DefaultKeygenSetting',
+                            'DefaultPluginsSetting',
+                            'LegacySameSiteCookieBehaviorEnabled',
+                            'ForceMajorVersionToMinorPositionInUserAgent',
+                            'PasswordProtectionWarningTrigger',
+                            'SafeBrowsingProtectionLevel',
+                            'SafeBrowsingProtectionLevel_recommended',
+                            'RestoreOnStartup',
+                            'RestoreOnStartup_recommended'])
+        return valuename_typeint
+
+
+    def get_boolean(self,data):
+        if data in ['0', 'false', None, 'none', 0]:
+            return False
+        if data in ['1', 'true', 1]:
+            return True
+    def get_parts(self, hivekeyname):
+        '''
+        Parse registry path string and leave key parameters
+        '''
+        parts = hivekeyname.replace(self.__registry_branch, '').split('/')
+        return parts
+
+
+    def create_dict(self, chromium_keys):
+        '''
+        Collect dictionaries from registry keys into a general dictionary
+        '''
+        counts = dict()
+        #getting the list of keys to read as an integer
+        valuename_typeint = self.get_valuename_typeint()
+        for it_data in chromium_keys:
+            branch = counts
+            try:
+                if type(it_data.data) is bytes:
+                    it_data.data = it_data.data.decode(encoding='utf-16').replace('\x00','')
+                parts = self.get_parts(it_data.hive_key)
+                #creating a nested dictionary from elements
+                for part in parts[:-1]:
+                    branch = branch.setdefault(part, {})
+                #dictionary key value initialization
+                if it_data.type == 4:
+                    if it_data.valuename in valuename_typeint:
+                        branch[parts[-1]] = int(it_data.data)
+                    else:
+                        branch[parts[-1]] = self.get_boolean(it_data.data)
+                else:
+                    if it_data.data[0] == '[' and it_data.data[-1] == ']':
+                        try:
+                            branch[parts[-1]] = json.loads(str(it_data.data))
+                        except:
+                            branch[parts[-1]] = str(it_data.data).replace('\\', '/')
+                    else:
+                        branch[parts[-1]] = str(it_data.data).replace('\\', '/')
+
+            except Exception as exc:
+                logdata = dict()
+                logdata['Exception'] = exc
+                logdata['keyname'] = it_data.keyname
+                log('D178', logdata)
+        try:
+            self.policies_json = counts['']
+        except:
+            self.policies_json = {}
--- a/gpoa/frontend/cifs_applier.py
+++ b/gpoa/frontend/cifs_applier.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -16,20 +16,19 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-import fileinput
 import jinja2
 import os
+import pwd
 import subprocess
-import logging
 from pathlib import Path
+import string

 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
-from gpt.drives import json2drive
-from util.util import get_homedir
-from util.logging import slogm
+from util.util import get_homedir, get_uid_by_username
+from util.logging import log

 def storage_get_drives(storage, sid):
    drives = storage.get_drives(sid)
@ -50,45 +49,210 @@ def add_line_if_missing(filename, ins_line):
            f.write(ins_line + '\n')
            f.flush()

+def remove_chars_before_colon(input_string):
+    if ":" in input_string:
+        colon_index = input_string.index(":")
+        result_string = input_string[colon_index + 1:]
+        return result_string
+    else:
+        return input_string
+
+def remove_escaped_quotes(input_string):
+    result_string = input_string.replace('"', '').replace("'", '')
+    return result_string
+
+
+class Drive_list:
+    __alphabet = string.ascii_uppercase
+    def __init__(self):
+        self.dict_drives = dict()
+
+    def __get_letter(self, letter):
+        slice_letters = set(self.__alphabet[self.__alphabet.find(letter) + 1:]) - set(self.dict_drives.keys())
+        free_letters = sorted(slice_letters)
+        if free_letters:
+            return free_letters[0]
+        else:
+            return None
+
+    def append(self, drive:dict):
+        cur_dir = drive['dir']
+        if cur_dir not in set(self.dict_drives.keys()):
+            if drive['action'] == 'D':
+                return
+            self.dict_drives[cur_dir] = drive
+            return
+
+        else:
+            if drive['action'] == 'C':
+                if drive['useLetter'] == '1':
+                    return
+                else:
+                    new_dir = self.__get_letter(cur_dir)
+                    if not new_dir:
+                        return
+                    drive['dir'] = new_dir
+                    self.dict_drives[new_dir] = drive
+                    return
+
+            if drive['action'] == 'U':
+                self.dict_drives[cur_dir]['thisDrive'] = drive['thisDrive']
+                self.dict_drives[cur_dir]['allDrives'] = drive['allDrives']
+                self.dict_drives[cur_dir]['label'] = drive['label']
+                self.dict_drives[cur_dir]['persistent'] = drive['persistent']
+                self.dict_drives[cur_dir]['useLetter'] = drive['useLetter']
+                return
+
+            if drive['action'] == 'R':
+                self.dict_drives[cur_dir] = drive
+                return
+            if drive['action'] == 'D':
+                if drive['useLetter'] == '1':
+                    self.dict_drives.pop(cur_dir, None)
+                else:
+                    keys_set = set(self.dict_drives.keys())
+                    slice_letters = set(self.__alphabet[self.__alphabet.find(cur_dir):])
+                    for letter_dir in (keys_set & slice_letters):
+                        self.dict_drives.pop(letter_dir, None)
+
+    def __call__(self):
+        return list(self.dict_drives.values())
+
+    def len(self):
+        return len(self.dict_drives)
+
 class cifs_applier(applier_frontend):
-    def __init__(self, storage):
-        pass
+    __module_name = 'CIFSApplier'
+    __module_enabled = True
+    __module_experimental = False
+    __dir4clean = '/etc/auto.master.gpupdate.d'
+
+    def __init__(self, storage, sid):
+        self.clear_directory_auto_dir()
+        self.applier_cifs = cifs_applier_user(storage, sid, None)
+        self.__module_enabled = check_enabled(
+              storage
+            , self.__module_name
+            , self.__module_experimental
+        )
+    def clear_directory_auto_dir(self):
+        path = Path(self.__dir4clean)
+
+        for item in path.iterdir():
+            try:
+                if item.is_file() or item.is_symlink():
+                    item.unlink()
+            except Exception as exc:
+                log('W37', {'exc': exc})
+        log('D231')

    def apply(self):
-        pass
+        if self.__module_enabled:
+            log('D179')
+            self.applier_cifs._admin_context_apply()
+        else:
+            log('D180')

 class cifs_applier_user(applier_frontend):
    __module_name = 'CIFSApplierUser'
-    __module_enabled = False
-    __module_experimental = True
+    __module_enabled = True
+    __module_experimental = False
    __auto_file = '/etc/auto.master'
    __auto_dir = '/etc/auto.master.gpupdate.d'
    __template_path = '/usr/share/gpupdate/templates'
    __template_mountpoints = 'autofs_mountpoints.j2'
    __template_identity = 'autofs_identity.j2'
    __template_auto = 'autofs_auto.j2'
+    __template_mountpoints_hide = 'autofs_mountpoints_hide.j2'
+    __template_auto_hide = 'autofs_auto_hide.j2'
+    __enable_home_link = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHome'
+    __enable_home_link_user = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHomeUser'
+    __name_dir = '/Software/BaseALT/Policies/GPUpdate'
+    __name_link_prefix = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHomeDisableNet'
+    __name_link_prefix_user = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHomeDisableNetUser'
+    __key_link_prefix = 'DriveMapsHomeDisableNet'
+    __key_link_prefix_user = 'DriveMapsHomeDisableNetUser'
+    __timeout_user_key = '/Software/BaseALT/Policies/GPUpdate/TimeoutAutofsUser'
+    __timeout_key = '/Software/BaseALT/Policies/GPUpdate/TimeoutAutofs'
+    __cifsacl_key = '/Software/BaseALT/Policies/GPUpdate/CifsaclDisable'
+    __target_mountpoint = '/media/gpupdate'
+    __target_mountpoint_user = '/run/media'
+    __mountpoint_dirname = 'drives.system'
+    __mountpoint_dirname_user = 'drives'
+    __key_cifs_previous_value = 'Previous/Software/BaseALT/Policies/GPUpdate'
+    __key_preferences = 'Software/BaseALT/Policies/Preferences/'
+    __key_preferences_previous = 'Previous/Software/BaseALT/Policies/Preferences/'
+    __name_value = 'DriveMapsName'
+    __name_value_user = 'DriveMapsNameUser'

    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
+        self.state_home_link = False
+        self.state_home_link_user = False
+        self.dict_registry_machine = self.storage.get_dictionary_from_dconf_file_db()
+        self.homedir = ''
+        name_dir = self.__name_dir[1:]

-        self.home = get_homedir(username)
+        if username:
+            self.dict_registry_user = self.storage.get_dictionary_from_dconf_file_db(get_uid_by_username(username))
+            self.home = self.__target_mountpoint_user + '/' + username
+            self.state_home_link = self.storage.check_enable_key(self.__enable_home_link)
+            self.state_home_link_disable_net = self.storage.check_enable_key(self.__name_link_prefix)
+            self.state_home_link_disable_net_user = self.storage.check_enable_key(self.__name_link_prefix_user)
+
+            self.state_home_link_user = self.storage.check_enable_key(self.__enable_home_link_user)
+            self.timeout = self.storage.get_entry(self.__timeout_user_key)
+            dirname = self.storage.get_entry(self.__name_dir + '/' + self.__name_value_user)
+            dirname_system_from_machine = self.dict_registry_machine.get(name_dir, dict()).get(self.__name_value, None)
+            self.__mountpoint_dirname_user = dirname.data if dirname and dirname.data else self.__mountpoint_dirname_user
+            self.__mountpoint_dirname = dirname_system_from_machine if dirname_system_from_machine else self.__mountpoint_dirname
+            mntTarget = self.__mountpoint_dirname_user
+
+            self.keys_cifs_previous_values_user = self.dict_registry_user.get(self.__key_cifs_previous_value,dict())
+            self.keys_cifs_values_user = self.dict_registry_user.get(name_dir,dict())
+            self.keys_the_preferences_previous_values_user = self.dict_registry_user.get((self.__key_preferences_previous+self.username),dict()).get('Drives', dict())
+            self.keys_the_preferences_values_user = self.dict_registry_user.get((self.__key_preferences+self.username),dict()).get('Drives', dict())
+
+        else:
+            self.home = self.__target_mountpoint
+            self.timeout = self.storage.get_entry(self.__timeout_key)
+            dirname_system = self.storage.get_entry(self.__name_dir + '/' + self.__name_value)
+            self.__mountpoint_dirname = dirname_system.data if dirname_system and dirname_system.data else self.__mountpoint_dirname
+            mntTarget = self.__mountpoint_dirname
+
+        self.keys_cifs_previous_values_machine = self.dict_registry_machine.get(self.__key_cifs_previous_value,dict())
+        self.keys_cifs_values_machine = self.dict_registry_machine.get(name_dir,dict())
+        self.keys_the_preferences_previous_values = self.dict_registry_machine.get((self.__key_preferences_previous+'Machine'),dict()).get('Drives', dict())
+        self.keys_the_preferences_values = self.dict_registry_machine.get((self.__key_preferences+'Machine'),dict()).get('Drives', dict())
+        self.cifsacl_disable = self.storage.get_entry(self.__cifsacl_key, preg=False)
+
+        self.mntTarget = mntTarget.translate(str.maketrans({" ": r"\ "}))
        conf_file = '{}.conf'.format(sid)
+        conf_hide_file = '{}_hide.conf'.format(sid)
        autofs_file = '{}.autofs'.format(sid)
+        autofs_hide_file = '{}_hide.autofs'.format(sid)
        cred_file = '{}.creds'.format(sid)

        self.auto_master_d = Path(self.__auto_dir)

        self.user_config = self.auto_master_d / conf_file
+        self.user_config_hide = self.auto_master_d / conf_hide_file
        if os.path.exists(self.user_config.resolve()):
            self.user_config.unlink()
+        if os.path.exists(self.user_config_hide.resolve()):
+            self.user_config_hide.unlink()
        self.user_autofs = self.auto_master_d / autofs_file
+        self.user_autofs_hide = self.auto_master_d / autofs_hide_file
        if os.path.exists(self.user_autofs.resolve()):
            self.user_autofs.unlink()
+        if os.path.exists(self.user_autofs_hide.resolve()):
+            self.user_autofs_hide.unlink()
        self.user_creds = self.auto_master_d / cred_file

-        self.mount_dir = Path(os.path.join(self.home, 'net'))
+
+        self.mount_dir = Path(os.path.join(self.home))
        self.drives = storage_get_drives(self.storage, self.sid)

        self.template_loader = jinja2.FileSystemLoader(searchpath=self.__template_path)
@ -98,6 +262,9 @@ class cifs_applier_user(applier_frontend):
        self.template_indentity = self.template_env.get_template(self.__template_identity)
        self.template_auto = self.template_env.get_template(self.__template_auto)

+        self.template_mountpoints_hide = self.template_env.get_template(self.__template_mountpoints_hide)
+        self.template_auto_hide = self.template_env.get_template(self.__template_auto_hide)
+
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
@ -105,46 +272,82 @@ class cifs_applier_user(applier_frontend):
        )


+    def is_mount_point_dirname(self):
+        if self.username:
+            return self.mount_dir.joinpath(self.__mountpoint_dirname_user).is_mount()
+        else:
+            return self.mount_dir.joinpath(self.__mountpoint_dirname).is_mount()
+
+    def is_changed_keys(self):
+        if self.username:
+            return (self.keys_cifs_previous_values_user.get(self.__name_value_user) != self.keys_cifs_values_user.get(self.__name_value_user) or
+                    self.keys_the_preferences_previous_values_user != self.keys_the_preferences_values_user)
+        else:
+            return (self.keys_cifs_previous_values_machine.get(self.__name_value) != self.keys_cifs_values_machine.get(self.__name_value) or
+                    self.keys_the_preferences_previous_values != self.keys_the_preferences_values)
+
    def user_context_apply(self):
        '''
        Nothing to implement.
        '''
        pass

-    def __admin_context_apply(self):
+    def _admin_context_apply(self):
        # Create /etc/auto.master.gpupdate.d directory
        self.auto_master_d.mkdir(parents=True, exist_ok=True)
        # Create user's destination mount directory
        self.mount_dir.mkdir(parents=True, exist_ok=True)
+        uid = pwd.getpwnam(self.username).pw_uid if self.username else None
+        if uid:
+            os.chown(self.mount_dir, uid=uid, gid=-1)
+            self.mount_dir.chmod(0o700)

        # Add pointer to /etc/auto.master.gpiupdate.d in /etc/auto.master
        auto_destdir = '+dir:{}'.format(self.__auto_dir)
        add_line_if_missing(self.__auto_file, auto_destdir)

        # Collect data for drive settings
-        drive_list = list()
+        drive_list = Drive_list()
        for drv in self.drives:
            drive_settings = dict()
            drive_settings['dir'] = drv.dir
            drive_settings['login'] = drv.login
            drive_settings['password'] = drv.password
-            drive_settings['path'] = drv.path.replace('\\', '/')
+            drive_settings['path'] = remove_chars_before_colon(drv.path.replace('\\', '/'))
+            drive_settings['action'] = drv.action
+            drive_settings['thisDrive'] = drv.thisDrive
+            drive_settings['allDrives'] = drv.allDrives
+            drive_settings['label'] = remove_escaped_quotes(drv.label)
+            drive_settings['persistent'] = drv.persistent
+            drive_settings['useLetter'] = drv.useLetter
+            drive_settings['username'] = self.username
+            drive_settings['cifsacl'] = False if self.cifsacl_disable else True

            drive_list.append(drive_settings)

-        if len(drive_list) > 0:
+        if drive_list.len() > 0:
            mount_settings = dict()
-            mount_settings['drives'] = drive_list
+            mount_settings['drives'] = drive_list()
            mount_text = self.template_mountpoints.render(**mount_settings)

+            mount_text_hide = self.template_mountpoints_hide.render(**mount_settings)
+
            with open(self.user_config.resolve(), 'w') as f:
                f.truncate()
                f.write(mount_text)
                f.flush()

+            with open(self.user_config_hide.resolve(), 'w') as f:
+                f.truncate()
+                f.write(mount_text_hide)
+                f.flush()
+
            autofs_settings = dict()
            autofs_settings['home_dir'] = self.home
+            autofs_settings['mntTarget'] = self.mntTarget
            autofs_settings['mount_file'] = self.user_config.resolve()
+            autofs_settings['timeout'] = self.timeout.data if self.timeout and self.timeout.data else 120
+
            autofs_text = self.template_auto.render(**autofs_settings)

            with open(self.user_autofs.resolve(), 'w') as f:
@ -152,13 +355,123 @@ class cifs_applier_user(applier_frontend):
                f.write(autofs_text)
                f.flush()

+            autofs_settings['mount_file'] = self.user_config_hide.resolve()
+            autofs_text = self.template_auto_hide.render(**autofs_settings)
+            with open(self.user_autofs_hide.resolve(), 'w') as f:
+                f.truncate()
+                f.write(autofs_text)
+                f.flush()
+
+        if self.is_changed_keys() or (self.drives and not self.is_mount_point_dirname()):
+            self.restart_autofs()
+
+        if self.username:
+            self.update_drivemaps_home_links()
+
+    def restart_autofs(self):
+        try:
            subprocess.check_call(['/bin/systemctl', 'restart', 'autofs'])
+        except Exception as exc:
+            log('E74', {'exc': exc})
+
+
+    def unlink_symlink(self, symlink:Path, previous=None):
+        try:
+            if symlink.exists() and symlink.is_symlink() and symlink.owner() == 'root':
+                symlink.unlink()
+            elif symlink.is_symlink() and not symlink.exists():
+                symlink.unlink()
+            elif previous:
+                symlink.unlink()
+        except:
+            pass
+
+    def del_previous_link(self, previous_value_link , mountpoint_dirname, prefix):
+        d_previous = Path(self.homedir + ('/' if prefix else '/net.') + previous_value_link)
+        if d_previous.name != mountpoint_dirname:
+            dHide_previous = Path(self.homedir + ('/.' if prefix else '/.net.') + previous_value_link)
+            self.unlink_symlink(d_previous, True)
+            self.unlink_symlink(dHide_previous, True)
+
+    def update_drivemaps_home_links(self):
+        if  self.state_home_link_disable_net:
+            prefix = ''
+        else:
+            prefix = 'net.'
+        if self.state_home_link_disable_net_user:
+            prefix_user = ''
+        else:
+            prefix_user = 'net.'
+
+        previous_value_link = self.keys_cifs_previous_values_machine.get(self.__name_value, self.__mountpoint_dirname)
+        previous_state_home_link_disable_net_user = self.keys_cifs_previous_values_user.get(self.__key_link_prefix_user)
+        previous_state_home_link_disable_net = self.keys_cifs_previous_values_user.get(self.__key_link_prefix)
+        previous_value_link_user = self.keys_cifs_previous_values_user.get(self.__name_value_user, self.__mountpoint_dirname_user)
+
+        self.homedir = get_homedir(self.username)
+
+        dUser = Path(self.homedir + '/' + prefix_user + self.__mountpoint_dirname_user)
+        dUserHide = Path(self.homedir + '/.' + prefix_user + self.__mountpoint_dirname_user)
+        dMachine = Path(self.homedir+'/' + prefix + self.__mountpoint_dirname)
+        dMachineHide = Path(self.homedir+'/.' + prefix + self.__mountpoint_dirname)
+
+        if self.state_home_link_user:
+            dUserMountpoint = Path(self.home).joinpath(self.__mountpoint_dirname_user)
+            dUserMountpointHide = Path(self.home).joinpath('.' + self.__mountpoint_dirname_user)
+            self.del_previous_link(previous_value_link_user, dUser.name, previous_state_home_link_disable_net_user)
+            if not dUser.exists() and dUserMountpoint.exists():
+                try:
+                    os.symlink(dUserMountpoint, dUser, True)
+                except  Exception as exc:
+                    log('D194', {'exc': exc})
+            elif dUser.is_symlink() and not dUserMountpoint.exists():
+                self.unlink_symlink(dUser)
+
+            if not dUserHide.exists() and dUserMountpointHide.exists():
+                try:
+                    os.symlink(dUserMountpointHide, dUserHide, True)
+                except  Exception as exc:
+                    log('D196', {'exc': exc})
+            elif dUserHide.is_symlink() and not dUserMountpointHide.exists():
+                self.unlink_symlink(dUserHide)
+        else:
+            self.del_previous_link(previous_value_link_user, dUser.name, previous_state_home_link_disable_net_user)
+            self.unlink_symlink(dUser)
+            self.unlink_symlink(dUserHide)
+
+
+        if self.state_home_link:
+            dMachineMountpoint = Path(self.__target_mountpoint).joinpath(self.__mountpoint_dirname)
+            dMachineMountpointHide = Path(self.__target_mountpoint).joinpath('.' + self.__mountpoint_dirname)
+            self.del_previous_link(previous_value_link, dMachine.name, previous_state_home_link_disable_net)
+
+            if not dMachine.exists() and dMachineMountpoint.exists():
+                try:
+                    os.symlink(dMachineMountpoint, dMachine, True)
+                except  Exception as exc:
+                    log('D195', {'exc': exc})
+            elif dMachine.is_symlink() and not dMachineMountpoint.exists():
+                self.unlink_symlink(dMachine)
+
+            if not dMachineHide.exists() and dMachineMountpointHide.exists():
+                try:
+                    os.symlink(dMachineMountpointHide, dMachineHide, True)
+                except  Exception as exc:
+                    log('D197', {'exc': exc})
+            elif dMachineHide.is_symlink() and not dMachineMountpointHide.exists():
+                self.unlink_symlink(dMachineHide)
+        else:
+            self.del_previous_link(previous_value_link, dMachine.name, previous_state_home_link_disable_net)
+            self.unlink_symlink(dMachine)
+            self.unlink_symlink(dMachineHide)
+
+


    def admin_context_apply(self):
        if self.__module_enabled:
-            logging.debug(slogm('Running CIFS applier for user in administrator context'))
-            self.__admin_context_apply()
+            log('D146')
+            self._admin_context_apply()
        else:
-            logging.debug(slogm('CIFS applier for user in administrator context will not be started'))
+            log('D147')

--- a/gpoa/frontend/control_applier.py
+++ b/gpoa/frontend/control_applier.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -21,19 +21,18 @@ from .applier_frontend import (
    , check_enabled
 )
 from .appliers.control import control
-from util.logging import slogm
+from util.logging import log

-import logging

 class control_applier(applier_frontend):
    __module_name = 'ControlApplier'
    __module_experimental = False
    __module_enabled = True
-    _registry_branch = 'Software\\BaseALT\\Policies\\Control'
+    _registry_branch = 'Software/BaseALT/Policies/Control'

    def __init__(self, storage):
        self.storage = storage
-        self.control_settings = self.storage.filter_hklm_entries('Software\\BaseALT\\Policies\\Control%')
+        self.control_settings = self.storage.filter_hklm_entries(self._registry_branch)
        self.controls = list()
        self.__module_enabled = check_enabled(
              self.storage
@ -43,15 +42,30 @@ class control_applier(applier_frontend):

    def run(self):
        for setting in self.control_settings:
-            valuename = setting.hive_key.rpartition('\\')[2]
+            valuename = setting.hive_key.rpartition('/')[2]
            try:
                self.controls.append(control(valuename, int(setting.data)))
-                logging.info(slogm('Working with control {}'.format(valuename)))
+                logdata = dict()
+                logdata['control'] = valuename
+                logdata['value'] = setting.data
+                log('I3', logdata)
            except ValueError as exc:
-                self.controls.append(control(valuename, setting.data))
-                logging.info(slogm('Working with control {} with string value'.format(valuename)))
+                try:
+                    ctl = control(valuename, setting.data)
+                except Exception as exc:
+                    logdata = {'Exception': exc}
+                    log('I3', logdata)
+                    continue
+                self.controls.append(ctl)
+                logdata = dict()
+                logdata['control'] = valuename
+                logdata['with string value'] = setting.data
+                log('I3', logdata)
            except Exception as exc:
-                logging.info(slogm('Unable to work with control {}: {}'.format(valuename, exc)))
+                logdata = dict()
+                logdata['control'] = valuename
+                logdata['exc'] = exc
+                log('E39', logdata)
        #for e in polfile.pol_file.entries:
        #    print('{}:{}:{}:{}:{}'.format(e.type, e.data, e.valuename, e.keyname))
        for cont in self.controls:
@ -62,8 +76,7 @@ class control_applier(applier_frontend):
        Trigger control facility invocation.
        '''
        if self.__module_enabled:
-            logging.debug(slogm('Running Control applier for machine'))
+            log('D67')
            self.run()
        else:
-            logging.debug(slogm('Control applier for machine will not be started'))
-
+            log('E40')
--- a/gpoa/frontend/cups_applier.py
+++ b/gpoa/frontend/cups_applier.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -16,19 +16,15 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-import logging
-import os
 import json
-
 import cups
-
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from gpt.printers import json2printer
 from util.rpm import is_rpm_installed
-from util.logging import slogm
+from util.logging import log

 def storage_get_printers(storage, sid):
    '''
@ -79,10 +75,14 @@ class cups_applier(applier_frontend):

    def run(self):
        if not is_rpm_installed('cups'):
-            logging.warning(slogm('CUPS is not installed: no printer settings will be deployed'))
+            log('W9')
            return
-
-        self.cups_connection = cups.Connection()
+        try:
+            self.cups_connection = cups.Connection()
+        except Exception as exc:
+            logdata = dict()
+            logdata['exc', exc]
+            log('W20', logdata)
        self.printers = storage_get_printers(self.storage, self.storage.get_info('machine_sid'))

        if self.printers:
@ -94,10 +94,10 @@ class cups_applier(applier_frontend):
        Perform configuration of printer which is assigned to computer.
        '''
        if self.__module_enabled:
-            logging.debug(slogm('Running CUPS applier for machine'))
+            log('D113')
            self.run()
        else:
-            logging.debug(slogm('CUPS applier for machine will not be started'))
+            log('D114')

 class cups_applier_user(applier_frontend):
    __module_name = 'CUPSApplierUser'
@ -111,7 +111,7 @@ class cups_applier_user(applier_frontend):
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
-            , self.__module_enabled
+            , self.__module_experimental
        )

    def user_context_apply(self):
@ -123,7 +123,7 @@ class cups_applier_user(applier_frontend):

    def run(self):
        if not is_rpm_installed('cups'):
-            logging.warning(slogm('CUPS is not installed: no printer settings will be deployed'))
+            log('W9')
            return

        self.cups_connection = cups.Connection()
@ -138,8 +138,8 @@ class cups_applier_user(applier_frontend):
        Perform printer configuration assigned for user.
        '''
        if self.__module_enabled:
-            logging.debug(slogm('Running CUPS applier for user in administrator context'))
+            log('D115')
            self.run()
        else:
-            logging.debug(slogm('CUPS applier for user in administrator context will not be started'))
+            log('D116')

--- a/gpoa/frontend/envvar_applier.py
+++ b/gpoa/frontend/envvar_applier.py
@ -0,0 +1,70 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from .applier_frontend import (
+      applier_frontend
+    , check_enabled
+)
+from .appliers.envvar import Envvar
+from util.logging import log
+
+
+class envvar_applier(applier_frontend):
+    __module_name = 'EnvvarsApplier'
+    __module_experimental = False
+    __module_enabled = True
+
+    def __init__(self, storage, sid):
+        self.storage = storage
+        self.sid = sid
+        self.envvars = self.storage.get_envvars(self.sid)
+        Envvar.clear_envvar_file()
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
+
+    def apply(self):
+        if self.__module_enabled:
+            log('D134')
+            ev = Envvar(self.envvars, 'root')
+            ev.act()
+        else:
+            log('D135')
+
+class envvar_applier_user(applier_frontend):
+    __module_name = 'EnvvarsApplierUser'
+    __module_experimental = False
+    __module_enabled = True
+
+    def __init__(self, storage, sid, username):
+        self.storage = storage
+        self.sid = sid
+        self.username = username
+        self.envvars = self.storage.get_envvars(self.sid)
+        Envvar.clear_envvar_file(username)
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
+
+    def admin_context_apply(self):
+        if self.__module_enabled:
+            log('D136')
+            ev = Envvar(self.envvars, self.username)
+            ev.act()
+        else:
+            log('D137')
+
+    def user_context_apply(self):
+        pass
+
--- a/gpoa/frontend/file_applier.py
+++ b/gpoa/frontend/file_applier.py
@ -0,0 +1,83 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2022 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+from .appliers.file_cp import Files_cp, Execution_check
+from .applier_frontend import (
+      applier_frontend
+    , check_enabled
+)
+from util.logging import log
+
+
+
+class file_applier(applier_frontend):
+    __module_name = 'FilesApplier'
+    __module_experimental = True
+    __module_enabled = False
+
+    def __init__(self, storage, file_cache, sid):
+        self.storage = storage
+        self.exe_check = Execution_check(storage)
+        self.sid = sid
+        self.file_cache = file_cache
+        self.files = self.storage.get_files(self.sid)
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
+
+    def run(self):
+        for file in self.files:
+            Files_cp(file, self.file_cache, self.exe_check)
+
+    def apply(self):
+        if self.__module_enabled:
+            log('D167')
+            self.run()
+        else:
+            log('D168')
+
+class file_applier_user(applier_frontend):
+    __module_name = 'FilesApplierUser'
+    __module_experimental = True
+    __module_enabled = False
+
+    def __init__(self, storage, file_cache, sid, username):
+        self.storage = storage
+        self.file_cache = file_cache
+        self.sid = sid
+        self.username = username
+        self.exe_check = Execution_check(storage)
+        self.files = self.storage.get_files(self.sid)
+        self.__module_enabled = check_enabled(
+              self.storage
+            , self.__module_name
+            , self.__module_experimental
+        )
+
+    def run(self):
+        for file in self.files:
+            Files_cp(file, self.file_cache, self.exe_check, self.username)
+
+    def admin_context_apply(self):
+        if self.__module_enabled:
+            log('D169')
+            self.run()
+        else:
+            log('D170')
+
+    def user_context_apply(self):
+        pass
--- a/gpoa/frontend/firefox_applier.py
+++ b/gpoa/frontend/firefox_applier.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -25,25 +25,22 @@
 # This thing must work with keys and subkeys located at:
 # Software\Policies\Mozilla\Firefox

-import logging
 import json
 import os
-import configparser

 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
-from util.logging import slogm
-from util.util import is_machine_name
+from util.logging import log
+from util.util import is_machine_name, try_dict_to_literal_eval

 class firefox_applier(applier_frontend):
    __module_name = 'FirefoxApplier'
-    __module_experimental = True
-    __module_enabled = False
-    __registry_branch = 'Software\\Policies\\Mozilla\\Firefox'
-    __firefox_installdir = '/usr/lib64/firefox/distribution'
-    __user_settings_dir = '.mozilla/firefox'
+    __module_experimental = False
+    __module_enabled = True
+    __registry_branch = 'Software/Policies/Mozilla/Firefox'
+    __firefox_policies = '/etc/firefox/policies'

    def __init__(self, storage, sid, username):
        self.storage = storage
@ -52,108 +49,122 @@ class firefox_applier(applier_frontend):
        self._is_machine_name = is_machine_name(self.username)
        self.policies = dict()
        self.policies_json = dict({ 'policies': self.policies })
+        self.firefox_keys = self.storage.filter_hklm_entries(self.__registry_branch)
+        self.policies_gen = dict()
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )

-    def get_profiles(self):
-        '''
-        Get directory names of Firefox profiles for specified username.
-        '''
-        profiles_ini = os.path.join(util.get_homedir(self.username), self.__user_settings_dir, 'profiles.ini')
-        config = configparser.ConfigParser()
-        config.read(profiles_ini)
-
-        profile_paths = list()
-        for section in config.keys():
-            if section.startswith('Profile'):
-                profile_paths.append(config[section]['Path'])
-
-        return profile_paths
-
-    def get_hklm_string_entry(self, hive_subkey):
-        '''
-        Get HKEY_LOCAL_MACHINE hive subkey of
-        'Software\Policies\Mozilla\Firefox'.
-        '''
-        query_str = '{}\\{}'.format(self.__registry_branch, hive_subkey)
-        return self.storage.get_hklm_entry(query_str)
-
-    def get_hklm_string_entry_default(self, hive_subkey, default):
-        '''
-        Get Firefox's subkey or return the default value.
-        '''
-        defval = str(default)
-        response = self.get_hklm_string_entry(hive_subkey)
-        if response:
-            return response.data
-        return defval
-
-    def set_policy(self, name, obj):
-        '''
-        Add entry to policy set.
-        '''
-        if obj:
-            self.policies[name] = obj
-            logging.info(slogm('Firefox policy \'{}\' set to {}'.format(name, obj)))
-
-    def get_home_page(self):
-        '''
-        Query the Homepage property from the storage.
-        '''
-        homepage = dict({
-            'URL': 'about:blank',
-            'Locked': False,
-            'StartPage': 'homepage'
-        })
-        response = self.get_hklm_string_entry('Homepage\\URL')
-        if response:
-            homepage['URL'] = response.data
-            return homepage
-        return None
-
-    def get_block_about_config(self):
-        '''
-        Query BlockAboutConfig boolean property from the storage.
-        '''
-        response = self.get_hklm_string_entry('BlockAboutConfig')
-        if response:
-            if response.data.lower() in ['0', 'false', False, None, 'None']:
-                return False
-            return True
-
-        return None

    def machine_apply(self):
        '''
-        Write policies.json to Firefox installdir.
+        Write policies.json to Firefox.
        '''
-        self.set_policy('Homepage', self.get_home_page())
-        self.set_policy('BlockAboutConfig', self.get_block_about_config())
+        excp = ['SOCKSVersion']
+        self.policies_json = create_dict(self.firefox_keys, self.__registry_branch, excp)

-        destfile = os.path.join(self.__firefox_installdir, 'policies.json')
-
-        os.makedirs(self.__firefox_installdir, exist_ok=True)
+        destfile = os.path.join(self.__firefox_policies, 'policies.json')
+        os.makedirs(self.__firefox_policies, exist_ok=True)
        with open(destfile, 'w') as f:
            json.dump(self.policies_json, f)
-            logging.debug(slogm('Wrote Firefox preferences to {}'.format(destfile)))
-
-    def user_apply(self):
-        profiles = self.get_profiles()
-
-        profiledir = os.path.join(util.get_homedir(self.username), self.__user_settings_dir)
-        for profile in profiles:
-            logging.debug(slogm('Found Firefox profile in {}/{}'.format(profiledir, profile)))
+            logdata = dict()
+            logdata['destfile'] = destfile
+            log('D91', logdata)

    def apply(self):
        if self.__module_enabled:
-            logging.debug(slogm('Running Firefox applier for machine'))
+            log('D93')
            self.machine_apply()
        else:
-            logging.debug(slogm('Firefox applier for machine will not be started'))
-        #if not self._is_machine_name:
-        #    logging.debug('Running user applier for Firefox')
-        #    self.user_apply()
+            log('D94')

+def key_dict_is_digit(dictionary:dict) -> bool:
+    '''
+    Checking if a dictionary key is a digit
+    '''
+    if not isinstance(dictionary, dict):
+        return False
+    for dig in dictionary.keys():
+        if dig.isdigit():
+            return True
+    return False
+
+
+def dict_item_to_list(dictionary:dict) -> dict:
+    '''
+    Replacing dictionaries with numeric keys with a List
+    '''
+    if '' in dictionary:
+        dictionary = dictionary.pop('')
+
+    for key,val in dictionary.items():
+        if type(val) == dict:
+            if key_dict_is_digit(val):
+                dictionary[key] = [*val.values()]
+            else:
+                dict_item_to_list(dictionary[key])
+    return dictionary
+
+def clean_data_firefox(data):
+    return data.replace("'", '\"')
+
+
+
+def create_dict(firefox_keys, registry_branch, excp=list()):
+    '''
+    Collect dictionaries from registry keys into a general dictionary
+    '''
+    get_boolean = lambda data: data in ['1', 'true', 'True', True, 1] if isinstance(data, (str, int)) else False
+    get_parts = lambda hivekey, registry: hivekey.replace(registry, '').split('/')
+    counts = dict()
+    for it_data in firefox_keys:
+        branch = counts
+        try:
+            if type(it_data.data) is bytes:
+                it_data.data = it_data.data.decode(encoding='utf-16').replace('\x00','')
+            json_data = try_dict_to_literal_eval(it_data.data)
+            if json_data:
+                it_data.data = json_data
+                it_data.type = 7
+            else:
+                if it_data.type == 1:
+                    it_data.data = clean_data_firefox(it_data.data)
+            #Cases when it is necessary to create nested dictionaries
+            if it_data.valuename != it_data.data:
+                parts = get_parts(it_data.hive_key, registry_branch)
+                #creating a nested dictionary from elements
+                for part in parts[:-1]:
+                    branch = branch.setdefault(part, {})
+                #dictionary key value initialization
+                if it_data.type == 4:
+                    if it_data.valuename in excp:
+                        branch[parts[-1]] = int(it_data.data)
+                    else:
+                        branch[parts[-1]] = get_boolean(it_data.data)
+                elif it_data.type == 7:
+                    branch[parts[-1]] = it_data.data
+                else:
+                    branch[parts[-1]] = str(it_data.data).replace('\\', '/')
+            #Cases when it is necessary to create lists in a dictionary
+            else:
+                parts = get_parts(it_data.keyname, registry_branch)
+                for part in parts[:-1]:
+                    branch = branch.setdefault(part, {})
+                if branch.get(parts[-1]) is None:
+                    branch[parts[-1]] = list()
+                if it_data.type == 4:
+                    branch[parts[-1]].append(get_boolean(it_data.data))
+                else:
+                    if os.path.isdir(str(it_data.data).replace('\\', '/')):
+                        branch[parts[-1]].append(str(it_data.data).replace('\\', '/'))
+                    else:
+                        branch[parts[-1]].append(str(it_data.data))
+        except Exception as exc:
+            logdata = dict()
+            logdata['Exception'] = exc
+            logdata['keyname'] = it_data.keyname
+            log('W14', logdata)
+
+    return {'policies': dict_item_to_list(counts)}
--- a/gpoa/frontend/firewall_applier.py
+++ b/gpoa/frontend/firewall_applier.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -17,10 +17,9 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.


-import logging
 import subprocess

-from util.logging import slogm
+from util.logging import log
 from .applier_frontend import (
      applier_frontend
    , check_enabled
@ -52,14 +51,14 @@ class firewall_applier(applier_frontend):

    def apply(self):
        if self.__module_enabled:
-            logging.debug(slogm('Running Firewall applier for machine'))
+            log('D117')
            if '1' == self.firewall_enabled:
-                logging.debug(slogm('Firewall is enabled'))
+                log('D118')
                self.run()
            else:
-                logging.debug(slogm('Firewall is disabled, settings will be reset'))
+                log('D119')
                proc = subprocess.Popen(self.__firewall_reset_cmd)
                proc.wait()
        else:
-            logging.debug(slogm('Firewall applier will not be started'))
+            log('D120')

--- a/gpoa/frontend/folder_applier.py
+++ b/gpoa/frontend/folder_applier.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -16,16 +16,15 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-from pathlib import Path

 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from .appliers.folder import Folder
-from util.logging import slogm
-
-import logging
+from util.logging import log
+from util.windows import expand_windows_var
+import re

 class folder_applier(applier_frontend):
    __module_name = 'FoldersApplier'
@ -36,16 +35,22 @@ class folder_applier(applier_frontend):
        self.storage = storage
        self.sid = sid
        self.folders = self.storage.get_folders(self.sid)
-        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_enabled)
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)

    def apply(self):
        if self.__module_enabled:
-            logging.debug(slogm('Running Folder applier for machine'))
+            log('D107')
            for directory_obj in self.folders:
+                check = expand_windows_var(directory_obj.path).replace('\\', '/')
+                win_var = re.findall(r'%.+?%', check)
+                drive = re.findall(r'^[a-z A-Z]\:',check)
+                if drive or win_var:
+                    log('D109', {"path": directory_obj.path})
+                    continue
                fld = Folder(directory_obj)
-                fld.action()
+                fld.act()
        else:
-            logging.debug(slogm('Folder applier for machine will not be started'))
+            log('D108')

 class folder_applier_user(applier_frontend):
    __module_name = 'FoldersApplierUser'
@ -65,20 +70,22 @@ class folder_applier_user(applier_frontend):

    def run(self):
        for directory_obj in self.folders:
+            check = expand_windows_var(directory_obj.path, self.username).replace('\\', '/')
+            win_var = re.findall(r'%.+?%', check)
+            drive = re.findall(r'^[a-z A-Z]\:',check)
+            if drive or win_var:
+                log('D110', {"path": directory_obj.path})
+                continue
            fld = Folder(directory_obj, self.username)
            fld.act()

    def admin_context_apply(self):
-        if self.__module_enabled:
-            logging.debug(slogm('Running Folder applier for user in administrator context'))
-            self.run()
-        else:
-            logging.debug(slogm('Folder applier for user in administrator context will not be started'))
+        pass

    def user_context_apply(self):
        if self.__module_enabled:
-            logging.debug(slogm('Running Folder applier for user in user context'))
+            log('D111')
            self.run()
        else:
-            logging.debug(slogm('Folder applier for user administrator context will not be started'))
+            log('D112')

--- a/gpoa/frontend/frontend_manager.py
+++ b/gpoa/frontend/frontend_manager.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -17,6 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 from storage import registry_factory
+from storage.fs_file_cache import fs_file_cache

 from .control_applier import control_applier
 from .polkit_applier import (
@ -25,6 +26,7 @@ from .polkit_applier import (
 )
 from .systemd_applier import systemd_applier
 from .firefox_applier import firefox_applier
+from .thunderbird_applier import thunderbird_applier
 from .chromium_applier import chromium_applier
 from .cups_applier import cups_applier
 from .package_applier import (
@ -44,16 +46,46 @@ from .folder_applier import (
      folder_applier
    , folder_applier_user
 )
-from .cifs_applier import cifs_applier_user
+from .cifs_applier import (
+      cifs_applier_user
+    , cifs_applier)
 from .ntp_applier import ntp_applier
-from util.windows import get_sid
+from .envvar_applier import (
+      envvar_applier
+    , envvar_applier_user
+)
+from .scripts_applier import (
+      scripts_applier
+    , scripts_applier_user
+)
+
+from .file_applier import (
+      file_applier
+    , file_applier_user
+)
+
+from .ini_applier import (
+      ini_applier
+    , ini_applier_user
+)
+
+from .kde_applier import (
+      kde_applier
+    , kde_applier_user
+)
+from .laps_applier import laps_applier
+
+from .networkshare_applier import networkshare_applier
+from .yandex_browser_applier import yandex_browser_applier
+
+from util.sid import get_sid
 from util.users import (
    is_root,
    get_process_user,
    username_match_uid,
-    with_privileges
 )
 from util.logging import log
+from util.system import with_privileges


 def determine_username(username=None):
@ -79,6 +111,18 @@ def determine_username(username=None):

    return name

+def apply_user_context(user_appliers):
+    for applier_name, applier_object in user_appliers.items():
+        log('D55', {'name': applier_name})
+
+        try:
+            applier_object.user_context_apply()
+        except Exception as exc:
+            logdata = dict()
+            logdata['applier'] = applier_name
+            logdata['exception'] = str(exc)
+            log('E20', logdata)
+
 class frontend_manager:
    '''
    The frontend_manager class decides when and how to run appliers
@ -86,32 +130,56 @@ class frontend_manager:
    '''

    def __init__(self, username, is_machine):
-        self.storage = registry_factory('registry')
        self.username = determine_username(username)
+        self.storage = registry_factory('dconf', username=self.username)
        self.is_machine = is_machine
        self.process_uname = get_process_user()
        self.sid = get_sid(self.storage.get_info('domain'), self.username, is_machine)
+        self.file_cache = fs_file_cache('file_cache', self.username)

        self.machine_appliers = dict()
+        self.user_appliers = dict()
+        if is_machine:
+            self._init_machine_appliers()
+        else:
+            self._init_user_appliers()
+
+    def _init_machine_appliers(self):
+        self.machine_appliers['laps_applier'] = laps_applier(self.storage)
        self.machine_appliers['control'] = control_applier(self.storage)
        self.machine_appliers['polkit'] = polkit_applier(self.storage)
        self.machine_appliers['systemd'] = systemd_applier(self.storage)
        self.machine_appliers['firefox'] = firefox_applier(self.storage, self.sid, self.username)
+        self.machine_appliers['thunderbird'] = thunderbird_applier(self.storage, self.sid, self.username)
        self.machine_appliers['chromium'] = chromium_applier(self.storage, self.sid, self.username)
+        self.machine_appliers['yandex_browser'] = yandex_browser_applier(self.storage, self.sid, self.username)
        self.machine_appliers['shortcuts'] = shortcut_applier(self.storage)
-        self.machine_appliers['gsettings'] = gsettings_applier(self.storage)
+        self.machine_appliers['gsettings'] = gsettings_applier(self.storage, self.file_cache)
+        try:
+            self.machine_appliers['cifs'] = cifs_applier(self.storage, self.sid)
+        except Exception as exc:
+            logdata = dict()
+            logdata['applier_name'] = 'cifs'
+            logdata['msg'] = str(exc)
+            log('E24', logdata)
        self.machine_appliers['cups'] = cups_applier(self.storage)
        self.machine_appliers['firewall'] = firewall_applier(self.storage)
        self.machine_appliers['folders'] = folder_applier(self.storage, self.sid)
-        self.machine_appliers['package'] = package_applier(self.storage)
        self.machine_appliers['ntp'] = ntp_applier(self.storage)
+        self.machine_appliers['envvar'] = envvar_applier(self.storage, self.sid)
+        self.machine_appliers['networkshare'] = networkshare_applier(self.storage, self.sid)
+        self.machine_appliers['scripts'] = scripts_applier(self.storage, self.sid)
+        self.machine_appliers['files'] = file_applier(self.storage, self.file_cache, self.sid)
+        self.machine_appliers['ini'] = ini_applier(self.storage, self.sid)
+        self.machine_appliers['kde'] = kde_applier(self.storage)
+        self.machine_appliers['package'] = package_applier(self.storage)

+    def _init_user_appliers(self):
        # User appliers are expected to work with user-writable
        # files and settings, mostly in $HOME.
-        self.user_appliers = dict()
        self.user_appliers['shortcuts'] = shortcut_applier_user(self.storage, self.sid, self.username)
        self.user_appliers['folders'] = folder_applier_user(self.storage, self.sid, self.username)
-        self.user_appliers['gsettings'] = gsettings_applier_user(self.storage, self.sid, self.username)
+        self.user_appliers['gsettings'] = gsettings_applier_user(self.storage, self.file_cache, self.sid, self.username)
        try:
            self.user_appliers['cifs'] = cifs_applier_user(self.storage, self.sid, self.username)
        except Exception as exc:
@ -119,8 +187,14 @@ class frontend_manager:
            logdata['applier_name'] = 'cifs'
            logdata['msg'] = str(exc)
            log('E25', logdata)
-        self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username)
        self.user_appliers['polkit'] = polkit_applier_user(self.storage, self.sid, self.username)
+        self.user_appliers['envvar'] = envvar_applier_user(self.storage, self.sid, self.username)
+        self.user_appliers['networkshare'] = networkshare_applier(self.storage, self.sid, self.username)
+        self.user_appliers['scripts'] = scripts_applier_user(self.storage, self.sid, self.username)
+        self.user_appliers['files'] = file_applier_user(self.storage, self.file_cache, self.sid, self.username)
+        self.user_appliers['ini'] = ini_applier_user(self.storage, self.sid, self.username)
+        self.user_appliers['kde'] = kde_applier_user(self.storage, self.sid, self.username, self.file_cache)
+        self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username)

    def machine_apply(self):
        '''
@ -130,6 +204,7 @@ class frontend_manager:
            log('E13')
            return
        log('D16')
+
        for applier_name, applier_object in self.machine_appliers.items():
            try:
                applier_object.apply()
@ -153,13 +228,13 @@ class frontend_manager:
                    logdata['exception'] = str(exc)
                    log('E19', logdata)

-                try:
-                    with_privileges(self.username, applier_object.user_context_apply)
-                except Exception as exc:
-                    logdata = dict()
-                    logdata['applier'] = applier_name
-                    logdata['exception'] = str(exc)
-                    log('E20', logdata)
+            try:
+                with_privileges(self.username, lambda: apply_user_context(self.user_appliers))
+            except Exception as exc:
+                logdata = dict()
+                logdata['username'] = self.username
+                logdata['exception'] = str(exc)
+                log('E30', logdata)
        else:
            for applier_name, applier_object in self.user_appliers.items():
                try:
--- a/gpoa/frontend/gsettings_applier.py
+++ b/gpoa/frontend/gsettings_applier.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -16,75 +16,135 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-import logging
+from util.exceptions import NotUNCPathError
 import os
 import pwd
 import subprocess

-from gi.repository import (
-      Gio
-    , GLib
-)
+from gi.repository import Gio
+from storage.dconf_registry import Dconf_registry

 from .applier_frontend import (
      applier_frontend
    , check_enabled
+    , check_windows_mapping_enabled
 )
 from .appliers.gsettings import (
-    system_gsetting,
-    user_gsetting
+    system_gsettings,
+    user_gsettings
 )
-from util.logging import slogm
+from util.logging import log
+
+def uri_fetch(schema, path, value, cache):
+    '''
+    Function to fetch and cache uri
+    '''
+    retval = value
+    logdata = dict()
+    logdata['schema'] = schema
+    logdata['path'] = path
+    logdata['src'] = value
+    try:
+        retval = cache.get(value)
+        if not retval:
+            retval = ''
+        logdata['dst'] = retval
+        log('D90', logdata)
+    except Exception as exc:
+        pass
+
+    return retval

 class gsettings_applier(applier_frontend):
    __module_name = 'GSettingsApplier'
-    __module_experimental = True
-    __module_enabled = False
-    __registry_branch = 'Software\\BaseALT\\Policies\\gsettings'
+    __module_experimental = False
+    __module_enabled = True
+    __registry_branch = 'Software\\BaseALT\\Policies\\gsettings\\'
+    __registry_locks_branch = 'Software\\BaseALT\\Policies\\GSettingsLocks\\'
+    __wallpaper_entry = 'Software/BaseALT/Policies/gsettings/org.mate.background.picture-filename'
+    __vino_authentication_methods_entry = 'Software/BaseALT/Policies/gsettings/org.gnome.Vino.authentication-methods'
    __global_schema = '/usr/share/glib-2.0/schemas'
-    __windows_settings = dict()
+    __override_priority_file = 'zzz_policy.gschema.override'
+    __override_old_file = '0_policy.gschema.override'

-    def __init__(self, storage):
+
+    def __init__(self, storage, file_cache):
        self.storage = storage
+        self.file_cache = file_cache
        gsettings_filter = '{}%'.format(self.__registry_branch)
+        gsettings_locks_filter = '{}%'.format(self.__registry_locks_branch)
        self.gsettings_keys = self.storage.filter_hklm_entries(gsettings_filter)
-        self.gsettings = list()
-        self.override_file = os.path.join(self.__global_schema, '0_policy.gschema.override')
+        self.gsettings_locks = self.storage.filter_hklm_entries(gsettings_locks_filter)
+        self.override_file = os.path.join(self.__global_schema, self.__override_priority_file)
+        self.override_old_file = os.path.join(self.__global_schema, self.__override_old_file)
+        self.gsettings = system_gsettings(self.override_file)
+        self.locks = dict()
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )

+    def update_file_cache(self, data):
+        try:
+            self.file_cache.store(data)
+        except Exception as exc:
+            logdata = dict()
+            logdata['exception'] = str(exc)
+            log('D145', logdata)
+
+    def uri_fetch_helper(self, schema, path, value):
+        return uri_fetch(schema, path, value, self.file_cache)
+
    def run(self):
+        # Compatility cleanup of old settings
+        if os.path.exists(self.override_old_file):
+            os.remove(self.override_old_file)
+
        # Cleanup settings from previous run
        if os.path.exists(self.override_file):
-            logging.debug(slogm('Removing GSettings policy file from previous run'))
+            log('D82')
            os.remove(self.override_file)

+        # Get all configured gsettings locks
+        for lock in self.gsettings_locks:
+            valuename = lock.hive_key.rpartition('/')[2]
+            self.locks[valuename] = int(lock.data)
+
        # Calculate all configured gsettings
        for setting in self.gsettings_keys:
-            valuename = setting.hive_key.rpartition('\\')[2]
+            helper = None
+            valuename = setting.hive_key.rpartition('/')[2]
            rp = valuename.rpartition('.')
            schema = rp[0]
            path = rp[2]
-            self.gsettings.append(system_gsetting(schema, path, setting.data))
+            data = setting.data
+            lock = bool(self.locks[valuename]) if valuename in self.locks else None
+            if setting.hive_key.lower() == self.__wallpaper_entry.lower():
+                self.update_file_cache(setting.data)
+                helper = self.uri_fetch_helper
+            elif setting.hive_key.lower() == self.__vino_authentication_methods_entry.lower():
+                data = [setting.data]
+            self.gsettings.append(schema, path, data, lock, helper)

        # Create GSettings policy with highest available priority
-        for gsetting in self.gsettings:
-            gsetting.apply()
+        self.gsettings.apply()

        # Recompile GSettings schemas with overrides
        try:
            proc = subprocess.run(args=['/usr/bin/glib-compile-schemas', self.__global_schema], capture_output=True, check=True)
        except Exception as exc:
-            logging.debug(slogm('Error recompiling global GSettings schemas'))
+            log('E48')
+
+        # Update desktop configuration system backend
+        Dconf_registry.dconf_update()

    def apply(self):
        if self.__module_enabled:
-            logging.debug(slogm('Running GSettings applier for machine'))
+            log('D80')
+            self.run()
        else:
-            logging.debug(slogm('GSettings applier for machine will not be started'))
+            log('D81')

 class GSettingsMapping:
    def __init__(self, hive_key, gsettings_schema, gsettings_key):
@ -102,7 +162,7 @@ class GSettingsMapping:
            logdata['hive_key'] = self.hive_key
            logdata['gsettings_schema'] = self.gsettings_schema
            logdata['gsettings_key'] = self.gsettings_key
-            logging.warning(slogm('Unable to resolve GSettings parameter {}.{}'.format(self.gsettings_schema, self.gsettings_key)))
+            log('W6', logdata)

    def preg2gsettings(self):
        '''
@ -119,43 +179,47 @@ class GSettingsMapping:

 class gsettings_applier_user(applier_frontend):
    __module_name = 'GSettingsApplierUser'
-    __module_experimental = True
-    __module_enabled = False
-    __registry_branch = 'Software\\BaseALT\\Policies\\gsettings'
+    __module_experimental = False
+    __module_enabled = True
+    __registry_branch = 'Software\\BaseALT\\Policies\\gsettings\\'
+    __wallpaper_entry = 'Software/BaseALT/Policies/gsettings/org.mate.background.picture-filename'
+    __vino_authentication_methods_entry = 'Software/BaseALT/Policies/gsettings/org.gnome.Vino.authentication-methods'

-    def __init__(self, storage, sid, username):
+    def __init__(self, storage, file_cache, sid, username):
        self.storage = storage
+        self.file_cache = file_cache
        self.sid = sid
        self.username = username
        gsettings_filter = '{}%'.format(self.__registry_branch)
        self.gsettings_keys = self.storage.filter_hkcu_entries(self.sid, gsettings_filter)
-        self.gsettings = list()
-        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_enabled)
+        self.gsettings = user_gsettings()
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
+        self.__windows_mapping_enabled = check_windows_mapping_enabled(self.storage)

        self.__windows_settings = dict()
        self.windows_settings = list()
        mapping = [
              # Disable or enable screen saver
              GSettingsMapping(
-                  'Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\ScreenSaveActive'
+                  'Software/Policies/Microsoft/Windows/Control Panel/Desktop/ScreenSaveActive'
                , 'org.mate.screensaver'
                , 'idle-activation-enabled'
              )
              # Timeout in seconds for screen saver activation. The value of zero effectively disables screensaver start
            , GSettingsMapping(
-                  'Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\ScreenSaveTimeOut'
+                  'Software/Policies/Microsoft/Windows/Control Panel/Desktop/ScreenSaveTimeOut'
                , 'org.mate.session'
                , 'idle-delay'
              )
              # Enable or disable password protection for screen saver
            , GSettingsMapping(
-                  'Software\\Policies\\Microsoft\\Windows\\Control Panel\\Desktop\\ScreenSaverIsSecure'
+                  'Software/Policies/Microsoft/Windows/Control Panel/Desktop/ScreenSaverIsSecure'
                , 'org.mate.screensaver'
                , 'lock-enabled'
              )
              # Specify image which will be used as a wallpaper
            , GSettingsMapping(
-                  'Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\\Wallpaper'
+                  'Software/Microsoft/Windows/CurrentVersion/Policies/System/Wallpaper'
                , 'org.mate.background'
                , 'picture-filename'
              )
@ -166,42 +230,64 @@ class gsettings_applier_user(applier_frontend):
            self.__windows_settings[element.hive_key] = element


-    def run(self):
-        #for setting in self.gsettings_keys:
-        #    valuename = setting.hive_key.rpartition('\\')[2]
-        #    rp = valuename.rpartition('.')
-        #    schema = rp[0]
-        #    path = rp[2]
-        #    self.gsettings.append(user_gsetting(schema, path, setting.data))
-
-        os.environ['DBUS_SESSION_BUS_ADDRESS'] = 'unix:path=/run/user/{}/bus'.format(pwd.getpwnam(self.username).pw_uid)
-
+    def windows_mapping_append(self):
        for setting_key in self.__windows_settings.keys():
-            logging.debug('Checking for GSettings mapping {}'.format(setting_key))
            value = self.storage.get_hkcu_entry(self.sid, setting_key)
            if value:
-                logging.debug('Found GSettings mapping {} to {}'.format(setting_key, value.data))
+                logdata = dict()
+                logdata['setting_key'] = setting_key
+                logdata['value.data'] = value.data
+                log('D86', logdata)
                mapping = self.__windows_settings[setting_key]
-                self.gsettings.append(user_gsetting(mapping.gsettings_schema, mapping.gsettings_key, value.data))
-            else:
-                logging.debug('GSettings mapping for {} not found'.format(setting_key))
+                try:
+                    self.gsettings.append(mapping.gsettings_schema, mapping.gsettings_key, value.data)
+                except Exception as exc:
+                    print(exc)

-        for gsetting in self.gsettings:
-            logging.debug('Applying setting {}/{}'.format(gsetting.schema, gsetting.path))
-            gsetting.apply()
+    def uri_fetch_helper(self, schema, path, value):
+        return uri_fetch(schema, path, value, self.file_cache)

-        del os.environ['DBUS_SESSION_BUS_ADDRESS']
+    def run(self):
+        if self.__windows_mapping_enabled:
+            log('D83')
+            self.windows_mapping_append()
+        else:
+            log('D84')
+
+        # Calculate all configured gsettings
+        for setting in self.gsettings_keys:
+            valuename = setting.hive_key.rpartition('/')[2]
+            rp = valuename.rpartition('.')
+            schema = rp[0]
+            path = rp[2]
+            data = setting.data
+            helper = self.uri_fetch_helper if setting.hive_key.lower() == self.__wallpaper_entry.lower() else None
+            if setting.hive_key.lower() == self.__vino_authentication_methods_entry.lower():
+                data = [setting.data]
+            self.gsettings.append(schema, path, data, helper)
+
+        # Create GSettings policy with highest available priority
+        self.gsettings.apply()

    def user_context_apply(self):
        if self.__module_enabled:
-            logging.debug(slogm('Running GSettings applier for user in user context'))
+            log('D87')
            self.run()
        else:
-            logging.debug(slogm('GSettings applier for user in user context will not be started'))
+            log('D88')

    def admin_context_apply(self):
-        '''
-        Not implemented because there is no point of doing so.
-        '''
-        pass
+        # Cache files on remote locations
+        try:
+            entry = self.__wallpaper_entry
+            filter_result = self.storage.get_hkcu_entry(self.sid, entry)
+            if filter_result and filter_result.data:
+                self.file_cache.store(filter_result.data)
+        except NotUNCPathError:
+            ...
+        except Exception as exc:
+            logdata = dict()
+            logdata['exception'] = str(exc)
+            log('E50', logdata)
+

--- a/gpoa/frontend/ini_applier.py
+++ b/gpoa/frontend/ini_applier.py
@ -0,0 +1,77 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+from .appliers.ini_file import Ini_file
+from .applier_frontend import (
+      applier_frontend
+    , check_enabled
+)
+from util.logging import log
+
+class ini_applier(applier_frontend):
+    __module_name = 'InifilesApplier'
+    __module_experimental = True
+    __module_enabled = False
+
+    def __init__(self, storage, sid):
+        self.storage = storage
+        self.sid = sid
+        self.inifiles_info = self.storage.get_ini(self.sid)
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
+
+    def run(self):
+        for inifile in self.inifiles_info:
+            Ini_file(inifile)
+
+    def apply(self):
+        if self.__module_enabled:
+            log('D171')
+            self.run()
+        else:
+            log('D172')
+
+class ini_applier_user(applier_frontend):
+    __module_name = 'InifilesApplierUser'
+    __module_experimental = True
+    __module_enabled = False
+
+    def __init__(self, storage, sid, username):
+        self.sid = sid
+        self.username = username
+        self.storage = storage
+        self.inifiles_info = self.storage.get_ini(self.sid)
+        self.__module_enabled = check_enabled(
+              self.storage
+            , self.__module_name
+            , self.__module_experimental
+        )
+
+    def run(self):
+        for inifile in self.inifiles_info:
+            Ini_file(inifile, self.username)
+
+    def admin_context_apply(self):
+        pass
+
+    def user_context_apply(self):
+        if self.__module_enabled:
+            log('D173')
+            self.run()
+        else:
+            log('D174')
--- a/gpoa/frontend/kde_applier.py
+++ b/gpoa/frontend/kde_applier.py
@ -0,0 +1,367 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from .applier_frontend import applier_frontend, check_enabled
+from util.logging import log
+from util.util import get_homedir
+from util.exceptions import NotUNCPathError
+import os
+import subprocess
+import re
+import dbus
+import shutil
+
+class kde_applier(applier_frontend):
+    __module_name = 'KdeApplier'
+    __module_experimental = True
+    __module_enabled = False
+    __hklm_branch = 'Software/BaseALT/Policies/KDE/'
+    __hklm_lock_branch = 'Software/BaseALT/Policies/KDELocks/'
+
+    def __init__(self, storage):
+        self.storage = storage
+        self.locks_dict = {}
+        self.locks_data_dict = {}
+        self.all_kde_settings = {}
+        kde_filter = '{}%'.format(self.__hklm_branch)
+        locks_filter = '{}%'.format(self.__hklm_lock_branch)
+        self.locks_settings = self.storage.filter_hklm_entries(locks_filter)
+        self.kde_settings = self.storage.filter_hklm_entries(kde_filter)
+        self.all_kde_settings = {}
+
+        self.__module_enabled = check_enabled(
+            self.storage,
+            self.__module_name,
+            self.__module_experimental
+        )
+
+    def apply(self):
+        if self.__module_enabled:
+            log('D198')
+            create_dict(self.kde_settings, self.all_kde_settings, self.locks_settings, self.locks_dict)
+            apply(self.all_kde_settings, self.locks_dict)
+        else:
+            log('D199')
+
+class kde_applier_user(applier_frontend):
+    __module_name = 'KdeApplierUser'
+    __module_experimental = True
+    __module_enabled = False
+    kde_version = None
+    __hkcu_branch = 'Software/BaseALT/Policies/KDE'
+    __hkcu_lock_branch = 'Software/BaseALT/Policies/KDELocks'
+    __plasma_update_entry = 'Software/BaseALT/Policies/KDE/Plasma/Update'
+
+    def __init__(self, storage, sid=None, username=None, file_cache = None):
+        self.storage = storage
+        self.username = username
+        self.sid = sid
+        self.file_cache = file_cache
+        self.locks_dict = {}
+        self.locks_data_dict = {}
+        self.all_kde_settings = {}
+        kde_applier_user.kde_version = get_kde_version()
+        kde_filter = '{}%'.format(self.__hkcu_branch)
+        locks_filter = '{}%'.format(self.__hkcu_lock_branch)
+        self.locks_settings = self.storage.filter_hkcu_entries(self.sid, locks_filter)
+        self.plasma_update = self.storage.get_entry(self.__plasma_update_entry)
+        self.plasma_update_flag = self.plasma_update.data if self.plasma_update is not None else 0
+        self.kde_settings = self.storage.filter_hkcu_entries(self.sid, kde_filter)
+        self.__module_enabled = check_enabled(
+            self.storage,
+            self.__module_name,
+            self.__module_experimental
+        )
+
+    def admin_context_apply(self):
+        try:
+            for setting in self.kde_settings:
+                file_name = setting.keyname.split("/")[-2]
+                if file_name == 'wallpaper':
+                    data = setting.data
+                    break
+            self.file_cache.store(data)
+        except Exception as exc:
+            logdata = dict()
+            logdata['exc'] = exc
+
+    def user_context_apply(self):
+        '''
+        Change settings applied in user context
+        '''
+        if self.__module_enabled:
+            log('D200')
+            create_dict(self.kde_settings, self.all_kde_settings, self.locks_settings, self.locks_dict, self.file_cache, self.username, self.plasma_update_flag)
+            apply(self.all_kde_settings, self.locks_dict, self.username)
+        else:
+            log('D201')
+
+dbus_methods_mapping = {
+    'kscreenlockerrc': {
+        'dbus_service': 'org.kde.screensaver',
+        'dbus_path': '/ScreenSaver',
+        'dbus_interface': 'org.kde.screensaver',
+        'dbus_method': 'configure'
+    },
+    'wallpaper': {
+        'dbus_service': 'org.freedesktop.systemd1',
+        'dbus_path': '/org/freedesktop/systemd1',
+        'dbus_interface': 'org.freedesktop.systemd1.Manager',
+        'dbus_method': 'RestartUnit',
+        'dbus_args': ['plasma-plasmashell.service', 'replace']
+    }
+}
+
+def get_kde_version():
+    try:
+        kinfo_path = shutil.which("kinfo", path="/usr/lib/kf5/bin:/usr/bin")
+        if not kinfo_path:
+            raise FileNotFoundError("Unable to find kinfo")
+        output = subprocess.check_output([kinfo_path], text=True, env={'LANG':'C'})
+        for line in output.splitlines():
+            if "KDE Frameworks Version" in line:
+                frameworks_version = line.split(":", 1)[1].strip()
+                major_frameworks_version = int(frameworks_version.split(".")[0])
+                return major_frameworks_version
+    except:
+        return None
+
+
+def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file_cache = None, username = None, plasmaupdate = False):
+        for locks in locks_settings:
+            locks_dict[locks.valuename] = locks.data
+        for setting in kde_settings:
+            try:
+                file_name, section, value = setting.keyname.split("/")[-2], setting.keyname.split("/")[-1], setting.valuename
+                data = setting.data
+                if file_name == 'wallpaper':
+                    apply_for_wallpaper(data, file_cache, username, plasmaupdate)
+                else:
+                    all_kde_settings.setdefault(file_name, {}).setdefault(section, {})[value] = data
+            except Exception as exc:
+                logdata = dict()
+                logdata['file_name'] = file_name
+                logdata['section'] = section
+                logdata['value'] = value
+                logdata['data'] = data
+                logdata['exc'] = exc
+                log('W16', logdata)
+
+def apply(all_kde_settings, locks_dict, username = None):
+    logdata = dict()
+    modified_files = set()
+    if username is None:
+        system_path_settings = '/etc/xdg/'
+        system_files = [
+            "baloofilerc",
+            "kcminputrc",
+            "kded_device_automounterrc",
+            "kdeglobals",
+            "ksplashrc",
+            "kwinrc",
+            "plasma-localerc",
+            "plasmarc",
+            "powermanagementprofilesrc"
+        ]
+        for file in system_files:
+            file_to_remove = f'{system_path_settings}{file}'
+            if os.path.exists(file_to_remove):
+                os.remove(file_to_remove)
+        for file_name, sections in all_kde_settings.items():
+            file_path = f'{system_path_settings}{file_name}'
+            with open(file_path, 'w') as file:
+                for section, keys in sections.items():
+                    section = section.replace(')(', '][')
+                    file.write(f'[{section}]\n')
+                    for key, value in keys.items():
+                        lock = f"{file_name}.{section}.{key}".replace('][', ')(')
+                        if locks_dict.get(lock) == 1:
+                            file.write(f'{key}[$i]={value}\n')
+                        else:
+                            file.write(f'{key}={value}\n')
+                    file.write('\n')
+            modified_files.add(file_name)
+    else:
+        for file_name, sections in all_kde_settings.items():
+            path = f'{get_homedir(username)}/.config/{file_name}'
+            if not os.path.exists(path):
+                open(path, 'a').close()
+            else:
+                pass
+            for section, keys in sections.items():
+                for key, value in keys.items():
+                    value = str(value)
+                    lock = f"{file_name}.{section}.{key}"
+                    if lock in locks_dict and locks_dict[lock] == 1:
+                        command = [
+                            f'kwriteconfig{kde_applier_user.kde_version}',
+                            '--file', file_name,
+                            '--group', section,
+                            '--key', key +'/$i/',
+                            '--type', 'string',
+                            value
+                        ]
+                    else:
+                        command = [
+                            f'kwriteconfig{kde_applier_user.kde_version}',
+                            '--file', file_name,
+                            '--group', section,
+                            '--key', key,
+                            '--type', 'string',
+                            value
+                        ]
+                    try:
+                        clear_locks_settings(username, file_name, key)
+                        env_path = dict(os.environ)
+                        env_path["PATH"] = "/usr/lib/kf5/bin:/usr/bin"
+                        subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env_path)
+                    except:
+                            logdata['command'] = command
+                            log('W22', logdata)
+            new_content = []
+            file_path = f'{get_homedir(username)}/.config/{file_name}'
+            try:
+                with open(file_path, 'r') as file:
+                    for line in file:
+                        line = line.replace('/$i/', '[$i]').replace(')(', '][')
+                        new_content.append(line)
+                with open(file_path, 'w') as file:
+                    file.writelines(new_content)
+                logdata['file'] = file_name
+                log('D202', logdata)
+            except Exception as exc:
+                logdata['exc'] = exc
+                log('W19', logdata)
+            modified_files.add(file_name)
+    for file_name in modified_files:
+        call_dbus_method(file_name)
+
+def clear_locks_settings(username, file_name, key):
+    '''
+    Method to remove old locked settings
+    '''
+    file_path = f'{get_homedir(username)}/.config/{file_name}'
+    with open(file_path, 'r') as file:
+        lines = file.readlines()
+    with open(file_path, 'w') as file:
+        for line in lines:
+            if f'{key}[$i]=' not in line:
+                file.write(line)
+    for line in lines:
+        if f'{key}[$i]=' in line:
+            logdata = dict()
+            logdata['line'] = line.strip()
+            log('I10', logdata)
+
+def apply_for_wallpaper(data, file_cache, username, plasmaupdate):
+    '''
+    Method to change wallpaper
+    '''
+    logdata = dict()
+    path_to_wallpaper = f'{get_homedir(username)}/.config/plasma-org.kde.plasma.desktop-appletsrc'
+    id_desktop = get_id_desktop(path_to_wallpaper)
+    try:
+        try:
+            data = str(file_cache.get(data))
+        except NotUNCPathError:
+            data = str(data)
+
+        with open(path_to_wallpaper, 'r') as file:
+            current_wallpaper = file.read()
+        match = re.search(rf'\[Containments\]\[{id_desktop}\]\[Wallpaper\]\[org\.kde\.image\]\[General\]\s+Image=(.*)', current_wallpaper)
+        if match:
+            current_wallpaper_path = match.group(1)
+            flag = (current_wallpaper_path == data)
+        else:
+            flag = False
+
+        os.environ["LANGUAGE"] = os.environ["LANG"].split(".")[0]
+        os.environ["XDG_DATA_DIRS"] = "/usr/share/kf5:"
+            #Variable for system detection of directories before files with .colors extension
+        os.environ["DISPLAY"] = ":0"
+            #Variable for command execution plasma-apply-colorscheme
+        os.environ["XDG_RUNTIME_DIR"] = f"/run/user/{os.getuid()}"
+        os.environ["PATH"] = "/usr/lib/kf5/bin:"
+        os.environ["DBUS_SESSION_BUS_ADDRESS"] = f"unix:path=/run/user/{os.getuid()}/bus"#plasma-apply-wallpaperimage
+        env_path = dict(os.environ)
+        env_path["PATH"] = "/usr/lib/kf5/bin:/usr/bin"
+            #environment variable for accessing binary files without hard links
+        if not flag:
+            if os.path.isfile(path_to_wallpaper):
+                command = [
+                    f'kwriteconfig{kde_applier_user.kde_version}',
+                    '--file', 'plasma-org.kde.plasma.desktop-appletsrc',
+                    '--group', 'Containments',
+                    '--group', id_desktop,
+                    '--group', 'Wallpaper',
+                    '--group', 'org.kde.image',
+                    '--group', 'General',
+                    '--key', 'Image',
+                    '--type', 'string',
+                    data
+                    ]
+                try:
+                    subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env_path)
+                except:
+                        logdata['command'] = command
+                        log('E68', logdata)
+                if plasmaupdate == 1:
+                    call_dbus_method("wallpaper")
+        else:
+            logdata['file'] = path_to_wallpaper
+            log('W21', logdata)
+    except OSError as exc:
+        logdata['exc'] = exc
+        log('W17', logdata)
+    except Exception as exc:
+        logdata['exc'] = exc
+        log('E67', logdata)
+
+def get_id_desktop(path_to_wallpaper):
+    '''
+    Method for getting desktop id. It is currently accepted that this number is one of the sections in the configuration file.
+    '''
+    pattern = r'\[Containments\]\[(\d+)\][^\[]*activityId=([^\s]+)'
+    try:
+        with open(path_to_wallpaper, 'r') as file:
+            file_content = file.read()
+        match = re.search(pattern, file_content)
+        return match.group(1) if match else None
+    except:
+        return None
+
+def call_dbus_method(file_name):
+    '''
+    Method to call D-Bus method based on the file name
+    '''
+    os.environ["DBUS_SESSION_BUS_ADDRESS"] = f"unix:path=/run/user/{os.getuid()}/bus"
+    if file_name in dbus_methods_mapping:
+        config = dbus_methods_mapping[file_name]
+        try:
+            session_bus = dbus.SessionBus()
+            dbus_object = session_bus.get_object(config['dbus_service'], config['dbus_path'])
+            dbus_iface = dbus.Interface(dbus_object, config['dbus_interface'])
+            if 'dbus_args' in config:
+                getattr(dbus_iface, config['dbus_method'])(*config['dbus_args'])
+            else:
+                getattr(dbus_iface, config['dbus_method'])()
+        except dbus.exceptions.DBusException as e:
+            logdata = dict({'error': str(exc)})
+            log('E31', logdata)
+    else:
+        pass
--- a/gpoa/frontend/laps_applier.py
+++ b/gpoa/frontend/laps_applier.py
@ -0,0 +1,695 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2025 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from .applier_frontend import (
+    applier_frontend,
+    check_enabled
+)
+import struct
+from datetime import datetime, timedelta
+import dpapi_ng
+from util.util import remove_prefix_from_keys, check_local_user_exists
+from util.sid import WellKnown21RID
+import subprocess
+import ldb
+import string
+import secrets
+import os
+import psutil
+from util.logging import log
+import logging
+
+class laps_applier(applier_frontend):
+    """
+    LAPS (Local Administrator Password Solution) implementation for managing
+    and automatically rotating administrator passwords.
+    """
+
+    # Time calculation constants
+
+    # Number of seconds between the Windows epoch (1601-01-01 00:00:00 UTC)
+    # and the Unix epoch (1970-01-01 00:00:00 UTC).
+    # Used to convert between Unix timestamps and Windows FileTime.
+    _EPOCH_TIMESTAMP = 11644473600
+    # Number of 100-nanosecond intervals per second.
+    # Used to convert seconds to Windows FileTime format.
+    _HUNDREDS_OF_NANOSECONDS = 10000000
+    # Number of 100-nanosecond intervals in one day
+    _DAY_FLOAT = 8.64e11
+
+    # Module configuration
+    __module_name = 'LapsApplier'
+    __module_experimental = True
+    __module_enabled = False
+
+    # Registry paths
+    _WINDOWS_REGISTRY_PATH = 'SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/LAPS/'
+    _ALT_REGISTRY_PATH = 'Software/BaseALT/Policies/Laps/'
+
+    # LDAP attributes
+    _ATTR_ENCRYPTED_PASSWORD = 'msLAPS-EncryptedPassword'
+    _ATTR_PASSWORD_EXPIRATION_TIME = 'msLAPS-PasswordExpirationTime'
+
+    # dconf key for password modification time
+    _KEY_PASSWORD_LAST_MODIFIED = '/Software/BaseALT/Policies/Laps/PasswordLastModified/'
+
+    # Password complexity levels
+    _PASSWORD_COMPLEXITY = {
+        1: string.ascii_uppercase,
+        2: string.ascii_letters,
+        3: string.ascii_letters + string.digits,
+        4: string.ascii_letters + string.digits + string.punctuation
+    }
+
+    # Post-authentication actions
+    _ACTION_NONE = 0
+    _ACTION_CHANGE_PASSWORD = 1
+    _ACTION_TERMINATE_SESSIONS = 3
+    _ACTION_REBOOT = 5
+
+    def __init__(self, storage):
+        """
+        Initialize the LAPS applier with configuration from registry.
+
+        Args:
+            storage: Storage object containing registry entries and system information
+        """
+        self.storage = storage
+
+        # Load registry configuration
+        if not self._load_configuration():
+            self.__module_enabled = False
+            return
+
+        if not self._check_requirements():
+            log('W29')
+            self.__module_enabled = False
+            return
+
+        # Initialize system connections and parameters
+        self._initialize_system_parameters()
+
+        # Check if module is enabled in configuration
+        self.__module_enabled = check_enabled(
+            self.storage,
+            self.__module_name,
+            self.__module_experimental
+        )
+
+    def _load_configuration(self):
+        """Load configuration settings from registry."""
+        alt_keys = remove_prefix_from_keys(
+            self.storage.filter_entries(self._ALT_REGISTRY_PATH),
+            self._ALT_REGISTRY_PATH
+        )
+        windows_keys = remove_prefix_from_keys(
+            self.storage.filter_entries(self._WINDOWS_REGISTRY_PATH),
+            self._WINDOWS_REGISTRY_PATH
+        )
+
+        # Combine configurations with BaseALT taking precedence
+        self.config = windows_keys
+        self.config.update(alt_keys)
+
+        # Extract commonly used configuration parameters
+        self.backup_directory = self.config.get('BackupDirectory', None)
+        self.encryption_enabled = self.config.get('ADPasswordEncryptionEnabled', 1)
+        self.password_expiration_protection = self.config.get('PasswordExpirationProtectionEnabled', 1)
+        self.password_age_days = self.config.get('PasswordAgeDays', 30)
+        self.post_authentication_actions = self.config.get('PostAuthenticationActions', 3)
+        self.post_authentication_reset_delay = self.config.get('PostAuthenticationResetDelay', 24)
+        name = self.config.get('AdministratorAccountName', 'root')
+        if check_local_user_exists(name):
+            self.target_user = name
+        else:
+            log('W36')
+            return False
+        return True
+
+    def _check_requirements(self):
+        """
+        Check if the necessary requirements are met for the module to operate.
+
+        Returns:
+            bool: True if requirements are met, False otherwise
+        """
+        if self.backup_directory != 2 and self.encryption_enabled == 1:
+            logdata = dict()
+            logdata['backup_directory'] = self.backup_directory
+            logdata['encryption_enabled'] = self.encryption_enabled
+            log('D223', logdata)
+            return False
+        return True
+
+    def _initialize_system_parameters(self):
+        """Initialize system parameters and connections."""
+        # Set up LDAP connections
+        self.samdb = self.storage.get_info('samdb')
+        self.domain_sid = self.samdb.get_domain_sid()
+        self.domain_dn = self.samdb.domain_dn()
+        self.computer_dn = self._get_computer_dn()
+        self.admin_group_sid = f'{self.domain_sid}-{WellKnown21RID.DOMAIN_ADMINS.value}'
+
+        # Set up time parameters
+        self.expiration_date = self._get_expiration_date()
+        self.expiration_date_int = self._convert_to_filetime(self.expiration_date)
+        self.current_time_int = self._convert_to_filetime(datetime.now())
+
+        # Get current system state
+        self.expiration_time_attr = self._get_expiration_time_attr()
+        self.pass_last_mod_int = self._read_dconf_pass_last_mod()
+        self.encryption_principal = self._get_encryption_principal()
+        self.last_login_hours_ago = self._get_last_login_hours_ago()
+
+    def _get_computer_dn(self):
+        """
+        Get the Distinguished Name of the computer account.
+
+        Returns:
+            str: Computer's distinguished name in LDAP
+        """
+        machine_name = self.storage.get_info('machine_name')
+        search_filter = f'(sAMAccountName={machine_name})'
+        results = self.samdb.search(base=self.domain_dn, expression=search_filter, attrs=['dn'])
+        return results[0]['dn']
+
+    def _get_encryption_principal(self):
+        """
+        Get the encryption principal for password encryption.
+
+        Returns:
+            str: SID of the encryption principal
+        """
+        encryption_principal = self.config.get('ADPasswordEncryptionPrincipal', None)
+        if not encryption_principal:
+            return self.admin_group_sid
+
+        return self._verify_encryption_principal(encryption_principal)
+
+    def _verify_encryption_principal(self, principal_name):
+        """
+        Verify the encryption principal exists and get its SID.
+
+        Args:
+            principal_name: Principal name to verify
+
+        Returns:
+            str: SID of the encryption principal if found, or admin group SID as fallback
+        """
+        try:
+            # Try to resolve as domain\\user format
+            domain = self.storage.get_info('domain')
+            username = f'{domain}\\{principal_name}'
+            output = subprocess.check_output(['wbinfo', '-n', username])
+            sid = output.split()[0].decode('utf-8')
+            return sid
+        except subprocess.CalledProcessError:
+            # Try to resolve directly as SID
+            try:
+                output = subprocess.check_output(['wbinfo', '-s', principal_name])
+                return principal_name
+            except subprocess.CalledProcessError:
+                # Fallback to admin group SID
+                logdata = dict()
+                logdata['principal_name'] = principal_name
+                log('W30', logdata)
+                return self.admin_group_sid
+
+    def _get_expiration_date(self, base_time=None):
+        """
+        Calculate the password expiration date.
+
+        Args:
+            base_time: Optional datetime to base calculation on, defaults to now
+
+        Returns:
+            datetime: Password expiration date
+        """
+        base = base_time or datetime.now()
+        # Set to beginning of day and add password age
+        return (base.replace(hour=0, minute=0, second=0, microsecond=0) +
+                timedelta(days=int(self.password_age_days)))
+
+    def _convert_to_filetime(self, dt):
+        """
+        Convert datetime to Windows filetime format (100ns intervals since 1601-01-01).
+
+        Args:
+            dt: Datetime to convert
+
+        Returns:
+            int: Windows filetime integer
+        """
+        epoch_timedelta = timedelta(seconds=self._EPOCH_TIMESTAMP)
+        new_dt = dt + epoch_timedelta
+        return int(new_dt.timestamp() * self._HUNDREDS_OF_NANOSECONDS)
+
+    def _get_expiration_time_attr(self):
+        """
+        Get the current password expiration time from LDAP.
+
+        Returns:
+            int: Password expiration time as integer, or 0 if not found
+        """
+        try:
+            res = self.samdb.search(
+                base=self.computer_dn,
+                scope=ldb.SCOPE_BASE,
+                expression="(objectClass=*)",
+                attrs=[self._ATTR_PASSWORD_EXPIRATION_TIME]
+            )
+            return int(res[0].get(self._ATTR_PASSWORD_EXPIRATION_TIME, 0)[0])
+        except Exception as exc:
+            logdata = dict()
+            logdata['exc'] = exc
+            log('W31', logdata)
+            return 0
+
+    def _read_dconf_pass_last_mod(self):
+        """
+        Read the password last modified time from dconf.
+
+        Returns:
+            int: Timestamp of last password modification or current time if not found
+        """
+        try:
+            key_path = self._KEY_PASSWORD_LAST_MODIFIED + self.target_user
+            last_modified = subprocess.check_output(
+                ['dconf', 'read', key_path],
+                text=True
+            ).strip().strip("'\"")
+            return int(last_modified)
+        except Exception as exc:
+            logdata = dict()
+            logdata['exc'] = exc
+            log('W32', logdata)
+            return self.current_time_int
+
+    def _write_dconf_pass_last_mod(self):
+        """
+        Write the password last modified time to dconf.
+        """
+        try:
+            # Ensure dbus session is available
+            self._ensure_dbus_session()
+
+            # Write current time to dconf
+            key_path = self._KEY_PASSWORD_LAST_MODIFIED + self.target_user
+            last_modified = f'"{self.current_time_int}"'
+            subprocess.check_output(['dconf', 'write', key_path, last_modified])
+            log('D222')
+        except Exception as exc:
+            logdata = dict()
+            logdata['exc'] = exc
+            log('W28', logdata)
+
+    def _ensure_dbus_session(self):
+        """Ensure a D-Bus session is available for dconf operations."""
+        dbus_address = os.getenv("DBUS_SESSION_BUS_ADDRESS")
+        if not dbus_address:
+            result = subprocess.run(
+                ["dbus-daemon", "--fork", "--session", "--print-address"],
+                capture_output=True,
+                text=True
+            )
+            dbus_address = result.stdout.strip()
+            os.environ["DBUS_SESSION_BUS_ADDRESS"] = dbus_address
+
+    def _get_last_login_hours_ago(self):
+        """
+        Get the number of hours since the user's last login.
+
+        Returns:
+            int: Hours since last login, or 0 if error or no login found
+        """
+        logdata = dict()
+        logdata['target_user'] = self.target_user
+        try:
+            output = subprocess.check_output(
+                ["last", "-n", "1", self.target_user],
+                env={'LANG':'C'},
+                text=True
+            ).split("\n")[0]
+
+            parts = output.split()
+            if len(parts) < 7:
+                return 0
+
+            # Parse login time
+            login_str = f"{parts[4]} {parts[5]} {parts[6]}"
+            last_login_time = datetime.strptime(login_str, "%b %d %H:%M")
+            last_login_time = last_login_time.replace(year=datetime.now().year)
+
+            # Calculate hours difference
+            time_diff = datetime.now() - last_login_time
+            hours_ago = int(time_diff.total_seconds() // 3600)
+            logdata['hours_ago'] = hours_ago
+            log('D224', logdata)
+            return hours_ago
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('W33', logdata)
+            return 0
+
+    def _get_changed_password_hours_ago(self):
+        """
+        Calculate how many hours ago the password was last changed.
+
+        Returns:
+            int: Hours since password was last changed, or 0 if error
+        """
+        logdata = dict()
+        logdata['target_user'] = self.target_user
+        try:
+            diff_time = self.current_time_int - self.pass_last_mod_int
+            hours_difference = diff_time // 3.6e10
+            hours_ago = int(hours_difference)
+            logdata['hours_ago'] = hours_ago
+            log('D225', logdata)
+            return hours_ago
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('W34', logdata)
+            return 0
+
+    def _generate_password(self):
+        """
+        Generate a secure password based on policy settings.
+
+        Returns:
+            str: Generated password meeting complexity requirements
+        """
+        # Get password length from config
+        password_length = self.config.get('PasswordLength', 14)
+        if not isinstance(password_length, int) or not (8 <= password_length <= 64):
+            password_length = 14
+
+        # Get password complexity from config
+        password_complexity = self.config.get('PasswordComplexity', 4)
+        if not isinstance(password_complexity, int) or not (1 <= password_complexity <= 4):
+            password_complexity = 4
+
+        # Get character set based on complexity
+        char_set = self._PASSWORD_COMPLEXITY.get(password_complexity, self._PASSWORD_COMPLEXITY[4])
+
+        # Generate initial password
+        password = ''.join(secrets.choice(char_set) for _ in range(password_length))
+
+        # Ensure password meets complexity requirements
+        if password_complexity >= 3 and not any(c.isdigit() for c in password):
+            # Add a digit if required but missing
+            digit = secrets.choice(string.digits)
+            position = secrets.randbelow(len(password))
+            password = password[:position] + digit + password[position:]
+
+        if password_complexity == 4 and not any(c in string.punctuation for c in password):
+            # Add a special character if required but missing
+            special_char = secrets.choice(string.punctuation)
+            position = secrets.randbelow(len(password))
+            password = password[:position] + special_char + password[position:]
+
+        return password
+
+    def _get_json_password_data(self, password):
+        """
+        Format password information as JSON.
+
+        Args:
+            password: The password
+
+        Returns:
+            str: JSON formatted password information
+        """
+        return f'{{"n":"{self.target_user}","t":"{self.expiration_date_int}","p":"{password}"}}'
+
+    def _create_password_blob(self, password):
+        """
+        Create encrypted password blob for LDAP storage.
+
+        Args:
+            password: Password to encrypt
+
+        Returns:
+            bytes: Encrypted password blob
+        """
+        # Create JSON data and encode as UTF-16LE with null terminator
+        json_data = self._get_json_password_data(password)
+        password_bytes = json_data.encode("utf-16-le") + b"\x00\x00"
+        # Save and change loglevel
+        logger = logging.getLogger()
+        old_level = logger.level
+        logger.setLevel(logging.ERROR)
+        # Encrypt the password
+        dpapi_blob = dpapi_ng.ncrypt_protect_secret(
+            password_bytes,
+            self.encryption_principal,
+            auth_protocol='kerberos'
+        )
+        # Restoreloglevel
+        logger.setLevel(old_level)
+        # Create full blob with metadata
+        return self._add_blob_metadata(dpapi_blob)
+
+    def _add_blob_metadata(self, dpapi_blob):
+        """
+        Add metadata to the encrypted password blob.
+
+        Args:
+            dpapi_blob: Encrypted password blob
+
+        Returns:
+            bytes: Complete blob with metadata
+        """
+        # Convert timestamp to correct format
+        left, right = struct.unpack('<LL', struct.pack('Q', self.current_time_int))
+        packed = struct.pack('<LL', right, left)
+
+        # Add blob length and padding
+        prefix = packed + struct.pack('<i', len(dpapi_blob)) + b'\x00\x00\x00\x00'
+
+        # Combine metadata and encrypted blob
+        return prefix + dpapi_blob
+
+    def _change_user_password(self, new_password):
+        """
+        Change the password for the target user.
+
+        Args:
+            new_password: New password to set
+
+        Returns:
+            bool: True if password was changed successfully, False otherwise
+        """
+        logdata = dict()
+        logdata['target_use'] = self.target_user
+        try:
+            # Use chpasswd to change the password
+            process = subprocess.Popen(
+                ["chpasswd"],
+                stdin=subprocess.PIPE,
+                text=True
+            )
+            process.communicate(f"{self.target_user}:{new_password}")
+
+            # Record the time of change
+            self._write_dconf_pass_last_mod()
+            log('D221', logdata)
+            return True
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('W27', logdata)
+            return False
+
+    def _update_ldap_password(self, encrypted_blob):
+        """
+        Update the encrypted password and expiration time in LDAP.
+
+        Args:
+            encrypted_blob: Encrypted password blob
+
+        Returns:
+            bool: True if LDAP was updated successfully, False otherwise
+        """
+        logdata = dict()
+        logdata['computer_dn'] = self.computer_dn
+        try:
+            # Create LDAP modification message
+            mod_msg = ldb.Message()
+            mod_msg.dn = self.computer_dn
+
+            # Update password blob
+            mod_msg[self._ATTR_ENCRYPTED_PASSWORD] = ldb.MessageElement(
+                encrypted_blob,
+                ldb.FLAG_MOD_REPLACE,
+                self._ATTR_ENCRYPTED_PASSWORD
+            )
+
+            # Update expiration time
+            mod_msg[self._ATTR_PASSWORD_EXPIRATION_TIME] = ldb.MessageElement(
+                str(self.expiration_date_int),
+                ldb.FLAG_MOD_REPLACE,
+                self._ATTR_PASSWORD_EXPIRATION_TIME
+            )
+
+            # Perform the LDAP modification
+            self.samdb.modify(mod_msg)
+            log('D226', logdata)
+            return True
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('E75', logdata)
+            return False
+
+    def _should_update_password(self):
+        """
+        Determine if the password should be updated based on policy.
+
+        Returns:
+            tuple: (bool: update needed, bool: perform post-action)
+        """
+        # Check if password has expired
+        if not self._is_password_expired():
+            # Password not expired, check if post-login action needed
+            return self._check_post_login_action()
+
+        # Password has expired, update needed
+        return True, False
+
+    def _is_password_expired(self):
+        """
+        Check if the password has expired according to policy.
+
+        Returns:
+            bool: True if password has expired, False otherwise
+        """
+        # Case 1: No expiration protection, check LDAP attribute
+        if not self.password_expiration_protection:
+            if self.expiration_time_attr > self.current_time_int:
+                return False
+        # Case 2: With expiration protection, check both policy and LDAP
+        elif self.password_expiration_protection:
+            policy_expiry = self.pass_last_mod_int + (self.password_age_days * int(self._DAY_FLOAT))
+            if policy_expiry > self.current_time_int and self.expiration_time_attr > self.current_time_int:
+                return False
+
+        return True
+
+    def _check_post_login_action(self):
+        """
+        Check if a post-login password change action should be performed.
+
+        Returns:
+            tuple: (bool: update needed, bool: perform post-action)
+        """
+        # Check if password was changed after last login
+        if self._get_changed_password_hours_ago() < self.last_login_hours_ago:
+            return False, False
+
+        # Check if enough time has passed since login
+        if self.last_login_hours_ago < self.post_authentication_reset_delay:
+            return False, False
+
+        # Check if action is configured
+        if self.post_authentication_actions == self._ACTION_NONE:
+            return False, False
+
+        # Update needed, determine if post-action required
+        return True, self.post_authentication_actions > self._ACTION_CHANGE_PASSWORD
+
+    def _perform_post_action(self):
+        """
+        Perform post-password-change action based on configuration.
+        """
+        if self.post_authentication_actions == self._ACTION_TERMINATE_SESSIONS:
+            self._terminate_user_sessions()
+        elif self.post_authentication_actions == self._ACTION_REBOOT:
+            log('D220')
+            subprocess.run(["reboot"])
+
+    def _terminate_user_sessions(self):
+        """
+        Terminates all processes associated with the active sessions of the target user.
+        """
+        # Get active sessions for the target user
+        user_sessions = [user for user in psutil.users() if user.name == self.target_user]
+        logdata = dict()
+        logdata['target_user'] = self.target_user
+        if not user_sessions:
+            log('D227', logdata)
+            return
+
+        # Terminate each session
+        for session in user_sessions:
+            try:
+                # Get the process and terminate it
+                proc = psutil.Process(session.pid)
+                proc.kill()  # Send SIGKILL
+                logdata['pid'] = session.pid
+                log('D228')
+            except (psutil.NoSuchProcess, psutil.AccessDenied) as exc:
+                logdata['pid'] = session.pid
+                logdata['exc'] = exc
+                log('W35', logdata)
+
+    def update_laps_password(self):
+        """
+        Update the LAPS password if needed based on policy.
+        Checks expiration and login times to determine if update is needed.
+        """
+        # Check if password update is needed
+        update_needed, perform_post_action = self._should_update_password()
+
+        if not update_needed:
+            log('D229')
+            return False
+
+        # Generate new password
+        password = self._generate_password()
+
+        # Create encrypted password blob
+        encrypted_blob = self._create_password_blob(password)
+
+        # Update password in LDAP
+        ldap_success = self._update_ldap_password(encrypted_blob)
+
+        if not ldap_success:
+            return False
+
+        # Change local user password
+        local_success = self._change_user_password(password)
+
+        if not local_success:
+            log('E76')
+            return False
+
+        log('D230')
+
+        # Perform post-action if configured
+        if perform_post_action:
+            self._perform_post_action()
+
+
+    def apply(self):
+        """
+        Main entry point for the LAPS applier.
+        """
+        if self.__module_enabled:
+            log('D218')
+            self.update_laps_password()
+        else:
+            log('D219')
--- a/gpoa/frontend/networkshare_applier.py
+++ b/gpoa/frontend/networkshare_applier.py
@ -0,0 +1,58 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2022 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from .appliers.netshare import Networkshare
+from .applier_frontend import (
+      applier_frontend
+    , check_enabled
+)
+from util.logging import log
+
+class networkshare_applier(applier_frontend):
+    __module_name = 'NetworksharesApplier'
+    __module_name_user = 'NetworksharesApplierUser'
+    __module_experimental = True
+    __module_enabled = False
+
+    def __init__(self, storage, sid, username = None):
+        self.storage = storage
+        self.sid = sid
+        self.username = username
+        self.networkshare_info = self.storage.get_networkshare(self.sid)
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
+        self.__module_enabled_user = check_enabled(self.storage, self.__module_name_user, self.__module_experimental)
+
+    def run(self):
+        for networkshare in self.networkshare_info:
+            Networkshare(networkshare, self.username)
+
+    def apply(self):
+        if self.__module_enabled:
+            log('D187')
+            self.run()
+        else:
+            log('D181')
+    def admin_context_apply(self):
+        pass
+
+    def user_context_apply(self):
+        if self.__module_enabled_user:
+            log('D188')
+            self.run()
+        else:
+            log('D189')
--- a/gpoa/frontend/ntp_applier.py
+++ b/gpoa/frontend/ntp_applier.py
@ -17,7 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.


-import logging
+
 import subprocess
 from enum import Enum

@ -26,7 +26,7 @@ from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
-from util.logging import slogm
+from util.logging import log


 class NTPServerType(Enum):
@ -77,20 +77,24 @@ class ntp_applier(applier_frontend):
        srv = None
        if server:
            srv = server.data.rpartition(',')[0]
-            logging.debug(slogm('NTP server is configured to {}'.format(srv)))
+            logdata = dict()
+            logdata['srv'] = srv
+            log('D122', logdata)

        start_command = ['/usr/bin/systemctl', 'start', 'chronyd']
        chrony_set_server = ['/usr/bin/chronyc', 'add', 'server', srv]
        chrony_disconnect_all = ['/usr/bin/chronyc', 'offline']
        chrony_connect = ['/usr/bin/chronyc', 'online', srv]

-        logging.debug(slogm('Starting Chrony daemon'))
+        log('D123')

        proc = subprocess.Popen(start_command)
        proc.wait()

        if srv:
-            logging.debug(slogm('Setting reference NTP server to {}'.format(srv)))
+            logdata = dict()
+            logdata['srv'] = srv
+            log('D124', logdata)

            proc = subprocess.Popen(chrony_disconnect_all)
            proc.wait()
@ -103,9 +107,7 @@ class ntp_applier(applier_frontend):

    def _stop_chrony_client(self):
        stop_command = ['/usr/bin/systemctl', 'stop', 'chronyd']
-
-        logging.debug(slogm('Stopping Chrony daemon'))
-
+        log('D125')
        proc = subprocess.Popen(stop_command)
        proc.wait()

@ -115,33 +117,38 @@ class ntp_applier(applier_frontend):
        ntp_server_enabled = self.storage.get_hklm_entry(self.ntp_server_enabled)
        ntp_client_enabled = self.storage.get_hklm_entry(self.ntp_client_enabled)

-        if NTPServerType.NTP.value != server_type.data:
-            logging.warning(slogm('Unsupported NTP server type: {}'.format(server_type)))
-        else:
-            logging.debug(slogm('Configuring NTP server...'))
-            if '1' == ntp_server_enabled.data:
-                logging.debug(slogm('NTP server is enabled'))
-                self._start_chrony_client(server_address)
-                self._chrony_as_server()
-            elif '0' == ntp_server_enabled.data:
-                logging.debug(slogm('NTP server is disabled'))
-                self._chrony_as_client()
+        if server_type and server_type.data:
+            if NTPServerType.NTP.value != server_type.data:
+                logdata = dict()
+                logdata['server_type'] = server_type
+                log('W10', logdata)
            else:
-                logging.debug(slogm('NTP server is not configured'))
+                log('D126')
+                if ntp_server_enabled:
+                    if '1' == ntp_server_enabled.data and server_address:
+                        log('D127')
+                        self._start_chrony_client(server_address)
+                        self._chrony_as_server()
+                    elif '0' == ntp_server_enabled.data:
+                        log('D128')
+                        self._chrony_as_client()
+                    else:
+                        log('D129')

-            if '1' == ntp_client_enabled.data:
-                logging.debug(slogm('NTP client is enabled'))
-                self._start_chrony_client()
-            elif '0' == ntp_client_enabled.data:
-                logging.debug(slogm('NTP client is disabled'))
-                self._stop_chrony_client()
-            else:
-                logging.debug(slogm('NTP client is not configured'))
+                elif ntp_client_enabled:
+                    if '1' == ntp_client_enabled.data:
+                        log('D130')
+                        self._start_chrony_client()
+                    elif '0' == ntp_client_enabled.data:
+                        log('D131')
+                        self._stop_chrony_client()
+                    else:
+                        log('D132')

    def apply(self):
        if self.__module_enabled:
-            logging.debug(slogm('Running NTP applier for machine'))
+            log('D121')
            self.run()
        else:
-            logging.debug(slogm('NTP applier for machine will not be started'))
+            log('D133')

--- a/gpoa/frontend/package_applier.py
+++ b/gpoa/frontend/package_applier.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -17,12 +17,8 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import logging
-from util.logging import slogm
-from util.rpm import (
-      update
-    , install_rpm
-    , remove_rpm
-)
+import subprocess
+from util.logging import log

 from .applier_frontend import (
      applier_frontend
@ -35,6 +31,7 @@ class package_applier(applier_frontend):
    __module_enabled = False
    __install_key_name = 'Install'
    __remove_key_name = 'Remove'
+    __sync_key_name = 'Sync'
    __hklm_branch = 'Software\\BaseALT\\Policies\\Packages'

    def __init__(self, storage):
@ -42,37 +39,48 @@ class package_applier(applier_frontend):
 
        install_branch = '{}\\{}%'.format(self.__hklm_branch, self.__install_key_name)
        remove_branch = '{}\\{}%'.format(self.__hklm_branch, self.__remove_key_name)
-
+        sync_branch = '{}\\{}%'.format(self.__hklm_branch, self.__sync_key_name)
+        self.fulcmd = list()
+        self.fulcmd.append('/usr/libexec/gpupdate/pkcon_runner')
+        self.fulcmd.append('--loglevel')
+        logger = logging.getLogger()
+        self.fulcmd.append(str(logger.level))
        self.install_packages_setting = self.storage.filter_hklm_entries(install_branch)
        self.remove_packages_setting = self.storage.filter_hklm_entries(remove_branch)
+        self.sync_packages_setting = self.storage.filter_hklm_entries(sync_branch)
+        self.flagSync = True

        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
            , self.__module_experimental
        )
-
    def run(self):
-        if 0 < self.install_packages_setting.count() or 0 < self.remove_packages_setting.count():
-            update()
-            for package in self.install_packages_setting:
-                try:
-                    install_rpm(package.data)
-                except Exception as exc:
-                    logging.error(exc)
+        for flag in self.sync_packages_setting:
+            self.flagSync = bool(flag.data)

-            for package in self.remove_packages_setting:
+        if 0 < self.install_packages_setting.count() or 0 < self.remove_packages_setting.count():
+            if self.flagSync:
                try:
-                    remove_rpm(package.data)
+                    subprocess.check_call(self.fulcmd)
                except Exception as exc:
-                    logging.error(exc)
+                    logdata = dict()
+                    logdata['msg'] = str(exc)
+                    log('E55', logdata)
+            else:
+                try:
+                    subprocess.Popen(self.fulcmd,close_fds=False)
+                except Exception as exc:
+                    logdata = dict()
+                    logdata['msg'] = str(exc)
+                    log('E61', logdata)

    def apply(self):
        if self.__module_enabled:
-            logging.debug(slogm('Running Package applier for machine'))
+            log('D138')
            self.run()
        else:
-            logging.debug(slogm('Package applier for machine will not be started'))
+            log('D139')


 class package_applier_user(applier_frontend):
@ -81,20 +89,31 @@ class package_applier_user(applier_frontend):
    __module_enabled = False
    __install_key_name = 'Install'
    __remove_key_name = 'Remove'
+    __sync_key_name = 'Sync'
    __hkcu_branch = 'Software\\BaseALT\\Policies\\Packages'

    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
+        self.fulcmd = list()
+        self.fulcmd.append('/usr/libexec/gpupdate/pkcon_runner')
+        self.fulcmd.append('--user')
+        self.fulcmd.append(self.username)
+        self.fulcmd.append('--loglevel')
+        logger = logging.getLogger()
+        self.fulcmd.append(str(logger.level))

        install_branch = '{}\\{}%'.format(self.__hkcu_branch, self.__install_key_name)
        remove_branch = '{}\\{}%'.format(self.__hkcu_branch, self.__remove_key_name)
+        sync_branch = '{}\\{}%'.format(self.__hkcu_branch, self.__sync_key_name)

        self.install_packages_setting = self.storage.filter_hkcu_entries(self.sid, install_branch)
        self.remove_packages_setting = self.storage.filter_hkcu_entries(self.sid, remove_branch)
+        self.sync_packages_setting = self.storage.filter_hkcu_entries(self.sid, sync_branch)
+        self.flagSync = False

-        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_enabled)
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)

    def user_context_apply(self):
        '''
@ -103,19 +122,25 @@ class package_applier_user(applier_frontend):
        pass

    def run(self):
-        if 0 < self.install_packages_setting.count() or 0 < self.remove_packages_setting.count():
-            update()
-            for package in self.install_packages_setting:
-                try:
-                    install_rpm(package.data)
-                except Exception as exc:
-                    logging.debug(exc)
+        for flag in self.sync_packages_setting:
+            if flag.data:
+                self.flagSync = bool(int(flag.data))

-            for package in self.remove_packages_setting:
+        if 0 < self.install_packages_setting.count() or 0 < self.remove_packages_setting.count():
+            if self.flagSync:
                try:
-                    remove_rpm(package.data)
+                    subprocess.check_call(self.fulcmd)
                except Exception as exc:
-                    logging.debug(exc)
+                    logdata = dict()
+                    logdata['msg'] = str(exc)
+                    log('E60', logdata)
+            else:
+                try:
+                    subprocess.Popen(self.fulcmd,close_fds=False)
+                except Exception as exc:
+                    logdata = dict()
+                    logdata['msg'] = str(exc)
+                    log('E62', logdata)

    def admin_context_apply(self):
        '''
@ -123,8 +148,8 @@ class package_applier_user(applier_frontend):
        which computer he uses to log into system.
        '''
        if self.__module_enabled:
-            logging.debug(slogm('Running Package applier for user in administrator context'))
+            log('D140')
            self.run()
        else:
-            logging.debug(slogm('Package applier for user in administrator context will not be started'))
+            log('D141')

--- a/gpoa/frontend/polkit_applier.py
+++ b/gpoa/frontend/polkit_applier.py
@ -19,34 +19,74 @@
 from .applier_frontend import (
      applier_frontend
    , check_enabled
+    , check_windows_mapping_enabled
 )
 from .appliers.polkit import polkit
-from util.logging import slogm
-
-import logging
+from util.logging import log

 class polkit_applier(applier_frontend):
    __module_name = 'PolkitApplier'
    __module_experimental = False
    __module_enabled = True
-    __deny_all = 'Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Deny_All'
+    __deny_all_win = 'Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Deny_All'
+    __registry_branch = 'Software\\BaseALT\\Policies\\Polkit\\'
+    __registry_locks_branch = 'Software\\BaseALT\\Policies\\PolkitLocks\\'
    __polkit_map = {
-        __deny_all: ['49-gpoa_disk_permissions', { 'Deny_All': 0 }]
+        __deny_all_win: ['49-gpoa_disk_permissions', { 'Deny_All': 0 }],
+        __registry_branch : ['49-alt_group_policy_permissions', {}],
+        __registry_locks_branch : ['47-alt_group_policy_permissions', {}]
    }

    def __init__(self, storage):
        self.storage = storage
-        deny_all = storage.filter_hklm_entries(self.__deny_all).first()
+        deny_all_win = None
+        if check_windows_mapping_enabled(self.storage):
+            deny_all_win = storage.filter_hklm_entries(self.__deny_all_win).first()
        # Deny_All hook: initialize defaults
-        template_file = self.__polkit_map[self.__deny_all][0]
-        template_vars = self.__polkit_map[self.__deny_all][1]
-        if deny_all:
-            logging.debug(slogm('Deny_All setting found: {}'.format(deny_all.data)))
-            self.__polkit_map[self.__deny_all][1]['Deny_All'] = deny_all.data
+        polkit_filter = '{}%'.format(self.__registry_branch)
+        polkit_locks_filter = '{}%'.format(self.__registry_locks_branch)
+        self.polkit_keys = self.storage.filter_hklm_entries(polkit_filter)
+        self.polkit_locks = self.storage.filter_hklm_entries(polkit_locks_filter)
+        template_file = self.__polkit_map[self.__deny_all_win][0]
+        template_vars = self.__polkit_map[self.__deny_all_win][1]
+        template_file_all = self.__polkit_map[self.__registry_branch][0]
+        template_vars_all = self.__polkit_map[self.__registry_branch][1]
+        template_file_all_lock = self.__polkit_map[self.__registry_locks_branch][0]
+        template_vars_all_lock = self.__polkit_map[self.__registry_locks_branch][1]
+        locks = list()
+        for lock in self.polkit_locks:
+            if bool(int(lock.data)):
+                locks.append(lock.valuename)
+
+        dict_lists_rules = {'No': [[], []],
+                            'Yes': [[], []],
+                            'Auth_self' : [[], []],
+                            'Auth_admin': [[], []],
+                            'Auth_self_keep': [[], []],
+                            'Auth_admin_keep': [[], []]}
+
+        check_and_add_to_list = (lambda it, act: dict_lists_rules[act][0].append(it.valuename)
+                                if it.valuename not in locks
+                                else dict_lists_rules[act][1].append(it.valuename))
+
+        for it_data in self.polkit_keys:
+            check_and_add_to_list(it_data, it_data.data)
+
+        for key, item in dict_lists_rules.items():
+            self.__polkit_map[self.__registry_branch][1][key] = item[0]
+            self.__polkit_map[self.__registry_locks_branch][1][key] = item[1]
+
+        if deny_all_win:
+            logdata = dict()
+            logdata['Deny_All_win'] = deny_all_win.data
+            log('D69', logdata)
+            self.__polkit_map[self.__deny_all_win][1]['Deny_All'] = deny_all_win.data
        else:
-            logging.debug(slogm('Deny_All setting not found'))
+            log('D71')
        self.policies = []
        self.policies.append(polkit(template_file, template_vars))
+        self.policies.append(polkit(template_file_all, template_vars_all))
+        self.policies.append(polkit(template_file_all_lock, template_vars_all_lock))
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
@ -58,38 +98,65 @@ class polkit_applier(applier_frontend):
        Trigger control facility invocation.
        '''
        if self.__module_enabled:
-            logging.debug(slogm('Running Polkit applier for machine'))
+            log('D73')
            for policy in self.policies:
                policy.generate()
        else:
-            logging.debug(slogm('Polkit applier for machine will not be started'))
+            log('D75')

 class polkit_applier_user(applier_frontend):
    __module_name = 'PolkitApplierUser'
    __module_experimental = False
    __module_enabled = True
-    __deny_all = 'Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Deny_All'
+    __deny_all_win = 'Software\\Policies\\Microsoft\\Windows\\RemovableStorageDevices\\Deny_All'
+    __registry_branch = 'Software\\BaseALT\\Policies\\Polkit\\'
    __polkit_map = {
-            __deny_all: ['48-gpoa_disk_permissions_user', { 'Deny_All': 0, 'User': '' }]
+            __deny_all_win: ['48-gpoa_disk_permissions_user', { 'Deny_All': 0, 'User': '' }],
+            __registry_branch : ['48-alt_group_policy_permissions_user', {'User': ''}]
    }

    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
-
-        deny_all = storage.filter_hkcu_entries(self.sid, self.__deny_all).first()
+        deny_all_win = None
+        if check_windows_mapping_enabled(self.storage):
+            deny_all_win = storage.filter_hkcu_entries(self.sid, self.__deny_all_win).first()
+        polkit_filter = '{}%'.format(self.__registry_branch)
+        self.polkit_keys = self.storage.filter_hkcu_entries(self.sid, polkit_filter)
        # Deny_All hook: initialize defaults
-        template_file = self.__polkit_map[self.__deny_all][0]
-        template_vars = self.__polkit_map[self.__deny_all][1]
-        if deny_all:
-            logging.debug(slogm('Deny_All setting for user {} found: {}'.format(self.username, deny_all.data)))
-            self.__polkit_map[self.__deny_all][1]['Deny_All'] = deny_all.data
-            self.__polkit_map[self.__deny_all][1]['User'] = self.username
+        template_file = self.__polkit_map[self.__deny_all_win][0]
+        template_vars = self.__polkit_map[self.__deny_all_win][1]
+        template_file_all = self.__polkit_map[self.__registry_branch][0]
+        template_vars_all = self.__polkit_map[self.__registry_branch][1]
+
+        dict_lists_rules = {'No': [],
+                            'Yes': [],
+                            'Auth_self': [],
+                            'Auth_admin': [],
+                            'Auth_self_keep': [],
+                            'Auth_admin_keep': []}
+
+        for it_data in self.polkit_keys:
+            dict_lists_rules[it_data.data].append(it_data.valuename)
+
+        self.__polkit_map[self.__registry_branch][1]['User'] = self.username
+
+        for key, item in dict_lists_rules.items():
+            self.__polkit_map[self.__registry_branch][1][key] = item
+
+        if deny_all_win:
+            logdata = dict()
+            logdata['user'] = self.username
+            logdata['Deny_All_win'] = deny_all_win.data
+            log('D70', logdata)
+            self.__polkit_map[self.__deny_all_win][1]['Deny_All'] = deny_all_win.data
+            self.__polkit_map[self.__deny_all_win][1]['User'] = self.username
        else:
-            logging.debug(slogm('Deny_All setting not found'))
+            log('D72')
        self.policies = []
        self.policies.append(polkit(template_file, template_vars, self.username))
+        self.policies.append(polkit(template_file_all, template_vars_all, self.username))
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
@ -104,9 +171,10 @@ class polkit_applier_user(applier_frontend):
        Trigger control facility invocation.
        '''
        if self.__module_enabled:
-            logging.debug(slogm('Running Polkit applier for user in administrator context'))
+            log('D74')
            for policy in self.policies:
                policy.generate()
        else:
-            logging.debug(slogm('Polkit applier for user in administrator context will not be started'))
+            log('D76')
+

--- a/gpoa/frontend/scripts_applier.py
+++ b/gpoa/frontend/scripts_applier.py
@ -0,0 +1,158 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2022 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import shutil
+from pathlib import Path
+
+from util.logging import log
+from .appliers.folder import remove_dir_tree
+from .applier_frontend import (
+      applier_frontend
+    , check_enabled
+)
+
+class scripts_applier(applier_frontend):
+    __module_name = 'ScriptsApplier'
+    __module_experimental = True
+    __module_enabled = False
+    __cache_scripts = '/var/cache/gpupdate_scripts_cache/machine/'
+
+    def __init__(self, storage, sid):
+        self.storage = storage
+        self.sid = sid
+        self.startup_scripts = self.storage.get_scripts(self.sid, 'STARTUP')
+        self.shutdown_scripts = self.storage.get_scripts(self.sid, 'SHUTDOWN')
+        self.folder_path = Path(self.__cache_scripts)
+        self.__module_enabled = check_enabled(self.storage
+            , self.__module_name
+            , self.__module_experimental
+        )
+
+    def cleaning_cache(self):
+        log('D160')
+        try:
+            remove_dir_tree(self.folder_path, True, True, True,)
+        except FileNotFoundError as exc:
+            log('D154')
+        except Exception as exc:
+            logdata = dict()
+            logdata['exc'] = exc
+            log('E64', logdata)
+
+    def filling_cache(self):
+        '''
+        Creating and updating folder directories for scripts and copying them
+        '''
+        self.folder_path.mkdir(parents=True, exist_ok=True)
+        for ts in self.startup_scripts:
+            script_path = os.path.join(self.__cache_scripts, 'STARTUP')
+            install_script(ts, script_path, '700')
+        for ts in self.shutdown_scripts:
+            script_path = os.path.join(self.__cache_scripts, 'SHUTDOWN')
+            install_script(ts, script_path, '700')
+
+    def run(self):
+        self.filling_cache()
+
+    def apply(self):
+        self.cleaning_cache()
+        if self.__module_enabled:
+            log('D156')
+            self.run()
+        else:
+            log('D157')
+
+class scripts_applier_user(applier_frontend):
+    __module_name = 'ScriptsApplierUser'
+    __module_experimental = True
+    __module_enabled = False
+    __cache_scripts = '/var/cache/gpupdate_scripts_cache/users/'
+
+    def __init__(self, storage, sid, username):
+        self.storage = storage
+        self.sid = sid
+        self.logon_scripts = self.storage.get_scripts(self.sid, 'LOGON')
+        self.logoff_scripts = self.storage.get_scripts(self.sid, 'LOGOFF')
+        self.username = username
+        self.folder_path = Path(self.__cache_scripts + self.username)
+        self.__module_enabled = check_enabled(self.storage
+            , self.__module_name
+            , self.__module_experimental
+        )
+
+    def cleaning_cache(self):
+        log('D161')
+        try:
+            remove_dir_tree(self.folder_path, True, True, True,)
+        except FileNotFoundError as exc:
+            log('D155')
+        except Exception as exc:
+            logdata = dict()
+            logdata['exc'] = exc
+            log('E65', logdata)
+
+    def filling_cache(self):
+        '''
+        Creating and updating folder directories for scripts and copying them
+        '''
+        self.folder_path.mkdir(parents=True, exist_ok=True)
+
+        for ts in self.logon_scripts:
+            script_path = os.path.join(self.__cache_scripts, self.username, 'LOGON')
+            install_script(ts, script_path, '755')
+        for ts in self.logoff_scripts:
+            script_path = os.path.join(self.__cache_scripts, self.username, 'LOGOFF')
+            install_script(ts, script_path, '755')
+
+    def user_context_apply(self):
+        pass
+
+    def run(self):
+        self.filling_cache()
+
+    def admin_context_apply(self):
+        self.cleaning_cache()
+        if self.__module_enabled:
+            log('D158')
+            self.run()
+        else:
+            log('D159')
+
+def install_script(storage_script_entry, script_dir, access_permissions):
+    '''
+    Copy scripts to specific directories and
+    if given arguments
+    create directories for them and copy them there
+    '''
+    dir_cr = Path(script_dir)
+    dir_cr.mkdir(parents=True, exist_ok=True)
+    if storage_script_entry.number is None:
+        return
+    script_name = str(storage_script_entry.number).zfill(5) + '_' + os.path.basename(storage_script_entry.path)
+    script_file = os.path.join(script_dir, script_name)
+    shutil.copyfile(storage_script_entry.path, script_file)
+
+    os.chmod(script_file, int(access_permissions, base = 8))
+    if storage_script_entry.args:
+        dir_path = script_dir + '/' + script_name + '.arg'
+        dir_arg = Path(dir_path)
+        dir_arg.mkdir(parents=True, exist_ok=True)
+        file_arg = open(dir_path + '/arg', 'w')
+        file_arg.write(storage_script_entry.args)
+        file_arg.close()
--- a/gpoa/frontend/shortcut_applier.py
+++ b/gpoa/frontend/shortcut_applier.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -16,45 +16,50 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-import logging
 import subprocess

 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
-from gpt.shortcuts import json2sc
 from util.windows import expand_windows_var
-from util.logging import slogm
+from util.logging import log
 from util.util import (
        get_homedir,
-        homedir_exists
+        homedir_exists,
+        string_to_literal_eval
 )
+from gpt.shortcuts import shortcut, get_ttype

-def storage_get_shortcuts(storage, sid):
+def storage_get_shortcuts(storage, sid, username=None, shortcuts_machine=None):
    '''
    Query storage for shortcuts' rows for specified SID.
    '''
    shortcut_objs = storage.get_shortcuts(sid)
    shortcuts = list()
+    if username and shortcuts_machine:
+        shortcut_objs += shortcuts_machine

-    for sc_obj in shortcut_objs:
-        sc = json2sc(sc_obj.shortcut)
+    for sc in shortcut_objs:
+        if username:
+            sc.set_expanded_path(expand_windows_var(sc.path, username))
        shortcuts.append(sc)

    return shortcuts

-def write_shortcut(shortcut, username=None):
+def apply_shortcut(shortcut, username=None):
    '''
-    Write the single shortcut file to the disk.
+    Apply the single shortcut file to the disk.

    :username: None means working with machine variables and paths
    '''
    dest_abspath = shortcut.dest
    if not dest_abspath.startswith('/') and not dest_abspath.startswith('%'):
        dest_abspath = '%HOME%/' + dest_abspath
-
-    logging.debug(slogm('Try to expand path for shortcut: {} for {}'.format(dest_abspath, username)))
+    logdata = dict()
+    logdata['shortcut'] = dest_abspath
+    logdata['for'] = username
+    log('D105', logdata)
    dest_abspath = expand_windows_var(dest_abspath, username).replace('\\', '/') + '.desktop'

    # Check that we're working for user, not on global system level
@ -64,22 +69,34 @@ def write_shortcut(shortcut, username=None):
        if dest_abspath.startswith(get_homedir(username)):
            # Don't try to operate on non-existent directory
            if not homedir_exists(username):
-                logging.warning(slogm('No home directory exists for user {}: will not create link {}'.format(username, dest_abspath)))
+                logdata = dict()
+                logdata['user'] = username
+                logdata['dest_abspath'] = dest_abspath
+                log('W7', logdata)
                return None
        else:
-            logging.warning(slogm('User\'s shortcut not placed to home directory for {}: bad path {}'.format(username, dest_abspath)))
+            logdata = dict()
+            logdata['user'] = username
+            logdata['bad path'] = dest_abspath
+            log('W8', logdata)
            return None

    if '%' in dest_abspath:
-        logging.debug(slogm('Fail for writing shortcut to file with \'%\': {}'.format(dest_abspath)))
+        logdata = dict()
+        logdata['dest_abspath'] = dest_abspath
+        log('E53', logdata)
        return None

    if not dest_abspath.startswith('/'):
-        logging.debug(slogm('Fail for writing shortcut to not absolute path \'%\': {}'.format(dest_abspath)))
+        logdata = dict()
+        logdata['dest_abspath'] = dest_abspath
+        log('E54', logdata)
        return None
-
-    logging.debug(slogm('Writing shortcut file to {}'.format(dest_abspath)))
-    shortcut.write_desktop(dest_abspath)
+    logdata = dict()
+    logdata['file'] = dest_abspath
+    logdata['with_action'] = shortcut.action
+    log('D106', logdata)
+    shortcut.apply_desktop(dest_abspath)

 class shortcut_applier(applier_frontend):
    __module_name = 'ShortcutsApplier'
@ -98,7 +115,7 @@ class shortcut_applier(applier_frontend):
        shortcuts = storage_get_shortcuts(self.storage, self.storage.get_info('machine_sid'))
        if shortcuts:
            for sc in shortcuts:
-                write_shortcut(sc)
+                apply_shortcut(sc)
            if len(shortcuts) > 0:
                # According to ArchWiki - this thing is needed to rebuild MIME
                # type cache in order file bindings to work. This rebuilds
@ -106,46 +123,84 @@ class shortcut_applier(applier_frontend):
                # /usr/local/share/applications
                subprocess.check_call(['/usr/bin/update-desktop-database'])
        else:
-            logging.debug(slogm('No shortcuts to process for {}'.format(self.storage.get_info('machine_sid'))))
+            logdata = dict()
+            logdata['machine_sid'] = self.storage.get_info('machine_sid')
+            log('D100', logdata)

    def apply(self):
        if self.__module_enabled:
-            logging.debug(slogm('Running Shortcut applier for machine'))
+            log('D98')
            self.run()
        else:
-            logging.debug(slogm('Shortcut applier for machine will not be started'))
+            log('D99')

 class shortcut_applier_user(applier_frontend):
    __module_name = 'ShortcutsApplierUser'
    __module_experimental = False
    __module_enabled = True
+    __REGISTRY_PATH_SHORTCATSMERGE= '/Software/BaseALT/Policies/GPUpdate/ShortcutsMerge'
+    __DCONF_REGISTRY_PATH_PREFERENCES_MACHINE = 'Software/BaseALT/Policies/Preferences/Machine'

    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)

-    def run(self):
-        shortcuts = storage_get_shortcuts(self.storage, self.sid)
+    def get_machine_shortcuts(self):
+        result = list()
+        try:
+            storage_machine_dict =  self.storage.get_dictionary_from_dconf_file_db()
+            machine_shortcuts = storage_machine_dict.get(
+                self.__DCONF_REGISTRY_PATH_PREFERENCES_MACHINE, dict()).get('Shortcuts')
+            shortcut_objs =  string_to_literal_eval(machine_shortcuts)
+            for obj in shortcut_objs:
+                shortcut_machine =shortcut(
+                    obj.get('dest'),
+                    obj.get('path'),
+                    obj.get('arguments'),
+                    obj.get('name'),
+                    obj.get('action'),
+                    get_ttype(obj.get('target_type')))
+                shortcut_machine.set_usercontext(1)
+                result.append(shortcut_machine)
+        except:
+            return None
+        return result
+
+
+
+    def check_enabled_shortcuts_merge(self):
+        return self.storage.get_key_value(self.__REGISTRY_PATH_SHORTCATSMERGE)
+
+    def run(self, in_usercontext):
+        shortcuts_machine = None
+        if self.check_enabled_shortcuts_merge():
+            shortcuts_machine = self.get_machine_shortcuts()
+        shortcuts = storage_get_shortcuts(self.storage, self.sid, self.username, shortcuts_machine)

        if shortcuts:
            for sc in shortcuts:
-                if sc.is_usercontext():
-                    write_shortcut(sc, self.username)
+                if in_usercontext and sc.is_usercontext():
+                    apply_shortcut(sc, self.username)
+                if not in_usercontext and not sc.is_usercontext():
+                    apply_shortcut(sc, self.username)
        else:
-            logging.debug(slogm('No shortcuts to process for {}'.format(self.sid)))
+            logdata = dict()
+            logdata['sid'] = self.sid
+            log('D100', logdata)

    def user_context_apply(self):
        if self.__module_enabled:
-            logging.debug(slogm('Running Shortcut applier for user in user context'))
-            self.run()
+            log('D101')
+            self.run(True)
        else:
-            logging.debug(slogm('Shortcut applier for user in user context will not be started'))
+            log('D102')

    def admin_context_apply(self):
        if self.__module_enabled:
-            logging.debug(slogm('Running Shortcut applier for user in administrator context'))
-            self.run()
+            log('D103')
+            self.run(False)
        else:
-            logging.debug(slogm('Shortcut applier for user in administrator context will not be started'))
+            log('D104')

--- a/gpoa/frontend/systemd_applier.py
+++ b/gpoa/frontend/systemd_applier.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -21,19 +21,18 @@ from .applier_frontend import (
    , check_enabled
 )
 from .appliers.systemd import systemd_unit
-from util.logging import slogm
+from util.logging import log

-import logging

 class systemd_applier(applier_frontend):
    __module_name = 'SystemdApplier'
    __module_experimental = False
    __module_enabled = True
-    __registry_branch = 'Software\\BaseALT\\Policies\\SystemdUnits'
+    __registry_branch = 'Software/BaseALT/Policies/SystemdUnits'

    def __init__(self, storage):
        self.storage = storage
-        self.systemd_unit_settings = self.storage.filter_hklm_entries('Software\\BaseALT\\Policies\\SystemdUnits%')
+        self.systemd_unit_settings = self.storage.filter_hklm_entries(self.__registry_branch)
        self.units = []
        self.__module_enabled = check_enabled(
              self.storage
@ -43,33 +42,39 @@ class systemd_applier(applier_frontend):

    def run(self):
        for setting in self.systemd_unit_settings:
-            valuename = setting.hive_key.rpartition('\\')[2]
            try:
-                self.units.append(systemd_unit(valuename, int(setting.data)))
-                logging.info(slogm('Working with systemd unit {}'.format(valuename)))
+                self.units.append(systemd_unit(setting.valuename, int(setting.data)))
+                logdata = dict()
+                logdata['unit'] = format(setting.valuename)
+                log('I4', logdata)
            except Exception as exc:
-                logging.info(slogm('Unable to work with systemd unit {}: {}'.format(valuename, exc)))
+                logdata = dict()
+                logdata['unit'] = format(setting.valuename)
+                logdata['exc'] = exc
+                log('I5', logdata)
        for unit in self.units:
            try:
                unit.apply()
            except:
-                logging.error(slogm('Failed applying unit {}'.format(unit.unit_name)))
+                logdata = dict()
+                logdata['unit'] = unit.unit_name
+                log('E45', logdata)

    def apply(self):
        '''
        Trigger control facility invocation.
        '''
        if self.__module_enabled:
-            logging.debug(slogm('Running systemd applier for machine'))
+            log('D78')
            self.run()
        else:
-            logging.debug(slogm('systemd applier for machine will not be started'))
+            log('D79')

 class systemd_applier_user(applier_frontend):
    __module_name = 'SystemdApplierUser'
    __module_experimental = False
    __module_enabled = True
-    __registry_branch = 'Software\\BaseALT\\Policies\\SystemdUnits'
+    __registry_branch = 'Software/BaseALT/Policies/SystemdUnits'

    def __init__(self, storage, sid, username):
        self.storage = storage
--- a/gpoa/frontend/thunderbird_applier.py
+++ b/gpoa/frontend/thunderbird_applier.py
@ -0,0 +1,70 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+
+import json
+import os
+
+from .applier_frontend import (
+      applier_frontend
+    , check_enabled
+)
+from util.logging import log
+from util.util import is_machine_name
+from .firefox_applier import create_dict
+
+class thunderbird_applier(applier_frontend):
+    __module_name = 'ThunderbirdApplier'
+    __module_experimental = False
+    __module_enabled = True
+    __registry_branch = 'Software/Policies/Mozilla/Thunderbird'
+    __thunderbird_policies = '/etc/thunderbird/policies'
+
+    def __init__(self, storage, sid, username):
+        self.storage = storage
+        self.sid = sid
+        self.username = username
+        self._is_machine_name = is_machine_name(self.username)
+        self.policies = dict()
+        self.policies_json = dict({ 'policies': self.policies })
+        self.thunderbird_keys = self.storage.filter_hklm_entries(self.__registry_branch)
+        self.policies_gen = dict()
+        self.__module_enabled = check_enabled(
+              self.storage
+            , self.__module_name
+            , self.__module_experimental
+        )
+
+
+    def machine_apply(self):
+        '''
+        Write policies.json to Thunderbird.
+        '''
+        self.policies_json = create_dict(self.thunderbird_keys, self.__registry_branch)
+
+        destfile = os.path.join(self.__thunderbird_policies, 'policies.json')
+        os.makedirs(self.__thunderbird_policies, exist_ok=True)
+        with open(destfile, 'w') as f:
+            json.dump(self.policies_json, f)
+            logdata = dict()
+            logdata['destfile'] = destfile
+            log('D212', logdata)
+
+    def apply(self):
+        if self.__module_enabled:
+            log('D213')
+            self.machine_apply()
+        else:
+            log('D214')
--- a/gpoa/frontend/yandex_browser_applier.py
+++ b/gpoa/frontend/yandex_browser_applier.py
@ -0,0 +1,197 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from .applier_frontend import (
+      applier_frontend
+    , check_enabled
+)
+
+import json
+import os
+from util.logging import log
+from util.util import is_machine_name, string_to_literal_eval
+
+class yandex_browser_applier(applier_frontend):
+    __module_name = 'YandexBrowserApplier'
+    __module_enabled = True
+    __module_experimental = False
+    __registry_branch = 'Software/Policies/YandexBrowser'
+    __managed_policies_path = '/etc/opt/yandex/browser/policies/managed'
+    __recommended_policies_path = '/etc/opt/yandex/browser/policies/recommended'
+
+    def __init__(self, storage, sid, username):
+        self.storage = storage
+        self.sid = sid
+        self.username = username
+        self._is_machine_name = is_machine_name(self.username)
+        self.yandex_keys = self.storage.filter_hklm_entries(self.__registry_branch)
+
+        self.policies_json = dict()
+
+        self.__module_enabled = check_enabled(
+              self.storage
+            , self.__module_name
+            , self.__module_experimental
+        )
+
+    def machine_apply(self):
+        '''
+        Apply machine settings.
+        '''
+
+        destfile = os.path.join(self.__managed_policies_path, 'policies.json')
+
+        try:
+            recommended__json = self.policies_json.pop('Recommended')
+        except:
+            recommended__json = {}
+
+        #Replacing all nested dictionaries with a list
+        dict_item_to_list = (
+            lambda target_dict :
+                {key:[*val.values()] if type(val) == dict else string_to_literal_eval(val) for key,val in target_dict.items()}
+            )
+        os.makedirs(self.__managed_policies_path, exist_ok=True)
+        with open(destfile, 'w') as f:
+            json.dump(dict_item_to_list(self.policies_json), f)
+            logdata = dict()
+            logdata['destfile'] = destfile
+            log('D185', logdata)
+
+        destfilerec = os.path.join(self.__recommended_policies_path, 'policies.json')
+        os.makedirs(self.__recommended_policies_path, exist_ok=True)
+        with open(destfilerec, 'w') as f:
+            json.dump(dict_item_to_list(recommended__json), f)
+            logdata = dict()
+            logdata['destfilerec'] = destfilerec
+            log('D185', logdata)
+
+
+    def apply(self):
+        '''
+        All actual job done here.
+        '''
+        if self.__module_enabled:
+            log('D183')
+            self.create_dict(self.yandex_keys)
+            self.machine_apply()
+        else:
+            log('D184')
+
+    def get_valuename_typeint(self):
+        '''
+        List of keys resulting from parsing chrome.admx with parsing_chrom_admx_intvalues.py
+        '''
+        valuename_typeint = (['DefaultPageSaveSettings',
+                            'DefaultUploadSetting',
+                            'YandexAutoLaunchMode',
+                            'DefaultClipboardSetting',
+                            'DefaultFileSystemReadGuardSetting',
+                            'DefaultFileSystemWriteGuardSetting',
+                            'DefaultImagesSetting',
+                            'DefaultJavaScriptJitSetting',
+                            'DefaultJavaScriptSetting',
+                            'DefaultLocalFontsSetting',
+                            'DefaultPopupsSetting',
+                            'DefaultSensorsSetting',
+                            'DefaultSerialGuardSetting',
+                            'DefaultWebBluetoothGuardSetting',
+                            'DefaultWebHidGuardSetting',
+                            'DefaultWebUsbGuardSetting',
+                            'DefaultWindowManagementSetting',
+                            'SafeSitesFilterBehavior',
+                            'YandexUserFeedbackMode',
+                            'TurboSettings',
+                            'SidePanelMode',
+                            'RestoreOnStartup',
+                            'RestoreOnStartup_recommended',
+                            'BrowserSwitcherParsingMode',
+                            'DefaultNotificationsSetting',
+                            'YandexPowerSavingMode',
+                            'ChromeVariations',
+                            'DeveloperToolsAvailability',
+                            'DownloadRestrictions',
+                            'NetworkPredictionOptions',
+                            'DownloadRestrictions_recommended',
+                            'NetworkPredictionOptions_recommended',
+                            'DefaultCookiesSetting',
+                            'DefaultGeolocationSetting',
+                            'IncognitoModeAvailability',
+                            'DefaultPrintingSettings',
+                            'DefaultPluginsSetting',
+                            'DefaultInsecureContentSetting',
+                            'PasswordProtectionWarningTrigger',
+                            'SafeBrowsingProtectionLevel',
+                            'SafeBrowsingProtectionLevel_recommended',
+                            'DiskCacheSize'])
+        return valuename_typeint
+
+
+    def get_boolean(self,data):
+        if data in ['0', 'false', None, 'none', 0]:
+            return False
+        if data in ['1', 'true', 1]:
+            return True
+    def get_parts(self, hivekeyname):
+        '''
+        Parse registry path string and leave key parameters
+        '''
+        parts = hivekeyname.replace(self.__registry_branch, '').split('/')
+        return parts
+
+
+    def create_dict(self, yandex_keys):
+        '''
+        Collect dictionaries from registry keys into a general dictionary
+        '''
+        counts = dict()
+        #getting the list of keys to read as an integer
+        valuename_typeint = self.get_valuename_typeint()
+        for it_data in yandex_keys:
+            branch = counts
+            try:
+                if type(it_data.data) is bytes:
+                    it_data.data = it_data.data.decode(encoding='utf-16').replace('\x00','')
+                parts = self.get_parts(it_data.hive_key)
+                #creating a nested dictionary from elements
+                for part in parts[:-1]:
+                    branch = branch.setdefault(part, {})
+                #dictionary key value initialization
+                if it_data.type == 4:
+                    if it_data.valuename in valuename_typeint:
+                        branch[parts[-1]] = int(it_data.data)
+                    else:
+                        branch[parts[-1]] = self.get_boolean(it_data.data)
+                else:
+                    if it_data.data[0] == '[' and it_data.data[-1] == ']':
+                        try:
+                            branch[parts[-1]] = json.loads(str(it_data.data))
+                        except:
+                            branch[parts[-1]] = str(it_data.data).replace('\\', '/')
+                    else:
+                        branch[parts[-1]] = str(it_data.data).replace('\\', '/')
+
+            except Exception as exc:
+                logdata = dict()
+                logdata['Exception'] = exc
+                logdata['keyname'] = it_data.keyname
+                log('D178', logdata)
+        try:
+            self.policies_json = counts['']
+        except:
+            self.policies_json = {}
--- a/gpoa/gpoa
+++ b/gpoa/gpoa
@ -23,10 +23,11 @@ import signal
 import gettext
 import locale

-from backend import backend_factory
+from backend import backend_factory, save_dconf
 from frontend.frontend_manager import frontend_manager, determine_username
 from plugin import plugin_manager
 from messages import message_with_code
+from storage import Dconf_registry

 from util.util import get_machine_name
 from util.users import (
@ -61,6 +62,9 @@ def parse_arguments():
    arguments.add_argument('--list-backends',
            action='store_true',
            help='Show list of available backends')
+    arguments.add_argument('--force',
+            action='store_true',
+            help='Force GPT download')
    arguments.add_argument('--loglevel',
        type=int,
        default=4,
@ -73,25 +77,44 @@ class gpoa_controller:
    def __init__(self):
        self.__args = parse_arguments()
        self.is_machine = False
-        if not self.__args.user:
-            user = get_machine_name()
-            self.is_machine = True
+        self.noupdate = self.__args.noupdate
        set_loglevel(self.__args.loglevel)
+
        locale.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
        gettext.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
        gettext.textdomain('gpoa')

+        if not self.__args.user:
+            self.username = get_machine_name()
+            self.is_machine = True
+        else:
+            self.username = self.__args.user
+
        uname = get_process_user()
        uid = os.getuid()
        logdata = dict()
-        logdata['username'] = uname
-        logdata['uid'] = uid
-        log('D1', logdata)
+        logdata['username'] = self.username
+        logdata['is_machine'] = self.is_machine
+        logdata['process_username'] = uname
+        logdata['process_uid'] = uid
+
+        if self.is_machine:
+            log('D61', logdata)
+        else:
+            log('D1', logdata)
+            self.username = determine_username(self.username)

        if not is_root():
-            self.username = uname
+            self.noupdate = True
+
+            if self.is_machine:
+                msgtext = message_with_code('E34')
+                log('E34', {'username': self.username})
+                raise Exception(msgtext)
+
+            log('D59', {'username': self.username})
        else:
-            self.username = determine_username(self.__args.user)
+            log('D60', {'username': self.username})

    def run(self):
        '''
@ -101,6 +124,7 @@ class gpoa_controller:
            print('local')
            print('samba')
            return
+        Dconf_registry._force = self.__args.force
        self.start_plugins()
        self.start_backend()

@ -113,7 +137,7 @@ class gpoa_controller:
        if self.__args.nodomain:
            nodomain = True

-        if not self.__args.noupdate:
+        if not self.noupdate:
            if is_root():
                back = None
                try:
@ -130,6 +154,7 @@ class gpoa_controller:
                        back.retrieve_and_store()
                        # Start frontend only on successful backend finish
                        self.start_frontend()
+                        save_dconf(self.username, self.is_machine, nodomain)
                    except Exception as exc:
                        logdata = dict({'message': str(exc)})
                        # In case we're handling "E3" - it means that
--- a/gpoa/gpt/drives.py
+++ b/gpoa/gpt/drives.py
@ -19,7 +19,7 @@
 import json
 from base64 import b64decode
 from Crypto.Cipher import AES
-
+from .dynamic_attributes import DynamicAttributes
 from util.xml import get_xml_root

 def decrypt_pass(cpassword):
@ -67,6 +67,12 @@ def read_drives(drives_file):
        drive_obj.set_pass(decrypt_pass(props.get('cpassword')))
        drive_obj.set_dir(props.get('letter'))
        drive_obj.set_path(props.get('path'))
+        drive_obj.set_action(props.get('action'))
+        drive_obj.set_thisDrive(props.get('thisDrive'))
+        drive_obj.set_allDrives(props.get('allDrives'))
+        drive_obj.set_label(props.get('label'))
+        drive_obj.set_persistent(props.get('persistent'))
+        drive_obj.set_useLetter(props.get('useLetter'))

        drives.append(drive_obj)

@ -87,12 +93,18 @@ def json2drive(json_str):

    return drive_obj

-class drivemap:
+class drivemap(DynamicAttributes):
    def __init__(self):
        self.login = None
        self.password = None
        self.dir = None
        self.path = None
+        self.action = None
+        self.thisDrive = None
+        self.allDrives = None
+        self.label = None
+        self.persistent = None
+        self.useLetter = None

    def set_login(self, username):
        self.login = username
@ -110,6 +122,24 @@ class drivemap:
    def set_path(self, path):
        self.path = path

+    def set_action(self, action):
+        self.action = action
+
+    def set_thisDrive(self, thisDrive):
+        self.thisDrive = thisDrive
+
+    def set_allDrives(self, allDrives):
+        self.allDrives = allDrives
+
+    def set_label(self, label):
+        self.label = label
+
+    def set_persistent(self, persistent):
+        self.persistent = persistent
+
+    def set_useLetter(self, useLetter):
+        self.useLetter = useLetter
+
    def to_json(self):
        drive = dict()
        drive['login'] = self.login
--- a/gpoa/gpt/dynamic_attributes.py
+++ b/gpoa/gpt/dynamic_attributes.py
@ -0,0 +1,56 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+from enum import Enum
+
+class DynamicAttributes:
+    def __init__(self, **kwargs):
+        self.policy_name = None
+        for key, value in kwargs.items():
+            self.__setattr__(key, value)
+
+    def __setattr__(self, key, value):
+        if isinstance(value, Enum):
+            value = str(value)
+        if isinstance(value, str):
+            for q in ["'", "\""]:
+                if any(q in ch for ch in value):
+                    value = value.replace(q, "″")
+        self.__dict__[key] = value
+
+    def items(self):
+        return self.__dict__.items()
+
+    def __iter__(self):
+        return iter(self.__dict__.items())
+
+    def get_original_value(self, key):
+        value = self.__dict__.get(key)
+        if isinstance(value, str):
+            value = value.replace("″", "'")
+        return value
+
+class RegistryKeyMetadata(DynamicAttributes):
+    def __init__(self, policy_name, type, is_list=None, mod_previous_value=None):
+        self.policy_name = policy_name
+        self.type = type
+        self.reloaded_with_policy_key = None
+        self.is_list = is_list
+        self.mod_previous_value = mod_previous_value
+
+    def __repr__(self):
+        return str(dict(self))
--- a/gpoa/gpt/envvars.py
+++ b/gpoa/gpt/envvars.py
@ -17,22 +17,30 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 from util.xml import get_xml_root
+from .dynamic_attributes import DynamicAttributes
+

 def read_envvars(envvars_file):
    variables = list()

    for var in get_xml_root(envvars_file):
-        var_obj = envvar()
+        props = var.find('Properties')
+        name = props.get('name')
+        value = props.get('value')
+        action = props.get('action', default='C')
+        var_obj = envvar(name, value, action)

        variables.append(var_obj)

    return variables

-def merge_envvars(storage, sid, envvars_objects, policy_name):
-    for envvar in envvars_objects:
-        pass
+def merge_envvars(storage, sid, envvar_objects, policy_name):
+    for envv in envvar_objects:
+        storage.add_envvar(sid, envv, policy_name)

-class envvar:
-    def __init__(self):
-        pass
+class envvar(DynamicAttributes):
+    def __init__(self, name, value, action):
+        self.name = name
+        self.value = value
+        self.action = action

--- a/gpoa/gpt/files.py
+++ b/gpoa/gpt/files.py
@ -17,22 +17,44 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 from util.xml import get_xml_root
+from .dynamic_attributes import DynamicAttributes

 def read_files(filesxml):
    files = list()

    for fil in get_xml_root(filesxml):
-        fil_obj = fileentry()
-
+        props = fil.find('Properties')
+        fil_obj = fileentry(props.get('fromPath'))
+        fil_obj.set_action(props.get('action', default='C'))
+        fil_obj.set_target_path(props.get('targetPath', default=None))
+        fil_obj.set_read_only(props.get('readOnly', default=None))
+        fil_obj.set_archive(props.get('archive', default=None))
+        fil_obj.set_hidden(props.get('hidden', default=None))
+        fil_obj.set_suppress(props.get('suppress', default=None))
+        fil_obj.set_executable(props.get('executable', default=None))
        files.append(fil_obj)

    return files

 def merge_files(storage, sid, file_objects, policy_name):
    for fileobj in file_objects:
-        pass
+        storage.add_file(sid, fileobj, policy_name)

-class fileentry:
-    def __init__(self):
-        pass
+class fileentry(DynamicAttributes):
+    def __init__(self, fromPath):
+        self.fromPath = fromPath

+    def set_action(self, action):
+        self.action = action
+    def set_target_path(self, targetPath):
+        self.targetPath = targetPath
+    def set_read_only(self, readOnly):
+        self.readOnly = readOnly
+    def set_archive(self, archive):
+        self.archive = archive
+    def set_hidden(self, hidden):
+        self.hidden = hidden
+    def set_suppress(self, suppress):
+        self.suppress = suppress
+    def set_executable(self, executable):
+        self.executable = executable
--- a/gpoa/gpt/folders.py
+++ b/gpoa/gpt/folders.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -17,28 +17,11 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.


-from enum import Enum
-
+from .dynamic_attributes import DynamicAttributes

 from util.xml import get_xml_root


-class FileAction(Enum):
-    CREATE = 'C'
-    REPLACE = 'R'
-    UPDATE = 'U'
-    DELETE = 'D'
-
-
-def action_letter2enum(letter):
-    if letter in ['C', 'R', 'U', 'D']:
-        if letter == 'C': return FileAction.CREATE
-        if letter == 'R': return FileAction.REPLACE
-        if letter == 'U': return FileAction.UPDATE
-        if letter == 'D': return FileAction.DELETE
-
-    return FileAction.CREATE
-

 def action_enum2letter(enumitem):
    return enumitem.value
@ -50,7 +33,7 @@ def folder_int2bool(val):
    if type(value) == str:
        value = int(value)

-    if value == 0:
+    if value == 1:
        return True

    return False
@ -61,14 +44,17 @@ def read_folders(folders_file):

    for fld in get_xml_root(folders_file):
        props = fld.find('Properties')
-        fld_obj = folderentry(props.get('path'))
-        fld_obj.set_action(action_letter2enum(props.get('action', default='C')))
+        path = props.get('path')
+        action = props.get('action', default='C')
+        fld_obj = folderentry(path, action)
        fld_obj.set_delete_folder(folder_int2bool(props.get('deleteFolder', default=1)))
        fld_obj.set_delete_sub_folders(folder_int2bool(props.get('deleteSubFolders', default=1)))
        fld_obj.set_delete_files(folder_int2bool(props.get('deleteFiles', default=1)))
+        fld_obj.set_hidden_folder(folder_int2bool(props.get('hidden', default=0)))

        folders.append(fld_obj)

+
    return folders

 def merge_folders(storage, sid, folder_objects, policy_name):
@ -76,13 +62,14 @@ def merge_folders(storage, sid, folder_objects, policy_name):
        storage.add_folder(sid, folder, policy_name)


-class folderentry:
-    def __init__(self, path):
+class folderentry(DynamicAttributes):
+    def __init__(self, path, action):
        self.path = path
-        self.action = FileAction.CREATE
+        self.action = action
        self.delete_folder = False
        self.delete_sub_folders = False
        self.delete_files = False
+        self.hidden_folder = False

    def set_action(self, action):
        self.action = action
@ -96,3 +83,5 @@ class folderentry:
    def set_delete_files(self, del_bool):
        self.delete_files = del_bool

+    def set_hidden_folder(self, hid_bool):
+        self.hidden_folder = hid_bool
--- a/gpoa/gpt/gpo_dconf_mapping.py
+++ b/gpoa/gpt/gpo_dconf_mapping.py
@ -0,0 +1,48 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from .dynamic_attributes import DynamicAttributes
+
+class GpoInfoDconf(DynamicAttributes):
+    _counter = 0
+    def __init__(self, gpo) -> None:
+        GpoInfoDconf._counter += 1
+        self.counter = GpoInfoDconf._counter
+        self.display_name = None
+        self.name = None
+        self.version = None
+        self.link = None
+        self._fill_attributes(gpo)
+
+    def _fill_attributes(self, gpo):
+        try:
+            self.display_name = gpo.display_name
+        except:
+            self.display_name = "Unknown"
+        try:
+            self.name = gpo.name
+        except:
+            self.name = "Unknown"
+        try:
+            self.version = gpo.version
+        except:
+            self.version = "Unknown"
+        try:
+            self.link = gpo.link
+        except:
+            self.link = "Unknown"
--- a/gpoa/gpt/gpt.py
+++ b/gpoa/gpt/gpt.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -23,6 +23,7 @@ from enum import Enum, unique
 from samba.gp_parse.gp_pol import GPPolParser

 from storage import registry_factory
+from storage.dconf_registry import add_to_dict

 from .polfile import (
      read_polfile
@ -64,11 +65,18 @@ from .tasks import (
      read_tasks
    , merge_tasks
 )
-
+from .scriptsini import (
+      read_scripts
+    , merge_scripts
+)
+from .networkshares import (
+      read_networkshares
+    , merge_networkshares
+)
 import util
 import util.preg
 from util.paths import (
-    default_policy_path,
+    local_policy_path,
    cache_dir,
    local_policy_cache
 )
@ -87,6 +95,8 @@ class FileType(Enum):
    INIFILES = 'inifiles.xml'
    SERVICES = 'services.xml'
    PRINTERS = 'printers.xml'
+    SCRIPTS = 'scripts.ini'
+    NETWORKSHARES = 'networkshares.xml'

 def get_preftype(path_to_file):
    fpath = Path(path_to_file)
@ -112,6 +122,8 @@ def pref_parsers():
    parsers[FileType.INIFILES] = read_inifiles
    parsers[FileType.SERVICES] = read_services
    parsers[FileType.PRINTERS] = read_printers
+    parsers[FileType.SCRIPTS] = read_scripts
+    parsers[FileType.NETWORKSHARES] = read_networkshares

    return parsers

@ -132,6 +144,8 @@ def pref_mergers():
    mergers[FileType.INIFILES] = merge_inifiles
    mergers[FileType.SERVICES] = merge_services
    mergers[FileType.PRINTERS] = merge_printers
+    mergers[FileType.SCRIPTS] = merge_scripts
+    mergers[FileType.NETWORKSHARES] = merge_networkshares

    return mergers

@ -140,20 +154,23 @@ def get_merger(preference_type):
    return mergers[preference_type]

 class gpt:
-    __user_policy_mode_key = 'Software\\Policies\\Microsoft\\Windows\\System\\UserPolicyMode'
-
-    def __init__(self, gpt_path, sid):
+    def __init__(self, gpt_path, sid, username='Machine', gpo_info=None):
+        add_to_dict(gpt_path, username, gpo_info)
        self.path = gpt_path
+        self.username = username
        self.sid = sid
-        self.storage = registry_factory('registry')
+        self.storage = registry_factory()
+        self.storage._gpt_read_flag = True
+        self.gpo_info = gpo_info
        self.name = ''
-
        self.guid = self.path.rpartition('/')[2]
        if 'default' == self.guid:
            self.guid = 'Local Policy'

        self._machine_path = find_dir(self.path, 'Machine')
        self._user_path = find_dir(self.path, 'User')
+        self._scripts_machine_path = find_dir(self._machine_path, 'Scripts')
+        self._scripts_user_path = find_dir(self._user_path, 'Scripts')

        self.settings_list = [
              'shortcuts'
@ -165,6 +182,8 @@ class gpt:
            , 'inifiles'
            , 'services'
            , 'scheduledtasks'
+            , 'scripts'
+            , 'networkshares'
        ]
        self.settings = dict()
        self.settings['machine'] = dict()
@ -181,76 +200,71 @@ class gpt:
            log('D23', ulogdata)
            self.settings['user'][setting] = user_preffile

+        self.settings['machine']['scripts'] = find_file(self._scripts_machine_path, 'scripts.ini')
+        self.settings['user']['scripts'] = find_file(self._scripts_user_path, 'scripts.ini')
+
+
    def set_name(self, name):
        '''
        Set human-readable GPT name.
        '''
        self.name = name

-    def get_policy_mode(self):
+    def merge_machine(self):
        '''
-        Get UserPolicyMode parameter value in order to determine if it
-        is possible to work with user's part of GPT. This value is
-        checked only if working for user's SID.
+        Merge machine settings to storage.
        '''
-        upm = self.storage.get_hklm_entry(self.__user_policy_mode_key)
-        if not upm:
-            upm = 0
-        upm = int(upm)
-        if 0 > upm or 2 > upm:
-            upm = 0
+        try:
+            # Merge machine policies to registry if possible
+            if self.settings['machine']['regpol']:
+                mlogdata = dict({'polfile': self.settings['machine']['regpol']})
+                log('D34', mlogdata)
+                util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name, gpo_info=self.gpo_info)
+            # Merge machine preferences to registry if possible
+            for preference_name, preference_path in self.settings['machine'].items():
+                if preference_path:
+                    preference_type = get_preftype(preference_path)
+                    logdata = dict({'pref': preference_type.value, 'sid': self.sid})
+                    log('D28', logdata)
+                    preference_parser = get_parser(preference_type)
+                    preference_merger = get_merger(preference_type)
+                    preference_objects = preference_parser(preference_path)
+                    preference_merger(self.storage, self.sid, preference_objects, self.name)
+        except Exception as exc:
+            logdata = dict()
+            logdata['gpt'] = self.name
+            logdata['msg'] = str(exc)
+            log('E28', logdata)

-        return upm
-
-    def merge(self):
+    def merge_user(self):
        '''
-        Merge machine and user (if sid provided) settings to storage.
+        Merge user settings to storage.
        '''
-        if self.sid == self.storage.get_info('machine_sid'):
-            try:
-                # Merge machine settings to registry if possible
-                for preference_name, preference_path in self.settings['machine'].items():
-                    if preference_path:
-                        preference_type = get_preftype(preference_path)
-                        logdata = dict({'pref': preference_type.value, 'sid': self.sid})
-                        log('D28', logdata)
-                        preference_parser = get_parser(preference_type)
-                        preference_merger = get_merger(preference_type)
-                        preference_objects = preference_parser(preference_path)
-                        preference_merger(self.storage, self.sid, preference_objects, self.name)
-                if self.settings['user']['regpol']:
-                    mulogdata = dict({'polfile': self.settings['machine']['regpol']})
-                    log('D35', mulogdata)
-                    util.preg.merge_polfile(self.settings['user']['regpol'], sid=self.sid, policy_name=self.name)
-                if self.settings['machine']['regpol']:
-                    mlogdata = dict({'polfile': self.settings['machine']['regpol']})
-                    log('D34', mlogdata)
-                    util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name)
-            except Exception as exc:
-                logdata = dict()
-                logdata['gpt'] = self.name
-                logdata['msg'] = str(exc)
-                log('E28', logdata)
-        else:
-            # Merge user settings if UserPolicyMode set accordingly
-            # and user settings (for HKCU) are exist.
-            policy_mode = upm2str(self.get_policy_mode())
-            if 'Merge' == policy_mode or 'Not configured' == policy_mode:
-                try:
-                    for preference_name, preference_path in self.settings['user'].items():
-                        if preference_path:
-                            preference_type = get_preftype(preference_path)
-                            logdata = dict({'pref': preference_type.value, 'sid': self.sid})
-                            log('D29', logdata)
-                            preference_parser = get_parser(preference_type)
-                            preference_merger = get_merger(preference_type)
-                            preference_objects = preference_parser(preference_path)
-                            preference_merger(self.storage, self.sid, preference_objects, self.name)
-                except Exception as exc:
-                    logdata = dict()
-                    logdata['gpt'] = self.name
-                    logdata['msg'] = str(exc)
-                    log('E29', logdata)
+        try:
+            # Merge user policies to registry if possible
+            if self.settings['user']['regpol']:
+                mulogdata = dict({'polfile': self.settings['user']['regpol']})
+                log('D35', mulogdata)
+                util.preg.merge_polfile(self.settings['user']['regpol'],
+                                        sid=self.sid,
+                                        policy_name=self.name,
+                                        username=self.username,
+                                        gpo_info=self.gpo_info)
+            # Merge user preferences to registry if possible
+            for preference_name, preference_path in self.settings['user'].items():
+                if preference_path:
+                    preference_type = get_preftype(preference_path)
+                    logdata = dict({'pref': preference_type.value, 'sid': self.sid})
+                    log('D29', logdata)
+                    preference_parser = get_parser(preference_type)
+                    preference_merger = get_merger(preference_type)
+                    preference_objects = preference_parser(preference_path)
+                    preference_merger(self.storage, self.sid, preference_objects, self.name)
+        except Exception as exc:
+            logdata = dict()
+            logdata['gpt'] = self.name
+            logdata['msg'] = str(exc)
+            log('E29', logdata)

 def find_dir(search_path, name):
    '''
@ -326,7 +340,7 @@ def lp2gpt():
    '''
    Convert local-policy to full-featured GPT.
    '''
-    lppath = os.path.join(default_policy_path(), 'Machine/Registry.pol.xml')
+    lppath = os.path.join(local_policy_path(), 'Machine/Registry.pol.xml')

    # Load settings from XML PolFile
    polparser = GPPolParser()
@ -350,18 +364,3 @@ def get_local_gpt(sid):
    local_policy.set_name('Local Policy')

    return local_policy
-
-def upm2str(upm_num):
-    '''
-    Translate UserPolicyMode to string.
-    '''
-    result = 'Not configured'
-
-    if upm_num in [1, '1']:
-        result = 'Replace'
-
-    if upm_num in [2, '2']:
-        result = 'Merge'
-
-    return result
-
--- a/gpoa/gpt/inifiles.py
+++ b/gpoa/gpt/inifiles.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -17,22 +17,37 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 from util.xml import get_xml_root
+from .dynamic_attributes import DynamicAttributes

 def read_inifiles(inifiles_file):
    inifiles = list()

-    for inifile in get_xml_root(inifiles_file):
-        ini_obj = inifile()
+    for ini in get_xml_root(inifiles_file):
+        prors = ini.find('Properties')
+        ini_obj = inifile(prors.get('path'))
+        ini_obj.set_section(prors.get('section', default=None))
+        ini_obj.set_property(prors.get('property', default=None))
+        ini_obj.set_value(prors.get('value', default=None))
+        ini_obj.set_action(prors.get('action', default='C'))

        inifiles.append(ini_obj)

    return inifiles

 def merge_inifiles(storage, sid, inifile_objects, policy_name):
-    for inifile in inifile_objects:
-        pass
+    for iniobj in inifile_objects:
+        storage.add_ini(sid, iniobj, policy_name)

-def inifile():
-    def __init__(self):
-        pass
+class inifile(DynamicAttributes):
+    def __init__(self, path):
+        self.path = path
+
+    def set_section(self, section):
+        self.section = section
+    def set_property(self, property):
+        self.property = property
+    def set_value(self, value):
+        self.value = value
+    def set_action(self, action):
+        self.action = action

--- a/gpoa/gpt/networkshares.py
+++ b/gpoa/gpt/networkshares.py
@ -0,0 +1,57 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from util.xml import get_xml_root
+from .dynamic_attributes import DynamicAttributes
+
+def read_networkshares(networksharesxml):
+    networkshares = list()
+
+    for share in get_xml_root(networksharesxml):
+        props = share.find('Properties')
+        networkshare_obj = networkshare(props.get('name'))
+        networkshare_obj.set_action(props.get('action', default='C'))
+        networkshare_obj.set_path(props.get('path', default=None))
+        networkshare_obj.set_all_regular(props.get('allRegular', default=None))
+        networkshare_obj.set_comment(props.get('comment', default=None))
+        networkshare_obj.set_limitUsers(props.get('limitUsers', default=None))
+        networkshare_obj.set_abe(props.get('abe', default=None))
+        networkshares.append(networkshare_obj)
+
+    return networkshares
+
+def merge_networkshares(storage, sid, networkshares_objects, policy_name):
+    for networkshareobj in networkshares_objects:
+        storage.add_networkshare(sid, networkshareobj, policy_name)
+
+class networkshare(DynamicAttributes):
+    def __init__(self, name):
+        self.name = name
+
+    def set_action(self, action):
+        self.action = action
+    def set_path(self, path):
+        self.path = path
+    def set_all_regular(self, allRegular):
+        self.allRegular = allRegular
+    def set_comment(self, comment):
+        self.comment = comment
+    def set_limitUsers(self, limitUsers):
+        self.limitUsers = limitUsers
+    def set_abe(self, abe):
+        self.abe = abe
--- a/gpoa/gpt/polfile.py
+++ b/gpoa/gpt/polfile.py
@ -24,9 +24,10 @@ def read_polfile(filename):
    return load_preg(filename).entries

 def merge_polfile(storage, sid, policy_objects, policy_name):
-    for entry in policy_objects:
-        if not sid:
-            storage.add_hklm_entry(entry, policy_name)
-        else:
-            storage.add_hkcu_entry(entry, sid, policy_name)
+    pass
+    # for entry in policy_objects:
+    #     if not sid:
+    #         storage.add_hklm_entry(entry, policy_name)
+    #     else:
+    #         storage.add_hkcu_entry(entry, sid, policy_name)

--- a/gpoa/gpt/printers.py
+++ b/gpoa/gpt/printers.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -17,6 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import json
+from .dynamic_attributes import DynamicAttributes

 from util.xml import get_xml_root

@ -60,7 +61,7 @@ def json2printer(json_str):

    return prn

-class printer:
+class printer(DynamicAttributes):
    def __init__(self, ptype, name, status):
        '''
        ptype may be one of:
--- a/gpoa/gpt/scriptsini.py
+++ b/gpoa/gpt/scriptsini.py
@ -0,0 +1,148 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import configparser
+import os
+from .dynamic_attributes import DynamicAttributes
+
+def read_scripts(scripts_file):
+    scripts = Scripts_lists()
+
+    logon_scripts = dict()
+    logoff_scripts = dict()
+    startup_scripts = dict()
+    shutdown_scripts = dict()
+
+    config = configparser.ConfigParser()
+    config.read(scripts_file, encoding = 'utf-16')
+    scripts_file_dir = os.path.dirname(scripts_file)
+
+    actions = config.sections()
+
+    for act in actions:
+        act_upper = act.upper()
+        if act_upper == 'LOGON':
+            section_scripts = logon_scripts
+        elif act_upper == 'LOGOFF':
+            section_scripts = logoff_scripts
+        elif act_upper == 'STARTUP':
+            section_scripts = startup_scripts
+        elif act_upper == 'SHUTDOWN':
+            section_scripts = shutdown_scripts
+        else:
+            continue
+
+        for key in config[act]:
+            key_lower = key.lower()
+            key_split = key_lower.split('cmdline')
+            if len(key_split) > 1 and not key_split[1]:
+                if key_split[0].isdigit():
+                    key_index = int(key_split[0])
+                    section_scripts[key_index] = Script(act, scripts_file_dir, config[act][key])
+            key_split = key_lower.split('parameters')
+            if len(key_split) > 1 and not key_split[1]:
+                if key_split[0].isdigit():
+                    key_index = int(key_split[0])
+                    section_scripts[key_index].set_args(config[act][key])
+    if logon_scripts:
+        for i in sorted(logon_scripts.keys()):
+            scripts.add_script('LOGON', logon_scripts[i])
+
+    if logoff_scripts:
+        for i in sorted(logoff_scripts.keys()):
+            scripts.add_script('LOGOFF', logoff_scripts[i])
+
+    if startup_scripts:
+        for i in sorted(startup_scripts.keys()):
+            scripts.add_script('STARTUP', startup_scripts[i])
+
+    if shutdown_scripts:
+        for i in sorted(shutdown_scripts.keys()):
+            scripts.add_script('SHUTDOWN', shutdown_scripts[i])
+
+
+    return scripts
+
+def merge_scripts(storage, sid, scripts_objects, policy_name):
+    for script in scripts_objects.get_logon_scripts():
+        storage.add_script(sid, script, policy_name)
+    for script in scripts_objects.get_logoff_scripts():
+        storage.add_script(sid, script, policy_name)
+    for script in scripts_objects.get_startup_scripts():
+        storage.add_script(sid, script, policy_name)
+    for script in scripts_objects.get_shutdown_scripts():
+        storage.add_script(sid, script, policy_name)
+
+class Scripts_lists:
+    def __init__ (self):
+        self.__logon_scripts = list()
+        self.__logoff_scripts = list()
+        self.__startup_scripts = list()
+        self.__shutdown_scripts = list()
+
+    def get_logon_scripts(self):
+        return self.__logon_scripts
+    def get_logoff_scripts(self):
+        return self.__logoff_scripts
+    def get_startup_scripts(self):
+        return self.__startup_scripts
+    def get_shutdown_scripts(self):
+        return self.__shutdown_scripts
+
+    def add_script(self, action, script):
+        if action == 'LOGON':
+            self.get_logon_scripts().append(script)
+        elif action == 'LOGOFF':
+            self.get_logoff_scripts().append(script)
+        elif action == 'STARTUP':
+            self.get_startup_scripts().append(script)
+        elif action == 'SHUTDOWN':
+            self.get_shutdown_scripts().append(script)
+
+
+class Script(DynamicAttributes):
+    __logon_counter = 0
+    __logoff_counter = 0
+    __startup_counter = 0
+    __shutdown_counter = 0
+
+    def __init__(self, action, script_dir, script_filename):
+        action_upper = action.upper()
+        self.action = action_upper
+        self.path = os.path.join(script_dir, action_upper, script_filename.upper())
+        if not os.path.isfile(self.path):
+            self.number = None
+            return None
+        self.args = None
+
+        if action_upper == 'LOGON':
+            self.number = Script.__logon_counter
+            Script.__logon_counter += 1
+        elif action_upper == 'LOGOFF':
+            self.number = Script.__logoff_counter
+            Script.__logoff_counter += 1
+        elif action_upper == 'STARTUP':
+            self.number = Script.__startup_counter
+            Script.__startup_counter += 1
+        elif action_upper == 'SHUTDOWN':
+            self.number = Script.__shutdown_counter
+            Script.__shutdown_counter += 1
+
+    def set_args(self, args):
+        self.args = args
+
--- a/gpoa/gpt/services.py
+++ b/gpoa/gpt/services.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -17,6 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 from util.xml import get_xml_root
+from .dynamic_attributes import DynamicAttributes

 def read_services(service_file):
    '''
@ -43,14 +44,14 @@ def merge_services(storage, sid, service_objects, policy_name):
    for srv in service_objects:
        pass

-class service:
+class service(DynamicAttributes):
    def __init__(self, name):
        self.unit = name
        self.servname = None
        self.serviceaction = None

    def set_clsid(self, clsid):
-        self.guid = uid
+        self.guid = clsid

    def set_usercontext(self, usercontext=False):
        ctx = False
--- a/gpoa/gpt/shortcuts.py
+++ b/gpoa/gpt/shortcuts.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -18,20 +18,23 @@

 from pathlib import Path
 import stat
-import logging
 from enum import Enum

-from xml.etree import ElementTree
 from xdg.DesktopEntry import DesktopEntry
 import json

 from util.windows import transform_windows_path
 from util.xml import get_xml_root
+from util.paths import get_desktop_files_directory
+from .dynamic_attributes import DynamicAttributes

 class TargetType(Enum):
    FILESYSTEM = 'FILESYSTEM'
    URL = 'URL'

+    def __str__(self):
+        return self.value
+
 def get_ttype(targetstr):
    '''
    Validation function for targetType property
@ -42,7 +45,7 @@ def get_ttype(targetstr):
    '''
    ttype = TargetType.FILESYSTEM

-    if targetstr == 'URL':
+    if targetstr == 'URL'or targetstr == TargetType.URL:
        ttype = TargetType.URL

    return ttype
@ -79,12 +82,15 @@ def read_shortcuts(shortcuts_file):
        # URL or FILESYSTEM
        target_type = get_ttype(props.get('targetType'))

-        sc = shortcut(dest, path, arguments, link.get('name'), target_type)
+        sc = shortcut(dest, path, arguments, link.get('name'), props.get('action'), target_type)
        sc.set_changed(link.get('changed'))
        sc.set_clsid(link.get('clsid'))
        sc.set_guid(link.get('uid'))
        sc.set_usercontext(link.get('userContext', False))
        sc.set_icon(props.get('iconPath'))
+        if props.get('comment'):
+            sc.set_comment(props.get('comment'))
+
        shortcuts.append(sc)

    return shortcuts
@ -93,25 +99,24 @@ def merge_shortcuts(storage, sid, shortcut_objects, policy_name):
    for shortcut in shortcut_objects:
        storage.add_shortcut(sid, shortcut, policy_name)

-def json2sc(json_str):
-    '''
-    Build shortcut out of string-serialized JSON
-    '''
-    json_obj = json.loads(json_str)
-    link_type = get_ttype(json_obj['type'])

-    sc = shortcut(json_obj['dest'], json_obj['path'], json_obj['arguments'], json_obj['name'], link_type)
-    sc.set_changed(json_obj['changed'])
-    sc.set_clsid(json_obj['clsid'])
-    sc.set_guid(json_obj['guid'])
-    sc.set_usercontext(json_obj['is_in_user_context'])
-    if 'icon' in json_obj:
-        sc.set_icon(json_obj['icon'])
+def find_desktop_entry(binary_path):
+    desktop_dir = get_desktop_files_directory()
+    binary_name = ''.join(binary_path.split('/')[-1])
+    desktop_file_path = Path(f"{desktop_dir}/{binary_name}.desktop")

-    return sc
+    if desktop_file_path.exists():
+        desktop_entry = DesktopEntry()
+        desktop_entry.parse(desktop_file_path)
+        return desktop_entry

-class shortcut:
-    def __init__(self, dest, path, arguments, name=None, ttype=TargetType.FILESYSTEM):
+    return None
+
+
+class shortcut(DynamicAttributes):
+    _ignore_fields = {"desktop_file_template", "desktop_file"}
+
+    def __init__(self, dest, path, arguments, name=None, action=None, ttype=TargetType.FILESYSTEM):
        '''
        :param dest: Path to resulting file on file system
        :param path: Path where the link should point to
@ -119,14 +124,42 @@ class shortcut:
        :param name: Name of the application
        :param type: Link type - FILESYSTEM or URL
        '''
-        self.dest = dest
+        self.dest = self.replace_slashes(dest)
        self.path = path
+        self.expanded_path = None
        self.arguments = arguments
-        self.name = name
+        self.name = self.replace_name(name)
+        self.action = action
        self.changed = ''
        self.icon = None
+        self.comment = ''
        self.is_in_user_context = self.set_usercontext()
        self.type = ttype
+        self.desktop_file_template = None
+
+
+    def items(self):
+        return ((k, v) for k, v in super().items() if k not in self._ignore_fields)
+
+    def __iter__(self):
+        return iter(self.items())
+
+
+    def replace_slashes(self, input_path):
+        if input_path.startswith('%'):
+            index = input_path.find('%', 1)
+            if index != -1:
+                replace_path = input_path[:index + 2] + input_path[index + 2:].replace('/','-')
+                return replace_path
+        return input_path.replace('/','-')
+
+    def replace_name(self, input_name):
+        if input_name.startswith('%'):
+            index = input_name.find('%', 1)
+            if index != -1:
+                replace_name = input_name[index + 2:]
+                return replace_name
+        return input_name

    def __str__(self):
        result = self.to_json()
@ -147,6 +180,9 @@ class shortcut:
    def set_icon(self, icon_name):
        self.icon = icon_name

+    def set_comment(self, comment):
+        self.comment = comment
+
    def set_type(self, ttype):
        '''
        Set type of the hyperlink - FILESYSTEM or URL
@ -166,63 +202,95 @@ class shortcut:

        self.is_in_user_context = ctx

+    def set_expanded_path(self, path):
+        '''
+        Adjust shortcut path with expanding windows variables
+        '''
+        self.expanded_path = path
+
    def is_usercontext(self):
        return self.is_in_user_context

-    def to_json(self):
-        '''
-        Return shortcut's JSON for further serialization.
-        '''
-        content = dict()
-        content['dest'] = self.dest
-        content['path'] = self.path
-        content['name'] = self.name
-        content['arguments'] = self.arguments
-        content['clsid'] = self.clsid
-        content['guid'] = self.guid
-        content['changed'] = self.changed
-        content['is_in_user_context'] = self.is_in_user_context
-        content['type'] = ttype2str(self.type)
-        if self.icon:
-            content['icon'] = self.icon
-        result = self.desktop()
-        result.content.update(content)
-
-        return json.dumps(result.content)
-
-    def desktop(self):
+    def desktop(self, dest=None):
        '''
        Returns desktop file object which may be written to disk.
        '''
-        self.desktop_file = DesktopEntry()
-        self.desktop_file.addGroup('Desktop Entry')
+        if dest:
+            self.desktop_file = DesktopEntry(dest)
+        else:
+            self.desktop_file_template = find_desktop_entry(self.path)
+            self.desktop_file = DesktopEntry()
+            self.desktop_file.addGroup('Desktop Entry')
+            self.desktop_file.set('Version', '1.0')
+        self._update_desktop()

-        if self.type == TargetType.URL:
+        return self.desktop_file
+
+    def _update_desktop(self):
+        '''
+        Update desktop file object from internal data.
+        '''
+        if get_ttype(self.type) == TargetType.URL:
            self.desktop_file.set('Type', 'Link')
        else:
            self.desktop_file.set('Type', 'Application')

-        self.desktop_file.set('Version', '1.0')
        self.desktop_file.set('Name', self.name)

-        if self.type == TargetType.URL:
-            self.desktop_file.set('URL', self.path)
+        desktop_path = self.path
+        if self.expanded_path:
+            desktop_path = self.expanded_path
+        if get_ttype(self.type) == TargetType.URL:
+            self.desktop_file.set('URL', desktop_path)
        else:
-            self.desktop_file.set('Terminal', 'false')
-            self.desktop_file.set('Exec', '{} {}'.format(self.path, self.arguments))
+            str2bool_lambda = (lambda boolstr: boolstr if isinstance(boolstr, bool)
+                               else boolstr and boolstr.lower() in ['True', 'true', 'yes', '1'])
+            if self.desktop_file_template:
+                terminal_state = str2bool_lambda(self.desktop_file_template.get('Terminal'))
+                self.desktop_file.set('Terminal', 'true' if terminal_state else 'false')
+            self.desktop_file.set('Exec', '{} {}'.format(desktop_path, self.get_original_value('arguments')))
+            self.desktop_file.set('Comment', self.comment)

        if self.icon:
            self.desktop_file.set('Icon', self.icon)
+        elif self.desktop_file_template and self.desktop_file_template.get('Icon', False):
+            self.desktop_file.set('Icon', self.desktop_file_template.get('Icon'))

-        return self.desktop_file
-
-    def write_desktop(self, dest):
+    def _write_desktop(self, dest, create_only=False, read_firstly=False):
        '''
        Write .desktop file to disk using path 'dest'. Please note that
        .desktop files must have executable bit set in order to work in
        GUI.
        '''
-        self.desktop().write(dest)
        sc = Path(dest)
+        if sc.exists() and create_only:
+            return
+
+        if sc.exists() and read_firstly:
+            self.desktop(dest).write(dest)
+        else:
+            self.desktop().write(dest)
+
        sc.chmod(sc.stat().st_mode | stat.S_IEXEC)

+    def _remove_desktop(self, dest):
+        '''
+        Remove .desktop file fromo disk using path 'dest'.
+        '''
+        sc = Path(dest)
+        if sc.exists():
+            sc.unlink()
+
+    def apply_desktop(self, dest):
+        '''
+        Apply .desktop file by action.
+        '''
+        if self.action == 'U':
+            self._write_desktop(dest, read_firstly=True)
+        elif self.action == 'D':
+            self._remove_desktop(dest)
+        elif self.action == 'R':
+            self._remove_desktop(dest)
+            self._write_desktop(dest)
+        elif self.action == 'C':
+            self._write_desktop(dest, create_only=True)
--- a/gpoa/gpupdate
+++ b/gpoa/gpupdate
@ -25,6 +25,7 @@ import os
 import sys
 import pwd
 import signal
+from storage import Dconf_registry

 from util.users import (
    is_root
@ -47,33 +48,52 @@ from util.logging import log
 class file_runner:
    _gpoa_exe = '/usr/sbin/gpoa'

-    def __init__(self, username=None):
+    def __init__(self, loglevel, username=None):
        self._user = username
+        self._loglevel = loglevel

    def run(self):
        '''
        Call gpoa utility to generate scripts
        '''
        gpoa_cmd = [self._gpoa_exe]
+        if self._loglevel != None:
+            gpoa_cmd += ["--loglevel", str(self._loglevel)]
        if self._user:
            gpoa_cmd += [self._user]

-        output = subprocess.call(gpoa_cmd)
-        sys.exit(output)
+        subprocess.check_output(gpoa_cmd)

 def parse_cli_arguments():
    '''
    Command line argument parser
    '''
-    argparser = argparse.ArgumentParser(description='Update group policies for the specified user')
+    argparser = argparse.ArgumentParser(description='Update group policies for computer and the specified user')
    argparser.add_argument('-u',
        '--user',
        default=None,
        help='Name of the user for GPO update')
-    argparser.add_argument('--target',
+    argparser.add_argument('-t',
+        '--target',
        default=None,
-        type=str,
+        type=str.upper,
+        choices=["ALL", "USER", "COMPUTER"],
        help='Specify if it is needed to update user\'s or computer\'s policies')
+    argparser.add_argument('-l',
+        '--loglevel',
+        type=int,
+        default=5,
+        help='Set logging verbosity level')
+    argparser.add_argument('-f',
+        '--force',
+        action='store_true',
+        default=False,
+        help='Force GPT download')
+    argparser.add_argument('-s',
+        '--system',
+        action='store_true',
+        default=None,
+        help='Run gpoa directly in system mode')

    return argparser.parse_args()

@ -83,13 +103,14 @@ def runner_factory(args, target):
    factors taken into account.
    '''
    username = None
+    target = target.upper()
    if is_root():
        # Only root may specify any username to update.
        try:
            if args.user:
                username = pwd.getpwnam(args.user).pw_name
            else:
-                target = 'Computer'
+                target = 'COMPUTER'
        except:
            username = None
            logdata = dict({'username': args.user})
@ -99,30 +120,45 @@ def runner_factory(args, target):
        # itself (os.getusername()).
        username = pwd.getpwuid(os.getuid()).pw_name
        if args.user != username:
-            logdata = dict({'username': args.user})
+            logdata = dict({'username': username})
            log('W2', logdata)

+    if args.system:
+        return try_directly(username, target, args.loglevel)
+    else:
+        return try_by_oddjob(username, target)
+
+def try_by_oddjob(username, target):
+    '''
+    Run group policies applying by oddjob service
+    '''
    if is_oddjobd_gpupdate_accessible():
        log('D13')
        computer_runner = None
        user_runner = None
-        if target == 'All' or target == 'Computer':
+        if target == 'ALL' or target == 'COMPUTER':
            computer_runner = dbus_runner()
        if username:
-            if target == 'All' or target == 'User':
+            if target == 'ALL' or target == 'USER':
                user_runner = dbus_runner(username)
        return (computer_runner, user_runner)
    else:
        log('W3')

+    return None
+
+def try_directly(username, target, loglevel):
+    '''
+    Run group policies applying directly
+    '''
    if is_root():
        log('D14')
        computer_runner = None
        user_runner = None
-        if target == 'All' or target == 'Computer':
-            computer_runner = file_runner()
-        if target == 'All' or target == 'User':
-            user_runner = file_runner(username)
+        if target == 'ALL' or target == 'COMPUTER':
+            computer_runner = file_runner(loglevel)
+        if target == 'ALL' or target == 'USER':
+            user_runner = file_runner(loglevel, username)
        return (computer_runner, user_runner)
    else:
        log('E1')
@ -134,7 +170,8 @@ def main():
    locale.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
    gettext.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
    gettext.textdomain('gpoa')
-    set_loglevel(0)
+    set_loglevel(args.loglevel)
+    Dconf_registry._force = args.force
    gpo_appliers = runner_factory(args, process_target(args.target))

    if gpo_appliers:
--- a/gpoa/gpupdate-setup
+++ b/gpoa/gpupdate-setup
@ -2,7 +2,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -19,11 +19,7 @@


 import os
-import sys
 import argparse
-import subprocess
-
-import re

 from util.util import (
      runcmd
@ -33,17 +29,14 @@ from util.util import (
    , get_policy_variants
 )
 from util.config import GPConfig
+from util.paths import get_custom_policy_dir


 class Runner:
    __control_path = '/usr/sbin/control'
    __systemctl_path = '/bin/systemctl'
-    __etc_policy_dir = '/etc/local-policy'
-    __usr_policy_dir = '/usr/share/local-policy'

    def __init__(self):
-        self.etc_policies = get_policy_entries(self.__etc_policy_dir)
-        self.usr_policies = get_policy_entries(self.__usr_policy_dir)
        self.arguments = parse_arguments()

 def parse_arguments():
@ -66,7 +59,8 @@ def parse_arguments():

    parser_disable = subparsers.add_parser('disable',
        help='Disable Group Policy subsystem')
-
+    parser_update = subparsers.add_parser('update',
+        help='Update state')
    parser_write = subparsers.add_parser('write',
        help='Operate on Group Policies (enable or disable)')
    parser_set_backend = subparsers.add_parser('set-backend',
@ -110,6 +104,16 @@ def parse_arguments():
        choices=['local', 'samba'],
        help='Backend (source of settings) name')

+    parser_update.add_argument('--local-policy',
+        default=None,
+        help='Name of local policy to enable')
+    parser_update.add_argument('--backend',
+        default='samba',
+        type=str,
+        choices=['local', 'samba'],
+        help='Backend (source of settings) name')
+
+
    return parser.parse_args()

 def validate_policy_name(policy_name):
@ -140,10 +144,10 @@ def is_unit_enabled(unit_name, unit_global=False):

 def get_status():
    '''
-    Check that gpupdate.service and gpupdate-user.service are enabled.
+    Check that gpupdate.timer and gpupdate-user.timer are enabled.
    '''
-    is_gpupdate = is_unit_enabled('gpupdate.service')
-    is_gpupdate_user = is_unit_enabled('gpupdate-user.service', unit_global=True)
+    is_gpupdate = is_unit_enabled('gpupdate.timer')
+    is_gpupdate_user = is_unit_enabled('gpupdate-user.timer', unit_global=True)

    if is_gpupdate and is_gpupdate_user:
        return True
@ -178,7 +182,11 @@ def disable_gp():
    cmd_set_local_policy = ['/usr/sbin/control', 'system-policy', 'local']
    cmd_disable_gpupdate_service = ['/bin/systemctl', 'disable', 'gpupdate.service']
    cmd_disable_gpupdate_user_service = ['/bin/systemctl', '--global', 'disable', 'gpupdate-user.service']
+    cmd_disable_gpupdate_timer = ['/bin/systemctl', 'disable', 'gpupdate.timer']
+    cmd_disable_gpupdate_user_timer = ['/bin/systemctl', '--global', 'disable', 'gpupdate-user.timer']
    cmd_control_system_auth = ['/usr/sbin/control', 'system-auth']
+    cmd_disable_gpupdate_scripts_service = ['/bin/systemctl', 'disable', 'gpupdate-scripts-run.service']
+    cmd_disable_gpupdate_scripts_user_service = ['/bin/systemctl', '--global', 'disable', 'gpupdate-scripts-run-user.service']

    config = GPConfig()

@ -194,32 +202,39 @@ def disable_gp():
        runcmd(cmd_set_local_policy)
    runcmd(cmd_disable_gpupdate_service)
    runcmd(cmd_disable_gpupdate_user_service)
+    runcmd(cmd_disable_gpupdate_timer)
+    runcmd(cmd_disable_gpupdate_user_timer)
+    runcmd(cmd_disable_gpupdate_scripts_service)
+    runcmd(cmd_disable_gpupdate_scripts_user_service)
+    config.set_local_policy_template()
+    config.set_backend()

 def enable_gp(policy_name, backend_type):
    '''
    Consistently enable group policy services
    '''
-    policy_dir = '/usr/share/local-policy'
-    etc_policy_dir = '/etc/local-policy'
    cmd_set_gpupdate_policy = ['/usr/sbin/control', 'system-policy', 'gpupdate']
    cmd_gpoa_nodomain = ['/usr/sbin/gpoa', '--nodomain', '--loglevel', '5']
    cmd_enable_gpupdate_service = ['/bin/systemctl', 'enable', 'gpupdate.service']
-    cmd_enable_gpupdate_user_service = ['/bin/systemctl', '--global', 'enable', 'gpupdate-user.service']
+    cmd_enable_gpupdate_user_service = ['/bin/systemctl', '--global', 'disable', 'gpupdate-user.service']
+    cmd_enable_gpupdate_timer = ['/bin/systemctl', 'enable', 'gpupdate.timer']
+    cmd_enable_gpupdate_user_timer = ['/bin/systemctl', '--global', 'enable', 'gpupdate-user.timer']
+    cmd_enable_gpupdate_scripts_service = ['/bin/systemctl', 'enable', 'gpupdate-scripts-run.service']
+    cmd_enable_gpupdate_user_scripts_service = ['/bin/systemctl', '--global', 'enable', 'gpupdate-scripts-run-user.service']

    config = GPConfig()

+    custom_policy_dir = get_custom_policy_dir()
+    if not os.path.isdir(custom_policy_dir):
+        os.makedirs(custom_policy_dir)
+
    target_policy_name = get_default_policy_name()
    if policy_name:
        if validate_policy_name(policy_name):
            target_policy_name = policy_name
-
    print (target_policy_name)
-    default_policy_name = os.path.join(policy_dir, target_policy_name)

-    if not os.path.isdir(etc_policy_dir):
-        os.makedirs(etc_policy_dir)
-
-    config.set_local_policy_template(default_policy_name)
+    config.set_local_policy_template(target_policy_name)
    config.set_backend(backend_type)

    # Enable oddjobd_gpupdate in PAM config
@ -237,7 +252,29 @@ def enable_gp(policy_name, backend_type):
    # Enable gpupdate-setup.service for all users
    if not rollback_on_error(cmd_enable_gpupdate_user_service):
        return
-    if not is_unit_enabled('gpupdate-user.service', unit_global=True):
+    # Enable gpupdate-scripts-run.service
+    if not rollback_on_error(cmd_enable_gpupdate_scripts_service):
+        return
+    if not is_unit_enabled('gpupdate-scripts-run.service'):
+        disable_gp()
+        return
+    # Enable gpupdate-scripts-run-user.service for all users
+    if not rollback_on_error(cmd_enable_gpupdate_user_scripts_service):
+        return
+    if not is_unit_enabled('gpupdate-scripts-run-user.service', unit_global=True):
+        disable_gp()
+        return
+
+    # Enable gpupdate.timer
+    if not rollback_on_error(cmd_enable_gpupdate_timer):
+        return
+    if not is_unit_enabled('gpupdate.timer'):
+        disable_gp()
+        return
+    # Enable gpupdate-setup.timer for all users
+    if not rollback_on_error(cmd_enable_gpupdate_user_timer):
+        return
+    if not is_unit_enabled('gpupdate-user.timer', unit_global=True):
        disable_gp()
        return

@ -312,6 +349,7 @@ def main():
    action['set-backend'] = act_set_backend
    action['write'] = act_write
    action['enable'] = act_enable
+    action['update'] = act_enable
    action['disable'] = disable_gp
    action['active-policy'] = act_active_policy
    action['active-backend'] = act_active_backend
@ -319,6 +357,9 @@ def main():

    if arguments.action == None:
        action['status']()
+    elif arguments.action == 'update':
+        if get_status():
+            action[arguments.action](arguments.local_policy, arguments.backend)
    elif arguments.action == 'enable':
        action[arguments.action](arguments.local_policy, arguments.backend)
    elif arguments.action == 'write':
--- a/gpoa/locale/ru_RU/LC_MESSAGES/gpoa.po
+++ b/gpoa/locale/ru_RU/LC_MESSAGES/gpoa.po
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -41,6 +41,34 @@ msgstr "Получен объект групповой политики"
 msgid "Unknown info code"
 msgstr "Неизвестный код информационного сообщения"

+msgid "Working with control"
+msgstr "Применение настроек control"
+
+msgid "Working with systemd"
+msgstr "Работа с systemd"
+
+msgid "Unable to work with systemd unit"
+msgstr "Невозможно создать оъект для unit systemd"
+
+msgid "Starting systemd unit"
+msgstr "Запуск unit systemd"
+
+msgid "Firefox policy"
+msgstr "Политика Firefox"
+
+msgid "Chromium policy"
+msgstr "Политика Chromium"
+
+msgid "Set user property to"
+msgstr "Установка свойств  для пользователя"
+
+msgid "The line in the configuration file was cleared"
+msgstr "В конфигурационном файле была очищена строка"
+
+msgid "Found GPT in cache"
+msgstr "Найден GPT в кеше"
+
+
 # Error
 msgid "Insufficient permissions to run gpupdate"
 msgstr "Недостаточно прав для запуска gpupdate"
@ -132,6 +160,116 @@ msgstr "Ошибка слияния пользовательской части
 msgid "Unknown error code"
 msgstr "Неизвестный код ошибки"

+msgid "Unable to work with control"
+msgstr "Не удалось применить настройки control"
+
+msgid "Control applier for machine will not be started"
+msgstr "Приминение Control для машины не удалось"
+
+msgid "Error getting control"
+msgstr "Ошибка установки control"
+
+msgid "Is not in possible values for control"
+msgstr "Не входит в возможные значения для control"
+
+msgid "Unable to set"
+msgstr "Невозможно установить"
+
+msgid "Unable to generate file"
+msgstr "Невозможно создать файл"
+
+msgid "Failed applying unit"
+msgstr "Не удалось применить настройки"
+
+msgid "Unable to start systemd unit"
+msgstr "Невозможно запустить systemd unit"
+
+msgid "Unable to cache specified URI"
+msgstr "Невозможно кэшировать указанный URI"
+
+msgid "Unable to cache specified URI for machine"
+msgstr "Невозможно кэшировать указанный URI для компьютера"
+
+msgid "Error recompiling global GSettings schemas"
+msgstr "Ошибка перекомпиляции глобальных GSettings schemas"
+
+msgid "Error update configuration dconf"
+msgstr "Ошибка обновления конфигурации dconf"
+
+msgid "Unable to cache specified URI for user"
+msgstr "Невозможно кэшировать указанный URI для пользователя"
+
+msgid "Error during attempt to read Chromium preferences for user"
+msgstr "Ошибка при попытке прочитать настройки Chromium для пользователя"
+
+msgid "Fail for applying shortcut to file with %"
+msgstr "Не удалось применить ярлык к файлу с %"
+
+msgid "Fail for applying shortcut to not absolute path"
+msgstr "Не удалось применить ярлык к не абсолютному пути"
+
+msgid "Error running pkcon_runner sync for machine"
+msgstr "Ошибка при запуске pkcon_runner синхронно для компьютера"
+
+msgid "Package install error"
+msgstr "Ошибка установки пакета"
+
+msgid "Package remove error"
+msgstr "Ошибка удаления пакета"
+
+msgid "Error running pkcon_runner sync for user"
+msgstr "Ошибка при запуске pkcon_runner синхронно для пользователя"
+
+msgid "Error running pkcon_runner async for machine"
+msgstr "Ошибка при запуске pkcon_runner асинхронно для компьютера"
+
+msgid "Error running pkcon_runner async for user"
+msgstr "Ошибка при запуске pkcon_runner асинхронно для пользователя"
+
+msgid "Error merging user GPT (from machine GPO)"
+msgstr "Ошибка слияния пользовательской групповой политики (машинная часть)"
+
+msgid "Error cleaning directory for machine"
+msgstr "Ошибка очистки каталога для машины"
+
+msgid "Error cleaning directory for user"
+msgstr "Ошибка очистки каталога для пользователя"
+
+msgid "Error while executing command for widgets"
+msgstr "Ошибка при выполнении команды для виджетов"
+
+msgid "Error creating environment variables"
+msgstr "Ошибка создания переменных среды"
+
+msgid "Error running kwriteconfig5 command"
+msgstr "Ошибка выполнения команды kwriteconfig5"
+
+msgid "Error getting list of keys"
+msgstr "Ошибка получения списка ключей"
+
+msgid "Error getting key value"
+msgstr "Ошибка при получении значения ключей"
+
+msgid "Failed to update dconf database"
+msgstr "Не удалось обновить базу данных dconf"
+
+msgid "Exception occurred while updating dconf database"
+msgstr "Возникло исключение при обновлении базы данных dconf"
+
+msgid "Failed to retrieve data from dconf database"
+msgstr "Не удалось получить данные из базы dconf"
+
+msgid "Autofs restart failed"
+msgstr "Перезапуск Autofs не удался"
+
+msgid "Failed to update LDAP with new password data"
+msgstr "Не удалось обновить LDAP новыми данными пароля"
+
+msgid "Failed to change local user password"
+msgstr "Не удалось изменить пароль локального пользователя"
+
+# Error_end
+
 # Debug
 msgid "The GPOA process was started for user"
 msgstr "Произведён запуск GPOA для обновления политик пользователя"
@ -289,9 +427,530 @@ msgstr "Пропускаем специальный ключ удаления в
 msgid "Read domain name from configuration file"
 msgstr "Имя контроллера домена для репликации прочитано из файла конфигурации"

+msgid "Saving information about environment variables"
+msgstr "Сохранение информации о переменных окружения"
+
 msgid "Unknown debug code"
 msgstr "Неизвестный отладочный код"

+msgid "Running Control applier for machine"
+msgstr "Начато применение Control для машины"
+
+msgid "Setting control"
+msgstr "Установка control"
+
+msgid "Deny_All setting found"
+msgstr "Deny_All настройка найдена"
+
+msgid "Deny_All setting for user"
+msgstr "Deny_All настройка для пользователя"
+
+msgid "Deny_All setting not found"
+msgstr "Deny_All настройка не найдена"
+
+msgid "Deny_All setting not found for user"
+msgstr "Deny_All настройка не найдена для пользователя"
+
+msgid "Running Polkit applier for machine"
+msgstr "Начато применение настроек Polkit для машины"
+
+msgid "Running Polkit applier for user in administrator context"
+msgstr "Начато применение настроек Polkit пользователя в контексте администратора"
+
+msgid "Polkit applier for machine will not be started"
+msgstr "Polkit для машины не запускается"
+
+msgid "Polkit applier for user in administrator context will not be started"
+msgstr "Polkit для пользователя в контексте администратора не запускается"
+
+msgid "Generated file"
+msgstr "Созданный файл"
+
+msgid "Running systemd applier for machine"
+msgstr "Начато применение настроек systemd для машины"
+
+msgid "Running systemd applier for machine will not be started"
+msgstr "Применение настроек systemd для машины не удалось"
+
+msgid "Running GSettings applier for machine"
+msgstr "Запуск применение настроек GSettings для машины"
+
+msgid "GSettings applier for machine will not be started"
+msgstr "Применение настроек GSettings для машины не удалось"
+
+msgid "Removing GSettings policy file from previous run"
+msgstr "Удаление файла политики GSettings от предыдущего запуска"
+
+msgid "Mapping Windows policies to GSettings policies"
+msgstr "Сопоставление политик Windows с политиками GSettings"
+
+msgid "GSettings windows policies mapping not enabled"
+msgstr "Сопоставление политик Windows GSettings не включено"
+
+msgid "Applying user setting"
+msgstr "Применение пользовательских настроек"
+
+msgid "Found GSettings windows mapping"
+msgstr "Найдены соответствия настроек windows-GSettings"
+
+msgid "Running GSettings applier for user in user context"
+msgstr "Запуск применение настроек GSettings в контексте пользователя"
+
+msgid "GSettings applier for user in user context will not be started"
+msgstr "GSettings в контексте пользователя не запускается"
+
+msgid "Applying machine setting"
+msgstr "Применение настроек машины"
+
+msgid "Path not resolved as UNC URI"
+msgstr "Путь не разрешен"
+
+msgid "Getting cached file for URI"
+msgstr "Получение кешированного файла для URI"
+
+msgid "Wrote Firefox preferences to"
+msgstr "Настройки Firefox записаны в"
+
+msgid "Found Firefox profile in"
+msgstr "Найден профиль Firefox в"
+
+msgid "Running Firefox applier for machine"
+msgstr "Запуск применение настроек Firefox для машины"
+
+msgid "Firefox applier for machine will not be started"
+msgstr "Применение настроек Firefox для компьютера не запускается"
+
+msgid "Running Chromium applier for machine"
+msgstr "Запуск применение настроек Chromium для машины"
+
+msgid "Chromium applier for machine will not be started"
+msgstr "Применение настроек Chromium для компьютера не запускается"
+
+msgid "Wrote Chromium preferences to"
+msgstr "Настройки Chromium записаны в"
+
+msgid "Running Shortcut applier for machine"
+msgstr "Запуск применение ярлыков для машины"
+
+msgid "Shortcut applier for machine will not be started"
+msgstr "Применение ярлыков для компьютера не запускается"
+
+msgid "No shortcuts to process for"
+msgstr "Нет ярлыков для обработки"
+
+msgid "Running Shortcut applier for user in user context"
+msgstr "Запуск применение ярлыков  в контексте пользователя"
+
+msgid "Shortcut applier for user in user context will not be started"
+msgstr "Применение ярлыков в контексте пользователя не запускается"
+
+msgid "Running Shortcut applier for user in administrator context"
+msgstr "Запуск применение ярлыков в контексте администратора"
+
+msgid "Shortcut applier for user in administrator context will not be started"
+msgstr "Применение ярлыков в контексте администратора не запускается"
+
+msgid "Try to expand path for shortcut"
+msgstr "Попытка расширить путь для ярлыка"
+
+msgid "Applying shortcut file to"
+msgstr "Применение ярлыка к файлу"
+
+msgid "Running Folder applier for machine"
+msgstr "Запуск применение папок для машины"
+
+msgid "Folder applier for machine will not be started"
+msgstr "Применение папок для машины не запускается"
+
+msgid "Folder creation skipped for machine"
+msgstr "Создание папки для машины пропущено"
+
+msgid "Folder creation skipped for user"
+msgstr "Создание папки для пользователя пропущено"
+
+msgid "Running Folder applier for user in user context"
+msgstr "Запуск применение папок для пользователя в контексте пользователя"
+
+msgid "Folder applier for user in user context will not be started"
+msgstr "Применение папок для пользователя в контексте пользователя не запускается"
+
+msgid "Running CUPS applier for machine"
+msgstr "Запуск применение настроек CUPS для машины"
+
+msgid "CUPS applier for machine will not be started"
+msgstr "Применение настроек CUPS для машины не запускается"
+
+msgid "Running CUPS applier for user in administrator context"
+msgstr "Запуск применение настроек CUPS для пользователя в контексте администратора"
+
+msgid "CUPS applier for user in administrator context will not be started"
+msgstr "Применение настроек CUPS для пользователя в контексте администратора не запускается"
+
+msgid "Running Firewall applier for machine"
+msgstr "Запуск применение настроек Firewall для машины"
+
+msgid "Firewall is enabled"
+msgstr "Firewall включен"
+
+msgid "Firewall is disabled, settings will be reset"
+msgstr "Firewall отключен, настройки будут сброшены"
+
+msgid "Firewall applier will not be started"
+msgstr "Применение настроек Firewall не запускается"
+
+msgid "Running NTP applier for machine"
+msgstr "Запуск применение настроек NTP для машины"
+
+msgid "NTP server is configured to"
+msgstr "Сервер NTP настроен на"
+
+msgid "Starting Chrony daemon"
+msgstr "Запуск демона Chrony"
+
+msgid "Setting reference NTP server to"
+msgstr "Установка эталонного сервера NTP на"
+
+msgid "Stopping Chrony daemon"
+msgstr "Остановка демона Chrony"
+
+msgid "Configuring NTP server..."
+msgstr "Настройка NTP-сервера ..."
+
+msgid "NTP server is enabled"
+msgstr "Сервер NTP включен"
+
+msgid "NTP server is disabled"
+msgstr "NTP сервер отключен"
+
+msgid "NTP server is not configured"
+msgstr "NTP сервер не настроен"
+
+msgid "NTP client is enabled"
+msgstr "Клиент NTP включен"
+
+msgid "NTP client is disabled"
+msgstr "Клиент NTP отключен"
+
+msgid "NTP client is not configured"
+msgstr "NTP клиент не настроен"
+
+msgid "NTP applier for machine will not be started"
+msgstr "Применение настроек NTP для машины не запускается"
+
+msgid "Running Envvar applier for machine"
+msgstr "Запуск применение настроек Envvar для машины"
+
+msgid "Envvar applier for machine will not be started"
+msgstr "Применение настроек Envvar для машины не запускается"
+
+msgid "Running Envvar applier for user in admin context"
+msgstr "Запуск применение настроек Envvar для пользователя в контексте администратора"
+
+msgid "Envvar applier for user in admin context will not be started"
+msgstr "Применение настроек Envvar для пользователя в контексте администратора не запускается"
+
+msgid "Running Package applier for machine"
+msgstr "Запуск установки пакетов для машины"
+
+msgid "Package applier for machine will not be started"
+msgstr "Применение установки пакетов для машины не запускается"
+
+msgid "Running Package applier for user in administrator context"
+msgstr "Запуск установки пакетов для пользователя в контексте администратора"
+
+msgid "Package applier for user in administrator context will not be started"
+msgstr "Применение установки пакетов для пользователя в контексте администратора не запускается"
+
+msgid "Running pkcon_runner to install and remove packages"
+msgstr "Запуск pkcon_runner для установки и удаления пакетов"
+
+msgid "Run apt-get update"
+msgstr "Запускаем apt-get update"
+
+msgid "Error run apt-get update"
+msgstr "Ошибка запуска apt-get update"
+
+msgid "Run user context applier with dropped privileges"
+msgstr "Запуск из контекста пользователя с удаленными привилегиями"
+
+msgid "Run forked process with droped privileges"
+msgstr "Запустить разветвленный процесс с удаленными привилегиями"
+
+msgid "Found connection by org.freedesktop.DBus.GetConnectionUnixProcessID"
+msgstr "Найдено соединение org.freedesktop.DBus.GetConnectionUnixProcessID"
+
+msgid "Kill dbus-daemon and dconf-service in user context"
+msgstr "Остановка dbus-daemon и dconf-service в контексте пользователя"
+
+msgid "Running CIFS applier for user in administrator context"
+msgstr "Запуск применение настроек CIFS для пользователя в контексте администратора"
+
+msgid "CIFS applier for user in administrator context will not be started"
+msgstr "Применение настроек CIFS для пользователя в контексте администратора не запускается"
+
+msgid "Installing the package"
+msgstr "Установка пакета"
+
+msgid "Removing a package"
+msgstr "Удаление пакета"
+
+msgid "Failed to found gsettings for machine"
+msgstr "Не удалось найти настройки gsettings для машины"
+
+msgid "Failed to found user gsettings"
+msgstr "Не удалось найти настройки gsettings пользователя"
+
+msgid "Configure user Group Policy loopback processing mode"
+msgstr "Настройка режима обработки замыкания пользовательской групповой политики"
+
+msgid "Saving information about script"
+msgstr "Сохранение информации о скрипте"
+
+msgid "No machine scripts directory to clean up"
+msgstr "Нет каталога машинных скриптов для очистки"
+
+msgid "No user scripts directory to clean up"
+msgstr "Нет каталога пользовательских скриптов для очистки"
+
+msgid "Prepare Scripts applier for machine"
+msgstr "Подготовка к применению машинных скриптов"
+
+msgid "Scripts applier for machine will not be started"
+msgstr "Применение машинных скриптов не запускается"
+
+msgid "Prepare Scripts applier for user in user context"
+msgstr "Подготовка к применению скриптов пользователя в его контексте"
+
+msgid "Scripts applier for user in user context will not be started"
+msgstr "Применение скриптов пользователя в его контексте не запускается"
+
+msgid "Clean machine scripts directory"
+msgstr "Очистка каталога машинных скриптов"
+
+msgid "Clean user scripts directory"
+msgstr "Очистка каталога пользовательских скриптов"
+
+msgid "Saving information about file"
+msgstr "Сохранение информации о файле"
+
+msgid "Failed to return file path"
+msgstr "Не удалось вернуть путь к файлу"
+
+msgid "Failed to create file"
+msgstr "Не удалось создать файл"
+
+msgid "Failed to delete file"
+msgstr "Не удалось удалить файл"
+
+msgid "Failed to update file"
+msgstr "Не удалось обновить файл"
+
+msgid "Running File copy applier for machine"
+msgstr "Запуск применение настроек копирования файлов для машины"
+
+msgid "Running File copy applier for machine will not be started"
+msgstr "Применение настроек копирования файлов для машины не будет запущено"
+
+msgid "Running File copy applier for user in administrator context"
+msgstr "Запуск применение настроек копирования файлов для пользователя в контексте администратора"
+
+msgid "Running File copy applier for user in administrator context will not be started"
+msgstr "Применение настроек копирования файлов для пользователя в контексте администратора не будет запущено"
+
+msgid "Running ini applier for machine"
+msgstr "Запуск применение настроек ini файлов для машины"
+
+msgid "Running ini applier for machine will not be started"
+msgstr "Применение настроек ini файлов для машины не будет запущено"
+
+msgid "Running ini applier for user in user context"
+msgstr "Запуск применение настроек ini файлов для пользователя в контексте пользователя"
+
+msgid "Running ini applier for user in user context will not be started"
+msgstr "Применение настроек ini файлов для пользователя в контексте пользователя не будет запущено"
+
+msgid "Ini-file path not recognized"
+msgstr "Путь к ini-файлу не распознан"
+
+msgid "Ini-file is not readable"
+msgstr "Ini-файл не читается"
+
+msgid "Saving information about ini-file"
+msgstr "Сохранение информации об ini-файле"
+
+msgid "Dictionary key generation failed"
+msgstr "Формирования ключа словаря не удалось"
+
+msgid "Running CIFS applier for machine"
+msgstr "Запуск применение настроек CIFS для машины"
+
+msgid "CIFS applier for machine will not be started"
+msgstr "Применение настроек CIFS для машины не будет запущено"
+
+msgid "Saving information about network shares"
+msgstr "Сохранение информации о сетевых ресурсах"
+
+msgid "Running networkshare applier for machine"
+msgstr "Запуск применение настроек сетевых каталогов для машины"
+
+msgid "Running networkshare applier for machine will not be starte"
+msgstr "Применение настроек сетевых каталогов для машины не будет запущено"
+
+msgid "Apply network share data action failed"
+msgstr "Не удалось применить действие с данными общего сетевого ресурса"
+
+msgid "Running yandex_browser_applier for machine"
+msgstr "Запуск yandex_browser_applier для машины"
+
+msgid "Yandex_browser_applier for machine will not be started"
+msgstr "Yandex_browser_applier для машины не запустится"
+
+msgid "Wrote YandexBrowser preferences to"
+msgstr "Запись настройки Яндекс Браузера в"
+
+msgid "Running networkshare applier for user"
+msgstr "Запуск применение настроек сетевых каталогов для пользователя"
+
+msgid "File copy"
+msgstr "Копирование файла"
+
+msgid "Running networkshare applier for user will not be started"
+msgstr "Применение настроек сетевых каталогов для пользователя не будет запущено"
+
+msgid "File update"
+msgstr "Обновление файла"
+
+msgid "Applying settings for network share"
+msgstr "Применение настроек для сетевой папки"
+
+msgid "Deleting a file"
+msgstr "Удаление файла"
+
+msgid "Running GPOA by root for user"
+msgstr "Запуск GPOA от root для пользователя"
+
+msgid "The GPOA process was started for computer"
+msgstr "Процесс GPOA запущен для компьютера"
+
+msgid "Running networkshare applier for machine will not be started"
+msgstr "Применение настроек сетевых каталогов для машины не будет запущено"
+
+msgid "Failed to create a symlink to the network drives mountpoint"
+msgstr "Не удалось создать ссылку на точку монтирования сетевых дисков пользователя"
+
+msgid "Failed to create a symlink to the system network drives mountpoint"
+msgstr "Не удалось создать ссылку на точку монтирования системных сетевых дисков"
+
+msgid "Failed to create a symlink to the hidden network drives mountpoint"
+msgstr "Не удалось создать ссылку на точку монтирования скрытых сетевых дисков пользователя"
+
+msgid "Failed to create a symlink to the hidden system network drives mountpoint"
+msgstr "Не удалось создать ссылку на точку монтирования скрытых системных сетевых дисков"
+
+msgid "Running KDE applier for machine"
+msgstr "Запуск применения настроек KDE для машины"
+
+msgid "KDE applier for machine will not be started"
+msgstr "Применение настроек KDE для машины не удалось"
+
+msgid "Running KDE applier for user in user context"
+msgstr "Запуск применения настроек KDE в контексте пользователя"
+
+msgid "KDE applier for user in user context will not be started"
+msgstr "KDE в контексте пользователя не запускается"
+
+msgid "Changing the configuration file"
+msgstr "Изменение конфигурационного файла"
+
+msgid "Widget command completed successfully"
+msgstr "Команда для виджетов выполнена успешно"
+
+msgid "Getting a list of keys"
+msgstr "Получение списка ключей"
+
+msgid "Getting the key value"
+msgstr "Получение значения ключа"
+
+msgid "Successfully updated dconf database"
+msgstr "База данных dconf успешно обновлена"
+
+msgid "Creating a dictionary with keys and values from the dconf database"
+msgstr "Формирование словаря с ключами и значениями из базы dconf"
+
+msgid "No entry found for the specified path"
+msgstr "Не найдено записей по указанному пути"
+
+msgid "Creating an ini file with policies for dconf"
+msgstr "Создание ini-файла с политиками для  dconf"
+
+msgid "GPO version was not found"
+msgstr "Версия GPO не найдена"
+
+msgid "SYSVOL entry found in cache"
+msgstr "Запись SYSVOL найдена в кеше"
+
+msgid "Wrote Thunderbird preferences to"
+msgstr "Настройки Thunderbird записаны в"
+
+msgid "Running Thunderbird applier for machine"
+msgstr "Запуск применение настроек Thunderbird для машины"
+
+msgid "Thunderbird applier for machine will not be started"
+msgstr "Применение настроек Thunderbird для компьютера не запускается"
+
+msgid "The environment file has been cleaned"
+msgstr "Файл environment очищен"
+
+msgid  "Cleanup of file environment failed"
+msgstr "Очистка файла environment не удалась"
+
+msgid "Failed to get dictionary"
+msgstr "Не удалось получить словарь"
+
+msgid "LAPS applier started"
+msgstr "Запущен обработчик LAPS"
+
+msgid "LAPS applier is disabled"
+msgstr "Обработчик LAPS отключен"
+
+msgid "Rebooting system after password change"
+msgstr "Перезагрузка системы после смены пароля"
+
+msgid "Password changed"
+msgstr "Пароль изменён"
+
+msgid "Writing password changes time"
+msgstr "Запись времени изменения пароля"
+
+msgid "Requirements not met"
+msgstr "Требования не выполнены"
+
+msgid "The number of hours from the moment of the last user entrance"
+msgstr "Количество часов с момента последнего входа пользователя"
+
+msgid "The number of hours since the password has last changed"
+msgstr "Количество часов с момента последнего изменения пароля"
+
+msgid "LDAP updated with new password data"
+msgstr "LDAP обновлён новыми данными пароля"
+
+msgid "No active sessions found"
+msgstr "Активные сеансы не найдены"
+
+msgid "Process terminated"
+msgstr "Процесс завершён"
+
+msgid "Password update not needed"
+msgstr "Обновление пароля не требуется"
+
+msgid "Password successfully updated"
+msgstr "Пароль успешно обновлён"
+
+msgid "Cleaning the autofs catalog"
+msgstr "Очистка каталога autofs"
+
+# Debug_end
+
 # Warning
 msgid "Unable to perform gpupdate for non-existent user, will update machine settings"
 msgstr "Невозможно запустить gpupdate для несуществующего пользователя, будут обновлены настройки машины"
@ -312,6 +971,99 @@ msgstr "Пакет ADP не установлен, плагин не будет
 msgid "Unknown warning code"
 msgstr "Неизвестный код предупреждения"

+msgid "Unable to resolve GSettings parameter"
+msgstr "Не удалось установить параметр GSettings"
+
+msgid "No home directory exists for user"
+msgstr "Для пользователя не существует домашнего каталога"
+
+msgid "User's shortcut not placed to home directory"
+msgstr "Ярлык пользователя не помещен в домашний каталог"
+
+msgid "CUPS is not installed: no printer settings will be deployed"
+msgstr "CUPS не установлен: настройки принтера не будут развернуты"
+
+msgid "Unsupported NTP server type"
+msgstr "Неподдерживаемый тип сервера NTP"
+
+msgid "Failed to read the list of files"
+msgstr "Не удалось прочитать список файлов"
+
+msgid "Failed to caching the file"
+msgstr "Не удалось кэшировать файл"
+
+msgid "Could not create a valid list of keys"
+msgstr "Не удалось создать допустимый список ключей"
+
+msgid "Failed to copy file"
+msgstr "Не удалось скопировать файл"
+
+msgid "Failed to create KDE settings list"
+msgstr "Не удалось создать список настроек KDE"
+
+msgid "Could not find tools to configure KDE"
+msgstr "Не удалось найти инструменты для настройки KDE"
+
+msgid "Failed to open KDE settings"
+msgstr "Не удалось открыть настройки KDE"
+
+msgid "Failed to change KDE configuration file"
+msgstr "Не удалось изменить файл конфигурации KDE"
+
+msgid "Error connecting to server"
+msgstr "Ошибка при подключении к серверу"
+
+msgid "Wallpaper configuration file not found"
+msgstr "Конфигурационный файл для обоев не найден"
+
+msgid "The user setting was not installed, conflict with computer setting"
+msgstr "Пользовательская настройка не была установлена, конфликт с настройкой компьютера"
+
+msgid "Action for ini file failed"
+msgstr "Не удалось выполнить действие для INI-файла"
+
+msgid "Couldn't get the uid"
+msgstr "Не удалось получить uid"
+
+msgid "Failed to load content from remote host"
+msgstr "Не удалось загрузить контент с удаленного узла"
+
+msgid "Force mode activated"
+msgstr "Режим force задействован"
+
+msgid "Failed to change password"
+msgstr "Не удалось изменить пароль"
+
+msgid "Failed to write password modification time"
+msgstr "Не удалось записать время изменения пароля"
+
+msgid "LAPS requirements not met, module disabled"
+msgstr "Требования LAPS не выполнены, модуль отключён"
+
+msgid "Could not resolve encryption principal name. Return admin group SID"
+msgstr "Не удалось определить имя шифрования. Возвращён SID группы администраторов"
+
+msgid "Failed to get expiration time from LDAP"
+msgstr "Не удалось получить время истечения срока действия из LDAP"
+
+msgid "Failed to read password modification time from dconf"
+msgstr "Не удалось прочитать время изменения пароля из dconf"
+
+msgid "Failed to get last login time"
+msgstr "Не удалось получить время последнего входа"
+
+msgid "Failed to calculate password age"
+msgstr "Не удалось вычислить возраст пароля"
+
+msgid "Failed to terminate process"
+msgstr "Не удалось завершить процесс"
+
+msgid "The user was not found to change the password"
+msgstr "Пользователь для изменения пароля не был найден"
+
+msgid "Error while cleaning the autofs catalog"
+msgstr "Ошибка при очистке каталога autofs"
+
 # Fatal
 msgid "Unable to refresh GPO list"
 msgstr "Невозможно обновить список объектов групповых политик"
--- a/gpoa/messages/init.py
+++ b/gpoa/messages/init.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -23,6 +23,15 @@ def info_code(code):
    info_ids = dict()
    info_ids[1] = 'Got GPO list for username'
    info_ids[2] = 'Got GPO'
+    info_ids[3] = 'Working with control'
+    info_ids[4] = 'Working with systemd'
+    info_ids[5] = 'Unable to work with systemd unit'
+    info_ids[6] = 'Starting systemd unit'
+    info_ids[7] = 'Firefox policy'
+    info_ids[8] = 'Chromium policy'
+    info_ids[9] = 'Set user property to'
+    info_ids[10] = 'The line in the configuration file was cleared'
+    info_ids[11] = 'Found GPT in cache'

    return info_ids.get(code, 'Unknown info code')

@ -57,7 +66,52 @@ def error_code(code):
    error_ids[27] = 'Error merging user GPT'
    error_ids[28] = 'Error merging machine part of GPT'
    error_ids[29] = 'Error merging user part of GPT'
-
+    error_ids[30] = 'Error occured while running dropped privileges process for user context appliers'
+    error_ids[31] = 'Error connecting to DBus Session daemon'
+    error_ids[32] = 'No reply from DBus Session'
+    error_ids[33] = 'Error occured while running forked process with dropped privileges'
+    error_ids[34] = 'Error running GPOA directly for computer'
+    error_ids[35] = 'Error caching URI to file'
+    error_ids[36] = 'Error getting cached file for URI'
+    error_ids[37] = 'Error caching file URIs'
+    error_ids[38] = 'Unable to cache specified URI'
+    error_ids[39] = 'Unable to work with control'
+    error_ids[40] = 'Control applier for machine will not be started'
+    error_ids[41] = 'Error getting control'
+    error_ids[42] = 'Is not in possible values for control'
+    error_ids[43] = 'Unable to set'
+    error_ids[44] = 'Unable to generate file'
+    error_ids[45] = 'Failed applying unit'
+    error_ids[46] = 'Unable to start systemd unit'
+    error_ids[47] = 'Unable to cache specified URI for machine'
+    error_ids[48] = 'Error recompiling global GSettings schemas'
+    error_ids[49] = 'Error update configuration dconf'
+    error_ids[50] = 'Unable to cache specified URI for user'
+    error_ids[52] = 'Error during attempt to read Chromium preferences for user'
+    error_ids[53] = 'Fail for applying shortcut to file with \'%\''
+    error_ids[54] = 'Fail for applying shortcut to not absolute path'
+    error_ids[55] = 'Error running pkcon_runner sync for machine'
+    error_ids[56] = 'Error run apt-get update'
+    error_ids[57] = 'Package install error'
+    error_ids[58] = 'Package remove error'
+    error_ids[59] = 'Is not in possible values for control'
+    error_ids[60] = 'Error running pkcon_runner sync for user'
+    error_ids[61] = 'Error running pkcon_runner async for machine'
+    error_ids[62] = 'Error running pkcon_runner async for user'
+    error_ids[63] = 'Error merging user GPT (from machine GPO)'
+    error_ids[64] = 'Error to cleanup directory for machine'
+    error_ids[65] = 'Error to cleanup directory for user'
+    error_ids[66] = 'Error while executing command for widgets'
+    error_ids[67] = 'Error creating environment variables'
+    error_ids[68] = 'Error running kwriteconfig5 command'
+    error_ids[69] = 'Error getting list of keys'
+    error_ids[70] = 'Error getting key value'
+    error_ids[71] = 'Failed to update dconf database'
+    error_ids[72] = 'Exception occurred while updating dconf database'
+    error_ids[73] = 'Failed to retrieve data from dconf database'
+    error_ids[74] = 'Autofs restart failed'
+    error_ids[75] = 'Failed to update LDAP with new password data'
+    error_ids[76] = 'Failed to change local user password'
    return error_ids.get(code, 'Unknown error code')

 def debug_code(code):
@ -114,6 +168,184 @@ def debug_code(code):
    debug_ids[50] = 'Finished GPO replication from AD DC'
    debug_ids[51] = 'Skipping HKCU branch deletion key'
    debug_ids[52] = 'Read domain name from configuration file'
+    debug_ids[53] = 'Saving information about environment variables'
+    debug_ids[54] = 'Run forked process with droped privileges'
+    debug_ids[55] = 'Run user context applier with dropped privileges'
+    debug_ids[56] = 'Kill dbus-daemon and dconf-service in user context'
+    debug_ids[57] = 'Found connection by org.freedesktop.DBus.GetConnectionUnixProcessID'
+    debug_ids[58] = 'Connection search return org.freedesktop.DBus.Error.NameHasNoOwner'
+    debug_ids[59] = 'Running GPOA without GPT update directly for user'
+    debug_ids[60] = 'Running GPOA by root for user'
+    debug_ids[61] = 'The GPOA process was started for computer'
+    debug_ids[62] = 'Path not resolved as UNC URI'
+    debug_ids[63] = 'Delete HKLM branch key'
+    debug_ids[64] = 'Delete HKCU branch key'
+    debug_ids[65] = 'Delete HKLM branch key error'
+    debug_ids[66] = 'Delete HKCU branch key error'
+    debug_ids[67] = 'Running Control applier for machine'
+    debug_ids[68] = 'Setting control'
+    debug_ids[69] = 'Deny_All setting found'
+    debug_ids[70] = 'Deny_All setting for user'
+    debug_ids[71] = 'Deny_All setting not found'
+    debug_ids[72] = 'Deny_All setting not found for user'
+    debug_ids[73] = 'Running Polkit applier for machine'
+    debug_ids[74] = 'Running Polkit applier for user in administrator context'
+    debug_ids[75] = 'Polkit applier for machine will not be started'
+    debug_ids[76] = 'Polkit applier for user in administrator context will not be started'
+    debug_ids[77] = 'Generated file'
+    debug_ids[78] = 'Running systemd applier for machine'
+    debug_ids[79] = 'Running systemd applier for machine will not be started'
+    debug_ids[80] = 'Running GSettings applier for machine'
+    debug_ids[81] = 'GSettings applier for machine will not be started'
+    debug_ids[82] = 'Removing GSettings policy file from previous run'
+    debug_ids[83] = 'Mapping Windows policies to GSettings policies'
+    debug_ids[84] = 'GSettings windows policies mapping not enabled'
+    debug_ids[85] = 'Applying user setting'
+    debug_ids[86] = 'Found GSettings windows mapping'
+    debug_ids[87] = 'Running GSettings applier for user in user context'
+    debug_ids[88] = 'GSettings applier for user in user context will not be started'
+    debug_ids[89] = 'Applying machine setting'
+    debug_ids[90] = 'Getting cached file for URI'
+    debug_ids[91] = 'Wrote Firefox preferences to'
+    debug_ids[92] = 'Found Firefox profile in'
+    debug_ids[93] = 'Running Firefox applier for machine'
+    debug_ids[94] = 'Firefox applier for machine will not be started'
+    debug_ids[95] = 'Running Chromium applier for machine'
+    debug_ids[96] = 'Chromium applier for machine will not be started'
+    debug_ids[97] = 'Wrote Chromium preferences to'
+    debug_ids[98] = 'Running Shortcut applier for machine'
+    debug_ids[99] = 'Shortcut applier for machine will not be started'
+    debug_ids[100] = 'No shortcuts to process for'
+    debug_ids[101] = 'Running Shortcut applier for user in user context'
+    debug_ids[102] = 'Shortcut applier for user in user context will not be started'
+    debug_ids[103] = 'Running Shortcut applier for user in administrator context'
+    debug_ids[104] = 'Shortcut applier for user in administrator context will not be started'
+    debug_ids[105] = 'Try to expand path for shortcut'
+    debug_ids[106] = 'Applying shortcut file to'
+    debug_ids[107] = 'Running Folder applier for machine'
+    debug_ids[108] = 'Folder applier for machine will not be started'
+    debug_ids[109] = 'Folder creation skipped for machine'
+    debug_ids[110] = 'Folder creation skipped for user'
+    debug_ids[111] = 'Running Folder applier for user in user context'
+    debug_ids[112] = 'Folder applier for user in user context will not be started'
+    debug_ids[113] = 'Running CUPS applier for machine'
+    debug_ids[114] = 'CUPS applier for machine will not be started'
+    debug_ids[115] = 'Running CUPS applier for user in administrator context'
+    debug_ids[116] = 'CUPS applier for user in administrator context will not be started'
+    debug_ids[117] = 'Running Firewall applier for machine'
+    debug_ids[118] = 'Firewall is enabled'
+    debug_ids[119] = 'Firewall is disabled, settings will be reset'
+    debug_ids[120] = 'Firewall applier will not be started'
+    debug_ids[121] = 'Running NTP applier for machine'
+    debug_ids[122] = 'NTP server is configured to'
+    debug_ids[123] = 'Starting Chrony daemon'
+    debug_ids[124] = 'Setting reference NTP server to'
+    debug_ids[125] = 'Stopping Chrony daemon'
+    debug_ids[126] = 'Configuring NTP server...'
+    debug_ids[127] = 'NTP server is enabled'
+    debug_ids[128] = 'NTP server is disabled'
+    debug_ids[129] = 'NTP server is not configured'
+    debug_ids[130] = 'NTP client is enabled'
+    debug_ids[131] = 'NTP client is disabled'
+    debug_ids[132] = 'NTP client is not configured'
+    debug_ids[133] = 'NTP applier for machine will not be started'
+    debug_ids[134] = 'Running Envvar applier for machine'
+    debug_ids[135] = 'Envvar applier for machine will not be started'
+    debug_ids[136] = 'Running Envvar applier for user in admin context'
+    debug_ids[137] = 'Envvar applier for user in admin context will not be started'
+    debug_ids[138] = 'Running Package applier for machine'
+    debug_ids[139] = 'Package applier for machine will not be started'
+    debug_ids[140] = 'Running Package applier for user in administrator context'
+    debug_ids[141] = 'Package applier for user in administrator context will not be started'
+    debug_ids[142] = 'Running pkcon_runner to install and remove packages'
+    debug_ids[143] = 'Run apt-get update'
+    debug_ids[144] = 'Unable to cache specified URI'
+    debug_ids[145] = 'Unable to cache specified URI for machine'
+    debug_ids[146] = 'Running CIFS applier for user in administrator context'
+    debug_ids[147] = 'CIFS applier for user in administrator context will not be started'
+    debug_ids[148] = 'Installing the package'
+    debug_ids[149] = 'Removing a package'
+    debug_ids[150] = 'Failed to found gsettings for machine'
+    debug_ids[151] = 'Failed to found user gsettings'
+    debug_ids[152] = 'Configure user Group Policy loopback processing mode'
+    debug_ids[153] = 'Saving information about script'
+    debug_ids[154] = 'No machine scripts directory to clean up'
+    debug_ids[155] = 'No user scripts directory to clean up'
+    debug_ids[156] = 'Prepare Scripts applier for machine'
+    debug_ids[157] = 'Scripts applier for machine will not be started'
+    debug_ids[158] = 'Prepare Scripts applier for user in user context'
+    debug_ids[159] = 'Scripts applier for user in user context will not be started'
+    debug_ids[160] = 'Clean machine scripts directory'
+    debug_ids[161] = 'Clean user scripts directory'
+    debug_ids[162] = 'Saving information about file'
+    debug_ids[163] = 'Failed to return file path'
+    debug_ids[164] = 'Failed to create file'
+    debug_ids[165] = 'Failed to delete file'
+    debug_ids[166] = 'Failed to update file'
+    debug_ids[167] = 'Running File copy applier for machine'
+    debug_ids[168] = 'Running File copy applier for machine will not be started'
+    debug_ids[169] = 'Running File copy applier for user in administrator context'
+    debug_ids[170] = 'Running File copy applier for user in administrator context will not be started'
+    debug_ids[171] = 'Running ini applier for machine'
+    debug_ids[172] = 'Running ini applier for machine will not be started'
+    debug_ids[173] = 'Running ini applier for user in user context'
+    debug_ids[174] = 'Running ini applier for user in user context will not be started'
+    debug_ids[175] = 'Ini-file path not recognized'
+    debug_ids[176] = 'Ini-file is not readable'
+    debug_ids[177] = 'Saving information about ini-file'
+    debug_ids[178] = 'Dictionary key generation failed'
+    debug_ids[179] = 'Running CIFS applier for machine'
+    debug_ids[180] = 'CIFS applier for machine will not be started'
+    debug_ids[181] = 'Running networkshare applier for machine will not be started'
+    debug_ids[182] = 'Apply network share data action failed'
+    debug_ids[183] = 'Running yandex_browser_applier for machine'
+    debug_ids[184] = 'Yandex_browser_applier for machine will not be started'
+    debug_ids[185] = 'Wrote YandexBrowser preferences to'
+    debug_ids[186] = 'Saving information about network shares'
+    debug_ids[187] = 'Running networkshare applier for machine'
+    debug_ids[188] = 'Running networkshare applier for user'
+    debug_ids[189] = 'Running networkshare applier for user will not be started'
+    debug_ids[190] = 'Applying settings for network share'
+    debug_ids[191] = 'File copy'
+    debug_ids[192] = 'File update'
+    debug_ids[193] = 'Deleting a file'
+    debug_ids[194] = 'Failed to create a symlink to the network drives mountpoint'
+    debug_ids[195] = 'Failed to create a symlink to the system network drives mountpoint'
+    debug_ids[196] = 'Failed to create a symlink to the hidden network drives mountpoint'
+    debug_ids[197] = 'Failed to create a symlink to the hidden system network drives mountpoint'
+    debug_ids[198] = 'Running KDE applier for machine'
+    debug_ids[199] = 'KDE applier for machine will not be started'
+    debug_ids[200] = 'Running KDE applier for user in user context'
+    debug_ids[201] = 'KDE applier for user in user context will not be started'
+    debug_ids[202] = 'Changing the configuration file'
+    debug_ids[203] = 'Widget command completed successfully'
+    debug_ids[204] = 'Getting a list of keys'
+    debug_ids[205] = 'Getting the key value'
+    debug_ids[206] = 'Successfully updated dconf database'
+    debug_ids[207] = 'Creating a dictionary with keys and values from the dconf database'
+    debug_ids[208] = 'No entry found for the specified path'
+    debug_ids[209] = 'Creating an ini file with policies for dconf'
+    debug_ids[211] = 'SYSVOL entry found in cache'
+    debug_ids[212] = 'Wrote Thunderbird preferences to'
+    debug_ids[213] = 'Running Thunderbird applier for machine'
+    debug_ids[214] = 'Thunderbird applier for machine will not be started'
+    debug_ids[215] = 'The environment file has been cleaned'
+    debug_ids[216] = 'Cleanup of file environment failed'
+    debug_ids[217] = 'Failed to get dictionary'
+    debug_ids[218] = 'LAPS applier started'
+    debug_ids[219] = 'LAPS applier is disabled'
+    debug_ids[220] = 'Rebooting system after password change'
+    debug_ids[221] = 'Password changed'
+    debug_ids[222] = 'Writing password changes time'
+    debug_ids[223] = 'Requirements not met'
+    debug_ids[224] = 'The number of hours from the moment of the last user entrance'
+    debug_ids[225] = 'The number of hours since the password has last changed'
+    debug_ids[226] = 'LDAP updated with new password data'
+    debug_ids[227] = 'No active sessions found'
+    debug_ids[228] = 'Process terminated'
+    debug_ids[229] = 'Password update not needed'
+    debug_ids[230] = 'Password successfully updated'
+    debug_ids[231] = 'Cleaning the autofs catalog'

    return debug_ids.get(code, 'Unknown debug code')

@ -130,6 +362,38 @@ def warning_code(code):
    warning_ids[3] = 'oddjobd is inaccessible'
    warning_ids[4] = 'No SYSVOL entry assigned to GPO'
    warning_ids[5] = 'ADP package is not installed - plugin will not be initialized'
+    warning_ids[6] = 'Unable to resolve GSettings parameter'
+    warning_ids[7] = 'No home directory exists for user'
+    warning_ids[8] = 'User\'s shortcut not placed to home directory'
+    warning_ids[9] = 'CUPS is not installed: no printer settings will be deployed'
+    warning_ids[10] = 'Unsupported NTP server type'
+    warning_ids[11] = 'Unable to refresh GPO list'
+    warning_ids[12] = 'Failed to read the list of files'
+    warning_ids[13] = 'Failed to caching the file'
+    warning_ids[14] = 'Could not create a valid list of keys'
+    warning_ids[15] = 'Failed to copy file'
+    warning_ids[16] = 'Failed to create KDE settings list'
+    warning_ids[17] = 'Could not find tools to configure KDE'
+    warning_ids[18] = 'Failed to open KDE settings'
+    warning_ids[19] = 'Failed to change KDE configuration file'
+    warning_ids[20] = 'Error connecting to server'
+    warning_ids[21] = 'Wallpaper configuration file not found'
+    warning_ids[22] = 'The user setting was not installed, conflict with computer setting'
+    warning_ids[23] = 'Action for ini file failed'
+    warning_ids[24] = 'Couldn\'t get the uid'
+    warning_ids[25] = 'Failed to load content from remote host'
+    warning_ids[26] = 'Force mode activated'
+    warning_ids[27] = 'Failed to change password'
+    warning_ids[28] = 'Failed to write password modification time'
+    warning_ids[29] = 'LAPS requirements not met, module disabled'
+    warning_ids[30] = 'Could not resolve encryption principal name. Return admin group SID'
+    warning_ids[31] = 'Failed to get expiration time from LDAP'
+    warning_ids[32] = 'Failed to read password modification time from dconf'
+    warning_ids[33] = 'Failed to get last login time'
+    warning_ids[34] = 'Failed to calculate password age'
+    warning_ids[35] = 'Failed to terminate process'
+    warning_ids[36] = 'The user was not found to change the password'
+    warning_ids[37] = 'Error while cleaning the autofs catalog'

    return warning_ids.get(code, 'Unknown warning code')

--- a/gpoa/pkcon_runner
+++ b/gpoa/pkcon_runner
@ -0,0 +1,148 @@
+#!/usr/bin/python3
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2020 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import rpm
+import subprocess
+from gpoa.storage import registry_factory
+from util.gpoa_ini_parsing import GpoaConfigObj
+from util.util import get_uid_by_username, string_to_literal_eval
+import logging
+from util.logging import log
+import argparse
+import gettext
+import locale
+
+
+def is_rpm_installed(rpm_name):
+    '''
+    Check if the package named 'rpm_name' is installed
+    '''
+    ts = rpm.TransactionSet()
+    pm = ts.dbMatch('name', rpm_name)
+    if pm.count() > 0:
+        return True
+
+    return False
+
+class Pkcon_applier:
+
+    def __init__(self, user = None):
+        install_key_name = 'Install'
+        remove_key_name = 'Remove'
+        hklm_branch = 'Software/BaseALT/Policies/Packages'
+        self.__install_command = ['/usr/bin/pkcon', '-y', 'install']
+        self.__remove_command = ['/usr/bin/pkcon', '-y', 'remove']
+        self.__reinstall_command = ['/usr/bin/pkcon', '-y', 'reinstall']
+        self.install_packages = set()
+        self.remove_packages = set()
+        self.storage = registry_factory()
+        if user:
+            uid = get_uid_by_username(user)
+            dict_dconf_db = self.storage.get_dictionary_from_dconf_file_db(uid)
+        else:
+            dict_dconf_db = self.storage.get_dictionary_from_dconf_file_db()
+        dict_packages = dict_dconf_db.get(hklm_branch,{})
+        self.install_packages_setting = string_to_literal_eval(dict_packages.get(install_key_name,[]))
+        self.remove_packages_setting = string_to_literal_eval(dict_packages.get(remove_key_name,[]))
+
+        for package in self.install_packages_setting:
+            package = package.strip()
+            if not is_rpm_installed(package):
+                self.install_packages.add(package)
+        for package in self.remove_packages_setting:
+            package = package.strip()
+            if package in self.install_packages:
+                self.install_packages.remove(package)
+            if is_rpm_installed(package):
+                self.remove_packages.add(package)
+
+    def apply(self):
+        log('D142')
+        self.update()
+        for package in self.remove_packages:
+            try:
+                logdata = dict()
+                logdata['name'] = package
+                log('D149', logdata)
+                self.remove_pkg(package)
+            except Exception as exc:
+                logdata = dict()
+                logdata['exc'] = exc
+                log('E58', logdata)
+
+        for package in self.install_packages:
+           try:
+                logdata = dict()
+                logdata['name'] = package
+                log('D148', logdata)
+                self.install_pkg(package)
+           except Exception as exc:
+                logdata = dict()
+                logdata['exc'] = exc
+                log('E57', logdata)
+
+
+    def install_pkg(self, package_name):
+        fullcmd = list(self.__install_command)
+        fullcmd.append(package_name)
+        return subprocess.check_output(fullcmd)
+
+    def reinstall_pkg(self, package_name):
+        pass
+
+    def remove_pkg(self, package_name):
+        fullcmd = self.__remove_command
+        fullcmd.append(package_name)
+        return subprocess.check_output(fullcmd)
+
+    def update(self):
+        '''
+        Update APT-RPM database.
+        '''
+        try:
+            res =  subprocess.check_output(['/usr/bin/apt-get', 'update'], encoding='utf-8')
+            msg =  str(res).split('\n')
+            logdata = dict()
+            for mslog in msg:
+                ms =  str(mslog).split(' ')
+                if ms:
+                    logdata = {ms[0]: ms[1:-1]}
+                log('D143', logdata)
+        except Exception as exc:
+            logdata = dict()
+            logdata['msg'] = exc
+            log('E56',logdata)
+
+if __name__ == '__main__':
+    locale.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
+    gettext.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
+    gettext.textdomain('gpoa')
+    logger = logging.getLogger()
+    parser = argparse.ArgumentParser(description='Package applier')
+    parser.add_argument('--user', type = str, help = 'user', nargs = '?', default = None)
+    parser.add_argument('--loglevel', type = int, help = 'loglevel', nargs = '?', default = 30)
+
+    args = parser.parse_args()
+    logger.setLevel(args.loglevel)
+    if args.user:
+        applier = Pkcon_applier(args.user)
+    else:
+        applier = Pkcon_applier()
+    applier.apply()
+
--- a/gpoa/plugin/plugin_manager.py
+++ b/gpoa/plugin/plugin_manager.py
@ -35,6 +35,6 @@ class plugin_manager:
            logging.warning(slogm(str(exc)))

    def run(self):
-        self.plugins.get('adp', plugin('adp')).run()
+        #self.plugins.get('adp', plugin('adp')).run()
        self.plugins.get('roles', plugin('roles')).run()

--- a/gpoa/scripts_runner
+++ b/gpoa/scripts_runner
@ -0,0 +1,156 @@
+#!/usr/bin/python3
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2022 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import subprocess
+import argparse
+import os
+from pathlib import Path
+import psutil
+import time
+
+class Scripts_runner:
+    '''
+    A class for an object that iterates over directories with scripts
+    in the desired sequence and launches them
+    '''
+    def __init__(self, work_mode = None,  user_name = None, action = None):
+        self.dir_scripts_machine = '/var/cache/gpupdate_scripts_cache/machine/'
+        self.dir_scripts_users = '/var/cache/gpupdate_scripts_cache/users/'
+        self.user_name = user_name
+        self.list_with_all_commands = list()
+        stack_dir = None
+        if work_mode and work_mode.upper() == 'MACHINE':
+            stack_dir = self.machine_runner_fill()
+        elif work_mode and work_mode.upper() == 'USER':
+            stack_dir = self.user_runner_fill()
+        else:
+            print('Invalid arguments entered')
+            return
+        if action:
+            self.action = action.upper()
+        else:
+            print('Action needed')
+            return
+
+        self.find_action(stack_dir)
+        for it_cmd in self.list_with_all_commands:
+            print(self.run_cmd_subprocess(it_cmd))
+
+    def user_runner_fill(self):
+        return self.get_stack_dir(self.dir_scripts_users + self.user_name)
+
+    def machine_runner_fill(self):
+        return self.get_stack_dir(self.dir_scripts_machine)
+
+    def get_stack_dir(self, path_dir):
+        stack_dir = list()
+        try:
+            dir_script = Path(path_dir)
+            for it_dir in dir_script.iterdir():
+                stack_dir.append(str(it_dir))
+            return stack_dir
+        except Exception as exc:
+            print(exc)
+            return None
+
+    def find_action(self, stack_dir):
+        if not stack_dir:
+            return
+        list_tmp = list()
+        while stack_dir:
+            path_turn = stack_dir.pop()
+            basename = os.path.basename(path_turn)
+            if basename == self.action:
+                list_tmp = self.get_stack_dir(path_turn)
+        if list_tmp:
+            self.fill_list_cmd(list_tmp)
+
+
+    def fill_list_cmd(self, list_tmp):
+        list_tmp = sorted(list_tmp)
+        for file_in_task_dir in list_tmp:
+            suffix = os.path.basename(file_in_task_dir)[-4:]
+            if suffix == '.arg':
+                try:
+                    arg = self.read_args(file_in_task_dir)
+                    for it_arg in arg.split():
+                        self.list_with_all_commands[-1].append(it_arg)
+                except Exception as exc:
+                    print('Argument read for {}: {}'.format(self.list_with_all_commands.pop(), exc))
+            else:
+                cmd = list()
+                cmd.append(file_in_task_dir)
+                self.list_with_all_commands.append(cmd)
+
+
+    def read_args(self, path):
+        with open(path + '/arg') as f:
+            args = f.readlines()
+        return args[0]
+
+    def run_cmd_subprocess(self, cmd):
+        try:
+            subprocess.run(cmd)
+            return 'Script run: {}'.format(cmd)
+        except Exception as exc:
+            return exc
+
+def find_process_by_name_and_script(name, script_path):
+
+    for proc in psutil.process_iter(['pid', 'name', 'cmdline']):
+        try:
+            # Check if the process name matches and the script path is in the command line arguments
+            if proc.info['name'] == name and script_path in proc.info['cmdline']:
+                return proc
+        except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):
+            continue
+    return None
+
+def wait_for_process(name, script_path, check_interval=1):
+
+    process = find_process_by_name_and_script(name, script_path)
+    if not process:
+        print(f"Process with name {name} and script path {script_path} not found.")
+        return
+
+    try:
+        # Loop to wait for the process to finish
+        while process.is_running():
+            print(f"Waiting for process {name} with PID {process.pid} to finish...")
+            time.sleep(check_interval)
+        print(f"Process {name} with PID {process.pid} has finished.")
+        return
+    except (psutil.NoSuchProcess, psutil.AccessDenied):
+        print(f"Process {name} with PID {process.pid} is no longer accessible.")
+        return
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Scripts runner')
+    parser.add_argument('--mode', type = str, help = 'MACHINE or USER', nargs = '?', default = None)
+    parser.add_argument('--user', type = str, help = 'User name ', nargs = '?', default = None)
+    parser.add_argument('--action', type = str, help = 'MACHINE : [STARTUP or SHUTDOWN], USER : [LOGON or LOGOFF]', nargs = '?', default = None)
+
+    process_name = "python3"
+    script_path = "/usr/sbin/gpoa"
+    wait_for_process(process_name, script_path)
+    args = parser.parse_args()
+    try:
+        Scripts_runner(args.mode, args.user, args.action)
+    except Exception as exc:
+        print(exc)
--- a/gpoa/storage/init.py
+++ b/gpoa/storage/init.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2023 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -16,12 +16,19 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-from .sqlite_registry import sqlite_registry
-from .sqlite_cache import sqlite_cache

-def cache_factory(cache_name):
-    return sqlite_cache(cache_name)
+from storage.dconf_registry import Dconf_registry

-def registry_factory(registry_name='registry', registry_dir=None):
-    return sqlite_registry(registry_name, registry_dir)
+def registry_factory(registry_name='', envprofile=None , username=None):
+    if username:
+        Dconf_registry._username = username
+    else:
+        Dconf_registry._envprofile = 'system'
+    if envprofile:
+        Dconf_registry._envprofile = envprofile
+
+    if registry_name == 'dconf':
+        return Dconf_registry()
+    else:
+        return Dconf_registry

--- a/gpoa/storage/dconf_registry.py
+++ b/gpoa/storage/dconf_registry.py
@ -0,0 +1,861 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2023 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import subprocess
+from pathlib import Path
+from util.util import (string_to_literal_eval,
+                       try_dict_to_literal_eval,
+                       touch_file, get_uid_by_username,
+                       add_prefix_to_keys,
+                       remove_keys_with_prefix,
+                       clean_data)
+from util.paths import get_dconf_config_path
+from util.logging import log
+import re
+from collections import OrderedDict
+import itertools
+from gpt.dynamic_attributes import RegistryKeyMetadata
+import gi
+gi.require_version("Gvdb", "1.0")
+gi.require_version("GLib", "2.0")
+from gi.repository import Gvdb, GLib
+
+
+class PregDconf():
+    def __init__(self, keyname, valuename, type_preg, data):
+        self.keyname = keyname
+        self.valuename = valuename
+        self.hive_key = '{}/{}'.format(self.keyname, self.valuename)
+        self.type = type_preg
+        self.data = data
+
+
+class gplist(list):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+
+    def first(self):
+        if self:
+            return self[0]
+        else:
+            return None
+
+    def count(self):
+        return len(self)
+
+class Dconf_registry():
+    '''
+    A class variable that represents a global registry dictionary shared among instances of the class
+    '''
+    _GpoPriority = 'Software/BaseALT/Policies/GpoPriority'
+    _gpo_name = set()
+    global_registry_dict = dict({_GpoPriority:{}})
+    previous_global_registry_dict = dict()
+    __template_file = '/usr/share/dconf/user_mandatory.template'
+    _policies_path = 'Software/'
+    _policies_win_path = 'SOFTWARE/'
+    _gpt_read_flag = False
+    _force = False
+    __dconf_dict_flag = False
+    __dconf_dict = dict()
+    _dconf_db = dict()
+    _dict_gpo_name_version_cache = dict()
+    _username = None
+    _uid = None
+    _envprofile = None
+    _path_bin_system = "/etc/dconf/db/policy"
+
+    list_keys = list()
+    _info = dict()
+    _counter_gpt = itertools.count(0)
+
+    shortcuts = list()
+    folders = list()
+    files = list()
+    drives = list()
+    scheduledtasks = list()
+    environmentvariables = list()
+    inifiles = list()
+    services = list()
+    printers = list()
+    scripts = list()
+    networkshares = list()
+
+    _true_strings = {
+        "True",
+        "true",
+        "TRUE",
+        "yes",
+        "Yes",
+        "enabled",
+        "enable",
+        "Enabled",
+        "Enable",
+        '1'
+    }
+
+    @classmethod
+    def set_info(cls, key , data):
+        cls._info[key] = data
+
+
+    @classmethod
+    def get_info(cls, key):
+        return cls._info.setdefault(key, None)
+
+    @staticmethod
+    def get_next_number():
+        return next(Dconf_registry._counter_gpt)
+
+    @staticmethod
+    def get_matching_keys(path):
+        if path[0] != '/':
+            path = '/' + path
+        logdata = dict()
+        envprofile = get_dconf_envprofile()
+        try:
+            process = subprocess.Popen(['dconf', 'list', path],
+                                       env=envprofile, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+            logdata['path'] = path
+            log('D204', logdata)
+            output, error = process.communicate()
+            if not output and not error:
+                return
+            if not error:
+                keys = output.strip().split('\n')
+                for key in keys:
+                    Dconf_registry.get_matching_keys(f'{path}{key}')
+            else:
+                Dconf_registry.list_keys.append(path)
+            return Dconf_registry.list_keys
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('E69', logdata)
+            return None
+
+    @staticmethod
+    def get_key_values(keys):
+        key_values = {}
+        for key in keys:
+            key_values[key] = Dconf_registry.get_key_value(key)
+        return key_values
+
+    @staticmethod
+    def get_key_value(key):
+        logdata = dict()
+        envprofile = get_dconf_envprofile()
+        try:
+            process = subprocess.Popen(['dconf', 'read', key],
+                                       env=envprofile, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+            logdata['key'] = key
+            output, error = process.communicate()
+
+            if not error:
+                return string_to_literal_eval(string_to_literal_eval(output))
+            else:
+                return None
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('E70', logdata)
+        return None
+
+    @staticmethod
+    def dconf_update(uid=None):
+        logdata = dict()
+        path_dconf_config = get_dconf_config_path(uid)
+        db_file = path_dconf_config[:-3]
+        try:
+            process = subprocess.Popen(['dconf', 'compile', db_file, path_dconf_config],
+                                        stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
+            output, error = process.communicate()
+
+            if error:
+                logdata['error'] = error
+                log('E71', logdata)
+            else:
+                logdata['outpupt'] = output
+                log('D206', logdata)
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('E72', logdata)
+
+    @classmethod
+    def check_profile_template(cls):
+        if Path(cls.__template_file).exists():
+            return True
+        else:
+            return None
+
+    @classmethod
+    def update_dict_to_previous(cls):
+        dict_clean_previous = remove_keys_with_prefix(cls._dconf_db)
+        dict_with_previous = add_prefix_to_keys(dict_clean_previous)
+        cls.global_registry_dict.update(dict_with_previous)
+
+    @classmethod
+    def apply_template(cls, uid):
+        logdata = dict()
+        if uid and cls.check_profile_template():
+            with open(cls.__template_file, "r") as f:
+                template = f.read()
+            # Replace the "{uid}" placeholder with the actual UID value
+            content = template.replace("{{uid}}", str(uid))
+
+        elif uid:
+            content = f"user-db:user\n" \
+              f"system-db:distr\n" \
+              f"system-db:policy\n" \
+              f"system-db:policy{uid}\n" \
+              f"system-db:local\n" \
+              f"system-db:default\n" \
+              f"system-db:local\n" \
+              f"system-db:policy{uid}\n" \
+              f"system-db:policy\n" \
+              f"system-db:distr\n"
+        else:
+            logdata['uid'] = uid
+            log('W24', logdata)
+            return
+
+        user_mandatory = f'/run/dconf/user/{uid}'
+        touch_file(user_mandatory)
+
+        with open(user_mandatory, "w") as f:
+            f.write(content)
+
+
+    @classmethod
+    def get_policies_from_dconf(cls):
+        return cls.get_dictionary_from_dconf(cls._policies_path, cls._policies_win_path)
+
+
+    @classmethod
+    def get_dictionary_from_dconf(self, *startswith_list):
+        output_dict = {}
+        for startswith in startswith_list:
+            dconf_dict = self.get_key_values(self.get_matching_keys(startswith))
+            for key, value in dconf_dict.items():
+                keys_tmp = key.split('/')
+                update_dict(output_dict.setdefault('/'.join(keys_tmp[:-1])[1:], {}), {keys_tmp[-1]: str(value)})
+
+        log('D207')
+        return output_dict
+
+
+    @classmethod
+    def get_dictionary_from_dconf_file_db(self, uid=None, path_bin=None, save_dconf_db=False):
+        logdata = dict()
+        error_skip = None
+        if path_bin:
+            error_skip = True
+        elif not uid:
+            path_bin = self._path_bin_system
+        else:
+            path_bin = self._path_bin_system + str(uid)
+        output_dict = {}
+        try:
+            if (GLib.file_get_contents(path_bin)[0]):
+                bytes1 = GLib.Bytes.new(GLib.file_get_contents(path_bin)[1])
+                table = Gvdb.Table.new_from_bytes(bytes1, True)
+
+                name_list = Gvdb.Table.get_names(table)
+                for name in name_list:
+                    value = Gvdb.Table.get_value(table, name)
+                    if value is None:
+                        continue
+                    list_path = name.split('/')
+                    if value.is_of_type(GLib.VariantType('s')):
+                        part = output_dict.setdefault('/'.join(list_path[1:-1]), {})
+                        part[list_path[-1]] = value.get_string()
+                    elif value.is_of_type(GLib.VariantType('i')):
+                        part = output_dict.setdefault('/'.join(list_path[1:-1]), {})
+                        part[list_path[-1]] = value.get_int32()
+        except Exception as exc:
+            logdata['exc'] = exc
+            logdata['path_bin'] = path_bin
+            if not error_skip:
+                log('E73', logdata)
+            else:
+                log('D217', logdata)
+        if save_dconf_db:
+            Dconf_registry._dconf_db = output_dict
+        return output_dict
+
+
+    @classmethod
+    def filter_entries(cls, startswith, registry_dict = None):
+        if not registry_dict:
+            registry_dict = cls.global_registry_dict
+        if startswith[-1] == '%':
+            startswith = startswith[:-1]
+            if startswith[-1] == '/' or startswith[-1] == '\\':
+                startswith = startswith[:-1]
+            return filter_dict_keys(startswith, flatten_dictionary(registry_dict))
+        return filter_dict_keys(startswith, flatten_dictionary(registry_dict))
+
+
+    @classmethod
+    def filter_hklm_entries(cls, startswith):
+        pregs = cls.filter_entries(startswith)
+        list_entiers = list()
+        for keyname, value in pregs.items():
+            if isinstance(value, dict):
+                for valuename, data in value.items():
+                    list_entiers.append(PregDconf(
+                        keyname, convert_string_dconf(valuename), find_preg_type(data), data))
+            elif isinstance(value, list):
+                for data in value:
+                    list_entiers.append(PregDconf(
+                        keyname, data, find_preg_type(data), data))
+            else:
+                list_entiers.append(PregDconf(
+                        '/'.join(keyname.split('/')[:-1]), convert_string_dconf(keyname.split('/')[-1]), find_preg_type(value), value))
+
+
+        return gplist(list_entiers)
+
+
+    @classmethod
+    def filter_hkcu_entries(cls, sid, startswith):
+        return cls.filter_hklm_entries(startswith)
+
+
+    @classmethod
+    def get_storage(cls,dictionary = None):
+        if dictionary:
+            result = dictionary
+        elif Dconf_registry._gpt_read_flag:
+            result = Dconf_registry.global_registry_dict
+        else:
+            if Dconf_registry.__dconf_dict_flag:
+                result = Dconf_registry.__dconf_dict
+            else:
+                Dconf_registry.__dconf_dict = Dconf_registry.get_policies_from_dconf()
+                result = Dconf_registry.__dconf_dict
+                Dconf_registry.__dconf_dict_flag = True
+        return result
+
+
+    @classmethod
+    def filling_storage_from_dconf(cls):
+        Dconf_registry.global_registry_dict = Dconf_registry.get_storage()
+
+
+    @classmethod
+    def get_entry(cls, path, dictionary = None, preg = True):
+        logdata = dict()
+        result = Dconf_registry.get_storage(dictionary)
+
+        keys = path.split("\\") if "\\" in path else path.split("/")
+        key = '/'.join(keys[:-1]) if keys[0] else '/'.join(keys[:-1])[1:]
+
+        if isinstance(result, dict) and key in result.keys():
+            data = result.get(key).get(keys[-1])
+            return PregDconf(
+                key, convert_string_dconf(keys[-1]), find_preg_type(data), data) if preg else data
+        else:
+            logdata['path'] = path
+            log('D208', logdata)
+            return None
+
+    @classmethod
+    def check_enable_key(cls ,key):
+        data = cls.get_entry(key, preg = False)
+        if data:
+            if isinstance(data, str):
+                return True if data in cls._true_strings else False
+            elif isinstance(data, int):
+                return bool(data)
+            else:
+                return False
+        return False
+
+    @classmethod
+    def get_hkcu_entry(cls, sid, hive_key, dictionary = None):
+        return cls.get_hklm_entry(hive_key, dictionary)
+
+
+    @classmethod
+    def get_hklm_entry(cls, hive_key, dictionary = None):
+        return cls.get_entry(hive_key, dictionary)
+
+
+
+    @classmethod
+    def add_shortcut(cls, sid, sc_obj, policy_name):
+        sc_obj.policy_name = policy_name
+        cls.shortcuts.append(sc_obj)
+
+
+    @classmethod
+    def add_printer(cls, sid, pobj, policy_name):
+        pobj.policy_name = policy_name
+        cls.printers.append(pobj)
+
+
+    @classmethod
+    def add_drive(cls, sid, dobj, policy_name):
+        dobj.policy_name = policy_name
+        cls.drives.append(dobj)
+
+
+    @classmethod
+    def add_folder(cls, sid, fobj, policy_name):
+        fobj.policy_name = policy_name
+        cls.folders.append(fobj)
+
+
+    @classmethod
+    def add_envvar(self, sid, evobj, policy_name):
+        evobj.policy_name = policy_name
+        self.environmentvariables.append(evobj)
+
+
+    @classmethod
+    def add_script(cls, sid, scrobj, policy_name):
+        scrobj.policy_name = policy_name
+        cls.scripts.append(scrobj)
+
+
+    @classmethod
+    def add_file(cls, sid, fileobj, policy_name):
+        fileobj.policy_name = policy_name
+        cls.files.append(fileobj)
+
+
+    @classmethod
+    def add_ini(cls, sid, iniobj, policy_name):
+        iniobj.policy_name = policy_name
+        cls.inifiles.append(iniobj)
+
+
+    @classmethod
+    def add_networkshare(cls, sid, networkshareobj, policy_name):
+        networkshareobj.policy_name = policy_name
+        cls.networkshares.append(networkshareobj)
+
+
+    @classmethod
+    def get_shortcuts(cls, sid):
+        return cls.shortcuts
+
+
+    @classmethod
+    def get_printers(cls, sid):
+        return cls.printers
+
+
+    @classmethod
+    def get_drives(cls, sid):
+        return cls.drives
+
+    @classmethod
+    def get_folders(cls, sid):
+        return cls.folders
+
+
+    @classmethod
+    def get_envvars(cls, sid):
+        return cls.environmentvariables
+
+
+    @classmethod
+    def get_scripts(cls, sid, action):
+        action_scripts = list()
+        for part in cls.scripts:
+            if action == 'LOGON' and part.action == 'LOGON':
+                action_scripts.append(part)
+            elif action == 'LOGOFF' and part.action == 'LOGOFF':
+                action_scripts.append(part)
+            elif action == 'STARTUP' and part.action == 'STARTUP':
+                action_scripts.append(part)
+            elif action == 'SHUTDOWN' and part.action == 'SHUTDOWN':
+                action_scripts.append(part)
+        return action_scripts
+
+
+    @classmethod
+    def get_files(cls, sid):
+        return cls.files
+
+
+    @classmethod
+    def get_networkshare(cls, sid):
+        return cls.networkshares
+
+
+    @classmethod
+    def get_ini(cls, sid):
+        return cls.inifiles
+
+
+    @classmethod
+    def wipe_user(cls, sid):
+        cls.wipe_hklm()
+
+
+    @classmethod
+    def wipe_hklm(cls):
+        cls.global_registry_dict = dict({cls._GpoPriority:{}})
+
+
+def filter_dict_keys(starting_string, input_dict):
+    result = dict()
+    for key in input_dict:
+        key_list = remove_empty_values(re.split(r'\\|/', key))
+        start_list = remove_empty_values(re.split(r'\\|/', starting_string))
+        if key_list[:len(start_list)] == start_list:
+            result[key] = input_dict.get(key)
+
+    return result
+
+
+def find_preg_type(argument):
+    if isinstance(argument, int):
+        return 4
+    else:
+        return 1
+
+
+def update_dict(dict1, dict2, save_key=None):
+    '''
+    Updates dict1 with the key-value pairs from dict2
+    '''
+    for key, value in dict2.items():
+        if key in dict1:
+            # If both values are dictionaries, recursively call the update_dict function
+            if isinstance(dict1[key], dict) and isinstance(value, dict):
+                save_key = key
+                update_dict(dict1[key], value, save_key)
+            # If the value in dict1 is a list, extend it with unique values from value
+            elif isinstance(dict1[key], list):
+                dict1[key].extend(set(value) - set(dict1[key]))
+            else:
+                # If the value in dict1 is not a dictionary or the value in dict2 is not a dictionary,
+                # replace the value in dict1 with the value from dict2
+                if save_key and save_key.startswith('Source'):
+                    value.reloaded_with_policy_key = [dict1[key].policy_name]
+                    if dict1[key].reloaded_with_policy_key:
+                        value.reloaded_with_policy_key += dict1[key].reloaded_with_policy_key
+                    dict1[key] = value
+                else:
+                    dict1[key] = value
+        else:
+            # If the key does not exist in dict1, add the key-value pair from dict2 to dict1
+            dict1[key] = value
+
+
+def add_to_dict(string, username, gpo_info):
+    if gpo_info:
+        counter = gpo_info.counter
+        display_name = gpo_info.display_name
+        name = gpo_info.name
+        version = gpo_info.version
+    else:
+        counter = 0
+        display_name = 'Local Policy'
+        name = None
+        version = None
+
+    if username is None or username == 'Machine':
+        machine= '{}/Machine/{}'.format(Dconf_registry._GpoPriority, counter)
+        dictionary = Dconf_registry.global_registry_dict.setdefault(machine, dict())
+    else:
+        if name in Dconf_registry._gpo_name:
+            return
+        user = '{}/User/{}'.format(Dconf_registry._GpoPriority, counter)
+        dictionary = Dconf_registry.global_registry_dict.setdefault(user, dict())
+        Dconf_registry._gpo_name.add(name)
+
+    dictionary['display_name'] = display_name
+    dictionary['name'] = name
+    dictionary['version'] = str(version)
+    dictionary['correct_path'] = string
+
+def get_mod_previous_value(key_source, key_valuename):
+    previous_sourc = try_dict_to_literal_eval(Dconf_registry._dconf_db
+            .get(key_source, {})
+            .get(key_valuename, {}))
+    return previous_sourc.get('mod_previous_value') if previous_sourc else None
+
+def get_previous_value(key_source, key_valuename):
+    previous = key_source.replace('Source', 'Previous')
+    return (Dconf_registry._dconf_db
+            .get(previous, {})
+            .get(key_valuename, None))
+
+def load_preg_dconf(pregfile, pathfile, policy_name, username, gpo_info):
+    '''
+    Loads the configuration from preg registry into a dictionary
+    '''
+    # Prefix for storing key data
+    source_pre = "Source"
+    dd = dict()
+    for i in pregfile.entries:
+        # Skip this entry if the valuename starts with '**del'
+        if i.valuename.lower().startswith('**del'):
+            continue
+        valuename = convert_string_dconf(i.valuename)
+        data = check_data(i.data, i.type)
+        if i.valuename != i.data and i.valuename:
+            key_registry_source = f"{source_pre}/{i.keyname}".replace('\\', '/')
+            key_registry = f"{i.keyname}".replace('\\', '/')
+            key_valuename = valuename.replace('\\', '/')
+            if i.keyname.replace('\\', '/') in dd:
+                # If the key exists in dd, update its value with the new key-value pair
+                dd[i.keyname.replace('\\', '/')].update({key_valuename:data})
+                mod_previous_value = get_mod_previous_value(key_registry_source, key_valuename)
+                previous_value = get_previous_value(key_registry, key_valuename)
+                if previous_value != data:
+                    (dd[key_registry_source]
+                     .update({key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)}))
+                else:
+                    (dd[key_registry_source]
+                     .update({key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)}))
+            else:
+                # If the key does not exist in dd, create a new key-value pair
+                dd[i.keyname.replace('\\', '/')] = {key_valuename:data}
+                mod_previous_value = get_mod_previous_value(key_registry_source, key_valuename)
+                previous_value = get_previous_value(key_registry, key_valuename)
+                if previous_value != data:
+                    dd[key_registry_source] = {key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)}
+                else:
+                    dd[key_registry_source] = {key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)}
+
+        elif not i.valuename:
+            keyname_tmp = i.keyname.replace('\\', '/').split('/')
+            keyname = '/'.join(keyname_tmp[:-1])
+            mod_previous_value = get_mod_previous_value(f"{source_pre}/{keyname}", keyname_tmp[-1])
+            previous_value = get_previous_value(f"{keyname}", keyname_tmp[-1])
+            if keyname in dd:
+                # If the key exists in dd, update its value with the new key-value pair
+                dd[keyname].update({keyname_tmp[-1]:data})
+                if previous_value != data:
+                    dd[f"{source_pre}/{keyname}"].update({keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)})
+                else:
+                    dd[f"{source_pre}/{keyname}"].update({keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)})
+            else:
+                # If the key does not exist in dd, create a new key-value pair
+                dd[keyname] = {keyname_tmp[-1]:data}
+                if previous_value != data:
+                    dd[f"{source_pre}/{keyname}"] = {keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)}
+                else:
+                    dd[f"{source_pre}/{keyname}"] = {keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)}
+
+        else:
+            # If the value name is the same as the data,
+            # split the keyname and add the data to the appropriate location in dd.
+            all_list_key = i.keyname.split('\\')
+            key_d ='/'.join(all_list_key[:-1])
+            dd_target = dd.setdefault(key_d,{})
+            key_source = f"Source/{key_d}"
+            dd_target_source = dd.setdefault(key_source, {})
+            data_list = dd_target.setdefault(all_list_key[-1], []).append(data)
+            mod_previous_value = get_mod_previous_value(key_source, all_list_key[-1])
+            previous_value = get_previous_value(key_d, all_list_key[-1])
+            if previous_value != str(data_list):
+                dd_target_source[all_list_key[-1]] = RegistryKeyMetadata(policy_name, i.type, is_list=True, mod_previous_value=previous_value)
+            else:
+                dd_target_source[all_list_key[-1]] = RegistryKeyMetadata(policy_name, i.type, is_list=True, mod_previous_value=mod_previous_value)
+
+    # Update the global registry dictionary with the contents of dd
+    update_dict(Dconf_registry.global_registry_dict, dd)
+
+
+def create_dconf_ini_file(filename, data, uid=None, nodomain=None):
+    '''
+    Create an ini-file based on a dictionary of dictionaries.
+    Args:
+        data (dict): The dictionary of dictionaries containing the data for the ini-file.
+        filename (str): The filename to save the ini-file.
+    Returns:
+        None
+    Raises:
+        None
+    '''
+    with open(filename, 'a' if nodomain else 'w') as file:
+        for section, section_data in data.items():
+            file.write(f'[{section}]\n')
+            for key, value in section_data.items():
+                if isinstance(value, int):
+                    file.write(f'{key} = {value}\n')
+                else:
+                    file.write(f'{key} = "{value}"\n')
+            file.write('\n')
+    logdata = dict()
+    logdata['path'] = filename
+    log('D209', logdata)
+    create_dconf_file_locks(filename, data)
+    Dconf_registry.dconf_update(uid)
+
+
+def create_dconf_file_locks(filename_ini, data):
+    """
+    Creates a dconf lock file based on the provided filename and data.
+
+    :param filename_ini: Path to the ini file (str)
+    :param data: Dictionary containing configuration data
+    """
+    # Extract the path parts up to the directory of the ini file
+    tmp_lock = filename_ini.split('/')[:-1]
+
+    # Construct the path to the lock file
+    file_lock = '/'.join(tmp_lock + ['locks', tmp_lock[-1][:-1] + 'pol'])
+
+    # Create an empty lock file
+    touch_file(file_lock)
+
+    # Open the lock file for writing
+    with open(file_lock, 'w') as file:
+        # Iterate over all lock keys obtained from the data
+        for key_lock in get_keys_dconf_locks(data):
+            # Remove the "lock/" prefix from the key and split into parts
+            key = key_lock.split('/')[1:]
+            # Write the cleaned key to the lock file
+            file.write(f'{key}\n')
+
+def get_keys_dconf_locks(data):
+    """
+    Extracts keys from the provided data that start with "Locks/"
+    and have a value of 1.
+
+    :param data: Dictionary containing configuration data
+    :return: List of lock keys (str) without the "Locks/" prefix
+    """
+    result = []
+    # Flatten the nested dictionary into a single-level dictionary
+    flatten_data = flatten_dictionary(data)
+
+    # Iterate through all keys in the flattened dictionary
+    for key in flatten_data:
+        # Check if the key starts with "Locks/" and its value is 1
+        if key.startswith('Locks/') and flatten_data[key] == 1:
+            # Remove the "Locks" prefix and append to the result
+            result.append(key.removeprefix('Locks'))
+
+    return result
+
+
+def check_data(data, t_data):
+    if isinstance(data, bytes):
+        if t_data == 7:
+            return clean_data(data.decode('utf-16').replace('\x00',''))
+        else:
+            return None
+    elif t_data == 4:
+        return data
+    return clean_data(data)
+
+def convert_string_dconf(input_string):
+    macros = {
+        '#': '%sharp%',
+        ';': '%semicolon%',
+        '//': '%doubleslash%',
+        '/': '%oneslash%'
+    }
+    output_string = input_string
+    for key, value in macros.items():
+        if key in input_string:
+            output_string = input_string.replace(key, value)
+        elif value in input_string:
+            output_string = input_string.replace(value, key)
+
+    return output_string
+
+def remove_empty_values(input_list):
+    return list(filter(None, input_list))
+
+def flatten_dictionary(input_dict, result=None, current_key=''):
+    if result is None:
+        result = {}
+
+    for key, value in input_dict.items():
+        new_key = f"{current_key}/{key}" if current_key else key
+
+        if isinstance(value, dict):
+            flatten_dictionary(value, result, new_key)
+        else:
+            result[new_key] = value
+
+    return result
+
+def get_dconf_envprofile():
+    dconf_envprofile = {'default': {'DCONF_PROFILE': 'default'},
+                    'local': {'DCONF_PROFILE': 'local'},
+                    'system': {'DCONF_PROFILE': 'system'}
+                    }
+
+    if Dconf_registry._envprofile:
+        return dconf_envprofile.get(Dconf_registry._envprofile, dconf_envprofile['system'])
+
+    if not Dconf_registry._username:
+        return dconf_envprofile['system']
+
+    profile = '/run/dconf/user/{}'.format(get_uid_by_username(Dconf_registry._username))
+    return {'DCONF_PROFILE': profile}
+
+
+def convert_elements_to_list_dicts(elements):
+    return list(map(lambda x: dict(x), elements))
+
+def remove_duplicate_dicts_in_list(list_dict):
+    return convert_elements_to_list_dicts(list(OrderedDict((tuple(sorted(d.items())), d) for d in list_dict).values()))
+
+def add_preferences_to_global_registry_dict(username, is_machine):
+    if is_machine:
+        prefix = 'Software/BaseALT/Policies/Preferences/Machine'
+    else:
+        prefix = f'Software/BaseALT/Policies/Preferences/{username}'
+
+    preferences_global = [('Shortcuts',remove_duplicate_dicts_in_list(Dconf_registry.shortcuts)),
+                            ('Folders',remove_duplicate_dicts_in_list(Dconf_registry.folders)),
+                            ('Files',remove_duplicate_dicts_in_list(Dconf_registry.files)),
+                            ('Drives',remove_duplicate_dicts_in_list(Dconf_registry.drives)),
+                            ('Scheduledtasks',remove_duplicate_dicts_in_list(Dconf_registry.scheduledtasks)),
+                            ('Environmentvariables',remove_duplicate_dicts_in_list(Dconf_registry.environmentvariables)),
+                            ('Inifiles',remove_duplicate_dicts_in_list(Dconf_registry.inifiles)),
+                            ('Services',remove_duplicate_dicts_in_list(Dconf_registry.services)),
+                            ('Printers',remove_duplicate_dicts_in_list(Dconf_registry.printers)),
+                            ('Scripts',remove_duplicate_dicts_in_list(Dconf_registry.scripts)),
+                            ('Networkshares',remove_duplicate_dicts_in_list(Dconf_registry.networkshares))]
+
+    preferences_global_dict = dict()
+    preferences_global_dict[prefix] = dict()
+
+    for key, val in preferences_global:
+        preferences_global_dict[prefix].update({key:clean_data(str(val))})
+
+    update_dict(Dconf_registry.global_registry_dict, preferences_global_dict)
+
+def extract_display_name_version(data, username):
+    policy_force = data.get('Software/BaseALT/Policies/GPUpdate', {}).get('Force', False)
+    if Dconf_registry._force or policy_force:
+        logdata = dict({'username': username})
+        log('W26', logdata)
+        return {}
+    result = {}
+    tmp = {}
+    if isinstance(data, dict):
+        for key in data.keys():
+            if key.startswith(Dconf_registry._GpoPriority+'/'):
+                tmp[key] = data[key]
+        for value in tmp.values():
+            if isinstance(value, dict) and value.get('version', 'None')!='None' and value.get('display_name'):
+                result[value['display_name']] = {'version': value['version'], 'correct_path': value['correct_path']}
+    Dconf_registry._dict_gpo_name_version_cache = result
+    return result
--- a/gpoa/storage/fs_file_cache.py
+++ b/gpoa/storage/fs_file_cache.py
@ -0,0 +1,130 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2021-2024 BaseALT Ltd. <org@basealt.ru>
+# Copyright (C) 2021 Igor Chudov <nir@nir.org.ru>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import os.path
+import tempfile
+from pathlib import Path
+import smbc
+
+
+from util.logging import log
+from util.paths import file_cache_dir, file_cache_path_home, UNCPath
+from util.exceptions import NotUNCPathError
+from util.util import get_machine_name
+
+class fs_file_cache:
+    __read_blocksize = 4096
+
+    def __init__(self, cache_name, username = None):
+        self.cache_name = cache_name
+        self.username = username
+        if username and username != get_machine_name():
+            try:
+                self.storage_uri = file_cache_path_home(username)
+            except:
+                self.storage_uri = file_cache_dir()
+        else:
+            self.storage_uri = file_cache_dir()
+        logdata = dict({'cache_file': self.storage_uri})
+        log('D20', logdata)
+        self.samba_context = smbc.Context(use_kerberos=1)
+                #, debug=10)
+
+    def store(self, uri, destfile = None):
+        try:
+            uri_path = UNCPath(uri)
+            if not destfile:
+                file_name = os.path.basename(uri_path.get_path())
+                file_path = os.path.dirname(uri_path.get_path())
+                destdir = Path('{}/{}/{}'.format(self.storage_uri,
+                    uri_path.get_domain(),
+                    file_path))
+            else:
+                destdir = destfile.parent
+        except NotUNCPathError:
+            return None
+
+        except Exception as exc:
+            logdata = dict({'exception': str(exc)})
+            log('D144', logdata)
+            raise exc
+
+        if not destdir.exists():
+            destdir.mkdir(parents=True, exist_ok=True)
+
+        if not destfile:
+            destfile = Path('{}/{}/{}'.format(self.storage_uri,
+                uri_path.get_domain(),
+                uri_path.get_path()))
+
+        try:
+            fd, tmpfile = tempfile.mkstemp('', str(destfile))
+            df = os.fdopen(fd, 'wb')
+            file_handler = self.samba_context.open(str(uri_path), os.O_RDONLY)
+            while True:
+                data = file_handler.read(self.__read_blocksize)
+                if not data:
+                    break
+                df.write(data)
+            df.close()
+            os.rename(tmpfile, destfile)
+            os.chmod(destfile, 0o644)
+        except Exception as exc:
+            logdata = dict({'exception': str(exc)})
+            log('W25', logdata)
+            tmppath = Path(tmpfile)
+            if tmppath.exists():
+                tmppath.unlink()
+
+    def get(self, uri):
+        destfile = uri
+        try:
+            uri_path = UNCPath(uri)
+            file_name = os.path.basename(uri_path.get_path())
+            file_path = os.path.dirname(uri_path.get_path())
+            destfile = Path('{}/{}/{}'.format(self.storage_uri,
+                uri_path.get_domain(),
+                uri_path.get_path()))
+        except NotUNCPathError as exc:
+            logdata = dict({'path': str(exc)})
+            log('D62', logdata)
+        except Exception as exc:
+            logdata = dict({'exception': str(exc)})
+            log('E36', logdata)
+            raise exc
+        if Path(destfile).exists():
+            return str(destfile)
+        else:
+            return None
+
+    def get_ls_smbdir(self, uri):
+        type_file_smb = 8
+        try:
+            uri_path = UNCPath(uri)
+            opendir = self.samba_context.opendir(str(uri_path))
+            ls_obj = opendir.getdents()
+            ls = [obj.name for obj in ls_obj if obj.smbc_type == type_file_smb]
+            return ls
+        except Exception as exc:
+            if Path(uri).exists():
+                return None
+            logdata = dict({'exception': str(exc)})
+            log('W12', logdata)
+            return None
--- a/gpoa/storage/record_types.py
+++ b/gpoa/storage/record_types.py
@ -1,150 +0,0 @@
-#
-# GPOA - GPO Applier for Linux
-#
-# Copyright (C) 2019-2020 BaseALT Ltd.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-class samba_preg(object):
-    '''
-    Object mapping representing HKLM entry (registry key without SID)
-    '''
-    def __init__(self, preg_obj, policy_name):
-        self.policy_name = policy_name
-        self.hive_key = '{}\\{}'.format(preg_obj.keyname, preg_obj.valuename)
-        self.type = preg_obj.type
-        self.data = preg_obj.data
-
-    def update_fields(self):
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['type'] = self.type
-        fields['data'] = self.data
-
-        return fields
-
-class samba_hkcu_preg(object):
-    '''
-    Object mapping representing HKCU entry (registry key with SID)
-    '''
-    def __init__(self, sid, preg_obj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.hive_key = '{}\\{}'.format(preg_obj.keyname, preg_obj.valuename)
-        self.type = preg_obj.type
-        self.data = preg_obj.data
-
-    def update_fields(self):
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['type'] = self.type
-        fields['data'] = self.data
-
-        return fields
-
-class ad_shortcut(object):
-    '''
-    Object mapping representing Windows shortcut.
-    '''
-    def __init__(self, sid, sc, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.path = sc.dest
-        self.shortcut = sc.to_json()
-
-    def update_fields(self):
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['path'] = self.path
-        fields['shortcut'] = self.shortcut
-
-        return fields
-
-class info_entry(object):
-    def __init__(self, name, value):
-        self.name = name
-        self.value = value
-
-    def update_fields(self):
-        fields = dict()
-        fields['value'] = self.value
-
-        return fields
-
-class printer_entry(object):
-    '''
-    Object mapping representing Windows printer of some type.
-    '''
-    def __init__(self, sid, pobj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.name = pobj.name
-        self.printer = pobj.to_json()
-
-    def update_fields(self):
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['name'] = self.name
-        fields['printer'] = self.printer.to_json()
-
-        return fields
-
-class drive_entry(object):
-    '''
-    Object mapping representing Samba share bound to drive letter
-    '''
-    def __init__(self, sid, dobj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.login = dobj.login
-        self.password = dobj.password
-        self.dir = dobj.dir
-        self.path = dobj.path
-
-    def update_fields(self):
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['login'] = self.login
-        fields['password'] = self.password
-        fields['dir'] = self.dir
-        fields['path'] = self.path
-
-        return fields
-
-class folder_entry(object):
-    '''
-    Object mapping representing file system directory
-    '''
-    def __init__(self, sid, fobj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.path = fobj.path
-        self.action = fobj.action.value
-        self.delete_folder = str(fobj.delete_folder)
-        self.delete_sub_folders = str(fobj.delete_sub_folders)
-        self.delete_files = str(fobj.delete_files)
-
-    def update_fields(self):
-        '''
-        Return list of fields to update
-        '''
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['action'] = self.action
-        fields['delete_folder'] = self.delete_folder
-        fields['delete_sub_folders'] = self.delete_sub_folders
-        fields['delete_files'] = self.delete_files
-
-        return fields
-
--- a/gpoa/storage/sqlite_cache.py
+++ b/gpoa/storage/sqlite_cache.py
@ -1,101 +0,0 @@
-#
-# GPOA - GPO Applier for Linux
-#
-# Copyright (C) 2019-2020 BaseALT Ltd.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-from .cache import cache
-
-import os
-
-from sqlalchemy import (
-    create_engine,
-    Table,
-    Column,
-    Integer,
-    String,
-    MetaData
-)
-from sqlalchemy.orm import (
-    mapper,
-    sessionmaker
-)
-
-from util.logging import log
-from util.paths import cache_dir
-
-def mapping_factory(mapper_suffix):
-    exec(
-        '''
-class mapped_id_{}(object):
-    def __init__(self, str_id, value):
-        self.str_id = str_id
-        self.value = str(value)
-        '''.format(mapper_suffix)
-    )
-    return eval('mapped_id_{}'.format(mapper_suffix))
-
-class sqlite_cache(cache):
-    def __init__(self, cache_name):
-        self.cache_name = cache_name
-        self.mapper_obj = mapping_factory(self.cache_name)
-        self.storage_uri = os.path.join('sqlite:///{}/{}.sqlite'.format(cache_dir(), self.cache_name))
-        logdata = dict({'cache_file': self.storage_uri})
-        log('D20', logdata)
-        self.db_cnt = create_engine(self.storage_uri, echo=False)
-        self.__metadata = MetaData(self.db_cnt)
-        self.cache_table = Table(
-            self.cache_name,
-            self.__metadata,
-            Column('id', Integer, primary_key=True),
-            Column('str_id', String(65536), unique=True),
-            Column('value', String)
-        )
-
-        self.__metadata.create_all(self.db_cnt)
-        Session = sessionmaker(bind=self.db_cnt)
-        self.db_session = Session()
-        mapper(self.mapper_obj, self.cache_table)
-
-    def store(self, str_id, value):
-        obj = self.mapper_obj(str_id, value)
-        self._upsert(obj)
-
-    def get(self, obj_id):
-        result = self.db_session.query(self.mapper_obj).filter(self.mapper_obj.str_id == obj_id).first()
-        return result
-
-    def get_default(self, obj_id, default_value):
-        result = self.get(obj_id)
-        if result == None:
-            logdata = dict()
-            logdata['object'] = obj_id
-            log('D43', logdata)
-            self.store(obj_id, default_value)
-            return str(default_value)
-        return result.value
-
-    def _upsert(self, obj):
-        try:
-            self.db_session.add(obj)
-            self.db_session.commit()
-        except Exception as exc:
-            self.db_session.rollback()
-            logdata = dict()
-            logdata['msg'] = str(exc)
-            log('D44', logdata)
-            self.db_session.query(self.mapper_obj).filter(self.mapper_obj.str_id == obj.str_id).update({ 'value': obj.value })
-            self.db_session.commit()
-
--- a/gpoa/storage/sqlite_registry.py
+++ b/gpoa/storage/sqlite_registry.py
@ -1,385 +0,0 @@
-#
-# GPOA - GPO Applier for Linux
-#
-# Copyright (C) 2019-2020 BaseALT Ltd.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-import os
-
-from sqlalchemy import (
-    create_engine,
-    Table,
-    Column,
-    Integer,
-    String,
-    MetaData,
-    UniqueConstraint
-)
-from sqlalchemy.orm import (
-    mapper,
-    sessionmaker
-)
-
-from util.logging import log
-from util.paths import cache_dir
-from .registry import registry
-from .record_types import (
-      samba_preg
-    , samba_hkcu_preg
-    , ad_shortcut
-    , info_entry
-    , printer_entry
-    , drive_entry
-    , folder_entry
-)
-
-class sqlite_registry(registry):
-    def __init__(self, db_name, registry_cache_dir=None):
-        self.db_name = db_name
-        cdir = registry_cache_dir
-        if cdir == None:
-            cdir = cache_dir()
-        self.db_path = os.path.join('sqlite:///{}/{}.sqlite'.format(cdir, self.db_name))
-        self.db_cnt = create_engine(self.db_path, echo=False)
-        self.__metadata = MetaData(self.db_cnt)
-        self.__info = Table(
-            'info',
-            self.__metadata,
-            Column('id', Integer, primary_key=True),
-            Column('name', String(65536), unique=True),
-            Column('value', String(65536))
-        )
-        self.__hklm = Table(
-              'HKLM'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('hive_key', String(65536), unique=True)
-            , Column('policy_name', String)
-            , Column('type', Integer)
-            , Column('data', String)
-        )
-        self.__hkcu = Table(
-              'HKCU'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('hive_key', String(65536))
-            , Column('policy_name', String)
-            , Column('type', Integer)
-            , Column('data', String)
-            , UniqueConstraint('sid', 'hive_key')
-        )
-        self.__shortcuts = Table(
-              'Shortcuts'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('path', String)
-            , Column('policy_name', String)
-            , Column('shortcut', String)
-            , UniqueConstraint('sid', 'path')
-        )
-        self.__printers = Table(
-              'Printers'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('name', String)
-            , Column('policy_name', String)
-            , Column('printer', String)
-            , UniqueConstraint('sid', 'name')
-        )
-        self.__drives = Table(
-              'Drives'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('login', String)
-            , Column('password', String)
-            , Column('dir', String)
-            , Column('policy_name', String)
-            , Column('path', String)
-            , UniqueConstraint('sid', 'dir')
-        )
-        self.__folders = Table(
-              'Folders'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('path', String)
-            , Column('policy_name', String)
-            , Column('action', String)
-            , Column('delete_folder', String)
-            , Column('delete_sub_folders', String)
-            , Column('delete_files', String)
-            , UniqueConstraint('sid', 'path')
-        )
-        self.__metadata.create_all(self.db_cnt)
-        Session = sessionmaker(bind=self.db_cnt)
-        self.db_session = Session()
-        try:
-            mapper(info_entry, self.__info)
-            mapper(samba_preg, self.__hklm)
-            mapper(samba_hkcu_preg, self.__hkcu)
-            mapper(ad_shortcut, self.__shortcuts)
-            mapper(printer_entry, self.__printers)
-            mapper(drive_entry, self.__drives)
-            mapper(folder_entry, self.__folders)
-        except:
-            pass
-            #logging.error('Error creating mapper')
-
-    def _add(self, row):
-        try:
-            self.db_session.add(row)
-            self.db_session.commit()
-        except Exception as exc:
-            self.db_session.rollback()
-            raise exc
-
-    def _info_upsert(self, row):
-        try:
-            self._add(row)
-        except:
-            (self
-                .db_session.query(info_entry)
-                .filter(info_entry.name == row.name)
-                .update(row.update_fields()))
-            self.db_session.commit()
-
-    def _hklm_upsert(self, row):
-        try:
-            self._add(row)
-        except:
-            (self
-                .db_session
-                .query(samba_preg)
-                .filter(samba_preg.hive_key == row.hive_key)
-                .update(row.update_fields()))
-            self.db_session.commit()
-
-    def _hkcu_upsert(self, row):
-        try:
-            self._add(row)
-        except Exception as exc:
-            (self
-                .db_session
-                .query(samba_hkcu_preg)
-                .filter(samba_hkcu_preg.sid == row.sid)
-                .filter(samba_hkcu_preg.hive_key == row.hive_key)
-                .update(row.update_fields()))
-            self.db_session.commit()
-
-    def _shortcut_upsert(self, row):
-        try:
-            self._add(row)
-        except:
-            (self
-                .db_session
-                .query(ad_shortcut)
-                .filter(ad_shortcut.sid == row.sid)
-                .filter(ad_shortcut.path == row.path)
-                .update(row.update_fields()))
-            self.db_session.commit()
-
-    def _printer_upsert(self, row):
-        try:
-            self._add(row)
-        except:
-            (self
-                .db_session
-                .query(printer_entry)
-                .filter(printer_entry.sid == row.sid)
-                .filter(printer_entry.name == row.name)
-                .update(row.update_fields()))
-            self.db_session.commit()
-
-    def _drive_upsert(self, row):
-        try:
-            self._add(row)
-        except:
-            (self
-                .db_session
-                .query(drive_entry)
-                .filter(drive_entry.sid == row.sid)
-                .filter(drive_entry.dir == row.dir)
-                .update(row.update_fields()))
-            self.db_session.commit()
-
-    def set_info(self, name, value):
-        ientry = info_entry(name, value)
-        logdata = dict()
-        logdata['varname'] = name
-        logdata['value'] = value
-        log('D19', logdata)
-        self._info_upsert(ientry)
-
-    def add_hklm_entry(self, preg_entry, policy_name):
-        '''
-        Write PReg entry to HKEY_LOCAL_MACHINE
-        '''
-        pentry = samba_preg(preg_entry, policy_name)
-        if not pentry.hive_key.rpartition('\\')[2].startswith('**'):
-            self._hklm_upsert(pentry)
-        else:
-            logdata = dict({'key': pentry.hive_key})
-            log('D27', logdata)
-
-    def add_hkcu_entry(self, preg_entry, sid, policy_name):
-        '''
-        Write PReg entry to HKEY_CURRENT_USER
-        '''
-        hkcu_pentry = samba_hkcu_preg(sid, preg_entry, policy_name)
-        logdata = dict({'sid': sid, 'policy': policy_name, 'key': hkcu_pentry.hive_key})
-        if not hkcu_pentry.hive_key.rpartition('\\')[2].startswith('**'):
-            log('D26', logdata)
-            self._hkcu_upsert(hkcu_pentry)
-        else:
-            log('D51', logdata)
-
-    def add_shortcut(self, sid, sc_obj, policy_name):
-        '''
-        Store shortcut information in the database
-        '''
-        sc_entry = ad_shortcut(sid, sc_obj, policy_name)
-        logdata = dict()
-        logdata['link'] = sc_entry.path
-        logdata['sid'] = sid
-        log('D41', logdata)
-        self._shortcut_upsert(sc_entry)
-
-    def add_printer(self, sid, pobj, policy_name):
-        '''
-        Store printer configuration in the database
-        '''
-        prn_entry = printer_entry(sid, pobj, policy_name)
-        logdata = dict()
-        logdata['printer'] = prn_entry.name
-        logdata['sid'] = sid
-        log('D40', logdata)
-        self._printer_upsert(prn_entry)
-
-    def add_drive(self, sid, dobj, policy_name):
-        drv_entry = drive_entry(sid, dobj, policy_name)
-        logdata = dict()
-        logdata['uri'] = drv_entry.path
-        logdata['sid'] = sid
-        log('D39', logdata)
-        self._drive_upsert(drv_entry)
-
-    def add_folder(self, sid, fobj, policy_name):
-        fld_entry = folder_entry(sid, fobj, policy_name)
-        logdata = dict()
-        logdata['folder'] = fld_entry.path
-        logdata['sid'] = sid
-        log('D42', logdata)
-        try:
-            self._add(fld_entry)
-        except Exception as exc:
-            (self
-                ._filter_sid_obj(folder_entry, sid)
-                .filter(folder_entry.path == fld_entry.path)
-                .update(fld_entry.update_fields()))
-            self.db_session.commit()
-
-    def _filter_sid_obj(self, row_object, sid):
-        res = (self
-            .db_session
-            .query(row_object)
-            .filter(row_object.sid == sid))
-        return res
-
-    def _filter_sid_list(self, row_object, sid):
-        res = (self
-            .db_session
-            .query(row_object)
-            .filter(row_object.sid == sid)
-            .all())
-        return res
-
-    def get_shortcuts(self, sid):
-        return self._filter_sid_list(ad_shortcut, sid)
-
-    def get_printers(self, sid):
-        return self._filter_sid_list(printer_entry, sid)
-
-    def get_drives(self, sid):
-        return self._filter_sid_list(drive_entry, sid)
-
-    def get_folders(self, sid):
-        return self._filter_sid_list(folder_entry, sid)
-
-    def get_hkcu_entry(self, sid, hive_key):
-        res = (self
-            .db_session
-            .query(samba_hkcu_preg)
-            .filter(samba_hkcu_preg.sid == sid)
-            .filter(samba_hkcu_preg.hive_key == hive_key)
-            .first())
-        # Try to get the value from machine SID as a default if no option is set.
-        if not res:
-            machine_sid = self.get_info('machine_sid')
-            res = self.db_session.query(samba_hkcu_preg).filter(samba_hkcu_preg.sid == machine_sid).filter(samba_hkcu_preg.hive_key == hive_key).first()
-        return res
-
-    def filter_hkcu_entries(self, sid, startswith):
-        res = (self
-            .db_session
-            .query(samba_hkcu_preg)
-            .filter(samba_hkcu_preg.sid == sid)
-            .filter(samba_hkcu_preg.hive_key.like(startswith)))
-        return res
-
-    def get_info(self, name):
-        res = (self
-            .db_session
-            .query(info_entry)
-            .filter(info_entry.name == name)
-            .first())
-        return res.value
-
-    def get_hklm_entry(self, hive_key):
-        res = (self
-            .db_session
-            .query(samba_preg)
-            .filter(samba_preg.hive_key == hive_key)
-            .first())
-        return res
-
-    def filter_hklm_entries(self, startswith):
-        res = (self
-            .db_session
-            .query(samba_preg)
-            .filter(samba_preg.hive_key.like(startswith)))
-        return res
-
-    def wipe_user(self, sid):
-        self._wipe_sid(samba_hkcu_preg, sid)
-        self._wipe_sid(ad_shortcut, sid)
-        self._wipe_sid(printer_entry, sid)
-        self._wipe_sid(drive_entry, sid)
-
-    def _wipe_sid(self, row_object, sid):
-        (self
-            .db_session
-            .query(row_object)
-            .filter(row_object.sid == sid)
-            .delete())
-        self.db_session.commit()
-
-    def wipe_hklm(self):
-        self.db_session.query(samba_preg).delete()
-        self.db_session.commit()
-
--- a/gpoa/templates/47-alt_group_policy_permissions.rules.j2
+++ b/gpoa/templates/47-alt_group_policy_permissions.rules.j2
@ -0,0 +1,63 @@
+{#
+ # GPOA - GPO Applier for Linux
+ #
+ # Copyright (C) 2019-2022 BaseALT Ltd.
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ #}
+
+{% if No|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in No -%}
+        action.id == "{{res}}"{% if No|length == loop.index %}){ {% else %} ||{% endif %}
+        {% endfor %}    return polkit.Result.NO;
+    }
+});
+{% endif %}{% if Yes|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Yes -%}
+		action.id == "{{res}}"{% if Yes|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.YES;
+	}
+});
+{% endif %}{% if Auth_self|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_self -%}
+		action.id == "{{res}}"{% if Auth_self|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_SELF;
+	}
+});
+{% endif %}{% if Auth_admin|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_admin -%}
+		action.id == "{{res}}"{% if Auth_admin|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_ADMIN;
+	}
+});
+{% endif %}{% if Auth_self_keep|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_self_keep -%}
+		action.id == "{{res}}"{% if Auth_self_keep|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_SELF_KEEP;
+	}
+});
+{% endif %}{% if Auth_admin_keep|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_admin_keep -%}
+		action.id == "{{res}}"{% if Auth_admin_keep|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_ADMIN_KEEP;
+    }
+});
+
+{% endif %}
--- a/gpoa/templates/48-alt_group_policy_permissions_user.rules.j2
+++ b/gpoa/templates/48-alt_group_policy_permissions_user.rules.j2
@ -0,0 +1,63 @@
+{#
+ # GPOA - GPO Applier for Linux
+ #
+ # Copyright (C) 2019-2022 BaseALT Ltd.
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ #}
+
+{% if No|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in No -%}
+        action.id == "{{res}}" {% if No|length == loop.index %}&&{% else %}||{% endif %}
+        {% endfor %}subject.user == "{{User}}") {
+			return polkit.Result.NO;
+    }
+});{% endif %}{% if Yes|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in Yes -%}
+        action.id == "{{res}}" {% if Yes|length == loop.index %}&&{% else %}||{% endif %}
+        {% endfor %}subject.user == "{{User}}") {
+			return polkit.Result.YES;
+    }
+});{% endif %}{% if Auth_self|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in Auth_self -%}
+        action.id == "{{res}}" {% if Auth_self|length == loop.index %}&&{% else %}||{% endif %}
+        {% endfor %}subject.user == "{{User}}") {
+			return polkit.Result.AUTH_SELF;
+    }
+});{% endif %}{% if Auth_admin|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in Auth_admin -%}
+        action.id == "{{res}}" {% if Auth_admin|length == loop.index %}&&{% else %}||{% endif %}
+        {% endfor %}subject.user == "{{User}}") {
+			return polkit.Result.AUTH_ADMIN;
+    }
+});{% endif %}{% if Auth_self_keep|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in Auth_self_keep -%}
+        action.id == "{{res}}" {% if Auth_self_keep|length == loop.index %}&&{% else %}||{% endif %}
+        {% endfor %}subject.user == "{{User}}") {
+			return polkit.Result.AUTH_SELF_KEEP;
+    }
+});{% endif %}{% if Auth_admin_keep|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in Auth_admin_keep -%}
+        action.id == "{{res}}" {% if Auth_admin_keep|length == loop.index %}&&{% else %}||{% endif %}
+        {% endfor %}subject.user == "{{User}}") {
+			return polkit.Result.AUTH_ADMIN_KEEP;
+    }
+});
+{% endif %}
--- a/gpoa/templates/48-gpoa_disk_permissions_user.rules.j2
+++ b/gpoa/templates/48-gpoa_disk_permissions_user.rules.j2
@ -17,7 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}

-{% if Deny_All == '1' %}
+{% if Deny_All == 1 %}
 polkit.addRule(function (action, subject) {
 	if ((action.id == "org.freedesktop.udisks2.filesystem-mount" ||
 	    action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
--- a/gpoa/templates/49-alt_group_policy_permissions.rules.j2
+++ b/gpoa/templates/49-alt_group_policy_permissions.rules.j2
@ -0,0 +1,63 @@
+{#
+ # GPOA - GPO Applier for Linux
+ #
+ # Copyright (C) 2019-2022 BaseALT Ltd.
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ #}
+
+{% if No|length %}
+polkit.addRule(function (action, subject) {
+    if ({% for res in No -%}
+        action.id == "{{res}}"{% if No|length == loop.index %}){ {% else %} ||{% endif %}
+        {% endfor %}    return polkit.Result.NO;
+    }
+});
+{% endif %}{% if Yes|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Yes -%}
+		action.id == "{{res}}"{% if Yes|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.YES;
+	}
+});
+{% endif %}{% if Auth_self|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_self -%}
+		action.id == "{{res}}"{% if Auth_self|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_SELF;
+	}
+});
+{% endif %}{% if Auth_admin|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_admin -%}
+		action.id == "{{res}}"{% if Auth_admin|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_ADMIN;
+	}
+});
+{% endif %}{% if Auth_self_keep|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_self_keep -%}
+		action.id == "{{res}}"{% if Auth_self_keep|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_SELF_KEEP;
+	}
+});
+{% endif %}{% if Auth_admin_keep|length %}
+polkit.addRule(function (action, subject) {
+	if ({% for res in Auth_admin_keep -%}
+		action.id == "{{res}}"{% if Auth_admin_keep|length == loop.index %}){ {% else %} ||{% endif %}
+		{% endfor %}    return polkit.Result.AUTH_ADMIN_KEEP;
+    }
+});
+
+{% endif %}
--- a/gpoa/templates/49-gpoa_disk_permissions.rules.j2
+++ b/gpoa/templates/49-gpoa_disk_permissions.rules.j2
@ -17,7 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}

-{% if Deny_All == '1' %}
+{% if Deny_All == 1 %}
 polkit.addRule(function (action, subject) {
 	if (action.id == "org.freedesktop.udisks2.filesystem-mount" ||
 	    action.id == "org.freedesktop.udisks2.filesystem-mount-system" ||
--- a/gpoa/templates/autofs_auto.j2
+++ b/gpoa/templates/autofs_auto.j2
@ -16,5 +16,5 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
-{{ home_dir }}/net	{{ mount_file }}	-t 120
+{{ home_dir }}/{{mntTarget}}	{{ mount_file }}	-t {{timeout}}  --browse

--- a/gpoa/templates/autofs_auto_hide.j2
+++ b/gpoa/templates/autofs_auto_hide.j2
@ -0,0 +1,20 @@
+{#
+ # GPOA - GPO Applier for Linux
+ #
+ # Copyright (C) 2019-2022 BaseALT Ltd.
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ #}
+{{ home_dir }}/.{{mntTarget}}	{{ mount_file }}	-t {{timeout}}
+
--- a/gpoa/templates/autofs_mountpoints.j2
+++ b/gpoa/templates/autofs_mountpoints.j2
@ -1,7 +1,7 @@
 {#
 # GPOA - GPO Applier for Linux
 #
- # Copyright (C) 2019-2020 BaseALT Ltd.
+ # Copyright (C) 2019-2022 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -17,5 +17,11 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 {%- for drv in drives %}
-{{ drv.dir }}	-fstype=cifs,cruid=$USER,sec=krb5,noperm	:{{ drv.path }}
-{% endfor %}
+{% if (drv.thisDrive != 'HIDE') %}
+{% if drv.label %}
+"{{ drv.label }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
+{% else %}
+"{{ drv.dir }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
+{% endif %}
+{% endif %}
+{% endfor %}
--- a/gpoa/templates/autofs_mountpoints_hide.j2
+++ b/gpoa/templates/autofs_mountpoints_hide.j2
@ -0,0 +1,27 @@
+{#
+ # GPOA - GPO Applier for Linux
+ #
+ # Copyright (C) 2019-2022 BaseALT Ltd.
+ #
+ # This program is free software: you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+ # the Free Software Foundation, either version 3 of the License, or
+ # (at your option) any later version.
+ #
+ # This program is distributed in the hope that it will be useful,
+ # but WITHOUT ANY WARRANTY; without even the implied warranty of
+ # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ # GNU General Public License for more details.
+ #
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ #}
+{%- for drv in drives %}
+{% if (drv.thisDrive == 'HIDE') %}
+{% if drv.label %}
+"{{ drv.label }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
+{% else %}
+"{{ drv.dir }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
+{% endif %}
+{% endif %}
+{% endfor %}
--- a/gpoa/util/arguments.py
+++ b/gpoa/util/arguments.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -18,10 +18,9 @@

 import logging
 import logging.handlers
-from enum import IntEnum
+from enum import IntEnum, Enum

-from messages import message_with_code
-from .logging import slogm
+from .logging import log


 def set_loglevel(loglevel_num=None):
@ -64,18 +63,15 @@ def process_target(target_name=None):
    The target may be 'All', 'Computer' or 'User'. This function
    determines which one was specified.
    '''
-    target = 'All'

-    if target_name == 'Computer':
-        target = 'Computer'
-
-    if target_name == 'User':
-        target = 'User'
+    target = "All"
+    if target_name:
+        target = target_name

    logdata = dict({'target': target})
-    logging.debug(slogm(message_with_code('D10'), logdata))
+    log('D10', logdata)

-    return target
+    return target.upper()

 class ExitCodeUpdater(IntEnum):
    '''
@ -87,3 +83,20 @@ class ExitCodeUpdater(IntEnum):
    FAIL_GPUPDATE_USER_NOREPLY = 3
    EXIT_SIGINT = 130

+class FileAction(Enum):
+    CREATE = 'C'
+    REPLACE = 'R'
+    UPDATE = 'U'
+    DELETE = 'D'
+
+    def __str__(self):
+        return self.value
+
+def action_letter2enum(letter):
+    if letter in ['C', 'R', 'U', 'D']:
+        if letter == 'C': return FileAction.CREATE
+        if letter == 'R': return FileAction.REPLACE
+        if letter == 'U': return FileAction.UPDATE
+        if letter == 'D': return FileAction.DELETE
+
+    return FileAction.CREATE
--- a/gpoa/util/config.py
+++ b/gpoa/util/config.py
@ -45,7 +45,7 @@ class GPConfig:

        return 'samba'

-    def set_backend(self, backend_name):
+    def set_backend(self, backend_name='local'):
        self.full_config['gpoa']['backend'] = backend_name
        self.write_config()

@ -71,7 +71,7 @@ class GPConfig:

        return get_default_policy_name()

-    def set_local_policy_template(self, template_name):
+    def set_local_policy_template(self, template_name='default'):
        self.full_config['gpoa']['local-policy'] = template_name
        self.write_config()

--- a/gpoa/util/dbus.py
+++ b/gpoa/util/dbus.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -20,6 +20,7 @@ import dbus

 from .logging import log
 from .users import is_root
+from storage import Dconf_registry


 class dbus_runner:
@ -28,9 +29,11 @@ class dbus_runner:
    to trigger gpoa for user running in sysadmin context.
    '''

-    _bus_name = 'com.redhat.oddjob_gpupdate'
+    _redhat_bus_name = 'com.redhat.oddjob_gpupdate'
+    _basealt_bus_name = 'ru.basealt.oddjob_gpupdate'
    # Interface name is equal to bus name.
-    _interface_name = 'com.redhat.oddjob_gpupdate'
+    _redhat_interface_name = 'com.redhat.oddjob_gpupdate'
+    _basealt_interface_name = 'ru.basealt.oddjob_gpupdate'
    _object_path = '/'
    # The timeout is in milliseconds. The default is -1 which is
    # DBUS_TIMEOUT_USE_DEFAULT which is 25 seconds. There is also
@ -44,22 +47,44 @@ class dbus_runner:
    def __init__(self, username=None):
        self.username = username
        self.system_bus = dbus.SystemBus()
+        self.bus_name = self._basealt_bus_name
+        self.interface_name = self._basealt_interface_name
+        self.check_dbus()
+
+    def check_dbus(self):
+        try:
+            # Check privileged operations bus
+            log('D900', {'bus_name': self.bus_name})
+            self.system_bus.get_object(self.bus_name, '/')
+            return
+
+        except dbus.exceptions.DBusException as exc:
+            if exc.get_dbus_name() != 'org.freedesktop.DBus.Error.ServiceUnknown':
+                raise exc
+
+        self.bus_name = self._redhat_bus_name
+        self.interface_name = self._redhat_interface_name
+
+        # Try to check alternative privileged operations bus
+        log('W902', {'origin_bus_name': self._basealt_interface_name, 'bus_name': self.bus_name})
+        self.system_bus.get_object(self.bus_name, '/')

    def run(self):
        if self.username:
            logdata = dict({'username': self.username})
            log('D6', logdata)
+            gpupdate = 'gpupdate' if not Dconf_registry._force else 'gpupdate_force'
            if is_root():
                # oddjobd-gpupdate's ACL allows access to this method
                # only for superuser. This method is called via PAM
                # when user logs in.
                try:
-                    result = self.system_bus.call_blocking(self._bus_name,
+                    result = self.system_bus.call_blocking(self.bus_name,
                        self._object_path,
-                        self._interface_name,
+                        self.interface_name,
                        'gpupdatefor',
-                        (username),
-                        (dbus.String(self.username)),
+                        's',
+                        [self.username],
                        timeout=self._synchronous_timeout)
                    print_dbus_result(result)
                except dbus.exceptions.DBusException as exc:
@ -69,12 +94,12 @@ class dbus_runner:
                    raise exc
            else:
                try:
-                    result = self.system_bus.call_blocking(self._bus_name,
+                    result = self.system_bus.call_blocking(self.bus_name,
                        self._object_path,
-                        self._interface_name,
-                        'gpupdate',
+                        self.interface_name,
+                        gpupdate,
                        None,
-                        (),
+                        [],
                        timeout=self._synchronous_timeout)
                    print_dbus_result(result)
                except dbus.exceptions.DBusException as exc:
@ -83,19 +108,19 @@ class dbus_runner:
                    raise exc
        else:
            log('D11')
+            gpupdate_computer = 'gpupdate_computer' if not Dconf_registry._force else 'gpupdate_computer_force'
            try:
-                result = self.system_bus.call_blocking(self._bus_name,
+                result = self.system_bus.call_blocking(self.bus_name,
                    self._object_path,
-                    self._interface_name,
-                    'gpupdate_computer',
+                    self.interface_name,
+                    gpupdate_computer,
                    None,
                    # The following positional parameter is called "args".
                    # There is no official documentation for it.
-                    (),
+                    [],
                    timeout=self._synchronous_timeout)
                print_dbus_result(result)
            except dbus.exceptions.DBusException as exc:
-                print(exc)
                logdata = dict({'error': str(exc)})
                log('E22', logdata)
                raise exc
@ -146,9 +171,14 @@ def is_oddjobd_gpupdate_accessible():
        oddjobd_state = oddjobd_properties.Get('org.freedesktop.systemd1.Unit', 'ActiveState')

        # Check if oddjobd_gpupdate is accesssible
-        oddjobd_gpupdate = system_bus.get_object('com.redhat.oddjob_gpupdate', '/')
-        oddjobd_upupdate_interface = dbus.Interface(oddjobd_gpupdate, 'com.redhat.oddjob_gpupdate')
-        #oddjobd_upupdate_interface.gpupdate()
+        try:
+            oddjobd_gpupdate = system_bus.get_object('ru.basealt.oddjob_gpupdate', '/')
+            oddjobd_upupdate_interface = dbus.Interface(oddjobd_gpupdate, 'ru.basealt.oddjob_gpupdate')
+        except dbus.exceptions.DBusException as exc:
+            if exc.get_dbus_name() != '.org.freedesktop.DBus.Error.ServiceUnknown':
+                oddjobd_gpupdate = system_bus.get_object('com.redhat.oddjob_gpupdate', '/')
+                oddjobd_upupdate_interface = dbus.Interface(oddjobd_gpupdate, 'com.redhat.oddjob_gpupdate')
+                #oddjobd_upupdate_interface.gpupdate()

        if oddjobd_state == 'active':
            oddjobd_accessible = True
@ -168,5 +198,29 @@ def print_dbus_result(result):
    log('D12', logdata)

    for line in message:
-        print(str(line))
+        if line: print(str(line))

+
+class dbus_session:
+    def __init__(self):
+        try:
+            self.session_bus = dbus.SessionBus()
+            self.session_dbus = self.session_bus.get_object('org.freedesktop.DBus', '/org/freedesktop/DBus')
+            self.session_iface = dbus.Interface(self.session_dbus, 'org.freedesktop.DBus')
+        except dbus.exceptions.DBusException as exc:
+            logdata = dict({'error': str(exc)})
+            log('E31', logdata)
+            raise exc
+
+    def get_connection_pid(self, connection):
+        pid = -1
+        try:
+            pid = self.session_iface.GetConnectionUnixProcessID(connection)
+            log('D57', {"pid": pid})
+        except dbus.exceptions.DBusException as exc:
+            if exc.get_dbus_name() != 'org.freedesktop.DBus.Error.NameHasNoOwner':
+                logdata = dict({'error': str(exc)})
+                log('E32', logdata)
+                raise exc
+            log('D58', {'connection': connection})
+        return int(pid)
--- a/gpoa/util/exceptions.py
+++ b/gpoa/util/exceptions.py
@ -39,3 +39,17 @@ def geterr():

    return traceinfo

+class NotUNCPathError(Exception):
+    def __init__(self, path):
+        self.path = path
+
+    def __str__(self):
+        return self.path
+
+class GetGPOListFail(Exception):
+    def __init__(self, exc):
+        self.exc = exc
+
+    def __str__(self):
+        return self.exc
+
--- a/gpoa/util/gpoa_ini_parsing.py
+++ b/gpoa/util/gpoa_ini_parsing.py
@ -0,0 +1,356 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2023 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from configobj import (ConfigObj, NestingError, Section,
+                        DuplicateError, ParseError, UnreprError,
+                        UnknownType,UnreprError,
+                        BOM_UTF8, DEFAULT_INDENT_TYPE, BOM_LIST,
+                        match_utf8, unrepr)
+import six
+import re
+import sys
+import os
+
+# Michael Foord: fuzzyman AT voidspace DOT org DOT uk
+# Nicola Larosa: nico AT tekNico DOT net
+# Rob Dennis: rdennis AT gmail DOT com
+# Eli Courtwright: eli AT courtwright DOT org
+# This class based on the ConfigObj module, distributed under the BSD-3-Clause license.
+# This class includes modified code from the ConfigObj module mentioned above.
+# The original authors and their contact information are listed in the comments above.
+# For more information about ConfigObj, please visit the main repository:
+# https://github.com/DiffSK/configobj
+
+
+class GpoaConfigObj(ConfigObj):
+
+    _sectionmarker = re.compile(r'''^
+        (\s*)                     # 1: indentation
+        ((?:\[\s*)+)              # 2: section marker open
+        (                         # 3: section name open
+            (?:"\s*\S.*?\s*")|    # at least one non-space with double quotes
+            (?:'\s*\S.*?\s*')|    # at least one non-space with single quotes
+            (?:[^'"\s].*?)        # at least one non-space unquoted
+        )                         # section name close
+        ((?:\s*\])+)              # 4: section marker close
+        (\s*(?:[#;].*)?)?           # 5: optional comment
+        $''',
+        re.VERBOSE)
+
+    _valueexp = re.compile(r'''^
+        (?:
+            (?:
+                (
+                    (?:
+                        (?:
+                            (?:".*?")|              # double quotes
+                            (?:'.*?')|              # single quotes
+                            (?:[^'",\#][^,\#]*?)    # unquoted
+                        )
+                        \s*,\s*                     # comma
+                    )*      # match all list items ending in a comma (if any)
+                )
+                (
+                    (?:".*?")|                      # double quotes
+                    (?:'.*?')|                      # single quotes
+                    (?:[^'",\#\s][^,]*?)|           # unquoted
+                    (?:(?<!,))                      # Empty value
+                )?          # last item in a list - or string value
+            )|
+            (,)             # alternatively a single comma - empty list
+        )
+        (\s*(?:[#;].*)?)?     # optional comment
+        $''',
+        re.VERBOSE)
+
+    COMMENT_MARKERS = ['#', ';']
+
+    def _handle_comment(self, comment):
+        """Deal with a comment."""
+        if not comment:
+            return ''
+        start = self.indent_type
+        if not comment.lstrip().startswith(tuple(self.COMMENT_MARKERS)):
+            start += ' # '
+        return start + comment.strip()
+
+    def _parse(self, infile):
+        """Actually parse the config file."""
+        temp_list_values = self.list_values
+        if self.unrepr:
+            self.list_values = False
+
+        comment_list = []
+        done_start = False
+        this_section = self
+        maxline = len(infile) - 1
+        cur_index = -1
+        reset_comment = False
+        comment_markers = tuple(self.COMMENT_MARKERS)
+
+        while cur_index < maxline:
+            if reset_comment:
+                comment_list = []
+            cur_index += 1
+            line = infile[cur_index]
+            sline = line.strip()
+            # do we have anything on the line ?
+            if not sline or sline.startswith(comment_markers):
+                reset_comment = False
+                comment_list.append(line)
+                continue
+
+            if not done_start:
+                # preserve initial comment
+                self.initial_comment = comment_list
+                comment_list = []
+                done_start = True
+
+            reset_comment = True
+            # first we check if it's a section marker
+            mat = self._sectionmarker.match(line)
+            if mat is not None:
+                # is a section line
+                (indent, sect_open, sect_name, sect_close, comment) = mat.groups()
+                if indent and (self.indent_type is None):
+                    self.indent_type = indent
+                cur_depth = sect_open.count('[')
+                if cur_depth != sect_close.count(']'):
+                    self._handle_error("Cannot compute the section depth",
+                                       NestingError, infile, cur_index)
+                    continue
+
+                if cur_depth < this_section.depth:
+                    # the new section is dropping back to a previous level
+                    try:
+                        parent = self._match_depth(this_section,
+                                                   cur_depth).parent
+                    except SyntaxError:
+                        self._handle_error("Cannot compute nesting level",
+                                           NestingError, infile, cur_index)
+                        continue
+                elif cur_depth == this_section.depth:
+                    # the new section is a sibling of the current section
+                    parent = this_section.parent
+                elif cur_depth == this_section.depth + 1:
+                    # the new section is a child the current section
+                    parent = this_section
+                else:
+                    self._handle_error("Section too nested",
+                                       NestingError, infile, cur_index)
+                    continue
+
+                sect_name = self._unquote(sect_name)
+                if sect_name in parent:
+                    self._handle_error('Duplicate section name',
+                                       DuplicateError, infile, cur_index)
+                    continue
+
+                # create the new section
+                this_section = Section(
+                    parent,
+                    cur_depth,
+                    self,
+                    name=sect_name)
+                parent[sect_name] = this_section
+                parent.inline_comments[sect_name] = comment
+                parent.comments[sect_name] = comment_list
+                continue
+            #
+            # it's not a section marker,
+            # so it should be a valid ``key = value`` line
+            mat = self._keyword.match(line)
+            if mat is None:
+                self._handle_error(
+                    'Invalid line ({!r}) (matched as neither section nor keyword)'.format(line),
+                    ParseError, infile, cur_index)
+            else:
+                # is a keyword value
+                # value will include any inline comment
+                (indent, key, value) = mat.groups()
+                if indent and (self.indent_type is None):
+                    self.indent_type = indent
+                # check for a multiline value
+                if value[:3] in ['"""', "'''"]:
+                    try:
+                        value, comment, cur_index = self._multiline(
+                            value, infile, cur_index, maxline)
+                    except SyntaxError:
+                        self._handle_error(
+                            'Parse error in multiline value',
+                            ParseError, infile, cur_index)
+                        continue
+                    else:
+                        if self.unrepr:
+                            comment = ''
+                            try:
+                                value = unrepr(value)
+                            except Exception as cause:
+                                if isinstance(cause, UnknownType):
+                                    msg = 'Unknown name or type in value'
+                                else:
+                                    msg = 'Parse error from unrepr-ing multiline value'
+                                self._handle_error(msg, UnreprError, infile, cur_index)
+                                continue
+                else:
+                    if self.unrepr:
+                        comment = ''
+                        try:
+                            value = unrepr(value)
+                        except Exception as cause:
+                            if isinstance(cause, UnknownType):
+                                msg = 'Unknown name or type in value'
+                            else:
+                                msg = 'Parse error from unrepr-ing value'
+                            self._handle_error(msg, UnreprError, infile, cur_index)
+                            continue
+                    else:
+                        # extract comment and lists
+                        try:
+                            (value, comment) = self._handle_value(value)
+                        except SyntaxError:
+                            self._handle_error(
+                                'Parse error in value',
+                                ParseError, infile, cur_index)
+                            continue
+                #
+                key = self._unquote(key)
+                if key in this_section:
+                    self._handle_error(
+                        'Duplicate keyword name',
+                        DuplicateError, infile, cur_index)
+                    continue
+                # add the key.
+                # we set unrepr because if we have got this far we will never
+                # be creating a new section
+                this_section.__setitem__(key, value, unrepr=True)
+                this_section.inline_comments[key] = comment
+                this_section.comments[key] = comment_list
+                continue
+        #
+        if self.indent_type is None:
+            # no indentation used, set the type accordingly
+            self.indent_type = ''
+
+        # preserve the final comment
+        if not self and not self.initial_comment:
+            self.initial_comment = comment_list
+        elif not reset_comment:
+            self.final_comment = comment_list
+        self.list_values = temp_list_values
+
+
+    def write(self, outfile=None, section=None):
+        if self.indent_type is None:
+            # this can be true if initialised from a dictionary
+            self.indent_type = DEFAULT_INDENT_TYPE
+
+        out = []
+        comment_markers = tuple(self.COMMENT_MARKERS)
+        comment_marker_default = comment_markers[0] + ' '
+        if section is None:
+            int_val = self.interpolation
+            self.interpolation = False
+            section = self
+            for line in self.initial_comment:
+                line = self._decode_element(line)
+                stripped_line = line.strip()
+                if stripped_line and not stripped_line.startswith(comment_markers):
+                    line = comment_marker_default + line
+                out.append(line)
+
+        indent_string = self.indent_type * section.depth
+        for entry in (section.scalars + section.sections):
+            if entry in section.defaults:
+                # don't write out default values
+                continue
+            for comment_line in section.comments[entry]:
+                comment_line = self._decode_element(comment_line.lstrip())
+                if comment_line and not comment_line.startswith(comment_markers):
+                    comment_line = comment_marker_default + comment_line
+                out.append(indent_string + comment_line)
+            this_entry = section[entry]
+            comment = self._handle_comment(section.inline_comments[entry])
+
+            if isinstance(this_entry, Section):
+                # a section
+                out.append(self._write_marker(
+                    indent_string,
+                    this_entry.depth,
+                    entry,
+                    comment))
+                out.extend(self.write(section=this_entry))
+            else:
+                out.append(self._write_line(
+                    indent_string,
+                    entry,
+                    this_entry,
+                    comment))
+
+        if section is self:
+            for line in self.final_comment:
+                line = self._decode_element(line)
+                stripped_line = line.strip()
+                if stripped_line and not stripped_line.startswith(comment_markers):
+                    line = comment_marker_default + line
+                out.append(line)
+            self.interpolation = int_val
+
+        if section is not self:
+            return out
+
+        if (self.filename is None) and (outfile is None):
+            # output a list of lines
+            # might need to encode
+            # NOTE: This will *screw* UTF16, each line will start with the BOM
+            if self.encoding:
+                out = [l.encode(self.encoding) for l in out]
+            if (self.BOM and ((self.encoding is None) or
+                (BOM_LIST.get(self.encoding.lower()) == 'utf_8'))):
+                # Add the UTF8 BOM
+                if not out:
+                    out.append('')
+                out[0] = BOM_UTF8 + out[0]
+            return out
+
+        # Turn the list to a string, joined with correct newlines
+        newline = self.newlines or os.linesep
+        if (getattr(outfile, 'mode', None) is not None and outfile.mode == 'w'
+            and sys.platform == 'win32' and newline == '\r\n'):
+            # Windows specific hack to avoid writing '\r\r\n'
+            newline = '\n'
+        output = newline.join(out)
+        if not output.endswith(newline):
+            output += newline
+
+        if isinstance(output, six.binary_type):
+            output_bytes = output
+        else:
+            output_bytes = output.encode(self.encoding or
+                                         self.default_encoding or
+                                         'ascii')
+
+        if self.BOM and ((self.encoding is None) or match_utf8(self.encoding)):
+            # Add the UTF8 BOM
+            output_bytes = BOM_UTF8 + output_bytes
+
+        if outfile is not None:
+            outfile.write(output_bytes)
+        else:
+            with open(self.filename, 'wb') as h:
+                h.write(output_bytes)
--- a/gpoa/util/kerberos.py
+++ b/gpoa/util/kerberos.py
@ -21,15 +21,19 @@ import subprocess

 from .util import get_machine_name
 from .logging import log
+from .samba import smbopts


 def machine_kinit(cache_name=None):
    '''
    Perform kinit with machine credentials
    '''
+    opts = smbopts()
    host = get_machine_name()
+    realm = opts.get_realm()
+    with_realm = '{}@{}'.format(host, realm)
    os.environ['KRB5CCNAME'] = 'FILE:{}'.format(cache_name)
-    kinit_cmd = ['kinit', '-k', host]
+    kinit_cmd = ['kinit', '-k', with_realm]
    if cache_name:
        kinit_cmd.extend(['-c', cache_name])
    proc = subprocess.Popen(kinit_cmd)
@ -55,8 +59,9 @@ def machine_kdestroy(cache_name=None):
    if cache_name:
        kdestroy_cmd.extend(['-c', cache_name])

-    proc = subprocess.Popen(kdestroy_cmd, stderr=subprocess.DEVNULL)
-    proc.wait()
+    if cache_name or 'KRB5CCNAME' in os.environ:
+        proc = subprocess.Popen(kdestroy_cmd, stderr=subprocess.DEVNULL)
+        proc.wait()

    if cache_name and os.path.exists(cache_name):
        os.unlink(cache_name)
--- a/gpoa/util/logging.py
+++ b/gpoa/util/logging.py
@ -49,16 +49,8 @@ class slogm(object):
    def __str__(self):
        now = str(datetime.datetime.now().isoformat(sep=' ', timespec='milliseconds'))
        args = dict()
-        #args.update(dict({'timestamp': now, 'message': str(self.message)}))
        args.update(self.kwargs)
-
-        kwa = dict()
-        try:
-            kwa = encoder().encode(args)
-        except Exception as exc:
-            pass
-
-        result = '{}|{}|{}'.format(now, self.message, kwa)
+        result = '{}|{}|{}'.format(now, self.message, args)

        return result

--- a/gpoa/util/paths.py
+++ b/gpoa/util/paths.py
@ -1,7 +1,8 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd. <org@basealt.ru>
+# Copyright (C) 2019-2021 Igor Chudov <nir@nir.org.ru>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -18,25 +19,39 @@

 import pathlib
 import os
+from pathlib import Path
+from urllib.parse import urlparse
+from util.util import get_homedir

 from .config import GPConfig
+from .exceptions import NotUNCPathError


-def default_policy_path():
+def get_custom_policy_dir():
    '''
-    Returns path pointing to Default Policy directory.
+    Returns path pointing to Custom Policy directory.
    '''
-    local_policy_default = '/usr/share/local-policy/default'
+    return '/etc/local-policy'
+
+def local_policy_path(default_template_name="default"):
+    '''
+    Returns path pointing to Local Policy template directory.
+    '''
+    local_policy_dir = '/usr/share/local-policy'
+
    config = GPConfig()
+    local_policy_template = config.get_local_policy_template()
+    local_policy_template_path = os.path.join(local_policy_dir, local_policy_template)
+    local_policy_default = os.path.join(local_policy_dir, default_template_name)

    result_path = pathlib.Path(local_policy_default)
-
-    if os.path.exists(config.get_local_policy_template()):
-        result_path = pathlib.Path(config.get_local_policy_template())
+    if os.path.exists(local_policy_template):
+        result_path = pathlib.Path(local_policy_template)
+    elif os.path.exists(local_policy_template_path):
+        result_path = pathlib.Path(local_policy_template_path)

    return pathlib.Path(result_path)

-
 def cache_dir():
    '''
    Returns path pointing to gpupdate's cache directory
@ -48,6 +63,23 @@ def cache_dir():

    return cachedir

+def file_cache_dir():
+    '''
+    Returns path pointing to gpupdate's cache directory
+    '''
+    cachedir = pathlib.Path('/var/cache/gpupdate_file_cache')
+    if not cachedir.exists():
+        cachedir.mkdir(parents=True, exist_ok=True)
+
+    return cachedir
+
+def file_cache_path_home(username) -> str:
+    '''
+    Returns the path pointing to the gpupdate cache directory in the /home directory.
+    '''
+    cachedir = f'{get_homedir(username)}/.cache/gpupdate'
+
+    return cachedir

 def local_policy_cache():
    '''
@ -61,3 +93,62 @@ def local_policy_cache():

    return lpcache

+
+def get_dconf_config_path(uid = None):
+    if uid:
+        return f'/etc/dconf/db/policy{uid}.d/'
+    else:
+        return '/etc/dconf/db/policy.d/'
+
+def get_dconf_config_file(uid = None):
+    if uid:
+        return f'/etc/dconf/db/policy{uid}.d/policy{uid}.ini'
+    else:
+        return '/etc/dconf/db/policy.d/policy.ini'
+
+def get_desktop_files_directory():
+    return '/usr/share/applications'
+
+class UNCPath:
+    def __init__(self, path):
+        self.path = path
+        self.type = None
+        if self.path.startswith(r'smb://'):
+            self.type = 'uri'
+        if self.path.startswith(r'\\') or self.path.startswith(r'//'):
+            self.type = 'unc'
+        if not self.type:
+            raise NotUNCPathError(path)
+
+    def get_uri(self):
+        path = self.path
+        if self.type == 'unc':
+            path = self.path.replace('\\\\', '/')
+            path = path.replace('//', 'smb://')
+        else:
+            pass
+
+        return path
+
+    def get_unc(self):
+        path = self.path
+        if self.type == 'uri':
+            path = self.path.replace('//', '\\\\')
+            path = path.replace('smb:\\\\', '\\\\')
+            path = path.replace('/', '\\')
+        else:
+            pass
+
+        return path
+
+    def get_domain(self):
+        schema_struct = urlparse(self.get_uri())
+        return schema_struct.netloc
+
+    def get_path(self):
+        schema_struct = urlparse(self.get_uri())
+        return schema_struct.path
+
+    def __str__(self):
+        return self.get_uri()
+
--- a/gpoa/util/preg.py
+++ b/gpoa/util/preg.py
@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@ -18,7 +18,7 @@


 from xml.etree import ElementTree
-from storage import registry_factory
+from storage.dconf_registry import load_preg_dconf

 from samba.gp_parse.gp_pol import GPPolParser

@ -80,16 +80,15 @@ def preg_keymap(preg):
    return keymap


-def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None, policy_name='Unknown'):
+def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None, policy_name='Unknown', username='Machine', gpo_info=None):
    pregfile = load_preg(preg)
+    if sid is None and username == 'Machine':
+        load_preg_dconf(pregfile, preg, policy_name, None, gpo_info)
+    else:
+        load_preg_dconf(pregfile, preg, policy_name, username, gpo_info)
    logdata = dict({'pregfile': preg})
    log('D32', logdata)
-    storage = registry_factory(reg_name, reg_path)
-    for entry in pregfile.entries:
-        if not sid:
-            storage.add_hklm_entry(entry, policy_name)
-        else:
-            storage.add_hkcu_entry(entry, sid, policy_name)
+


 class entry:
--- a/gpoa/util/samba.py
+++ b/gpoa/util/samba.py
@ -18,6 +18,7 @@


 import optparse
+import socket
 from samba import getopt as options


@ -28,11 +29,32 @@ class smbopts:
        self.sambaopts = options.SambaOptions(self.parser)
        self.lp = self.sambaopts.get_loadparm()

+    def get_realm(self):
+        '''
+        Get the default realm specified in smb.conf file.
+        '''
+        return self._get_prop('realm')
+
    def get_cache_dir(self):
        return self._get_prop('cache directory')

    def get_server_role(self):
        return self._get_prop('server role')

+    def get_machine_name(self):
+        '''
+        Get localhost name looking like DC0$
+        '''
+        nb_name = self.get_netbios_name()
+        result = nb_name + "$"
+
+        if result == '':
+            result = socket.gethostname().split('.', 1)[0].upper() + "$"
+
+        return result
+
+    def get_netbios_name(self):
+        return self._get_prop('netbios name')
+
    def _get_prop(self, property_name):
        return self.lp.get(property_name)
--- a/Show More
+++ b/Show More