Cleaned code not needed for samba backend manual machine_kinit

0.13.3-alt1
- Fixed machine account credentials initialization (closes: 55324)
2025-10-15 07:33:26 +03:00 · 2025-07-26 04:14:13 +04:00 · 2025-07-26 01:10:09 +04:00 · 2025-07-26 01:08:00 +04:00 · 2025-04-03 10:52:48 +04:00 · 2025-04-03 10:47:26 +04:00
74 changed files with 2215 additions and 1638 deletions
--- a/completions/gpoa
+++ b/completions/gpoa
@@ -13,7 +13,7 @@ _gpoa()
            return
            ;;
        *)
-            COMPREPLY=($(compgen -W '--dc --nodomain --noupdate --noplugins --list-backends --loglevel --help' -- "$cur"))
+            COMPREPLY=($(compgen -W '--dc --nodomain --noupdate --noplugins --list-backends --loglevel --help --force' -- "$cur"))
            return
            ;;
    esac
--- a/completions/gpupdate
+++ b/completions/gpupdate
@@ -17,7 +17,7 @@ _gpupdate()
            return
            ;;
        *)
-            COMPREPLY=($(compgen -W '--user --target --loglevel --system --help' -- "$cur"))
+            COMPREPLY=($(compgen -W '--user --target --loglevel --system --help --force' -- "$cur"))
            return
            ;;
    esac
--- a/doc/gpoa.1
+++ b/doc/gpoa.1
@@ -45,6 +45,9 @@ Don't run plugins.
 .TP
 \fB--loglevel \fILOGLEVEL\fP
 Set logging verbosity from 0 to 5.
+.TP
+\fB--force\fP
+Force GPT download.
 .
 .SH FILES
 \fB/usr/sbin/gpoa\fR utility uses \fB/usr/share/local-policy/default\fR
@@ -55,8 +58,10 @@ All data is located in \fB/var/cache/gpupdate\fR. Also domain GPTs are
 taken from Samba's \fB/var/cache/samba\fR.
 .
 The settings read from Samba are stored in
-\fB/var/cache/gpupdate/registry.sqlite\fR and "Local Policy" settings
-read from \fB/usr/local/share/local-policy/default\fR are converted
+Dconf. Machine policies are stored in the \fB/etc/dconf/db/policy.d/policy.ini\fR file,
+user policies are stored in the \fB/etc/dconf/db/policy<UID>.d/policy<UID>.ini\fR file
+(where UID is the user ID in the system)."Local Policy" settings
+read from \fB/usr/share/local-policy/\fR are converted
 into GPT and stored as \fB/var/cache/gpupdate/local-policy\fR.
 .SH "SEE ALSO"
 gpupdate(1)
--- a/doc/gpupdate.1
+++ b/doc/gpupdate.1
@@ -43,6 +43,9 @@ Show help.
 .TP
 \fB--user \fIusername\fR
 Run \fBgpupdate\fP for \fIusername\fP.
+.TP
+\fB--force\fP
+Force GPT download.
 .
 .SS "EXIT CODES"
 .TP
--- a/gpoa/backend/init.py
+++ b/gpoa/backend/init.py
@@ -23,8 +23,8 @@ from .nodomain_backend import nodomain_backend
 from util.logging import log
 from util.config import GPConfig
 from util.util import get_uid_by_username, touch_file
-from util.paths import get_dconf_config_path
-from storage.dconf_registry import Dconf_registry, create_dconf_ini_file
+from util.paths import get_dconf_config_file
+from storage.dconf_registry import Dconf_registry, create_dconf_ini_file, add_preferences_to_global_registry_dict

 def backend_factory(dc, username, is_machine, no_domain = False):
    '''
@@ -62,12 +62,14 @@ def backend_factory(dc, username, is_machine, no_domain = False):

    return back

-def save_dconf(username, is_machine):
+def save_dconf(username, is_machine, nodomain=None):
    if is_machine:
        uid = None
    else:
        uid = get_uid_by_username(username) if not is_machine else None
-    target_file = get_dconf_config_path(uid)
+    target_file = get_dconf_config_file(uid)
    touch_file(target_file)
    Dconf_registry.apply_template(uid)
-    create_dconf_ini_file(target_file,Dconf_registry.global_registry_dict)
+    add_preferences_to_global_registry_dict(username, is_machine)
+    Dconf_registry.update_dict_to_previous()
+    create_dconf_ini_file(target_file,Dconf_registry.global_registry_dict, uid, nodomain)
--- a/gpoa/backend/nodomain_backend.py
+++ b/gpoa/backend/nodomain_backend.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,18 +16,14 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-import logging
-import os

 from .applier_backend import applier_backend
 from storage import registry_factory
-from gpt.gpt import gpt, get_local_gpt
+from gpt.gpt import get_local_gpt
 from util.util import (
    get_machine_name
 )
 from util.sid import get_sid
-import util.preg
-from util.logging import slogm

 class nodomain_backend(applier_backend):

--- a/gpoa/backend/samba_backend.py
+++ b/gpoa/backend/samba_backend.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -26,16 +26,11 @@ except ImportError:
 from .applier_backend import applier_backend
 from storage import registry_factory
 from gpt.gpt import gpt, get_local_gpt
+from gpt.gpo_dconf_mapping import GpoInfoDconf
 from util.util import (
-    get_machine_name,
-    is_machine_name
-)
-from util.kerberos import (
-      machine_kinit
-    , machine_kdestroy
+    get_machine_name
 )
 from util.sid import get_sid
-import util.preg
 from util.logging import log

 class samba_backend(applier_backend):
@@ -43,10 +38,6 @@ class samba_backend(applier_backend):
    __user_policy_mode_key_win = '/Software/Policies/Microsoft/Windows/System/UserPolicyMode'

    def __init__(self, sambacreds, username, domain, is_machine):
-        self.cache_path = '/var/cache/gpupdate/creds/krb5cc_{}'.format(os.getpid())
-        self.__kinit_successful = machine_kinit(self.cache_path)
-        if not self.__kinit_successful:
-            raise Exception('kinit is not successful')
        self.storage = registry_factory()
        self.storage.set_info('domain', domain)
        machine_name = get_machine_name()
@@ -66,12 +57,14 @@ class samba_backend(applier_backend):
        self.sambacreds = sambacreds

        self.cache_dir = self.sambacreds.get_cache_dir()
+        self.gpo_cache_part ='gpo_cache'
+        self._cached = False
+        self.storage.set_info('cache_dir', os.path.join(self.cache_dir, self.gpo_cache_part))
        logdata = dict({'cachedir': self.cache_dir})
        log('D7', logdata)

    def __del__(self):
-        if self.__kinit_successful:
-            machine_kdestroy()
+        pass

    def get_policy_mode(self):
        '''
@@ -104,8 +97,6 @@ class samba_backend(applier_backend):
            raise exc

        if self._is_machine_username:
-            self.storage.wipe_hklm()
-            self.storage.wipe_user(self.storage.get_info('machine_sid'))
            for gptobj in machine_gpts:
                try:
                    gptobj.merge_machine()
@@ -123,7 +114,6 @@ class samba_backend(applier_backend):
            except Exception as exc:
                log('F3')
                raise exc
-            self.storage.wipe_user(self.sid)

            # Merge user settings if UserPolicyMode set accordingly
            # and user settings (for HKCU) are exist.
@@ -154,10 +144,15 @@ class samba_backend(applier_backend):
        '''
        Check if there is SYSVOL path for GPO assigned
        '''
+        self._cached = False
        if not gpo.file_sys_path:
            # GPO named "Local Policy" has no entry by its nature so
            # no reason to print warning.
-            if 'Local Policy' != gpo.name:
+            if gpo.display_name in self.storage._dict_gpo_name_version_cache.keys():
+                gpo.file_sys_path = self.storage._dict_gpo_name_version_cache.get(gpo.display_name, {}).get('correct_path')
+                self._cached = True
+                return True
+            elif 'Local Policy' != gpo.name:
                logdata = dict({'gponame': gpo.name})
                log('W4', logdata)
            return False
@@ -172,20 +167,18 @@ class samba_backend(applier_backend):
        log('D46')
        for gpo in gpos:
            if self._check_sysvol_present(gpo):
-                path = check_safe_path(gpo.file_sys_path).upper()
-                slogdata = dict({'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path})
-                log('D30', slogdata)
-                gpt_abspath = os.path.join(self.cache_dir, 'gpo_cache', path)
-                gpo_version=None
-                try:
-                    gpo_version=gpo.version
-                except:
-                    log('D210')
-
-                if self._is_machine_username:
-                    obj = gpt(gpt_abspath, sid, None, version=gpo_version)
+                if not self._cached:
+                    path = check_safe_path(gpo.file_sys_path).upper()
+                    slogdata = dict({'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name, 'gpo_path': path})
+                    log('D30', slogdata)
+                    gpt_abspath = os.path.join(self.cache_dir, self.gpo_cache_part, path)
                else:
-                    obj = gpt(gpt_abspath, sid, self.username, version=gpo_version)
+                    gpt_abspath = gpo.file_sys_path
+                    log('D211', {'sysvol_path': gpo.file_sys_path, 'gpo_name': gpo.display_name})
+                if self._is_machine_username:
+                    obj = gpt(gpt_abspath, sid, None, GpoInfoDconf(gpo))
+                else:
+                    obj = gpt(gpt_abspath, sid, self.username, GpoInfoDconf(gpo))
                obj.set_name(gpo.display_name)
                gpts.append(obj)
            else:
--- a/gpoa/frontend/applier_frontend.py
+++ b/gpoa/frontend/applier_frontend.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,7 +18,6 @@

 from abc import ABC

-from util.logging import log

 def check_experimental_enabled(storage):
    experimental_enable_flag = '/Software/BaseALT/Policies/GPUpdate/GlobalExperimental'
@@ -49,7 +48,7 @@ def check_module_enabled(storage, module_name):

    result = None
    flag = str(flag)
-    if flag:
+    if flag and flag!='None':
        if '1' == flag:
            result =  True
        else:
--- a/gpoa/frontend/appliers/control.py
+++ b/gpoa/frontend/appliers/control.py
@@ -17,9 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import subprocess
-import threading
-import logging
-from util.logging import slogm, log
+from util.logging import log

 def control_subst(preg_name):
    '''
@@ -101,14 +99,14 @@ class control:
            if status == None:
                logdata = dict()
                logdata['control'] = self.control_name
-                logdata['inpossible values'] = self.self.control_value
+                logdata['inpossible values'] = self.control_value
                log('E42', logdata)
                return
        elif type(self.control_value) == str:
            if self.control_value not in self.possible_values:
                logdata = dict()
                logdata['control'] = self.control_name
-                logdata['inpossible values'] = self.self.control_value
+                logdata['inpossible values'] = self.control_value
                log('E59', logdata)
                return
            status = self.control_value
--- a/gpoa/frontend/appliers/envvar.py
+++ b/gpoa/frontend/appliers/envvar.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,27 +17,40 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 from os.path import isfile
-from util.logging import slogm
-import logging

-from gpt.envvars import (
+from util.arguments import (
      FileAction
    , action_letter2enum
 )
 from util.windows import expand_windows_var
-from util.util import (
-        get_homedir,
-        homedir_exists
-)
+from util.util import get_homedir
+from util.logging import log

 class Envvar:
+    __envvar_file_path = '/etc/gpupdate/environment'
+    __envvar_file_path_user = '/.gpupdate_environment'
+
    def __init__(self, envvars, username=''):
        self.username = username
        self.envvars = envvars
        if self.username == 'root':
-            self.envvar_file_path = '/etc/gpupdate/environment'
+            self.envvar_file_path = Envvar.__envvar_file_path
        else:
-            self.envvar_file_path = get_homedir(self.username) + '/.gpupdate_environment'
+            self.envvar_file_path = get_homedir(self.username) + Envvar.__envvar_file_path_user
+
+    @staticmethod
+    def clear_envvar_file(username = False):
+        if username:
+            file_path = get_homedir(username) + Envvar.__envvar_file_path_user
+        else:
+            file_path = Envvar.__envvar_file_path
+
+        try:
+            with open(file_path, 'w') as file:
+                file.write('')
+            log('D215', {'path':file_path})
+        except Exception as exc:
+            log('D216', {'path': file_path, 'exc': exc})

    def _open_envvar_file(self):
        fd = None
--- a/gpoa/frontend/appliers/file_cp.py
+++ b/gpoa/frontend/appliers/file_cp.py
@@ -17,7 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.


-from gpt.folders import (
+from util.arguments import (
      FileAction
    , action_letter2enum
 )
--- a/gpoa/frontend/appliers/folder.py
+++ b/gpoa/frontend/appliers/folder.py
@@ -20,7 +20,7 @@
 from pathlib import Path


-from gpt.folders import (
+from util.arguments import (
      FileAction
    , action_letter2enum
 )
--- a/gpoa/frontend/appliers/gsettings.py
+++ b/gpoa/frontend/appliers/gsettings.py
@@ -18,10 +18,9 @@

 import configparser
 import os
-import logging
 from gi.repository import Gio, GLib

-from util.logging import slogm, log
+from util.logging import log

 class system_gsetting:
    def __init__(self, schema, path, value, lock, helper_function=None):
--- a/gpoa/frontend/appliers/ini_file.py
+++ b/gpoa/frontend/appliers/ini_file.py
@@ -18,7 +18,7 @@



-from gpt.folders import (
+from util.arguments import (
      FileAction
    , action_letter2enum
 )
--- a/gpoa/frontend/appliers/netshare.py
+++ b/gpoa/frontend/appliers/netshare.py
@@ -18,7 +18,7 @@

 import subprocess

-from gpt.folders import (
+from util.arguments import (
      FileAction
    , action_letter2enum
 )
--- a/gpoa/frontend/appliers/systemd.py
+++ b/gpoa/frontend/appliers/systemd.py
@@ -17,9 +17,8 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import dbus
-import logging

-from util.logging import slogm, log
+from util.logging import log

 class systemd_unit:
    def __init__(self, unit_name, state):
@@ -38,6 +37,9 @@ class systemd_unit:
        if self.desired_state == 1:
            self.manager.UnmaskUnitFiles([self.unit_name], dbus.Boolean(False))
            self.manager.EnableUnitFiles([self.unit_name], dbus.Boolean(False), dbus.Boolean(True))
+            if self.unit_name == 'gpupdate.service':
+                if self.manager.GetUnitFileState(dbus.String(self.unit_name)) == 'enabled':
+                    return
            self.manager.StartUnit(self.unit_name, 'replace')
            logdata = dict()
            logdata['unit'] = self.unit_name
--- a/gpoa/frontend/chromium_applier.py
+++ b/gpoa/frontend/chromium_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -39,8 +39,7 @@ class chromium_applier(applier_frontend):
        self.sid = sid
        self.username = username
        self._is_machine_name = is_machine_name(self.username)
-        chromium_filter = '{}%'.format(self.__registry_branch)
-        self.chromium_keys = self.storage.filter_hklm_entries(chromium_filter)
+        self.chromium_keys = self.storage.filter_hklm_entries(self.__registry_branch)

        self.policies_json = dict()

@@ -122,6 +121,11 @@ class chromium_applier(applier_frontend):
                            'ProxyServerMode',
                            'ExtensionManifestV2Availability',
                            'ExtensionUnpublishedAvailability',
+                            'CreateThemesSettings',
+                            'DevToolsGenAiSettings',
+                            'GenAILocalFoundationalModelSettings',
+                            'HelpMeWriteSettings',
+                            'TabOrganizerSettings',
                            'BrowserSwitcherParsingMode',
                            'CloudAPAuthEnabled',
                            'AdsSettingForIntrusiveAdsSites',
@@ -135,10 +139,14 @@ class chromium_applier(applier_frontend):
                            'HeadlessMode',
                            'IncognitoModeAvailability',
                            'IntranetRedirectBehavior',
+                            'LensOverlaySettings',
+                            'MemorySaverModeSavings',
                            'NetworkPredictionOptions',
                            'ProfilePickerOnStartupAvailability',
+                            'ProfileReauthPrompt',
                            'RelaunchNotification',
                            'SafeSitesFilterBehavior',
+                            'ToolbarAvatarLabelSettings',
                            'UserAgentReduction',
                            'BatterySaverModeAvailability_recommended',
                            'DownloadRestrictions_recommended',
--- a/gpoa/frontend/cifs_applier.py
+++ b/gpoa/frontend/cifs_applier.py
@@ -18,6 +18,7 @@

 import jinja2
 import os
+import pwd
 import subprocess
 from pathlib import Path
 import string
@@ -26,7 +27,7 @@ from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
-from util.util import get_homedir
+from util.util import get_homedir, get_uid_by_username
 from util.logging import log

 def storage_get_drives(storage, sid):
@@ -124,14 +125,28 @@ class cifs_applier(applier_frontend):
    __module_name = 'CIFSApplier'
    __module_enabled = True
    __module_experimental = False
+    __dir4clean = '/etc/auto.master.gpupdate.d'

    def __init__(self, storage, sid):
+        self.clear_directory_auto_dir()
        self.applier_cifs = cifs_applier_user(storage, sid, None)
        self.__module_enabled = check_enabled(
              storage
            , self.__module_name
            , self.__module_experimental
        )
+    def clear_directory_auto_dir(self):
+        path = Path(self.__dir4clean)
+        if not path.exists():
+            return
+
+        for item in path.iterdir():
+            try:
+                if item.is_file() or item.is_symlink():
+                    item.unlink()
+            except Exception as exc:
+                log('W37', {'exc': exc})
+        log('D231')

    def apply(self):
        if self.__module_enabled:
@@ -152,12 +167,25 @@ class cifs_applier_user(applier_frontend):
    __template_auto = 'autofs_auto.j2'
    __template_mountpoints_hide = 'autofs_mountpoints_hide.j2'
    __template_auto_hide = 'autofs_auto_hide.j2'
-    __enable_home_link = 'Software\\BaseALT\\Policies\\GPUpdate\\DriveMapsHome'
-    __enable_home_link_user = 'Software\\BaseALT\\Policies\\GPUpdate\\DriveMapsHomeUser'
+    __enable_home_link = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHome'
+    __enable_home_link_user = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHomeUser'
+    __name_dir = '/Software/BaseALT/Policies/GPUpdate'
+    __name_link_prefix = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHomeDisableNet'
+    __name_link_prefix_user = '/Software/BaseALT/Policies/GPUpdate/DriveMapsHomeDisableNetUser'
+    __key_link_prefix = 'DriveMapsHomeDisableNet'
+    __key_link_prefix_user = 'DriveMapsHomeDisableNetUser'
+    __timeout_user_key = '/Software/BaseALT/Policies/GPUpdate/TimeoutAutofsUser'
+    __timeout_key = '/Software/BaseALT/Policies/GPUpdate/TimeoutAutofs'
+    __cifsacl_key = '/Software/BaseALT/Policies/GPUpdate/CifsaclDisable'
    __target_mountpoint = '/media/gpupdate'
    __target_mountpoint_user = '/run/media'
    __mountpoint_dirname = 'drives.system'
    __mountpoint_dirname_user = 'drives'
+    __key_cifs_previous_value = 'Previous/Software/BaseALT/Policies/GPUpdate'
+    __key_preferences = 'Software/BaseALT/Policies/Preferences/'
+    __key_preferences_previous = 'Previous/Software/BaseALT/Policies/Preferences/'
+    __name_value = 'DriveMapsName'
+    __name_value_user = 'DriveMapsNameUser'

    def __init__(self, storage, sid, username):
        self.storage = storage
@@ -165,14 +193,44 @@ class cifs_applier_user(applier_frontend):
        self.username = username
        self.state_home_link = False
        self.state_home_link_user = False
+        self.dict_registry_machine = self.storage.get_dictionary_from_dconf_file_db()
+        self.homedir = ''
+        name_dir = self.__name_dir[1:]

        if username:
+            self.dict_registry_user = self.storage.get_dictionary_from_dconf_file_db(get_uid_by_username(username))
            self.home = self.__target_mountpoint_user + '/' + username
-            self.state_home_link = self.check_enable_home_link(self.__enable_home_link)
-            self.state_home_link_user = self.check_enable_home_link(self.__enable_home_link_user)
+            self.state_home_link = self.storage.check_enable_key(self.__enable_home_link)
+            self.state_home_link_disable_net = self.storage.check_enable_key(self.__name_link_prefix)
+            self.state_home_link_disable_net_user = self.storage.check_enable_key(self.__name_link_prefix_user)
+
+            self.state_home_link_user = self.storage.check_enable_key(self.__enable_home_link_user)
+            self.timeout = self.storage.get_entry(self.__timeout_user_key)
+            dirname = self.storage.get_entry(self.__name_dir + '/' + self.__name_value_user)
+            dirname_system_from_machine = self.dict_registry_machine.get(name_dir, dict()).get(self.__name_value, None)
+            self.__mountpoint_dirname_user = dirname.data if dirname and dirname.data else self.__mountpoint_dirname_user
+            self.__mountpoint_dirname = dirname_system_from_machine if dirname_system_from_machine else self.__mountpoint_dirname
+            mntTarget = self.__mountpoint_dirname_user
+
+            self.keys_cifs_previous_values_user = self.dict_registry_user.get(self.__key_cifs_previous_value,dict())
+            self.keys_cifs_values_user = self.dict_registry_user.get(name_dir,dict())
+            self.keys_the_preferences_previous_values_user = self.dict_registry_user.get((self.__key_preferences_previous+self.username),dict()).get('Drives', dict())
+            self.keys_the_preferences_values_user = self.dict_registry_user.get((self.__key_preferences+self.username),dict()).get('Drives', dict())
+
        else:
            self.home = self.__target_mountpoint
+            self.timeout = self.storage.get_entry(self.__timeout_key)
+            dirname_system = self.storage.get_entry(self.__name_dir + '/' + self.__name_value)
+            self.__mountpoint_dirname = dirname_system.data if dirname_system and dirname_system.data else self.__mountpoint_dirname
+            mntTarget = self.__mountpoint_dirname

+        self.keys_cifs_previous_values_machine = self.dict_registry_machine.get(self.__key_cifs_previous_value,dict())
+        self.keys_cifs_values_machine = self.dict_registry_machine.get(name_dir,dict())
+        self.keys_the_preferences_previous_values = self.dict_registry_machine.get((self.__key_preferences_previous+'Machine'),dict()).get('Drives', dict())
+        self.keys_the_preferences_values = self.dict_registry_machine.get((self.__key_preferences+'Machine'),dict()).get('Drives', dict())
+        self.cifsacl_disable = self.storage.get_entry(self.__cifsacl_key, preg=False)
+
+        self.mntTarget = mntTarget.translate(str.maketrans({" ": r"\ "}))
        conf_file = '{}.conf'.format(sid)
        conf_hide_file = '{}_hide.conf'.format(sid)
        autofs_file = '{}.autofs'.format(sid)
@@ -195,10 +253,6 @@ class cifs_applier_user(applier_frontend):
            self.user_autofs_hide.unlink()
        self.user_creds = self.auto_master_d / cred_file

-        if username:
-            self.mntTarget = self.__mountpoint_dirname_user
-        else:
-            self.mntTarget = self.__mountpoint_dirname

        self.mount_dir = Path(os.path.join(self.home))
        self.drives = storage_get_drives(self.storage, self.sid)
@@ -219,12 +273,20 @@ class cifs_applier_user(applier_frontend):
            , self.__module_experimental
        )

-    def check_enable_home_link(self, enable_home_link):
-        if self.storage.get_hkcu_entry(self.sid, enable_home_link):
-            data = self.storage.get_hkcu_entry(self.sid, enable_home_link).data
-            return bool(int(data)) if data else None
+
+    def is_mount_point_dirname(self):
+        if self.username:
+            return self.mount_dir.joinpath(self.__mountpoint_dirname_user).is_mount()
        else:
-            return False
+            return self.mount_dir.joinpath(self.__mountpoint_dirname).is_mount()
+
+    def is_changed_keys(self):
+        if self.username:
+            return (self.keys_cifs_previous_values_user.get(self.__name_value_user) != self.keys_cifs_values_user.get(self.__name_value_user) or
+                    self.keys_the_preferences_previous_values_user != self.keys_the_preferences_values_user)
+        else:
+            return (self.keys_cifs_previous_values_machine.get(self.__name_value) != self.keys_cifs_values_machine.get(self.__name_value) or
+                    self.keys_the_preferences_previous_values != self.keys_the_preferences_values)

    def user_context_apply(self):
        '''
@@ -237,6 +299,10 @@ class cifs_applier_user(applier_frontend):
        self.auto_master_d.mkdir(parents=True, exist_ok=True)
        # Create user's destination mount directory
        self.mount_dir.mkdir(parents=True, exist_ok=True)
+        uid = pwd.getpwnam(self.username).pw_uid if self.username else None
+        if uid:
+            os.chown(self.mount_dir, uid=uid, gid=-1)
+            self.mount_dir.chmod(0o700)

        # Add pointer to /etc/auto.master.gpiupdate.d in /etc/auto.master
        auto_destdir = '+dir:{}'.format(self.__auto_dir)
@@ -256,6 +322,8 @@ class cifs_applier_user(applier_frontend):
            drive_settings['label'] = remove_escaped_quotes(drv.label)
            drive_settings['persistent'] = drv.persistent
            drive_settings['useLetter'] = drv.useLetter
+            drive_settings['username'] = self.username
+            drive_settings['cifsacl'] = False if self.cifsacl_disable else True

            drive_list.append(drive_settings)

@@ -280,6 +348,8 @@ class cifs_applier_user(applier_frontend):
            autofs_settings['home_dir'] = self.home
            autofs_settings['mntTarget'] = self.mntTarget
            autofs_settings['mount_file'] = self.user_config.resolve()
+            autofs_settings['timeout'] = self.timeout.data if self.timeout and self.timeout.data else 120
+
            autofs_text = self.template_auto.render(**autofs_settings)

            with open(self.user_autofs.resolve(), 'w') as f:
@@ -294,59 +364,111 @@ class cifs_applier_user(applier_frontend):
                f.write(autofs_text)
                f.flush()

-            if self.username:
-                self.update_drivemaps_home_links()
+        if self.is_changed_keys() or (self.drives and not self.is_mount_point_dirname()):
+            self.restart_autofs()

+        if self.username:
+            self.update_drivemaps_home_links()
+
+    def restart_autofs(self):
+        try:
            subprocess.check_call(['/bin/systemctl', 'restart', 'autofs'])
+        except Exception as exc:
+            log('E74', {'exc': exc})
+
+
+    def unlink_symlink(self, symlink:Path, previous=None):
+        try:
+            if symlink.exists() and symlink.is_symlink() and symlink.owner() == 'root':
+                symlink.unlink()
+            elif symlink.is_symlink() and not symlink.exists():
+                symlink.unlink()
+            elif previous:
+                symlink.unlink()
+        except:
+            pass
+
+    def del_previous_link(self, previous_value_link , mountpoint_dirname, prefix):
+        d_previous = Path(self.homedir + ('/' if prefix else '/net.') + previous_value_link)
+        if d_previous.name != mountpoint_dirname:
+            dHide_previous = Path(self.homedir + ('/.' if prefix else '/.net.') + previous_value_link)
+            self.unlink_symlink(d_previous, True)
+            self.unlink_symlink(dHide_previous, True)

    def update_drivemaps_home_links(self):
-        dUser = Path(get_homedir(self.username)+'/net.' + self.__mountpoint_dirname_user)
-        dUserHide = Path(get_homedir(self.username)+'/.net.' + self.__mountpoint_dirname_user)
+        if  self.state_home_link_disable_net:
+            prefix = ''
+        else:
+            prefix = 'net.'
+        if self.state_home_link_disable_net_user:
+            prefix_user = ''
+        else:
+            prefix_user = 'net.'
+
+        previous_value_link = self.keys_cifs_previous_values_machine.get(self.__name_value, self.__mountpoint_dirname)
+        previous_state_home_link_disable_net_user = self.keys_cifs_previous_values_user.get(self.__key_link_prefix_user)
+        previous_state_home_link_disable_net = self.keys_cifs_previous_values_user.get(self.__key_link_prefix)
+        previous_value_link_user = self.keys_cifs_previous_values_user.get(self.__name_value_user, self.__mountpoint_dirname_user)
+
+        self.homedir = get_homedir(self.username)
+
+        dUser = Path(self.homedir + '/' + prefix_user + self.__mountpoint_dirname_user)
+        dUserHide = Path(self.homedir + '/.' + prefix_user + self.__mountpoint_dirname_user)
+        dMachine = Path(self.homedir+'/' + prefix + self.__mountpoint_dirname)
+        dMachineHide = Path(self.homedir+'/.' + prefix + self.__mountpoint_dirname)

        if self.state_home_link_user:
            dUserMountpoint = Path(self.home).joinpath(self.__mountpoint_dirname_user)
            dUserMountpointHide = Path(self.home).joinpath('.' + self.__mountpoint_dirname_user)
-
-            if not dUser.exists():
+            self.del_previous_link(previous_value_link_user, dUser.name, previous_state_home_link_disable_net_user)
+            if not dUser.exists() and dUserMountpoint.exists():
                try:
                    os.symlink(dUserMountpoint, dUser, True)
                except  Exception as exc:
                    log('D194', {'exc': exc})
+            elif dUser.is_symlink() and not dUserMountpoint.exists():
+                self.unlink_symlink(dUser)

-            if not dUserHide.exists():
+            if not dUserHide.exists() and dUserMountpointHide.exists():
                try:
                    os.symlink(dUserMountpointHide, dUserHide, True)
                except  Exception as exc:
                    log('D196', {'exc': exc})
+            elif dUserHide.is_symlink() and not dUserMountpointHide.exists():
+                self.unlink_symlink(dUserHide)
        else:
-            if dUser.is_symlink() and dUser.owner() == 'root':
-                dUser.unlink()
-            if dUserHide.is_symlink() and dUserHide.owner() == 'root':
-                dUserHide.unlink()
+            self.del_previous_link(previous_value_link_user, dUser.name, previous_state_home_link_disable_net_user)
+            self.unlink_symlink(dUser)
+            self.unlink_symlink(dUserHide)

-        dMachine = Path(get_homedir(self.username)+'/net.' + self.__mountpoint_dirname)
-        dMachineHide = Path(get_homedir(self.username)+'/.net.' + self.__mountpoint_dirname)

        if self.state_home_link:
            dMachineMountpoint = Path(self.__target_mountpoint).joinpath(self.__mountpoint_dirname)
            dMachineMountpointHide = Path(self.__target_mountpoint).joinpath('.' + self.__mountpoint_dirname)
+            self.del_previous_link(previous_value_link, dMachine.name, previous_state_home_link_disable_net)

-            if not dMachine.exists():
+            if not dMachine.exists() and dMachineMountpoint.exists():
                try:
                    os.symlink(dMachineMountpoint, dMachine, True)
                except  Exception as exc:
                    log('D195', {'exc': exc})
+            elif dMachine.is_symlink() and not dMachineMountpoint.exists():
+                self.unlink_symlink(dMachine)

-            if not dMachineHide.exists():
+            if not dMachineHide.exists() and dMachineMountpointHide.exists():
                try:
                    os.symlink(dMachineMountpointHide, dMachineHide, True)
                except  Exception as exc:
                    log('D197', {'exc': exc})
+            elif dMachineHide.is_symlink() and not dMachineMountpointHide.exists():
+                self.unlink_symlink(dMachineHide)
        else:
-            if dMachine.is_symlink() and dMachine.owner() == 'root':
-                dMachine.unlink()
-            if dMachineHide.is_symlink() and dMachineHide.owner() == 'root':
-                dMachineHide.unlink()
+            self.del_previous_link(previous_value_link, dMachine.name, previous_state_home_link_disable_net)
+            self.unlink_symlink(dMachine)
+            self.unlink_symlink(dMachineHide)
+
+
+

    def admin_context_apply(self):
        if self.__module_enabled:
--- a/gpoa/frontend/control_applier.py
+++ b/gpoa/frontend/control_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -21,9 +21,8 @@ from .applier_frontend import (
    , check_enabled
 )
 from .appliers.control import control
-from util.logging import slogm, log
+from util.logging import log

-import logging

 class control_applier(applier_frontend):
    __module_name = 'ControlApplier'
--- a/gpoa/frontend/cups_applier.py
+++ b/gpoa/frontend/cups_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,19 +16,15 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-import logging
-import os
 import json
-
 import cups
-
 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
 from gpt.printers import json2printer
 from util.rpm import is_rpm_installed
-from util.logging import slogm, log
+from util.logging import log

 def storage_get_printers(storage, sid):
    '''
@@ -115,7 +111,7 @@ class cups_applier_user(applier_frontend):
        self.__module_enabled = check_enabled(
              self.storage
            , self.__module_name
-            , self.__module_enabled
+            , self.__module_experimental
        )

    def user_context_apply(self):
--- a/gpoa/frontend/envvar_applier.py
+++ b/gpoa/frontend/envvar_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -21,9 +21,8 @@ from .applier_frontend import (
    , check_enabled
 )
 from .appliers.envvar import Envvar
-from util.logging import slogm, log
+from util.logging import log

-import logging

 class envvar_applier(applier_frontend):
    __module_name = 'EnvvarsApplier'
@@ -34,7 +33,8 @@ class envvar_applier(applier_frontend):
        self.storage = storage
        self.sid = sid
        self.envvars = self.storage.get_envvars(self.sid)
-        #self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_enabled)
+        Envvar.clear_envvar_file()
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)

    def apply(self):
        if self.__module_enabled:
@@ -54,12 +54,10 @@ class envvar_applier_user(applier_frontend):
        self.sid = sid
        self.username = username
        self.envvars = self.storage.get_envvars(self.sid)
-        #self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
+        Envvar.clear_envvar_file(username)
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)

    def admin_context_apply(self):
-        pass
-
-    def user_context_apply(self):
        if self.__module_enabled:
            log('D136')
            ev = Envvar(self.envvars, self.username)
@@ -67,3 +65,6 @@ class envvar_applier_user(applier_frontend):
        else:
            log('D137')

+    def user_context_apply(self):
+        pass
+
--- a/gpoa/frontend/firefox_applier.py
+++ b/gpoa/frontend/firefox_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -40,8 +40,7 @@ class firefox_applier(applier_frontend):
    __module_experimental = False
    __module_enabled = True
    __registry_branch = 'Software/Policies/Mozilla/Firefox'
-    __firefox_installdir1 = '/usr/lib64/firefox/distribution'
-    __firefox_installdir2 = '/etc/firefox/policies'
+    __firefox_policies = '/etc/firefox/policies'

    def __init__(self, storage, sid, username):
        self.storage = storage
@@ -50,8 +49,7 @@ class firefox_applier(applier_frontend):
        self._is_machine_name = is_machine_name(self.username)
        self.policies = dict()
        self.policies_json = dict({ 'policies': self.policies })
-        firefox_filter = '{}%'.format(self.__registry_branch)
-        self.firefox_keys = self.storage.filter_hklm_entries(firefox_filter)
+        self.firefox_keys = self.storage.filter_hklm_entries(self.__registry_branch)
        self.policies_gen = dict()
        self.__module_enabled = check_enabled(
              self.storage
@@ -59,88 +57,16 @@ class firefox_applier(applier_frontend):
            , self.__module_experimental
        )

-    def get_boolean(self,data):
-        if data in ['0', 'false', None, 'none', 0]:
-            return False
-        if data in ['1', 'true', 1]:
-            return True
-
-    def get_parts(self, hivekeyname):
-        '''
-        Parse registry path string and leave key parameters
-        '''
-        parts = hivekeyname.replace(self.__registry_branch, '').split('/')
-        return parts
-
-    def create_dict(self, firefox_keys):
-        '''
-        Collect dictionaries from registry keys into a general dictionary
-        '''
-        excp = ['SOCKSVersion']
-        counts = dict()
-        for it_data in firefox_keys:
-            branch = counts
-            try:
-                if type(it_data.data) is bytes:
-                    it_data.data = it_data.data.decode(encoding='utf-16').replace('\x00','')
-                json_data = try_dict_to_literal_eval(it_data.data)
-                if json_data:
-                    it_data.data = json_data
-                    it_data.type = 7
-                #Cases when it is necessary to create nested dictionaries
-                if it_data.valuename != it_data.data:
-                    parts = self.get_parts(it_data.hive_key)
-                    #creating a nested dictionary from elements
-                    for part in parts[:-1]:
-                        branch = branch.setdefault(part, {})
-                    #dictionary key value initialization
-                    if it_data.type == 4:
-                        if it_data.valuename in excp:
-                            branch[parts[-1]] = int(it_data.data)
-                        else:
-                            branch[parts[-1]] = self.get_boolean(it_data.data)
-                    elif it_data.type == 7:
-                        branch[parts[-1]] = it_data.data
-                    else:
-                        branch[parts[-1]] = str(it_data.data).replace('\\', '/')
-                #Cases when it is necessary to create lists in a dictionary
-                else:
-                    parts = self.get_parts(it_data.keyname)
-                    for part in parts[:-1]:
-                        branch = branch.setdefault(part, {})
-                    if branch.get(parts[-1]) is None:
-                        branch[parts[-1]] = list()
-                    if it_data.type == 4:
-                        branch[parts[-1]].append(self.get_boolean(it_data.data))
-                    else:
-                        if os.path.isdir(str(it_data.data).replace('\\', '/')):
-                            branch[parts[-1]].append(str(it_data.data).replace('\\', '/'))
-                        else:
-                            branch[parts[-1]].append(str(it_data.data))
-            except Exception as exc:
-                logdata = dict()
-                logdata['Exception'] = exc
-                logdata['keyname'] = it_data.keyname
-                log('W14', logdata)
-
-        self.policies_json = {'policies': dict_item_to_list(counts)}

    def machine_apply(self):
        '''
-        Write policies.json to Firefox installdir.
+        Write policies.json to Firefox.
        '''
-        self.create_dict(self.firefox_keys)
-        destfile = os.path.join(self.__firefox_installdir1, 'policies.json')
+        excp = ['SOCKSVersion']
+        self.policies_json = create_dict(self.firefox_keys, self.__registry_branch, excp)

-        os.makedirs(self.__firefox_installdir1, exist_ok=True)
-        with open(destfile, 'w') as f:
-            json.dump(self.policies_json, f)
-            logdata = dict()
-            logdata['destfile'] = destfile
-            log('D91', logdata)
-
-        destfile = os.path.join(self.__firefox_installdir2, 'policies.json')
-        os.makedirs(self.__firefox_installdir2, exist_ok=True)
+        destfile = os.path.join(self.__firefox_policies, 'policies.json')
+        os.makedirs(self.__firefox_policies, exist_ok=True)
        with open(destfile, 'w') as f:
            json.dump(self.policies_json, f)
            logdata = dict()
@@ -180,3 +106,65 @@ def dict_item_to_list(dictionary:dict) -> dict:
            else:
                dict_item_to_list(dictionary[key])
    return dictionary
+
+def clean_data_firefox(data):
+    return data.replace("'", '\"')
+
+
+
+def create_dict(firefox_keys, registry_branch, excp=list()):
+    '''
+    Collect dictionaries from registry keys into a general dictionary
+    '''
+    get_boolean = lambda data: data in ['1', 'true', 'True', True, 1] if isinstance(data, (str, int)) else False
+    get_parts = lambda hivekey, registry: hivekey.replace(registry, '').split('/')
+    counts = dict()
+    for it_data in firefox_keys:
+        branch = counts
+        try:
+            if type(it_data.data) is bytes:
+                it_data.data = it_data.data.decode(encoding='utf-16').replace('\x00','')
+            json_data = try_dict_to_literal_eval(it_data.data)
+            if json_data:
+                it_data.data = json_data
+                it_data.type = 7
+            else:
+                if it_data.type == 1:
+                    it_data.data = clean_data_firefox(it_data.data)
+            #Cases when it is necessary to create nested dictionaries
+            if it_data.valuename != it_data.data:
+                parts = get_parts(it_data.hive_key, registry_branch)
+                #creating a nested dictionary from elements
+                for part in parts[:-1]:
+                    branch = branch.setdefault(part, {})
+                #dictionary key value initialization
+                if it_data.type == 4:
+                    if it_data.valuename in excp:
+                        branch[parts[-1]] = int(it_data.data)
+                    else:
+                        branch[parts[-1]] = get_boolean(it_data.data)
+                elif it_data.type == 7:
+                    branch[parts[-1]] = it_data.data
+                else:
+                    branch[parts[-1]] = str(it_data.data).replace('\\', '/')
+            #Cases when it is necessary to create lists in a dictionary
+            else:
+                parts = get_parts(it_data.keyname, registry_branch)
+                for part in parts[:-1]:
+                    branch = branch.setdefault(part, {})
+                if branch.get(parts[-1]) is None:
+                    branch[parts[-1]] = list()
+                if it_data.type == 4:
+                    branch[parts[-1]].append(get_boolean(it_data.data))
+                else:
+                    if os.path.isdir(str(it_data.data).replace('\\', '/')):
+                        branch[parts[-1]].append(str(it_data.data).replace('\\', '/'))
+                    else:
+                        branch[parts[-1]].append(str(it_data.data))
+        except Exception as exc:
+            logdata = dict()
+            logdata['Exception'] = exc
+            logdata['keyname'] = it_data.keyname
+            log('W14', logdata)
+
+    return {'policies': dict_item_to_list(counts)}
--- a/gpoa/frontend/firewall_applier.py
+++ b/gpoa/frontend/firewall_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,10 +17,9 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.


-import logging
 import subprocess

-from util.logging import slogm, log
+from util.logging import log
 from .applier_frontend import (
      applier_frontend
    , check_enabled
--- a/gpoa/frontend/folder_applier.py
+++ b/gpoa/frontend/folder_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,7 +16,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-from pathlib import Path

 from .applier_frontend import (
      applier_frontend
--- a/gpoa/frontend/frontend_manager.py
+++ b/gpoa/frontend/frontend_manager.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -26,6 +26,7 @@ from .polkit_applier import (
 )
 from .systemd_applier import systemd_applier
 from .firefox_applier import firefox_applier
+from .thunderbird_applier import thunderbird_applier
 from .chromium_applier import chromium_applier
 from .cups_applier import cups_applier
 from .package_applier import (
@@ -72,6 +73,7 @@ from .kde_applier import (
      kde_applier
    , kde_applier_user
 )
+from .laps_applier import laps_applier

 from .networkshare_applier import networkshare_applier
 from .yandex_browser_applier import yandex_browser_applier
@@ -143,10 +145,12 @@ class frontend_manager:
            self._init_user_appliers()

    def _init_machine_appliers(self):
+        self.machine_appliers['laps_applier'] = laps_applier(self.storage)
        self.machine_appliers['control'] = control_applier(self.storage)
        self.machine_appliers['polkit'] = polkit_applier(self.storage)
        self.machine_appliers['systemd'] = systemd_applier(self.storage)
        self.machine_appliers['firefox'] = firefox_applier(self.storage, self.sid, self.username)
+        self.machine_appliers['thunderbird'] = thunderbird_applier(self.storage, self.sid, self.username)
        self.machine_appliers['chromium'] = chromium_applier(self.storage, self.sid, self.username)
        self.machine_appliers['yandex_browser'] = yandex_browser_applier(self.storage, self.sid, self.username)
        self.machine_appliers['shortcuts'] = shortcut_applier(self.storage)
@@ -161,7 +165,6 @@ class frontend_manager:
        self.machine_appliers['cups'] = cups_applier(self.storage)
        self.machine_appliers['firewall'] = firewall_applier(self.storage)
        self.machine_appliers['folders'] = folder_applier(self.storage, self.sid)
-        self.machine_appliers['package'] = package_applier(self.storage)
        self.machine_appliers['ntp'] = ntp_applier(self.storage)
        self.machine_appliers['envvar'] = envvar_applier(self.storage, self.sid)
        self.machine_appliers['networkshare'] = networkshare_applier(self.storage, self.sid)
@@ -169,6 +172,7 @@ class frontend_manager:
        self.machine_appliers['files'] = file_applier(self.storage, self.file_cache, self.sid)
        self.machine_appliers['ini'] = ini_applier(self.storage, self.sid)
        self.machine_appliers['kde'] = kde_applier(self.storage)
+        self.machine_appliers['package'] = package_applier(self.storage)

    def _init_user_appliers(self):
        # User appliers are expected to work with user-writable
@@ -183,7 +187,6 @@ class frontend_manager:
            logdata['applier_name'] = 'cifs'
            logdata['msg'] = str(exc)
            log('E25', logdata)
-        self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username)
        self.user_appliers['polkit'] = polkit_applier_user(self.storage, self.sid, self.username)
        self.user_appliers['envvar'] = envvar_applier_user(self.storage, self.sid, self.username)
        self.user_appliers['networkshare'] = networkshare_applier(self.storage, self.sid, self.username)
@@ -191,6 +194,7 @@ class frontend_manager:
        self.user_appliers['files'] = file_applier_user(self.storage, self.file_cache, self.sid, self.username)
        self.user_appliers['ini'] = ini_applier_user(self.storage, self.sid, self.username)
        self.user_appliers['kde'] = kde_applier_user(self.storage, self.sid, self.username, self.file_cache)
+        self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username)

    def machine_apply(self):
        '''
--- a/gpoa/frontend/gsettings_applier.py
+++ b/gpoa/frontend/gsettings_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2021 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -21,10 +21,8 @@ import os
 import pwd
 import subprocess

-from gi.repository import (
-      Gio
-    , GLib
-)
+from gi.repository import Gio
+from storage.dconf_registry import Dconf_registry

 from .applier_frontend import (
      applier_frontend
@@ -35,7 +33,7 @@ from .appliers.gsettings import (
    system_gsettings,
    user_gsettings
 )
-from util.logging import slogm ,log
+from util.logging import log

 def uri_fetch(schema, path, value, cache):
    '''
@@ -48,6 +46,8 @@ def uri_fetch(schema, path, value, cache):
    logdata['src'] = value
    try:
        retval = cache.get(value)
+        if not retval:
+            retval = ''
        logdata['dst'] = retval
        log('D90', logdata)
    except Exception as exc:
@@ -137,10 +137,7 @@ class gsettings_applier(applier_frontend):
            log('E48')

        # Update desktop configuration system backend
-        try:
-            proc = subprocess.run(args=['/usr/bin/dconf', "update"], capture_output=True, check=True)
-        except Exception as exc:
-            log('E49')
+        Dconf_registry.dconf_update()

    def apply(self):
        if self.__module_enabled:
--- a/gpoa/frontend/ini_applier.py
+++ b/gpoa/frontend/ini_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2022 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,7 +16,6 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-from pathlib import Path

 from .appliers.ini_file import Ini_file
 from .applier_frontend import (
--- a/gpoa/frontend/kde_applier.py
+++ b/gpoa/frontend/kde_applier.py
@@ -24,13 +24,14 @@ import os
 import subprocess
 import re
 import dbus
+import shutil

 class kde_applier(applier_frontend):
    __module_name = 'KdeApplier'
    __module_experimental = True
    __module_enabled = False
-    __hklm_branch = 'Software\\BaseALT\\Policies\\KDE\\'
-    __hklm_lock_branch = 'Software\\BaseALT\\Policies\\KDELocks\\'
+    __hklm_branch = 'Software/BaseALT/Policies/KDE/'
+    __hklm_lock_branch = 'Software/BaseALT/Policies/KDELocks/'

    def __init__(self, storage):
        self.storage = storage
@@ -61,8 +62,10 @@ class kde_applier_user(applier_frontend):
    __module_name = 'KdeApplierUser'
    __module_experimental = True
    __module_enabled = False
-    __hkcu_branch = 'Software\\BaseALT\\Policies\\KDE\\'
-    __hkcu_lock_branch = 'Software\\BaseALT\\Policies\\KDELocks\\'
+    kde_version = None
+    __hkcu_branch = 'Software/BaseALT/Policies/KDE'
+    __hkcu_lock_branch = 'Software/BaseALT/Policies/KDELocks'
+    __plasma_update_entry = 'Software/BaseALT/Policies/KDE/Plasma/Update'

    def __init__(self, storage, sid=None, username=None, file_cache = None):
        self.storage = storage
@@ -72,9 +75,12 @@ class kde_applier_user(applier_frontend):
        self.locks_dict = {}
        self.locks_data_dict = {}
        self.all_kde_settings = {}
+        kde_applier_user.kde_version = get_kde_version()
        kde_filter = '{}%'.format(self.__hkcu_branch)
        locks_filter = '{}%'.format(self.__hkcu_lock_branch)
        self.locks_settings = self.storage.filter_hkcu_entries(self.sid, locks_filter)
+        self.plasma_update = self.storage.get_entry(self.__plasma_update_entry)
+        self.plasma_update_flag = self.plasma_update.data if self.plasma_update is not None else 0
        self.kde_settings = self.storage.filter_hkcu_entries(self.sid, kde_filter)
        self.__module_enabled = check_enabled(
            self.storage,
@@ -83,7 +89,16 @@ class kde_applier_user(applier_frontend):
        )

    def admin_context_apply(self):
-        pass
+        try:
+            for setting in self.kde_settings:
+                file_name = setting.keyname.split("/")[-2]
+                if file_name == 'wallpaper':
+                    data = setting.data
+                    break
+            self.file_cache.store(data)
+        except Exception as exc:
+            logdata = dict()
+            logdata['exc'] = exc

    def user_context_apply(self):
        '''
@@ -91,12 +106,43 @@ class kde_applier_user(applier_frontend):
        '''
        if self.__module_enabled:
            log('D200')
-            create_dict(self.kde_settings, self.all_kde_settings, self.locks_settings, self.locks_dict, self.file_cache, self.username)
+            create_dict(self.kde_settings, self.all_kde_settings, self.locks_settings, self.locks_dict, self.file_cache, self.username, self.plasma_update_flag)
            apply(self.all_kde_settings, self.locks_dict, self.username)
        else:
            log('D201')

-def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file_cache = None, username = None):
+dbus_methods_mapping = {
+    'kscreenlockerrc': {
+        'dbus_service': 'org.kde.screensaver',
+        'dbus_path': '/ScreenSaver',
+        'dbus_interface': 'org.kde.screensaver',
+        'dbus_method': 'configure'
+    },
+    'wallpaper': {
+        'dbus_service': 'org.freedesktop.systemd1',
+        'dbus_path': '/org/freedesktop/systemd1',
+        'dbus_interface': 'org.freedesktop.systemd1.Manager',
+        'dbus_method': 'RestartUnit',
+        'dbus_args': ['plasma-plasmashell.service', 'replace']
+    }
+}
+
+def get_kde_version():
+    try:
+        kinfo_path = shutil.which("kinfo", path="/usr/lib/kf5/bin:/usr/bin")
+        if not kinfo_path:
+            raise FileNotFoundError("Unable to find kinfo")
+        output = subprocess.check_output([kinfo_path], text=True, env={'LANG':'C'})
+        for line in output.splitlines():
+            if "KDE Frameworks Version" in line:
+                frameworks_version = line.split(":", 1)[1].strip()
+                major_frameworks_version = int(frameworks_version.split(".")[0])
+                return major_frameworks_version
+    except:
+        return None
+
+
+def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file_cache = None, username = None, plasmaupdate = False):
        for locks in locks_settings:
            locks_dict[locks.valuename] = locks.data
        for setting in kde_settings:
@@ -104,14 +150,9 @@ def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file
                file_name, section, value = setting.keyname.split("/")[-2], setting.keyname.split("/")[-1], setting.valuename
                data = setting.data
                if file_name == 'wallpaper':
-                    apply_for_wallpaper(data, file_cache, username)
+                    apply_for_wallpaper(data, file_cache, username, plasmaupdate)
                else:
-                    if file_name not in all_kde_settings:
-                        all_kde_settings[file_name] = {}
-                    if section not in all_kde_settings[file_name]:
-                        all_kde_settings[file_name][section] = {}
-                    all_kde_settings[file_name][section][value] = data
-
+                    all_kde_settings.setdefault(file_name, {}).setdefault(section, {})[value] = data
            except Exception as exc:
                logdata = dict()
                logdata['file_name'] = file_name
@@ -123,6 +164,7 @@ def create_dict(kde_settings, all_kde_settings, locks_settings, locks_dict, file

 def apply(all_kde_settings, locks_dict, username = None):
    logdata = dict()
+    modified_files = set()
    if username is None:
        system_path_settings = '/etc/xdg/'
        system_files = [
@@ -148,11 +190,12 @@ def apply(all_kde_settings, locks_dict, username = None):
                    file.write(f'[{section}]\n')
                    for key, value in keys.items():
                        lock = f"{file_name}.{section}.{key}".replace('][', ')(')
-                        if lock in locks_dict and locks_dict[lock] == 1:
+                        if locks_dict.get(lock) == 1:
                            file.write(f'{key}[$i]={value}\n')
                        else:
                            file.write(f'{key}={value}\n')
                    file.write('\n')
+            modified_files.add(file_name)
    else:
        for file_name, sections in all_kde_settings.items():
            path = f'{get_homedir(username)}/.config/{file_name}'
@@ -162,10 +205,11 @@ def apply(all_kde_settings, locks_dict, username = None):
                pass
            for section, keys in sections.items():
                for key, value in keys.items():
+                    value = str(value)
                    lock = f"{file_name}.{section}.{key}"
                    if lock in locks_dict and locks_dict[lock] == 1:
                        command = [
-                            'kwriteconfig5',
+                            f'kwriteconfig{kde_applier_user.kde_version}',
                            '--file', file_name,
                            '--group', section,
                            '--key', key +'/$i/',
@@ -174,7 +218,7 @@ def apply(all_kde_settings, locks_dict, username = None):
                        ]
                    else:
                        command = [
-                            'kwriteconfig5',
+                            f'kwriteconfig{kde_applier_user.kde_version}',
                            '--file', file_name,
                            '--group', section,
                            '--key', key,
@@ -183,7 +227,9 @@ def apply(all_kde_settings, locks_dict, username = None):
                        ]
                    try:
                        clear_locks_settings(username, file_name, key)
-                        subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+                        env_path = dict(os.environ)
+                        env_path["PATH"] = "/usr/lib/kf5/bin:/usr/bin"
+                        subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env_path)
                    except:
                            logdata['command'] = command
                            log('W22', logdata)
@@ -201,6 +247,9 @@ def apply(all_kde_settings, locks_dict, username = None):
            except Exception as exc:
                logdata['exc'] = exc
                log('W19', logdata)
+            modified_files.add(file_name)
+    for file_name in modified_files:
+        call_dbus_method(file_name)

 def clear_locks_settings(username, file_name, key):
    '''
@@ -219,52 +268,60 @@ def clear_locks_settings(username, file_name, key):
            logdata['line'] = line.strip()
            log('I10', logdata)

-def apply_for_wallpaper(data, file_cache, username):
+def apply_for_wallpaper(data, file_cache, username, plasmaupdate):
    '''
    Method to change wallpaper
    '''
    logdata = dict()
    path_to_wallpaper = f'{get_homedir(username)}/.config/plasma-org.kde.plasma.desktop-appletsrc'
+    id_desktop = get_id_desktop(path_to_wallpaper)
    try:
        try:
-            file_cache.store(data)
-            data = file_cache.get(data)
+            data = str(file_cache.get(data))
        except NotUNCPathError:
-            data = data
+            data = str(data)
+
+        with open(path_to_wallpaper, 'r') as file:
+            current_wallpaper = file.read()
+        match = re.search(rf'\[Containments\]\[{id_desktop}\]\[Wallpaper\]\[org\.kde\.image\]\[General\]\s+Image=(.*)', current_wallpaper)
+        if match:
+            current_wallpaper_path = match.group(1)
+            flag = (current_wallpaper_path == data)
+        else:
+            flag = False
+
+        os.environ["LANGUAGE"] = os.environ["LANG"].split(".")[0]
        os.environ["XDG_DATA_DIRS"] = "/usr/share/kf5:"
            #Variable for system detection of directories before files with .colors extension
        os.environ["DISPLAY"] = ":0"
            #Variable for command execution plasma-apply-colorscheme
        os.environ["XDG_RUNTIME_DIR"] = f"/run/user/{os.getuid()}"
-        os.environ["DBUS_SESSION_BUS_ADDRESS"] = f"unix:path=/run/user/{os.getuid()}/bus"#plasma-apply-wallpaperimage
        os.environ["PATH"] = "/usr/lib/kf5/bin:"
+        os.environ["DBUS_SESSION_BUS_ADDRESS"] = f"unix:path=/run/user/{os.getuid()}/bus"#plasma-apply-wallpaperimage
+        env_path = dict(os.environ)
+        env_path["PATH"] = "/usr/lib/kf5/bin:/usr/bin"
            #environment variable for accessing binary files without hard links
-        if os.path.isfile(path_to_wallpaper):
-            id_desktop = get_id_desktop(path_to_wallpaper)
-            command = [
-                'kwriteconfig5',
-                '--file', 'plasma-org.kde.plasma.desktop-appletsrc',
-                '--group', 'Containments',
-                '--group', id_desktop,
-                '--group', 'Wallpaper',
-                '--group', 'org.kde.image',
-                '--group', 'General',
-                '--key', 'Image',
-                 '--type', 'string',
-                data
-                ]
-            try:
-                subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-            except:
-                    logdata['command'] = command
-                    log('E68', logdata)
-            try:
-                session_bus = dbus.SessionBus()
-                plasma_shell = session_bus.get_object('org.kde.plasmashell', '/PlasmaShell', introspect='org.kde.PlasmaShell')
-                plasma_shell_iface = dbus.Interface(plasma_shell, 'org.kde.PlasmaShell')
-                plasma_shell_iface.refreshCurrentShell()
-            except:
-                pass
+        if not flag:
+            if os.path.isfile(path_to_wallpaper):
+                command = [
+                    f'kwriteconfig{kde_applier_user.kde_version}',
+                    '--file', 'plasma-org.kde.plasma.desktop-appletsrc',
+                    '--group', 'Containments',
+                    '--group', id_desktop,
+                    '--group', 'Wallpaper',
+                    '--group', 'org.kde.image',
+                    '--group', 'General',
+                    '--key', 'Image',
+                    '--type', 'string',
+                    data
+                    ]
+                try:
+                    subprocess.run(command, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env_path)
+                except:
+                        logdata['command'] = command
+                        log('E68', logdata)
+                if plasmaupdate == 1:
+                    call_dbus_method("wallpaper")
        else:
            logdata['file'] = path_to_wallpaper
            log('W21', logdata)
@@ -284,9 +341,27 @@ def get_id_desktop(path_to_wallpaper):
        with open(path_to_wallpaper, 'r') as file:
            file_content = file.read()
        match = re.search(pattern, file_content)
-        if match:
-            return match.group(1)
-        else:
-            return None
+        return match.group(1) if match else None
    except:
        return None
+
+def call_dbus_method(file_name):
+    '''
+    Method to call D-Bus method based on the file name
+    '''
+    os.environ["DBUS_SESSION_BUS_ADDRESS"] = f"unix:path=/run/user/{os.getuid()}/bus"
+    if file_name in dbus_methods_mapping:
+        config = dbus_methods_mapping[file_name]
+        try:
+            session_bus = dbus.SessionBus()
+            dbus_object = session_bus.get_object(config['dbus_service'], config['dbus_path'])
+            dbus_iface = dbus.Interface(dbus_object, config['dbus_interface'])
+            if 'dbus_args' in config:
+                getattr(dbus_iface, config['dbus_method'])(*config['dbus_args'])
+            else:
+                getattr(dbus_iface, config['dbus_method'])()
+        except dbus.exceptions.DBusException as e:
+            logdata = dict({'error': str(exc)})
+            log('E31', logdata)
+    else:
+        pass
--- a/gpoa/frontend/laps_applier.py
+++ b/gpoa/frontend/laps_applier.py
@@ -0,0 +1,695 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2025 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from .applier_frontend import (
+    applier_frontend,
+    check_enabled
+)
+import struct
+from datetime import datetime, timedelta
+import dpapi_ng
+from util.util import remove_prefix_from_keys, check_local_user_exists
+from util.sid import WellKnown21RID
+import subprocess
+import ldb
+import string
+import secrets
+import os
+import psutil
+from util.logging import log
+import logging
+
+class laps_applier(applier_frontend):
+    """
+    LAPS (Local Administrator Password Solution) implementation for managing
+    and automatically rotating administrator passwords.
+    """
+
+    # Time calculation constants
+
+    # Number of seconds between the Windows epoch (1601-01-01 00:00:00 UTC)
+    # and the Unix epoch (1970-01-01 00:00:00 UTC).
+    # Used to convert between Unix timestamps and Windows FileTime.
+    _EPOCH_TIMESTAMP = 11644473600
+    # Number of 100-nanosecond intervals per second.
+    # Used to convert seconds to Windows FileTime format.
+    _HUNDREDS_OF_NANOSECONDS = 10000000
+    # Number of 100-nanosecond intervals in one day
+    _DAY_FLOAT = 8.64e11
+
+    # Module configuration
+    __module_name = 'LapsApplier'
+    __module_experimental = True
+    __module_enabled = False
+
+    # Registry paths
+    _WINDOWS_REGISTRY_PATH = 'SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/LAPS/'
+    _ALT_REGISTRY_PATH = 'Software/BaseALT/Policies/Laps/'
+
+    # LDAP attributes
+    _ATTR_ENCRYPTED_PASSWORD = 'msLAPS-EncryptedPassword'
+    _ATTR_PASSWORD_EXPIRATION_TIME = 'msLAPS-PasswordExpirationTime'
+
+    # dconf key for password modification time
+    _KEY_PASSWORD_LAST_MODIFIED = '/Software/BaseALT/Policies/Laps/PasswordLastModified/'
+
+    # Password complexity levels
+    _PASSWORD_COMPLEXITY = {
+        1: string.ascii_uppercase,
+        2: string.ascii_letters,
+        3: string.ascii_letters + string.digits,
+        4: string.ascii_letters + string.digits + string.punctuation
+    }
+
+    # Post-authentication actions
+    _ACTION_NONE = 0
+    _ACTION_CHANGE_PASSWORD = 1
+    _ACTION_TERMINATE_SESSIONS = 3
+    _ACTION_REBOOT = 5
+
+    def __init__(self, storage):
+        """
+        Initialize the LAPS applier with configuration from registry.
+
+        Args:
+            storage: Storage object containing registry entries and system information
+        """
+        self.storage = storage
+
+        # Load registry configuration
+        if not self._load_configuration():
+            self.__module_enabled = False
+            return
+
+        if not self._check_requirements():
+            log('W29')
+            self.__module_enabled = False
+            return
+
+        # Initialize system connections and parameters
+        self._initialize_system_parameters()
+
+        # Check if module is enabled in configuration
+        self.__module_enabled = check_enabled(
+            self.storage,
+            self.__module_name,
+            self.__module_experimental
+        )
+
+    def _load_configuration(self):
+        """Load configuration settings from registry."""
+        alt_keys = remove_prefix_from_keys(
+            self.storage.filter_entries(self._ALT_REGISTRY_PATH),
+            self._ALT_REGISTRY_PATH
+        )
+        windows_keys = remove_prefix_from_keys(
+            self.storage.filter_entries(self._WINDOWS_REGISTRY_PATH),
+            self._WINDOWS_REGISTRY_PATH
+        )
+
+        # Combine configurations with BaseALT taking precedence
+        self.config = windows_keys
+        self.config.update(alt_keys)
+
+        # Extract commonly used configuration parameters
+        self.backup_directory = self.config.get('BackupDirectory', None)
+        self.encryption_enabled = self.config.get('ADPasswordEncryptionEnabled', 1)
+        self.password_expiration_protection = self.config.get('PasswordExpirationProtectionEnabled', 1)
+        self.password_age_days = self.config.get('PasswordAgeDays', 30)
+        self.post_authentication_actions = self.config.get('PostAuthenticationActions', 3)
+        self.post_authentication_reset_delay = self.config.get('PostAuthenticationResetDelay', 24)
+        name = self.config.get('AdministratorAccountName', 'root')
+        if name and check_local_user_exists(name):
+            self.target_user = name
+        else:
+            log('W36')
+            return False
+        return True
+
+    def _check_requirements(self):
+        """
+        Check if the necessary requirements are met for the module to operate.
+
+        Returns:
+            bool: True if requirements are met, False otherwise
+        """
+        if self.backup_directory != 2 or not self.encryption_enabled:
+            logdata = dict()
+            logdata['backup_directory'] = self.backup_directory
+            logdata['encryption_enabled'] = self.encryption_enabled
+            log('D223', logdata)
+            return False
+        return True
+
+    def _initialize_system_parameters(self):
+        """Initialize system parameters and connections."""
+        # Set up LDAP connections
+        self.samdb = self.storage.get_info('samdb')
+        self.domain_sid = self.samdb.get_domain_sid()
+        self.domain_dn = self.samdb.domain_dn()
+        self.computer_dn = self._get_computer_dn()
+        self.admin_group_sid = f'{self.domain_sid}-{WellKnown21RID.DOMAIN_ADMINS.value}'
+
+        # Set up time parameters
+        self.expiration_date = self._get_expiration_date()
+        self.expiration_date_int = self._convert_to_filetime(self.expiration_date)
+        self.current_time_int = self._convert_to_filetime(datetime.now())
+
+        # Get current system state
+        self.expiration_time_attr = self._get_expiration_time_attr()
+        self.pass_last_mod_int = self._read_dconf_pass_last_mod()
+        self.encryption_principal = self._get_encryption_principal()
+        self.last_login_hours_ago = self._get_last_login_hours_ago()
+
+    def _get_computer_dn(self):
+        """
+        Get the Distinguished Name of the computer account.
+
+        Returns:
+            str: Computer's distinguished name in LDAP
+        """
+        machine_name = self.storage.get_info('machine_name')
+        search_filter = f'(sAMAccountName={machine_name})'
+        results = self.samdb.search(base=self.domain_dn, expression=search_filter, attrs=['dn'])
+        return results[0]['dn']
+
+    def _get_encryption_principal(self):
+        """
+        Get the encryption principal for password encryption.
+
+        Returns:
+            str: SID of the encryption principal
+        """
+        encryption_principal = self.config.get('ADPasswordEncryptionPrincipal', None)
+        if not encryption_principal:
+            return self.admin_group_sid
+
+        return self._verify_encryption_principal(encryption_principal)
+
+    def _verify_encryption_principal(self, principal_name):
+        """
+        Verify the encryption principal exists and get its SID.
+
+        Args:
+            principal_name: Principal name to verify
+
+        Returns:
+            str: SID of the encryption principal if found, or admin group SID as fallback
+        """
+        try:
+            # Try to resolve as domain\\user format
+            domain = self.storage.get_info('domain')
+            username = f'{domain}\\{principal_name}'
+            output = subprocess.check_output(['wbinfo', '-n', username])
+            sid = output.split()[0].decode('utf-8')
+            return sid
+        except subprocess.CalledProcessError:
+            # Try to resolve directly as SID
+            try:
+                output = subprocess.check_output(['wbinfo', '-s', principal_name])
+                return principal_name
+            except subprocess.CalledProcessError:
+                # Fallback to admin group SID
+                logdata = dict()
+                logdata['principal_name'] = principal_name
+                log('W30', logdata)
+                return self.admin_group_sid
+
+    def _get_expiration_date(self, base_time=None):
+        """
+        Calculate the password expiration date.
+
+        Args:
+            base_time: Optional datetime to base calculation on, defaults to now
+
+        Returns:
+            datetime: Password expiration date
+        """
+        base = base_time or datetime.now()
+        # Set to beginning of day and add password age
+        return (base.replace(hour=0, minute=0, second=0, microsecond=0) +
+                timedelta(days=int(self.password_age_days)))
+
+    def _convert_to_filetime(self, dt):
+        """
+        Convert datetime to Windows filetime format (100ns intervals since 1601-01-01).
+
+        Args:
+            dt: Datetime to convert
+
+        Returns:
+            int: Windows filetime integer
+        """
+        epoch_timedelta = timedelta(seconds=self._EPOCH_TIMESTAMP)
+        new_dt = dt + epoch_timedelta
+        return int(new_dt.timestamp() * self._HUNDREDS_OF_NANOSECONDS)
+
+    def _get_expiration_time_attr(self):
+        """
+        Get the current password expiration time from LDAP.
+
+        Returns:
+            int: Password expiration time as integer, or 0 if not found
+        """
+        try:
+            res = self.samdb.search(
+                base=self.computer_dn,
+                scope=ldb.SCOPE_BASE,
+                expression="(objectClass=*)",
+                attrs=[self._ATTR_PASSWORD_EXPIRATION_TIME]
+            )
+            return int(res[0].get(self._ATTR_PASSWORD_EXPIRATION_TIME, 0)[0])
+        except Exception as exc:
+            logdata = dict()
+            logdata['exc'] = exc
+            log('W31', logdata)
+            return 0
+
+    def _read_dconf_pass_last_mod(self):
+        """
+        Read the password last modified time from dconf.
+
+        Returns:
+            int: Timestamp of last password modification or current time if not found
+        """
+        try:
+            key_path = self._KEY_PASSWORD_LAST_MODIFIED + self.target_user
+            last_modified = subprocess.check_output(
+                ['dconf', 'read', key_path],
+                text=True
+            ).strip().strip("'\"")
+            return int(last_modified)
+        except Exception as exc:
+            logdata = dict()
+            logdata['exc'] = exc
+            log('W32', logdata)
+            return self.current_time_int
+
+    def _write_dconf_pass_last_mod(self):
+        """
+        Write the password last modified time to dconf.
+        """
+        try:
+            # Ensure dbus session is available
+            self._ensure_dbus_session()
+
+            # Write current time to dconf
+            key_path = self._KEY_PASSWORD_LAST_MODIFIED + self.target_user
+            last_modified = f'"{self.current_time_int}"'
+            subprocess.check_output(['dconf', 'write', key_path, last_modified])
+            log('D222')
+        except Exception as exc:
+            logdata = dict()
+            logdata['exc'] = exc
+            log('W28', logdata)
+
+    def _ensure_dbus_session(self):
+        """Ensure a D-Bus session is available for dconf operations."""
+        dbus_address = os.getenv("DBUS_SESSION_BUS_ADDRESS")
+        if not dbus_address:
+            result = subprocess.run(
+                ["dbus-daemon", "--fork", "--session", "--print-address"],
+                capture_output=True,
+                text=True
+            )
+            dbus_address = result.stdout.strip()
+            os.environ["DBUS_SESSION_BUS_ADDRESS"] = dbus_address
+
+    def _get_last_login_hours_ago(self):
+        """
+        Get the number of hours since the user's last login.
+
+        Returns:
+            int: Hours since last login, or 0 if error or no login found
+        """
+        logdata = dict()
+        logdata['target_user'] = self.target_user
+        try:
+            output = subprocess.check_output(
+                ["last", "-n", "1", self.target_user],
+                env={'LANG':'C'},
+                text=True
+            ).split("\n")[0]
+
+            parts = output.split()
+            if len(parts) < 7:
+                return 0
+
+            # Parse login time
+            login_str = f"{parts[4]} {parts[5]} {parts[6]}"
+            last_login_time = datetime.strptime(login_str, "%b %d %H:%M")
+            last_login_time = last_login_time.replace(year=datetime.now().year)
+
+            # Calculate hours difference
+            time_diff = datetime.now() - last_login_time
+            hours_ago = int(time_diff.total_seconds() // 3600)
+            logdata['hours_ago'] = hours_ago
+            log('D224', logdata)
+            return hours_ago
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('W33', logdata)
+            return 0
+
+    def _get_changed_password_hours_ago(self):
+        """
+        Calculate how many hours ago the password was last changed.
+
+        Returns:
+            int: Hours since password was last changed, or 0 if error
+        """
+        logdata = dict()
+        logdata['target_user'] = self.target_user
+        try:
+            diff_time = self.current_time_int - self.pass_last_mod_int
+            hours_difference = diff_time // 3.6e10
+            hours_ago = int(hours_difference)
+            logdata['hours_ago'] = hours_ago
+            log('D225', logdata)
+            return hours_ago
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('W34', logdata)
+            return 0
+
+    def _generate_password(self):
+        """
+        Generate a secure password based on policy settings.
+
+        Returns:
+            str: Generated password meeting complexity requirements
+        """
+        # Get password length from config
+        password_length = self.config.get('PasswordLength', 14)
+        if not isinstance(password_length, int) or not (8 <= password_length <= 64):
+            password_length = 14
+
+        # Get password complexity from config
+        password_complexity = self.config.get('PasswordComplexity', 4)
+        if not isinstance(password_complexity, int) or not (1 <= password_complexity <= 4):
+            password_complexity = 4
+
+        # Get character set based on complexity
+        char_set = self._PASSWORD_COMPLEXITY.get(password_complexity, self._PASSWORD_COMPLEXITY[4])
+
+        # Generate initial password
+        password = ''.join(secrets.choice(char_set) for _ in range(password_length))
+
+        # Ensure password meets complexity requirements
+        if password_complexity >= 3 and not any(c.isdigit() for c in password):
+            # Add a digit if required but missing
+            digit = secrets.choice(string.digits)
+            position = secrets.randbelow(len(password))
+            password = password[:position] + digit + password[position:]
+
+        if password_complexity == 4 and not any(c in string.punctuation for c in password):
+            # Add a special character if required but missing
+            special_char = secrets.choice(string.punctuation)
+            position = secrets.randbelow(len(password))
+            password = password[:position] + special_char + password[position:]
+
+        return password
+
+    def _get_json_password_data(self, password):
+        """
+        Format password information as JSON.
+
+        Args:
+            password: The password
+
+        Returns:
+            str: JSON formatted password information
+        """
+        return f'{{"n":"{self.target_user}","t":"{self.expiration_date_int}","p":"{password}"}}'
+
+    def _create_password_blob(self, password):
+        """
+        Create encrypted password blob for LDAP storage.
+
+        Args:
+            password: Password to encrypt
+
+        Returns:
+            bytes: Encrypted password blob
+        """
+        # Create JSON data and encode as UTF-16LE with null terminator
+        json_data = self._get_json_password_data(password)
+        password_bytes = json_data.encode("utf-16-le") + b"\x00\x00"
+        # Save and change loglevel
+        logger = logging.getLogger()
+        old_level = logger.level
+        logger.setLevel(logging.ERROR)
+        # Encrypt the password
+        dpapi_blob = dpapi_ng.ncrypt_protect_secret(
+            password_bytes,
+            self.encryption_principal,
+            auth_protocol='kerberos'
+        )
+        # Restoreloglevel
+        logger.setLevel(old_level)
+        # Create full blob with metadata
+        return self._add_blob_metadata(dpapi_blob)
+
+    def _add_blob_metadata(self, dpapi_blob):
+        """
+        Add metadata to the encrypted password blob.
+
+        Args:
+            dpapi_blob: Encrypted password blob
+
+        Returns:
+            bytes: Complete blob with metadata
+        """
+        # Convert timestamp to correct format
+        left, right = struct.unpack('<LL', struct.pack('Q', self.current_time_int))
+        packed = struct.pack('<LL', right, left)
+
+        # Add blob length and padding
+        prefix = packed + struct.pack('<i', len(dpapi_blob)) + b'\x00\x00\x00\x00'
+
+        # Combine metadata and encrypted blob
+        return prefix + dpapi_blob
+
+    def _change_user_password(self, new_password):
+        """
+        Change the password for the target user.
+
+        Args:
+            new_password: New password to set
+
+        Returns:
+            bool: True if password was changed successfully, False otherwise
+        """
+        logdata = dict()
+        logdata['target_use'] = self.target_user
+        try:
+            # Use chpasswd to change the password
+            process = subprocess.Popen(
+                ["chpasswd"],
+                stdin=subprocess.PIPE,
+                text=True
+            )
+            process.communicate(f"{self.target_user}:{new_password}")
+
+            # Record the time of change
+            self._write_dconf_pass_last_mod()
+            log('D221', logdata)
+            return True
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('W27', logdata)
+            return False
+
+    def _update_ldap_password(self, encrypted_blob):
+        """
+        Update the encrypted password and expiration time in LDAP.
+
+        Args:
+            encrypted_blob: Encrypted password blob
+
+        Returns:
+            bool: True if LDAP was updated successfully, False otherwise
+        """
+        logdata = dict()
+        logdata['computer_dn'] = self.computer_dn
+        try:
+            # Create LDAP modification message
+            mod_msg = ldb.Message()
+            mod_msg.dn = self.computer_dn
+
+            # Update password blob
+            mod_msg[self._ATTR_ENCRYPTED_PASSWORD] = ldb.MessageElement(
+                encrypted_blob,
+                ldb.FLAG_MOD_REPLACE,
+                self._ATTR_ENCRYPTED_PASSWORD
+            )
+
+            # Update expiration time
+            mod_msg[self._ATTR_PASSWORD_EXPIRATION_TIME] = ldb.MessageElement(
+                str(self.expiration_date_int),
+                ldb.FLAG_MOD_REPLACE,
+                self._ATTR_PASSWORD_EXPIRATION_TIME
+            )
+
+            # Perform the LDAP modification
+            self.samdb.modify(mod_msg)
+            log('D226', logdata)
+            return True
+        except Exception as exc:
+            logdata['exc'] = exc
+            log('E75', logdata)
+            return False
+
+    def _should_update_password(self):
+        """
+        Determine if the password should be updated based on policy.
+
+        Returns:
+            tuple: (bool: update needed, bool: perform post-action)
+        """
+        # Check if password has expired
+        if not self._is_password_expired():
+            # Password not expired, check if post-login action needed
+            return self._check_post_login_action()
+
+        # Password has expired, update needed
+        return True, False
+
+    def _is_password_expired(self):
+        """
+        Check if the password has expired according to policy.
+
+        Returns:
+            bool: True if password has expired, False otherwise
+        """
+        # Case 1: No expiration protection, check LDAP attribute
+        if not self.password_expiration_protection:
+            if self.expiration_time_attr > self.current_time_int:
+                return False
+        # Case 2: With expiration protection, check both policy and LDAP
+        elif self.password_expiration_protection:
+            policy_expiry = self.pass_last_mod_int + (self.password_age_days * int(self._DAY_FLOAT))
+            if policy_expiry > self.current_time_int and self.expiration_time_attr > self.current_time_int:
+                return False
+
+        return True
+
+    def _check_post_login_action(self):
+        """
+        Check if a post-login password change action should be performed.
+
+        Returns:
+            tuple: (bool: update needed, bool: perform post-action)
+        """
+        # Check if password was changed after last login
+        if self._get_changed_password_hours_ago() < self.last_login_hours_ago:
+            return False, False
+
+        # Check if enough time has passed since login
+        if self.last_login_hours_ago < self.post_authentication_reset_delay:
+            return False, False
+
+        # Check if action is configured
+        if self.post_authentication_actions == self._ACTION_NONE:
+            return False, False
+
+        # Update needed, determine if post-action required
+        return True, self.post_authentication_actions > self._ACTION_CHANGE_PASSWORD
+
+    def _perform_post_action(self):
+        """
+        Perform post-password-change action based on configuration.
+        """
+        if self.post_authentication_actions == self._ACTION_TERMINATE_SESSIONS:
+            self._terminate_user_sessions()
+        elif self.post_authentication_actions == self._ACTION_REBOOT:
+            log('D220')
+            subprocess.run(["reboot"])
+
+    def _terminate_user_sessions(self):
+        """
+        Terminates all processes associated with the active sessions of the target user.
+        """
+        # Get active sessions for the target user
+        user_sessions = [user for user in psutil.users() if user.name == self.target_user]
+        logdata = dict()
+        logdata['target_user'] = self.target_user
+        if not user_sessions:
+            log('D227', logdata)
+            return
+
+        # Terminate each session
+        for session in user_sessions:
+            try:
+                # Get the process and terminate it
+                proc = psutil.Process(session.pid)
+                proc.kill()  # Send SIGKILL
+                logdata['pid'] = session.pid
+                log('D228')
+            except (psutil.NoSuchProcess, psutil.AccessDenied) as exc:
+                logdata['pid'] = session.pid
+                logdata['exc'] = exc
+                log('W35', logdata)
+
+    def update_laps_password(self):
+        """
+        Update the LAPS password if needed based on policy.
+        Checks expiration and login times to determine if update is needed.
+        """
+        # Check if password update is needed
+        update_needed, perform_post_action = self._should_update_password()
+
+        if not update_needed:
+            log('D229')
+            return False
+
+        # Generate new password
+        password = self._generate_password()
+
+        # Create encrypted password blob
+        encrypted_blob = self._create_password_blob(password)
+
+        # Update password in LDAP
+        ldap_success = self._update_ldap_password(encrypted_blob)
+
+        if not ldap_success:
+            return False
+
+        # Change local user password
+        local_success = self._change_user_password(password)
+
+        if not local_success:
+            log('E76')
+            return False
+
+        log('D230')
+
+        # Perform post-action if configured
+        if perform_post_action:
+            self._perform_post_action()
+
+
+    def apply(self):
+        """
+        Main entry point for the LAPS applier.
+        """
+        if self.__module_enabled:
+            log('D218')
+            self.update_laps_password()
+        else:
+            log('D219')
--- a/gpoa/frontend/package_applier.py
+++ b/gpoa/frontend/package_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,12 +18,7 @@

 import logging
 import subprocess
-from util.logging import slogm, log
-from util.rpm import (
-      update
-    , install_rpm
-    , remove_rpm
-)
+from util.logging import log

 from .applier_frontend import (
      applier_frontend
--- a/gpoa/frontend/scripts_applier.py
+++ b/gpoa/frontend/scripts_applier.py
@@ -95,7 +95,6 @@ class scripts_applier_user(applier_frontend):
            , self.__module_name
            , self.__module_experimental
        )
-        self.filling_cache()

    def cleaning_cache(self):
        log('D161')
@@ -143,7 +142,9 @@ def install_script(storage_script_entry, script_dir, access_permissions):
    '''
    dir_cr = Path(script_dir)
    dir_cr.mkdir(parents=True, exist_ok=True)
-    script_name = str(int(storage_script_entry.number)).zfill(5) + '_' + os.path.basename(storage_script_entry.path)
+    if storage_script_entry.number is None:
+        return
+    script_name = str(storage_script_entry.number).zfill(5) + '_' + os.path.basename(storage_script_entry.path)
    script_file = os.path.join(script_dir, script_name)
    shutil.copyfile(storage_script_entry.path, script_file)

--- a/gpoa/frontend/shortcut_applier.py
+++ b/gpoa/frontend/shortcut_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -16,27 +16,29 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

-import logging
 import subprocess

 from .applier_frontend import (
      applier_frontend
    , check_enabled
 )
-from gpt.shortcuts import json2sc
 from util.windows import expand_windows_var
-from util.logging import slogm, log
+from util.logging import log
 from util.util import (
        get_homedir,
-        homedir_exists
+        homedir_exists,
+        string_to_literal_eval
 )
+from gpt.shortcuts import shortcut, get_ttype

-def storage_get_shortcuts(storage, sid, username=None):
+def storage_get_shortcuts(storage, sid, username=None, shortcuts_machine=None):
    '''
    Query storage for shortcuts' rows for specified SID.
    '''
    shortcut_objs = storage.get_shortcuts(sid)
    shortcuts = list()
+    if username and shortcuts_machine:
+        shortcut_objs += shortcuts_machine

    for sc in shortcut_objs:
        if username:
@@ -136,14 +138,46 @@ class shortcut_applier_user(applier_frontend):
    __module_name = 'ShortcutsApplierUser'
    __module_experimental = False
    __module_enabled = True
+    __REGISTRY_PATH_SHORTCATSMERGE= '/Software/BaseALT/Policies/GPUpdate/ShortcutsMerge'
+    __DCONF_REGISTRY_PATH_PREFERENCES_MACHINE = 'Software/BaseALT/Policies/Preferences/Machine'

    def __init__(self, storage, sid, username):
        self.storage = storage
        self.sid = sid
        self.username = username
+        self.__module_enabled = check_enabled(self.storage, self.__module_name, self.__module_experimental)
+
+    def get_machine_shortcuts(self):
+        result = list()
+        try:
+            storage_machine_dict =  self.storage.get_dictionary_from_dconf_file_db()
+            machine_shortcuts = storage_machine_dict.get(
+                self.__DCONF_REGISTRY_PATH_PREFERENCES_MACHINE, dict()).get('Shortcuts')
+            shortcut_objs =  string_to_literal_eval(machine_shortcuts)
+            for obj in shortcut_objs:
+                shortcut_machine =shortcut(
+                    obj.get('dest'),
+                    obj.get('path'),
+                    obj.get('arguments'),
+                    obj.get('name'),
+                    obj.get('action'),
+                    get_ttype(obj.get('target_type')))
+                shortcut_machine.set_usercontext(1)
+                result.append(shortcut_machine)
+        except:
+            return None
+        return result
+
+
+
+    def check_enabled_shortcuts_merge(self):
+        return self.storage.get_key_value(self.__REGISTRY_PATH_SHORTCATSMERGE)

    def run(self, in_usercontext):
-        shortcuts = storage_get_shortcuts(self.storage, self.sid, self.username)
+        shortcuts_machine = None
+        if self.check_enabled_shortcuts_merge():
+            shortcuts_machine = self.get_machine_shortcuts()
+        shortcuts = storage_get_shortcuts(self.storage, self.sid, self.username, shortcuts_machine)

        if shortcuts:
            for sc in shortcuts:
--- a/gpoa/frontend/systemd_applier.py
+++ b/gpoa/frontend/systemd_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -21,9 +21,8 @@ from .applier_frontend import (
    , check_enabled
 )
 from .appliers.systemd import systemd_unit
-from util.logging import slogm, log
+from util.logging import log

-import logging

 class systemd_applier(applier_frontend):
    __module_name = 'SystemdApplier'
@@ -43,15 +42,14 @@ class systemd_applier(applier_frontend):

    def run(self):
        for setting in self.systemd_unit_settings:
-            valuename = setting.hive_key.rpartition('/')[2]
            try:
-                self.units.append(systemd_unit(valuename, int(setting.data)))
+                self.units.append(systemd_unit(setting.valuename, int(setting.data)))
                logdata = dict()
-                logdata['unit'] = format(valuename)
+                logdata['unit'] = format(setting.valuename)
                log('I4', logdata)
            except Exception as exc:
                logdata = dict()
-                logdata['unit'] = format(valuename)
+                logdata['unit'] = format(setting.valuename)
                logdata['exc'] = exc
                log('I5', logdata)
        for unit in self.units:
--- a/gpoa/frontend/thunderbird_applier.py
+++ b/gpoa/frontend/thunderbird_applier.py
@@ -0,0 +1,70 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+
+import json
+import os
+
+from .applier_frontend import (
+      applier_frontend
+    , check_enabled
+)
+from util.logging import log
+from util.util import is_machine_name
+from .firefox_applier import create_dict
+
+class thunderbird_applier(applier_frontend):
+    __module_name = 'ThunderbirdApplier'
+    __module_experimental = False
+    __module_enabled = True
+    __registry_branch = 'Software/Policies/Mozilla/Thunderbird'
+    __thunderbird_policies = '/etc/thunderbird/policies'
+
+    def __init__(self, storage, sid, username):
+        self.storage = storage
+        self.sid = sid
+        self.username = username
+        self._is_machine_name = is_machine_name(self.username)
+        self.policies = dict()
+        self.policies_json = dict({ 'policies': self.policies })
+        self.thunderbird_keys = self.storage.filter_hklm_entries(self.__registry_branch)
+        self.policies_gen = dict()
+        self.__module_enabled = check_enabled(
+              self.storage
+            , self.__module_name
+            , self.__module_experimental
+        )
+
+
+    def machine_apply(self):
+        '''
+        Write policies.json to Thunderbird.
+        '''
+        self.policies_json = create_dict(self.thunderbird_keys, self.__registry_branch)
+
+        destfile = os.path.join(self.__thunderbird_policies, 'policies.json')
+        os.makedirs(self.__thunderbird_policies, exist_ok=True)
+        with open(destfile, 'w') as f:
+            json.dump(self.policies_json, f)
+            logdata = dict()
+            logdata['destfile'] = destfile
+            log('D212', logdata)
+
+    def apply(self):
+        if self.__module_enabled:
+            log('D213')
+            self.machine_apply()
+        else:
+            log('D214')
--- a/gpoa/frontend/yandex_browser_applier.py
+++ b/gpoa/frontend/yandex_browser_applier.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2022 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -39,8 +39,7 @@ class yandex_browser_applier(applier_frontend):
        self.sid = sid
        self.username = username
        self._is_machine_name = is_machine_name(self.username)
-        yandex_filter = '{}%'.format(self.__registry_branch)
-        self.yandex_keys = self.storage.filter_hklm_entries(yandex_filter)
+        self.yandex_keys = self.storage.filter_hklm_entries(self.__registry_branch)

        self.policies_json = dict()

--- a/gpoa/gpoa
+++ b/gpoa/gpoa
@@ -27,6 +27,7 @@ from backend import backend_factory, save_dconf
 from frontend.frontend_manager import frontend_manager, determine_username
 from plugin import plugin_manager
 from messages import message_with_code
+from storage import Dconf_registry

 from util.util import get_machine_name
 from util.users import (
@@ -61,6 +62,9 @@ def parse_arguments():
    arguments.add_argument('--list-backends',
            action='store_true',
            help='Show list of available backends')
+    arguments.add_argument('--force',
+            action='store_true',
+            help='Force GPT download')
    arguments.add_argument('--loglevel',
        type=int,
        default=4,
@@ -120,6 +124,7 @@ class gpoa_controller:
            print('local')
            print('samba')
            return
+        Dconf_registry._force = self.__args.force
        self.start_plugins()
        self.start_backend()

@@ -149,6 +154,7 @@ class gpoa_controller:
                        back.retrieve_and_store()
                        # Start frontend only on successful backend finish
                        self.start_frontend()
+                        save_dconf(self.username, self.is_machine, nodomain)
                    except Exception as exc:
                        logdata = dict({'message': str(exc)})
                        # In case we're handling "E3" - it means that
@@ -159,7 +165,6 @@ class gpoa_controller:
                        einfo = geterr()
                        logdata.update(einfo)
                        log('E3', logdata)
-        save_dconf(self.username, self.is_machine)

    def start_frontend(self):
        '''
--- a/gpoa/gpt/drives.py
+++ b/gpoa/gpt/drives.py
@@ -19,7 +19,7 @@
 import json
 from base64 import b64decode
 from Crypto.Cipher import AES
-
+from .dynamic_attributes import DynamicAttributes
 from util.xml import get_xml_root

 def decrypt_pass(cpassword):
@@ -93,7 +93,7 @@ def json2drive(json_str):

    return drive_obj

-class drivemap:
+class drivemap(DynamicAttributes):
    def __init__(self):
        self.login = None
        self.password = None
--- a/gpoa/gpt/dynamic_attributes.py
+++ b/gpoa/gpt/dynamic_attributes.py
@@ -0,0 +1,56 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+from enum import Enum
+
+class DynamicAttributes:
+    def __init__(self, **kwargs):
+        self.policy_name = None
+        for key, value in kwargs.items():
+            self.__setattr__(key, value)
+
+    def __setattr__(self, key, value):
+        if isinstance(value, Enum):
+            value = str(value)
+        if isinstance(value, str):
+            for q in ["'", "\""]:
+                if any(q in ch for ch in value):
+                    value = value.replace(q, "″")
+        self.__dict__[key] = value
+
+    def items(self):
+        return self.__dict__.items()
+
+    def __iter__(self):
+        return iter(self.__dict__.items())
+
+    def get_original_value(self, key):
+        value = self.__dict__.get(key)
+        if isinstance(value, str):
+            value = value.replace("″", "'")
+        return value
+
+class RegistryKeyMetadata(DynamicAttributes):
+    def __init__(self, policy_name, type, is_list=None, mod_previous_value=None):
+        self.policy_name = policy_name
+        self.type = type
+        self.reloaded_with_policy_key = None
+        self.is_list = is_list
+        self.mod_previous_value = mod_previous_value
+
+    def __repr__(self):
+        return str(dict(self))
--- a/gpoa/gpt/envvars.py
+++ b/gpoa/gpt/envvars.py
@@ -17,24 +17,8 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 from util.xml import get_xml_root
+from .dynamic_attributes import DynamicAttributes

-from enum import Enum
-
-class FileAction(Enum):
-    CREATE = 'C'
-    REPLACE = 'R'
-    UPDATE = 'U'
-    DELETE = 'D'
-
-
-def action_letter2enum(letter):
-    if letter in ['C', 'R', 'U', 'D']:
-        if letter == 'C': return FileAction.CREATE
-        if letter == 'R': return FileAction.REPLACE
-        if letter == 'U': return FileAction.UPDATE
-        if letter == 'D': return FileAction.DELETE
-
-    return FileAction.CREATE

 def read_envvars(envvars_file):
    variables = list()
@@ -43,8 +27,8 @@ def read_envvars(envvars_file):
        props = var.find('Properties')
        name = props.get('name')
        value = props.get('value')
-        var_obj = envvar(name, value)
-        var_obj.set_action(action_letter2enum(props.get('action', default='C')))
+        action = props.get('action', default='C')
+        var_obj = envvar(name, value, action)

        variables.append(var_obj)

@@ -54,12 +38,9 @@ def merge_envvars(storage, sid, envvar_objects, policy_name):
    for envv in envvar_objects:
        storage.add_envvar(sid, envv, policy_name)

-class envvar:
-    def __init__(self, name, value):
+class envvar(DynamicAttributes):
+    def __init__(self, name, value, action):
        self.name = name
        self.value = value
-        self.action = FileAction.CREATE
-
-    def set_action(self, action):
        self.action = action

--- a/gpoa/gpt/files.py
+++ b/gpoa/gpt/files.py
@@ -17,6 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 from util.xml import get_xml_root
+from .dynamic_attributes import DynamicAttributes

 def read_files(filesxml):
    files = list()
@@ -39,7 +40,7 @@ def merge_files(storage, sid, file_objects, policy_name):
    for fileobj in file_objects:
        storage.add_file(sid, fileobj, policy_name)

-class fileentry:
+class fileentry(DynamicAttributes):
    def __init__(self, fromPath):
        self.fromPath = fromPath

--- a/gpoa/gpt/folders.py
+++ b/gpoa/gpt/folders.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,28 +17,11 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.


-from enum import Enum
-
+from .dynamic_attributes import DynamicAttributes

 from util.xml import get_xml_root


-class FileAction(Enum):
-    CREATE = 'C'
-    REPLACE = 'R'
-    UPDATE = 'U'
-    DELETE = 'D'
-
-
-def action_letter2enum(letter):
-    if letter in ['C', 'R', 'U', 'D']:
-        if letter == 'C': return FileAction.CREATE
-        if letter == 'R': return FileAction.REPLACE
-        if letter == 'U': return FileAction.UPDATE
-        if letter == 'D': return FileAction.DELETE
-
-    return FileAction.CREATE
-

 def action_enum2letter(enumitem):
    return enumitem.value
@@ -61,8 +44,9 @@ def read_folders(folders_file):

    for fld in get_xml_root(folders_file):
        props = fld.find('Properties')
-        fld_obj = folderentry(props.get('path'))
-        fld_obj.set_action(action_letter2enum(props.get('action', default='C')))
+        path = props.get('path')
+        action = props.get('action', default='C')
+        fld_obj = folderentry(path, action)
        fld_obj.set_delete_folder(folder_int2bool(props.get('deleteFolder', default=1)))
        fld_obj.set_delete_sub_folders(folder_int2bool(props.get('deleteSubFolders', default=1)))
        fld_obj.set_delete_files(folder_int2bool(props.get('deleteFiles', default=1)))
@@ -78,10 +62,10 @@ def merge_folders(storage, sid, folder_objects, policy_name):
        storage.add_folder(sid, folder, policy_name)


-class folderentry:
-    def __init__(self, path):
+class folderentry(DynamicAttributes):
+    def __init__(self, path, action):
        self.path = path
-        self.action = FileAction.CREATE
+        self.action = action
        self.delete_folder = False
        self.delete_sub_folders = False
        self.delete_files = False
--- a/gpoa/gpt/gpo_dconf_mapping.py
+++ b/gpoa/gpt/gpo_dconf_mapping.py
@@ -0,0 +1,48 @@
+#
+# GPOA - GPO Applier for Linux
+#
+# Copyright (C) 2019-2024 BaseALT Ltd.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from .dynamic_attributes import DynamicAttributes
+
+class GpoInfoDconf(DynamicAttributes):
+    _counter = 0
+    def __init__(self, gpo) -> None:
+        GpoInfoDconf._counter += 1
+        self.counter = GpoInfoDconf._counter
+        self.display_name = None
+        self.name = None
+        self.version = None
+        self.link = None
+        self._fill_attributes(gpo)
+
+    def _fill_attributes(self, gpo):
+        try:
+            self.display_name = gpo.display_name
+        except:
+            self.display_name = "Unknown"
+        try:
+            self.name = gpo.name
+        except:
+            self.name = "Unknown"
+        try:
+            self.version = gpo.version
+        except:
+            self.version = "Unknown"
+        try:
+            self.link = gpo.link
+        except:
+            self.link = "Unknown"
--- a/gpoa/gpt/gpt.py
+++ b/gpoa/gpt/gpt.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -23,6 +23,7 @@ from enum import Enum, unique
 from samba.gp_parse.gp_pol import GPPolParser

 from storage import registry_factory
+from storage.dconf_registry import add_to_dict

 from .polfile import (
      read_polfile
@@ -153,13 +154,14 @@ def get_merger(preference_type):
    return mergers[preference_type]

 class gpt:
-    def __init__(self, gpt_path, sid, username='Machine', version=None):
+    def __init__(self, gpt_path, sid, username='Machine', gpo_info=None):
+        add_to_dict(gpt_path, username, gpo_info)
        self.path = gpt_path
        self.username = username
        self.sid = sid
        self.storage = registry_factory()
        self.storage._gpt_read_flag = True
-        self.version = version
+        self.gpo_info = gpo_info
        self.name = ''
        self.guid = self.path.rpartition('/')[2]
        if 'default' == self.guid:
@@ -217,7 +219,7 @@ class gpt:
            if self.settings['machine']['regpol']:
                mlogdata = dict({'polfile': self.settings['machine']['regpol']})
                log('D34', mlogdata)
-                util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name, version=self.version)
+                util.preg.merge_polfile(self.settings['machine']['regpol'], policy_name=self.name, gpo_info=self.gpo_info)
            # Merge machine preferences to registry if possible
            for preference_name, preference_path in self.settings['machine'].items():
                if preference_path:
@@ -247,7 +249,7 @@ class gpt:
                                        sid=self.sid,
                                        policy_name=self.name,
                                        username=self.username,
-                                        version=self.version)
+                                        gpo_info=self.gpo_info)
            # Merge user preferences to registry if possible
            for preference_name, preference_path in self.settings['user'].items():
                if preference_path:
--- a/gpoa/gpt/inifiles.py
+++ b/gpoa/gpt/inifiles.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2022 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,6 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 from util.xml import get_xml_root
+from .dynamic_attributes import DynamicAttributes

 def read_inifiles(inifiles_file):
    inifiles = list()
@@ -27,7 +28,7 @@ def read_inifiles(inifiles_file):
        ini_obj.set_section(prors.get('section', default=None))
        ini_obj.set_property(prors.get('property', default=None))
        ini_obj.set_value(prors.get('value', default=None))
-        ini_obj.set_action(prors.get('action'))
+        ini_obj.set_action(prors.get('action', default='C'))

        inifiles.append(ini_obj)

@@ -37,7 +38,7 @@ def merge_inifiles(storage, sid, inifile_objects, policy_name):
    for iniobj in inifile_objects:
        storage.add_ini(sid, iniobj, policy_name)

-class inifile:
+class inifile(DynamicAttributes):
    def __init__(self, path):
        self.path = path

--- a/gpoa/gpt/networkshares.py
+++ b/gpoa/gpt/networkshares.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2022 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 from util.xml import get_xml_root
-from storage.dconf_registry import Dconf_registry
+from .dynamic_attributes import DynamicAttributes

 def read_networkshares(networksharesxml):
    networkshares = list()
@@ -39,7 +39,7 @@ def merge_networkshares(storage, sid, networkshares_objects, policy_name):
    for networkshareobj in networkshares_objects:
        storage.add_networkshare(sid, networkshareobj, policy_name)

-class networkshare:
+class networkshare(DynamicAttributes):
    def __init__(self, name):
        self.name = name

--- a/gpoa/gpt/printers.py
+++ b/gpoa/gpt/printers.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,6 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import json
+from .dynamic_attributes import DynamicAttributes

 from util.xml import get_xml_root

@@ -60,7 +61,7 @@ def json2printer(json_str):

    return prn

-class printer:
+class printer(DynamicAttributes):
    def __init__(self, ptype, name, status):
        '''
        ptype may be one of:
--- a/gpoa/gpt/scriptsini.py
+++ b/gpoa/gpt/scriptsini.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,7 +18,7 @@

 import configparser
 import os
-
+from .dynamic_attributes import DynamicAttributes

 def read_scripts(scripts_file):
    scripts = Scripts_lists()
@@ -115,7 +115,7 @@ class Scripts_lists:
            self.get_shutdown_scripts().append(script)


-class Script:
+class Script(DynamicAttributes):
    __logon_counter = 0
    __logoff_counter = 0
    __startup_counter = 0
@@ -126,6 +126,7 @@ class Script:
        self.action = action_upper
        self.path = os.path.join(script_dir, action_upper, script_filename.upper())
        if not os.path.isfile(self.path):
+            self.number = None
            return None
        self.args = None

--- a/gpoa/gpt/services.py
+++ b/gpoa/gpt/services.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,6 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 from util.xml import get_xml_root
+from .dynamic_attributes import DynamicAttributes

 def read_services(service_file):
    '''
@@ -43,7 +44,7 @@ def merge_services(storage, sid, service_objects, policy_name):
    for srv in service_objects:
        pass

-class service:
+class service(DynamicAttributes):
    def __init__(self, name):
        self.unit = name
        self.servname = None
--- a/gpoa/gpt/shortcuts.py
+++ b/gpoa/gpt/shortcuts.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,21 +18,23 @@

 from pathlib import Path
 import stat
-import logging
 from enum import Enum

-from xml.etree import ElementTree
 from xdg.DesktopEntry import DesktopEntry
 import json

 from util.windows import transform_windows_path
 from util.xml import get_xml_root
 from util.paths import get_desktop_files_directory
+from .dynamic_attributes import DynamicAttributes

 class TargetType(Enum):
    FILESYSTEM = 'FILESYSTEM'
    URL = 'URL'

+    def __str__(self):
+        return self.value
+
 def get_ttype(targetstr):
    '''
    Validation function for targetType property
@@ -43,7 +45,7 @@ def get_ttype(targetstr):
    '''
    ttype = TargetType.FILESYSTEM

-    if targetstr == 'URL':
+    if targetstr == 'URL'or targetstr == TargetType.URL:
        ttype = TargetType.URL

    return ttype
@@ -97,24 +99,6 @@ def merge_shortcuts(storage, sid, shortcut_objects, policy_name):
    for shortcut in shortcut_objects:
        storage.add_shortcut(sid, shortcut, policy_name)

-def json2sc(json_str):
-    '''
-    Build shortcut out of string-serialized JSON
-    '''
-    json_obj = json.loads(json_str)
-    link_type = get_ttype(json_obj['type'])
-
-    sc = shortcut(json_obj['dest'], json_obj['path'], json_obj['arguments'], json_obj['name'], json_obj['action'], link_type)
-    sc.set_changed(json_obj['changed'])
-    sc.set_clsid(json_obj['clsid'])
-    sc.set_guid(json_obj['guid'])
-    sc.set_usercontext(json_obj['is_in_user_context'])
-    if 'comment' in json_obj:
-        sc.set_comment(json_obj['comment'])
-    if 'icon' in json_obj:
-        sc.set_icon(json_obj['icon'])
-
-    return sc

 def find_desktop_entry(binary_path):
    desktop_dir = get_desktop_files_directory()
@@ -129,7 +113,9 @@ def find_desktop_entry(binary_path):
    return None


-class shortcut:
+class shortcut(DynamicAttributes):
+    _ignore_fields = {"desktop_file_template", "desktop_file"}
+
    def __init__(self, dest, path, arguments, name=None, action=None, ttype=TargetType.FILESYSTEM):
        '''
        :param dest: Path to resulting file on file system
@@ -151,6 +137,14 @@ class shortcut:
        self.type = ttype
        self.desktop_file_template = None

+
+    def items(self):
+        return ((k, v) for k, v in super().items() if k not in self._ignore_fields)
+
+    def __iter__(self):
+        return iter(self.items())
+
+
    def replace_slashes(self, input_path):
        if input_path.startswith('%'):
            index = input_path.find('%', 1)
@@ -217,30 +211,6 @@ class shortcut:
    def is_usercontext(self):
        return self.is_in_user_context

-    def to_json(self):
-        '''
-        Return shortcut's JSON for further serialization.
-        '''
-        content = dict()
-        content['dest'] = self.dest
-        content['path'] = self.path
-        content['name'] = self.name
-        content['arguments'] = self.arguments
-        content['clsid'] = self.clsid
-        content['guid'] = self.guid
-        content['changed'] = self.changed
-        content['action'] = self.action
-        content['is_in_user_context'] = self.is_in_user_context
-        content['type'] = ttype2str(self.type)
-        if self.icon:
-            content['icon'] = self.icon
-        if self.comment:
-            content['comment'] = self.comment
-        result = self.desktop()
-        result.content.update(content)
-
-        return json.dumps(result.content)
-
    def desktop(self, dest=None):
        '''
        Returns desktop file object which may be written to disk.
@@ -260,7 +230,7 @@ class shortcut:
        '''
        Update desktop file object from internal data.
        '''
-        if self.type == TargetType.URL:
+        if get_ttype(self.type) == TargetType.URL:
            self.desktop_file.set('Type', 'Link')
        else:
            self.desktop_file.set('Type', 'Application')
@@ -270,7 +240,7 @@ class shortcut:
        desktop_path = self.path
        if self.expanded_path:
            desktop_path = self.expanded_path
-        if self.type == TargetType.URL:
+        if get_ttype(self.type) == TargetType.URL:
            self.desktop_file.set('URL', desktop_path)
        else:
            str2bool_lambda = (lambda boolstr: boolstr if isinstance(boolstr, bool)
@@ -278,7 +248,7 @@ class shortcut:
            if self.desktop_file_template:
                terminal_state = str2bool_lambda(self.desktop_file_template.get('Terminal'))
                self.desktop_file.set('Terminal', 'true' if terminal_state else 'false')
-            self.desktop_file.set('Exec', '{} {}'.format(desktop_path, self.arguments))
+            self.desktop_file.set('Exec', '{} {}'.format(desktop_path, self.get_original_value('arguments')))
            self.desktop_file.set('Comment', self.comment)

        if self.icon:
--- a/gpoa/gpupdate
+++ b/gpoa/gpupdate
@@ -25,6 +25,7 @@ import os
 import sys
 import pwd
 import signal
+from storage import Dconf_registry

 from util.users import (
    is_root
@@ -83,6 +84,11 @@ def parse_cli_arguments():
        type=int,
        default=5,
        help='Set logging verbosity level')
+    argparser.add_argument('-f',
+        '--force',
+        action='store_true',
+        default=False,
+        help='Force GPT download')
    argparser.add_argument('-s',
        '--system',
        action='store_true',
@@ -165,6 +171,7 @@ def main():
    gettext.bindtextdomain('gpoa', '/usr/lib/python3/site-packages/gpoa/locale')
    gettext.textdomain('gpoa')
    set_loglevel(args.loglevel)
+    Dconf_registry._force = args.force
    gpo_appliers = runner_factory(args, process_target(args.target))

    if gpo_appliers:
--- a/gpoa/gpupdate-setup
+++ b/gpoa/gpupdate-setup
@@ -2,7 +2,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -19,9 +19,7 @@


 import os
-import sys
 import argparse
-import subprocess

 from util.util import (
      runcmd
--- a/gpoa/locale/ru_RU/LC_MESSAGES/gpoa.po
+++ b/gpoa/locale/ru_RU/LC_MESSAGES/gpoa.po
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -65,6 +65,10 @@ msgstr "Установка свойств  для пользователя"
 msgid "The line in the configuration file was cleared"
 msgstr "В конфигурационном файле была очищена строка"

+msgid "Found GPT in cache"
+msgstr "Найден GPT в кеше"
+
+
 # Error
 msgid "Insufficient permissions to run gpupdate"
 msgstr "Недостаточно прав для запуска gpupdate"
@@ -252,6 +256,18 @@ msgstr "Не удалось обновить базу данных dconf"
 msgid "Exception occurred while updating dconf database"
 msgstr "Возникло исключение при обновлении базы данных dconf"

+msgid "Failed to retrieve data from dconf database"
+msgstr "Не удалось получить данные из базы dconf"
+
+msgid "Autofs restart failed"
+msgstr "Перезапуск Autofs не удался"
+
+msgid "Failed to update LDAP with new password data"
+msgstr "Не удалось обновить LDAP новыми данными пароля"
+
+msgid "Failed to change local user password"
+msgstr "Не удалось изменить пароль локального пользователя"
+
 # Error_end

 # Debug
@@ -627,11 +643,11 @@ msgstr "Запуск применение настроек Envvar для маш
 msgid "Envvar applier for machine will not be started"
 msgstr "Применение настроек Envvar для машины не запускается"

-msgid "Running Envvar applier for user in user context"
-msgstr "Запуск применение настроек Envvar для пользователя в контексте пользователя"
+msgid "Running Envvar applier for user in admin context"
+msgstr "Запуск применение настроек Envvar для пользователя в контексте администратора"

-msgid "Envvar applier for user in user context will not be started"
-msgstr "Применение настроек Envvar для пользователя в контексте пользователя не запускается"
+msgid "Envvar applier for user in admin context will not be started"
+msgstr "Применение настроек Envvar для пользователя в контексте администратора не запускается"

 msgid "Running Package applier for machine"
 msgstr "Запуск установки пакетов для машины"
@@ -870,6 +886,69 @@ msgstr "Создание ini-файла с политиками для  dconf"
 msgid "GPO version was not found"
 msgstr "Версия GPO не найдена"

+msgid "SYSVOL entry found in cache"
+msgstr "Запись SYSVOL найдена в кеше"
+
+msgid "Wrote Thunderbird preferences to"
+msgstr "Настройки Thunderbird записаны в"
+
+msgid "Running Thunderbird applier for machine"
+msgstr "Запуск применение настроек Thunderbird для машины"
+
+msgid "Thunderbird applier for machine will not be started"
+msgstr "Применение настроек Thunderbird для компьютера не запускается"
+
+msgid "The environment file has been cleaned"
+msgstr "Файл environment очищен"
+
+msgid  "Cleanup of file environment failed"
+msgstr "Очистка файла environment не удалась"
+
+msgid "Failed to get dictionary"
+msgstr "Не удалось получить словарь"
+
+msgid "LAPS applier started"
+msgstr "Запущен обработчик LAPS"
+
+msgid "LAPS applier is disabled"
+msgstr "Обработчик LAPS отключен"
+
+msgid "Rebooting system after password change"
+msgstr "Перезагрузка системы после смены пароля"
+
+msgid "Password changed"
+msgstr "Пароль изменён"
+
+msgid "Writing password changes time"
+msgstr "Запись времени изменения пароля"
+
+msgid "Requirements not met"
+msgstr "Требования не выполнены"
+
+msgid "The number of hours from the moment of the last user entrance"
+msgstr "Количество часов с момента последнего входа пользователя"
+
+msgid "The number of hours since the password has last changed"
+msgstr "Количество часов с момента последнего изменения пароля"
+
+msgid "LDAP updated with new password data"
+msgstr "LDAP обновлён новыми данными пароля"
+
+msgid "No active sessions found"
+msgstr "Активные сеансы не найдены"
+
+msgid "Process terminated"
+msgstr "Процесс завершён"
+
+msgid "Password update not needed"
+msgstr "Обновление пароля не требуется"
+
+msgid "Password successfully updated"
+msgstr "Пароль успешно обновлён"
+
+msgid "Cleaning the autofs catalog"
+msgstr "Очистка каталога autofs"
+
 # Debug_end

 # Warning
@@ -922,8 +1001,8 @@ msgstr "Не удалось скопировать файл"
 msgid "Failed to create KDE settings list"
 msgstr "Не удалось создать список настроек KDE"

-msgid "Could not find application tools"
-msgstr "Не удалось найти инструменты применения"
+msgid "Could not find tools to configure KDE"
+msgstr "Не удалось найти инструменты для настройки KDE"

 msgid "Failed to open KDE settings"
 msgstr "Не удалось открыть настройки KDE"
@@ -946,6 +1025,45 @@ msgstr "Не удалось выполнить действие для INI-фа
 msgid "Couldn't get the uid"
 msgstr "Не удалось получить uid"

+msgid "Failed to load content from remote host"
+msgstr "Не удалось загрузить контент с удаленного узла"
+
+msgid "Force mode activated"
+msgstr "Режим force задействован"
+
+msgid "Failed to change password"
+msgstr "Не удалось изменить пароль"
+
+msgid "Failed to write password modification time"
+msgstr "Не удалось записать время изменения пароля"
+
+msgid "LAPS requirements not met, module disabled"
+msgstr "Требования LAPS не выполнены, модуль отключён"
+
+msgid "Could not resolve encryption principal name. Return admin group SID"
+msgstr "Не удалось определить имя шифрования. Возвращён SID группы администраторов"
+
+msgid "Failed to get expiration time from LDAP"
+msgstr "Не удалось получить время истечения срока действия из LDAP"
+
+msgid "Failed to read password modification time from dconf"
+msgstr "Не удалось прочитать время изменения пароля из dconf"
+
+msgid "Failed to get last login time"
+msgstr "Не удалось получить время последнего входа"
+
+msgid "Failed to calculate password age"
+msgstr "Не удалось вычислить возраст пароля"
+
+msgid "Failed to terminate process"
+msgstr "Не удалось завершить процесс"
+
+msgid "The user was not found to change the password"
+msgstr "Пользователь для изменения пароля не был найден"
+
+msgid "Error while cleaning the autofs catalog"
+msgstr "Ошибка при очистке каталога autofs"
+
 # Fatal
 msgid "Unable to refresh GPO list"
 msgstr "Невозможно обновить список объектов групповых политик"
--- a/gpoa/messages/init.py
+++ b/gpoa/messages/init.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -31,6 +31,7 @@ def info_code(code):
    info_ids[8] = 'Chromium policy'
    info_ids[9] = 'Set user property to'
    info_ids[10] = 'The line in the configuration file was cleared'
+    info_ids[11] = 'Found GPT in cache'

    return info_ids.get(code, 'Unknown info code')

@@ -107,6 +108,10 @@ def error_code(code):
    error_ids[70] = 'Error getting key value'
    error_ids[71] = 'Failed to update dconf database'
    error_ids[72] = 'Exception occurred while updating dconf database'
+    error_ids[73] = 'Failed to retrieve data from dconf database'
+    error_ids[74] = 'Autofs restart failed'
+    error_ids[75] = 'Failed to update LDAP with new password data'
+    error_ids[76] = 'Failed to change local user password'
    return error_ids.get(code, 'Unknown error code')

 def debug_code(code):
@@ -246,8 +251,8 @@ def debug_code(code):
    debug_ids[133] = 'NTP applier for machine will not be started'
    debug_ids[134] = 'Running Envvar applier for machine'
    debug_ids[135] = 'Envvar applier for machine will not be started'
-    debug_ids[136] = 'Running Envvar applier for user in user context'
-    debug_ids[137] = 'Envvar applier for user in user context will not be started'
+    debug_ids[136] = 'Running Envvar applier for user in admin context'
+    debug_ids[137] = 'Envvar applier for user in admin context will not be started'
    debug_ids[138] = 'Running Package applier for machine'
    debug_ids[139] = 'Package applier for machine will not be started'
    debug_ids[140] = 'Running Package applier for user in administrator context'
@@ -320,7 +325,27 @@ def debug_code(code):
    debug_ids[207] = 'Creating a dictionary with keys and values from the dconf database'
    debug_ids[208] = 'No entry found for the specified path'
    debug_ids[209] = 'Creating an ini file with policies for dconf'
-    debug_ids[210] = 'GPO version was not found'
+    debug_ids[211] = 'SYSVOL entry found in cache'
+    debug_ids[212] = 'Wrote Thunderbird preferences to'
+    debug_ids[213] = 'Running Thunderbird applier for machine'
+    debug_ids[214] = 'Thunderbird applier for machine will not be started'
+    debug_ids[215] = 'The environment file has been cleaned'
+    debug_ids[216] = 'Cleanup of file environment failed'
+    debug_ids[217] = 'Failed to get dictionary'
+    debug_ids[218] = 'LAPS applier started'
+    debug_ids[219] = 'LAPS applier is disabled'
+    debug_ids[220] = 'Rebooting system after password change'
+    debug_ids[221] = 'Password changed'
+    debug_ids[222] = 'Writing password changes time'
+    debug_ids[223] = 'Requirements not met'
+    debug_ids[224] = 'The number of hours from the moment of the last user entrance'
+    debug_ids[225] = 'The number of hours since the password has last changed'
+    debug_ids[226] = 'LDAP updated with new password data'
+    debug_ids[227] = 'No active sessions found'
+    debug_ids[228] = 'Process terminated'
+    debug_ids[229] = 'Password update not needed'
+    debug_ids[230] = 'Password successfully updated'
+    debug_ids[231] = 'Cleaning the autofs catalog'

    return debug_ids.get(code, 'Unknown debug code')

@@ -348,7 +373,7 @@ def warning_code(code):
    warning_ids[14] = 'Could not create a valid list of keys'
    warning_ids[15] = 'Failed to copy file'
    warning_ids[16] = 'Failed to create KDE settings list'
-    warning_ids[17] = 'Could not find application tools'
+    warning_ids[17] = 'Could not find tools to configure KDE'
    warning_ids[18] = 'Failed to open KDE settings'
    warning_ids[19] = 'Failed to change KDE configuration file'
    warning_ids[20] = 'Error connecting to server'
@@ -356,7 +381,19 @@ def warning_code(code):
    warning_ids[22] = 'The user setting was not installed, conflict with computer setting'
    warning_ids[23] = 'Action for ini file failed'
    warning_ids[24] = 'Couldn\'t get the uid'
-
+    warning_ids[25] = 'Failed to load content from remote host'
+    warning_ids[26] = 'Force mode activated'
+    warning_ids[27] = 'Failed to change password'
+    warning_ids[28] = 'Failed to write password modification time'
+    warning_ids[29] = 'LAPS requirements not met, module disabled'
+    warning_ids[30] = 'Could not resolve encryption principal name. Return admin group SID'
+    warning_ids[31] = 'Failed to get expiration time from LDAP'
+    warning_ids[32] = 'Failed to read password modification time from dconf'
+    warning_ids[33] = 'Failed to get last login time'
+    warning_ids[34] = 'Failed to calculate password age'
+    warning_ids[35] = 'Failed to terminate process'
+    warning_ids[36] = 'The user was not found to change the password'
+    warning_ids[37] = 'Error while cleaning the autofs catalog'

    return warning_ids.get(code, 'Unknown warning code')

--- a/gpoa/pkcon_runner
+++ b/gpoa/pkcon_runner
@@ -20,15 +20,13 @@
 import rpm
 import subprocess
 from gpoa.storage import registry_factory
+from util.gpoa_ini_parsing import GpoaConfigObj
+from util.util import get_uid_by_username, string_to_literal_eval
 import logging
 from util.logging import log
 import argparse
 import gettext
 import locale
-from messages import message_with_code
-from util.arguments import (
-    set_loglevel
-)


 def is_rpm_installed(rpm_name):
@@ -45,28 +43,34 @@ def is_rpm_installed(rpm_name):
 class Pkcon_applier:

    def __init__(self, user = None):
-        self.__install_key_name = 'Install'
-        self.__remove_key_name = 'Remove'
-        self.__hklm_branch = '/Software/BaseALT/Policies/Packages'
+        install_key_name = 'Install'
+        remove_key_name = 'Remove'
+        hklm_branch = 'Software/BaseALT/Policies/Packages'
        self.__install_command = ['/usr/bin/pkcon', '-y', 'install']
        self.__remove_command = ['/usr/bin/pkcon', '-y', 'remove']
        self.__reinstall_command = ['/usr/bin/pkcon', '-y', 'reinstall']
        self.install_packages = set()
        self.remove_packages = set()
-        self.storage = registry_factory(username=user)
-        self.storage.filling_storage_from_dconf()
-        install_branch = '{}/{}'.format(self.__hklm_branch, self.__install_key_name)
-        remove_branch = '{}/{}'.format(self.__hklm_branch, self.__remove_key_name)
-        self.install_packages_setting = self.storage.filter_hklm_entries(install_branch)
-        self.remove_packages_setting = self.storage.filter_hklm_entries(remove_branch)
+        self.storage = registry_factory()
+        if user:
+            uid = get_uid_by_username(user)
+            dict_dconf_db = self.storage.get_dictionary_from_dconf_file_db(uid)
+        else:
+            dict_dconf_db = self.storage.get_dictionary_from_dconf_file_db()
+        dict_packages = dict_dconf_db.get(hklm_branch,{})
+        self.install_packages_setting = string_to_literal_eval(dict_packages.get(install_key_name,[]))
+        self.remove_packages_setting = string_to_literal_eval(dict_packages.get(remove_key_name,[]))
+
        for package in self.install_packages_setting:
-            if not is_rpm_installed(package.data):
-                self.install_packages.add(package.data)
+            package = package.strip()
+            if not is_rpm_installed(package):
+                self.install_packages.add(package)
        for package in self.remove_packages_setting:
-            if package.data in self.install_packages:
-                self.install_packages.remove(package.data)
-            if is_rpm_installed(package.data):
-                self.remove_packages.add(package.data)
+            package = package.strip()
+            if package in self.install_packages:
+                self.install_packages.remove(package)
+            if is_rpm_installed(package):
+                self.remove_packages.add(package)

    def apply(self):
        log('D142')
--- a/gpoa/plugin/plugin_manager.py
+++ b/gpoa/plugin/plugin_manager.py
@@ -35,6 +35,6 @@ class plugin_manager:
            logging.warning(slogm(str(exc)))

    def run(self):
-        self.plugins.get('adp', plugin('adp')).run()
+        #self.plugins.get('adp', plugin('adp')).run()
        self.plugins.get('roles', plugin('roles')).run()

--- a/gpoa/storage/dconf_registry.py
+++ b/gpoa/storage/dconf_registry.py
@@ -18,9 +18,22 @@

 import subprocess
 from pathlib import Path
-from util.util import string_to_literal_eval, touch_file, get_uid_by_username
+from util.util import (string_to_literal_eval,
+                       try_dict_to_literal_eval,
+                       touch_file, get_uid_by_username,
+                       add_prefix_to_keys,
+                       remove_keys_with_prefix,
+                       clean_data)
+from util.paths import get_dconf_config_path
 from util.logging import log
 import re
+from collections import OrderedDict
+import itertools
+from gpt.dynamic_attributes import RegistryKeyMetadata
+import gi
+gi.require_version("Gvdb", "1.0")
+gi.require_version("GLib", "2.0")
+from gi.repository import Gvdb, GLib


 class PregDconf():
@@ -49,19 +62,27 @@ class Dconf_registry():
    '''
    A class variable that represents a global registry dictionary shared among instances of the class
    '''
-    _ReadQueue = 'Software/BaseALT/Policies/ReadQueue'
-    global_registry_dict = dict({_ReadQueue:{}})
+    _GpoPriority = 'Software/BaseALT/Policies/GpoPriority'
+    _gpo_name = set()
+    global_registry_dict = dict({_GpoPriority:{}})
+    previous_global_registry_dict = dict()
    __template_file = '/usr/share/dconf/user_mandatory.template'
    _policies_path = 'Software/'
    _policies_win_path = 'SOFTWARE/'
    _gpt_read_flag = False
+    _force = False
    __dconf_dict_flag = False
    __dconf_dict = dict()
+    _dconf_db = dict()
+    _dict_gpo_name_version_cache = dict()
    _username = None
+    _uid = None
    _envprofile = None
+    _path_bin_system = "/etc/dconf/db/policy"

    list_keys = list()
    _info = dict()
+    _counter_gpt = itertools.count(0)

    shortcuts = list()
    folders = list()
@@ -75,7 +96,18 @@ class Dconf_registry():
    scripts = list()
    networkshares = list()

-
+    _true_strings = {
+        "True",
+        "true",
+        "TRUE",
+        "yes",
+        "Yes",
+        "enabled",
+        "enable",
+        "Enabled",
+        "Enable",
+        '1'
+    }

    @classmethod
    def set_info(cls, key , data):
@@ -86,6 +118,9 @@ class Dconf_registry():
    def get_info(cls, key):
        return cls._info.setdefault(key, None)

+    @staticmethod
+    def get_next_number():
+        return next(Dconf_registry._counter_gpt)

    @staticmethod
    def get_matching_keys(path):
@@ -140,10 +175,12 @@ class Dconf_registry():
        return None

    @staticmethod
-    def dconf_update():
+    def dconf_update(uid=None):
        logdata = dict()
+        path_dconf_config = get_dconf_config_path(uid)
+        db_file = path_dconf_config[:-3]
        try:
-            process = subprocess.Popen(['dconf', 'update'],
+            process = subprocess.Popen(['dconf', 'compile', db_file, path_dconf_config],
                                        stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
            output, error = process.communicate()

@@ -164,6 +201,12 @@ class Dconf_registry():
        else:
            return None

+    @classmethod
+    def update_dict_to_previous(cls):
+        dict_clean_previous = remove_keys_with_prefix(cls._dconf_db)
+        dict_with_previous = add_prefix_to_keys(dict_clean_previous)
+        cls.global_registry_dict.update(dict_with_previous)
+
    @classmethod
    def apply_template(cls, uid):
        logdata = dict()
@@ -175,13 +218,15 @@ class Dconf_registry():

        elif uid:
            content = f"user-db:user\n" \
+              f"system-db:distr\n" \
              f"system-db:policy\n" \
              f"system-db:policy{uid}\n" \
              f"system-db:local\n" \
              f"system-db:default\n" \
              f"system-db:local\n" \
              f"system-db:policy{uid}\n" \
-              f"system-db:policy\n"
+              f"system-db:policy\n" \
+              f"system-db:distr\n"
        else:
            logdata['uid'] = uid
            log('W24', logdata)
@@ -206,20 +251,62 @@ class Dconf_registry():
            dconf_dict = self.get_key_values(self.get_matching_keys(startswith))
            for key, value in dconf_dict.items():
                keys_tmp = key.split('/')
-                update_dict(output_dict.setdefault('/'.join(keys_tmp[:-1])[1:], {}), {keys_tmp[-1]: value})
+                update_dict(output_dict.setdefault('/'.join(keys_tmp[:-1])[1:], {}), {keys_tmp[-1]: str(value)})

        log('D207')
        return output_dict


    @classmethod
-    def filter_entries(cls, startswith):
+    def get_dictionary_from_dconf_file_db(self, uid=None, path_bin=None, save_dconf_db=False):
+        logdata = dict()
+        error_skip = None
+        if path_bin:
+            error_skip = True
+        elif not uid:
+            path_bin = self._path_bin_system
+        else:
+            path_bin = self._path_bin_system + str(uid)
+        output_dict = {}
+        try:
+            if (GLib.file_get_contents(path_bin)[0]):
+                bytes1 = GLib.Bytes.new(GLib.file_get_contents(path_bin)[1])
+                table = Gvdb.Table.new_from_bytes(bytes1, True)
+
+                name_list = Gvdb.Table.get_names(table)
+                for name in name_list:
+                    value = Gvdb.Table.get_value(table, name)
+                    if value is None:
+                        continue
+                    list_path = name.split('/')
+                    if value.is_of_type(GLib.VariantType('s')):
+                        part = output_dict.setdefault('/'.join(list_path[1:-1]), {})
+                        part[list_path[-1]] = value.get_string()
+                    elif value.is_of_type(GLib.VariantType('i')):
+                        part = output_dict.setdefault('/'.join(list_path[1:-1]), {})
+                        part[list_path[-1]] = value.get_int32()
+        except Exception as exc:
+            logdata['exc'] = exc
+            logdata['path_bin'] = path_bin
+            if not error_skip:
+                log('E73', logdata)
+            else:
+                log('D217', logdata)
+        if save_dconf_db:
+            Dconf_registry._dconf_db = output_dict
+        return output_dict
+
+
+    @classmethod
+    def filter_entries(cls, startswith, registry_dict = None):
+        if not registry_dict:
+            registry_dict = cls.global_registry_dict
        if startswith[-1] == '%':
            startswith = startswith[:-1]
            if startswith[-1] == '/' or startswith[-1] == '\\':
                startswith = startswith[:-1]
-            return filter_dict_keys(startswith, flatten_dictionary(cls.global_registry_dict))
-        return filter_dict_keys(startswith, flatten_dictionary(cls.global_registry_dict))
+            return filter_dict_keys(startswith, flatten_dictionary(registry_dict))
+        return filter_dict_keys(startswith, flatten_dictionary(registry_dict))


    @classmethod
@@ -234,7 +321,7 @@ class Dconf_registry():
            elif isinstance(value, list):
                for data in value:
                    list_entiers.append(PregDconf(
-                        keyname, convert_string_dconf(data), find_preg_type(data), data))
+                        keyname, data, find_preg_type(data), data))
            else:
                list_entiers.append(PregDconf(
                        '/'.join(keyname.split('/')[:-1]), convert_string_dconf(keyname.split('/')[-1]), find_preg_type(value), value))
@@ -270,7 +357,7 @@ class Dconf_registry():


    @classmethod
-    def get_entry(cls, path, dictionary = None):
+    def get_entry(cls, path, dictionary = None, preg = True):
        logdata = dict()
        result = Dconf_registry.get_storage(dictionary)

@@ -280,12 +367,23 @@ class Dconf_registry():
        if isinstance(result, dict) and key in result.keys():
            data = result.get(key).get(keys[-1])
            return PregDconf(
-                key, convert_string_dconf(keys[-1]), find_preg_type(data), data)
+                key, convert_string_dconf(keys[-1]), find_preg_type(data), data) if preg else data
        else:
            logdata['path'] = path
            log('D208', logdata)
            return None

+    @classmethod
+    def check_enable_key(cls ,key):
+        data = cls.get_entry(key, preg = False)
+        if data:
+            if isinstance(data, str):
+                return True if data in cls._true_strings else False
+            elif isinstance(data, int):
+                return bool(data)
+            else:
+                return False
+        return False

    @classmethod
    def get_hkcu_entry(cls, sid, hive_key, dictionary = None):
@@ -300,46 +398,55 @@ class Dconf_registry():

    @classmethod
    def add_shortcut(cls, sid, sc_obj, policy_name):
+        sc_obj.policy_name = policy_name
        cls.shortcuts.append(sc_obj)


    @classmethod
    def add_printer(cls, sid, pobj, policy_name):
+        pobj.policy_name = policy_name
        cls.printers.append(pobj)


    @classmethod
    def add_drive(cls, sid, dobj, policy_name):
+        dobj.policy_name = policy_name
        cls.drives.append(dobj)


    @classmethod
    def add_folder(cls, sid, fobj, policy_name):
+        fobj.policy_name = policy_name
        cls.folders.append(fobj)


    @classmethod
    def add_envvar(self, sid, evobj, policy_name):
+        evobj.policy_name = policy_name
        self.environmentvariables.append(evobj)


    @classmethod
    def add_script(cls, sid, scrobj, policy_name):
+        scrobj.policy_name = policy_name
        cls.scripts.append(scrobj)


    @classmethod
    def add_file(cls, sid, fileobj, policy_name):
+        fileobj.policy_name = policy_name
        cls.files.append(fileobj)


    @classmethod
    def add_ini(cls, sid, iniobj, policy_name):
+        iniobj.policy_name = policy_name
        cls.inifiles.append(iniobj)


    @classmethod
    def add_networkshare(cls, sid, networkshareobj, policy_name):
+        networkshareobj.policy_name = policy_name
        cls.networkshares.append(networkshareobj)


@@ -371,13 +478,13 @@ class Dconf_registry():
    def get_scripts(cls, sid, action):
        action_scripts = list()
        for part in cls.scripts:
-            if action == 'LOGON':
+            if action == 'LOGON' and part.action == 'LOGON':
                action_scripts.append(part)
-            elif action == 'LOGOFF':
+            elif action == 'LOGOFF' and part.action == 'LOGOFF':
                action_scripts.append(part)
-            elif action == 'STARTUP':
+            elif action == 'STARTUP' and part.action == 'STARTUP':
                action_scripts.append(part)
-            elif action == 'SHUTDOWN':
+            elif action == 'SHUTDOWN' and part.action == 'SHUTDOWN':
                action_scripts.append(part)
        return action_scripts

@@ -404,7 +511,7 @@ class Dconf_registry():

    @classmethod
    def wipe_hklm(cls):
-        cls.global_registry_dict = dict({cls._ReadQueue:{}})
+        cls.global_registry_dict = dict({cls._GpoPriority:{}})


 def filter_dict_keys(starting_string, input_dict):
@@ -425,7 +532,7 @@ def find_preg_type(argument):
        return 1


-def update_dict(dict1, dict2):
+def update_dict(dict1, dict2, save_key=None):
    '''
    Updates dict1 with the key-value pairs from dict2
    '''
@@ -433,74 +540,144 @@ def update_dict(dict1, dict2):
        if key in dict1:
            # If both values are dictionaries, recursively call the update_dict function
            if isinstance(dict1[key], dict) and isinstance(value, dict):
-                update_dict(dict1[key], value)
+                save_key = key
+                update_dict(dict1[key], value, save_key)
            # If the value in dict1 is a list, extend it with unique values from value
            elif isinstance(dict1[key], list):
                dict1[key].extend(set(value) - set(dict1[key]))
            else:
                # If the value in dict1 is not a dictionary or the value in dict2 is not a dictionary,
                # replace the value in dict1 with the value from dict2
-                dict1[key] = value
+                if save_key and save_key.startswith('Source'):
+                    value.reloaded_with_policy_key = [dict1[key].policy_name]
+                    if dict1[key].reloaded_with_policy_key:
+                        value.reloaded_with_policy_key += dict1[key].reloaded_with_policy_key
+                    dict1[key] = value
+                else:
+                    dict1[key] = value
        else:
            # If the key does not exist in dict1, add the key-value pair from dict2 to dict1
            dict1[key] = value


-def add_to_dict(string, policy_name, username, version):
-    if username is None:
-        correct_path = '/'.join(string.split('/')[:-2])
-        machine= '{}/Machine'.format(Dconf_registry._ReadQueue)
+def add_to_dict(string, username, gpo_info):
+    if gpo_info:
+        counter = gpo_info.counter
+        display_name = gpo_info.display_name
+        name = gpo_info.name
+        version = gpo_info.version
+    else:
+        counter = 0
+        display_name = 'Local Policy'
+        name = None
+        version = None
+
+    if username is None or username == 'Machine':
+        machine= '{}/Machine/{}'.format(Dconf_registry._GpoPriority, counter)
        dictionary = Dconf_registry.global_registry_dict.setdefault(machine, dict())
    else:
-        correct_path = '/'.join(string.split('/')[:-2])
-        user = '{}/User'.format(Dconf_registry._ReadQueue)
+        if name in Dconf_registry._gpo_name:
+            return
+        user = '{}/User/{}'.format(Dconf_registry._GpoPriority, counter)
        dictionary = Dconf_registry.global_registry_dict.setdefault(user, dict())
+        Dconf_registry._gpo_name.add(name)

-    dictionary[len(dictionary)] = (policy_name, correct_path, version)
+    dictionary['display_name'] = display_name
+    dictionary['name'] = name
+    dictionary['version'] = str(version)
+    dictionary['correct_path'] = string

+def get_mod_previous_value(key_source, key_valuename):
+    previous_sourc = try_dict_to_literal_eval(Dconf_registry._dconf_db
+            .get(key_source, {})
+            .get(key_valuename, {}))
+    return previous_sourc.get('mod_previous_value') if previous_sourc else None

-def load_preg_dconf(pregfile, pathfile, policy_name, username, version=None):
+def get_previous_value(key_source, key_valuename):
+    previous = key_source.replace('Source', 'Previous')
+    return (Dconf_registry._dconf_db
+            .get(previous, {})
+            .get(key_valuename, None))
+
+def load_preg_dconf(pregfile, pathfile, policy_name, username, gpo_info):
    '''
    Loads the configuration from preg registry into a dictionary
    '''
+    # Prefix for storing key data
+    source_pre = "Source"
    dd = dict()
    for i in pregfile.entries:
        # Skip this entry if the valuename starts with '**del'
-        if i.valuename.startswith('**del'):
+        if i.valuename.lower().startswith('**del'):
            continue
        valuename = convert_string_dconf(i.valuename)
        data = check_data(i.data, i.type)
        if i.valuename != i.data and i.valuename:
+            key_registry_source = f"{source_pre}/{i.keyname}".replace('\\', '/')
+            key_registry = f"{i.keyname}".replace('\\', '/')
+            key_valuename = valuename.replace('\\', '/')
            if i.keyname.replace('\\', '/') in dd:
                # If the key exists in dd, update its value with the new key-value pair
-                dd[i.keyname.replace('\\', '/')].update({valuename.replace('\\', '/'):data})
+                dd[i.keyname.replace('\\', '/')].update({key_valuename:data})
+                mod_previous_value = get_mod_previous_value(key_registry_source, key_valuename)
+                previous_value = get_previous_value(key_registry, key_valuename)
+                if previous_value != data:
+                    (dd[key_registry_source]
+                     .update({key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)}))
+                else:
+                    (dd[key_registry_source]
+                     .update({key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)}))
            else:
                # If the key does not exist in dd, create a new key-value pair
-                dd[i.keyname.replace('\\', '/')] = {valuename.replace('\\', '/'):data}
+                dd[i.keyname.replace('\\', '/')] = {key_valuename:data}
+                mod_previous_value = get_mod_previous_value(key_registry_source, key_valuename)
+                previous_value = get_previous_value(key_registry, key_valuename)
+                if previous_value != data:
+                    dd[key_registry_source] = {key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)}
+                else:
+                    dd[key_registry_source] = {key_valuename:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)}

        elif not i.valuename:
            keyname_tmp = i.keyname.replace('\\', '/').split('/')
            keyname = '/'.join(keyname_tmp[:-1])
+            mod_previous_value = get_mod_previous_value(f"{source_pre}/{keyname}", keyname_tmp[-1])
+            previous_value = get_previous_value(f"{keyname}", keyname_tmp[-1])
            if keyname in dd:
                # If the key exists in dd, update its value with the new key-value pair
                dd[keyname].update({keyname_tmp[-1]:data})
+                if previous_value != data:
+                    dd[f"{source_pre}/{keyname}"].update({keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)})
+                else:
+                    dd[f"{source_pre}/{keyname}"].update({keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)})
            else:
                # If the key does not exist in dd, create a new key-value pair
                dd[keyname] = {keyname_tmp[-1]:data}
+                if previous_value != data:
+                    dd[f"{source_pre}/{keyname}"] = {keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=previous_value)}
+                else:
+                    dd[f"{source_pre}/{keyname}"] = {keyname_tmp[-1]:RegistryKeyMetadata(policy_name, i.type, mod_previous_value=mod_previous_value)}

        else:
            # If the value name is the same as the data,
            # split the keyname and add the data to the appropriate location in dd.
            all_list_key = i.keyname.split('\\')
-            dd_target = dd.setdefault('/'.join(all_list_key[:-1]),{})
-            dd_target.setdefault(all_list_key[-1], []).append(data)
+            key_d ='/'.join(all_list_key[:-1])
+            dd_target = dd.setdefault(key_d,{})
+            key_source = f"Source/{key_d}"
+            dd_target_source = dd.setdefault(key_source, {})
+            data_list = dd_target.setdefault(all_list_key[-1], []).append(data)
+            mod_previous_value = get_mod_previous_value(key_source, all_list_key[-1])
+            previous_value = get_previous_value(key_d, all_list_key[-1])
+            if previous_value != str(data_list):
+                dd_target_source[all_list_key[-1]] = RegistryKeyMetadata(policy_name, i.type, is_list=True, mod_previous_value=previous_value)
+            else:
+                dd_target_source[all_list_key[-1]] = RegistryKeyMetadata(policy_name, i.type, is_list=True, mod_previous_value=mod_previous_value)

    # Update the global registry dictionary with the contents of dd
-    add_to_dict(pathfile, policy_name, username, version)
    update_dict(Dconf_registry.global_registry_dict, dd)


-def create_dconf_ini_file(filename, data):
+def create_dconf_ini_file(filename, data, uid=None, nodomain=None):
    '''
    Create an ini-file based on a dictionary of dictionaries.
    Args:
@@ -511,7 +688,7 @@ def create_dconf_ini_file(filename, data):
    Raises:
        None
    '''
-    with open(filename, 'w') as file:
+    with open(filename, 'a' if nodomain else 'w') as file:
        for section, section_data in data.items():
            file.write(f'[{section}]\n')
            for key, value in section_data.items():
@@ -523,15 +700,56 @@ def create_dconf_ini_file(filename, data):
    logdata = dict()
    logdata['path'] = filename
    log('D209', logdata)
-    Dconf_registry.dconf_update()
+    create_dconf_file_locks(filename, data)
+    Dconf_registry.dconf_update(uid)
+
+
+def create_dconf_file_locks(filename_ini, data):
+    """
+    Creates a dconf lock file based on the provided filename and data.
+
+    :param filename_ini: Path to the ini file (str)
+    :param data: Dictionary containing configuration data
+    """
+    # Extract the path parts up to the directory of the ini file
+    tmp_lock = filename_ini.split('/')[:-1]
+
+    # Construct the path to the lock file
+    file_lock = '/'.join(tmp_lock + ['locks', tmp_lock[-1][:-1] + 'pol'])
+
+    # Create an empty lock file
+    touch_file(file_lock)
+
+    # Open the lock file for writing
+    with open(file_lock, 'w') as file:
+        # Iterate over all lock keys obtained from the data
+        for key_lock in get_keys_dconf_locks(data):
+            # Remove the "lock/" prefix from the key and split into parts
+            key = key_lock.split('/')[1:]
+            # Write the cleaned key to the lock file
+            file.write(f'{key}\n')
+
+def get_keys_dconf_locks(data):
+    """
+    Extracts keys from the provided data that start with "Locks/"
+    and have a value of 1.
+
+    :param data: Dictionary containing configuration data
+    :return: List of lock keys (str) without the "Locks/" prefix
+    """
+    result = []
+    # Flatten the nested dictionary into a single-level dictionary
+    flatten_data = flatten_dictionary(data)
+
+    # Iterate through all keys in the flattened dictionary
+    for key in flatten_data:
+        # Check if the key starts with "Locks/" and its value is 1
+        if key.startswith('Locks/') and flatten_data[key] == 1:
+            # Remove the "Locks" prefix and append to the result
+            result.append(key.removeprefix('Locks'))
+
+    return result

-def clean_data(data):
-    try:
-        cleaned_string = data.replace('\n', '').replace('\r', '')
-        cleaned_string = cleaned_string.replace('"', "'")
-        return cleaned_string
-    except:
-        return None

 def check_data(data, t_data):
    if isinstance(data, bytes):
@@ -547,7 +765,8 @@ def convert_string_dconf(input_string):
    macros = {
        '#': '%sharp%',
        ';': '%semicolon%',
-        '//': '%doubleslash%'
+        '//': '%doubleslash%',
+        '/': '%oneslash%'
    }
    output_string = input_string
    for key, value in macros.items():
@@ -589,3 +808,54 @@ def get_dconf_envprofile():

    profile = '/run/dconf/user/{}'.format(get_uid_by_username(Dconf_registry._username))
    return {'DCONF_PROFILE': profile}
+
+
+def convert_elements_to_list_dicts(elements):
+    return list(map(lambda x: dict(x), elements))
+
+def remove_duplicate_dicts_in_list(list_dict):
+    return convert_elements_to_list_dicts(list(OrderedDict((tuple(sorted(d.items())), d) for d in list_dict).values()))
+
+def add_preferences_to_global_registry_dict(username, is_machine):
+    if is_machine:
+        prefix = 'Software/BaseALT/Policies/Preferences/Machine'
+    else:
+        prefix = f'Software/BaseALT/Policies/Preferences/{username}'
+
+    preferences_global = [('Shortcuts',remove_duplicate_dicts_in_list(Dconf_registry.shortcuts)),
+                            ('Folders',remove_duplicate_dicts_in_list(Dconf_registry.folders)),
+                            ('Files',remove_duplicate_dicts_in_list(Dconf_registry.files)),
+                            ('Drives',remove_duplicate_dicts_in_list(Dconf_registry.drives)),
+                            ('Scheduledtasks',remove_duplicate_dicts_in_list(Dconf_registry.scheduledtasks)),
+                            ('Environmentvariables',remove_duplicate_dicts_in_list(Dconf_registry.environmentvariables)),
+                            ('Inifiles',remove_duplicate_dicts_in_list(Dconf_registry.inifiles)),
+                            ('Services',remove_duplicate_dicts_in_list(Dconf_registry.services)),
+                            ('Printers',remove_duplicate_dicts_in_list(Dconf_registry.printers)),
+                            ('Scripts',remove_duplicate_dicts_in_list(Dconf_registry.scripts)),
+                            ('Networkshares',remove_duplicate_dicts_in_list(Dconf_registry.networkshares))]
+
+    preferences_global_dict = dict()
+    preferences_global_dict[prefix] = dict()
+
+    for key, val in preferences_global:
+        preferences_global_dict[prefix].update({key:clean_data(str(val))})
+
+    update_dict(Dconf_registry.global_registry_dict, preferences_global_dict)
+
+def extract_display_name_version(data, username):
+    policy_force = data.get('Software/BaseALT/Policies/GPUpdate', {}).get('Force', False)
+    if Dconf_registry._force or policy_force:
+        logdata = dict({'username': username})
+        log('W26', logdata)
+        return {}
+    result = {}
+    tmp = {}
+    if isinstance(data, dict):
+        for key in data.keys():
+            if key.startswith(Dconf_registry._GpoPriority+'/'):
+                tmp[key] = data[key]
+        for value in tmp.values():
+            if isinstance(value, dict) and value.get('version', 'None')!='None' and value.get('display_name'):
+                result[value['display_name']] = {'version': value['version'], 'correct_path': value['correct_path']}
+    Dconf_registry._dict_gpo_name_version_cache = result
+    return result
--- a/gpoa/storage/fs_file_cache.py
+++ b/gpoa/storage/fs_file_cache.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2021 BaseALT Ltd. <org@basealt.ru>
+# Copyright (C) 2021-2024 BaseALT Ltd. <org@basealt.ru>
 # Copyright (C) 2021 Igor Chudov <nir@nir.org.ru>
 #
 # This program is free software: you can redistribute it and/or modify
@@ -27,14 +27,15 @@ import smbc
 from util.logging import log
 from util.paths import file_cache_dir, file_cache_path_home, UNCPath
 from util.exceptions import NotUNCPathError
-
+from util.util import get_machine_name

 class fs_file_cache:
    __read_blocksize = 4096

    def __init__(self, cache_name, username = None):
        self.cache_name = cache_name
-        if username:
+        self.username = username
+        if username and username != get_machine_name():
            try:
                self.storage_uri = file_cache_path_home(username)
            except:
@@ -85,7 +86,9 @@ class fs_file_cache:
            df.close()
            os.rename(tmpfile, destfile)
            os.chmod(destfile, 0o644)
-        except:
+        except Exception as exc:
+            logdata = dict({'exception': str(exc)})
+            log('W25', logdata)
            tmppath = Path(tmpfile)
            if tmppath.exists():
                tmppath.unlink()
@@ -106,8 +109,10 @@ class fs_file_cache:
            logdata = dict({'exception': str(exc)})
            log('E36', logdata)
            raise exc
-
-        return str(destfile)
+        if Path(destfile).exists():
+            return str(destfile)
+        else:
+            return None

    def get_ls_smbdir(self, uri):
        type_file_smb = 8
--- a/gpoa/storage/record_types.py
+++ b/gpoa/storage/record_types.py
@@ -1,309 +0,0 @@
-#
-# GPOA - GPO Applier for Linux
-#
-# Copyright (C) 2019-2020 BaseALT Ltd.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-class samba_preg(object):
-    '''
-    Object mapping representing HKLM entry (registry key without SID)
-    '''
-    def __init__(self, preg_obj, policy_name):
-        self.policy_name = policy_name
-        self.keyname = preg_obj.keyname
-        self.valuename = preg_obj.valuename
-        self.hive_key = '{}\\{}'.format(self.keyname, self.valuename)
-        self.type = preg_obj.type
-        self.data = preg_obj.data
-
-    def update_fields(self):
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['type'] = self.type
-        fields['data'] = self.data
-
-        return fields
-
-class samba_hkcu_preg(object):
-    '''
-    Object mapping representing HKCU entry (registry key with SID)
-    '''
-    def __init__(self, sid, preg_obj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.keyname = preg_obj.keyname
-        self.valuename = preg_obj.valuename
-        self.hive_key = '{}\\{}'.format(self.keyname, self.valuename)
-        self.type = preg_obj.type
-        self.data = preg_obj.data
-
-    def update_fields(self):
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['type'] = self.type
-        fields['data'] = self.data
-
-        return fields
-
-class ad_shortcut(object):
-    '''
-    Object mapping representing Windows shortcut.
-    '''
-    def __init__(self, sid, sc, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.path = sc.dest
-        self.shortcut = sc.to_json()
-
-    def update_fields(self):
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['path'] = self.path
-        fields['shortcut'] = self.shortcut
-
-        return fields
-
-class info_entry(object):
-    def __init__(self, name, value):
-        self.name = name
-        self.value = value
-
-    def update_fields(self):
-        fields = dict()
-        fields['value'] = self.value
-
-        return fields
-
-class printer_entry(object):
-    '''
-    Object mapping representing Windows printer of some type.
-    '''
-    def __init__(self, sid, pobj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.name = pobj.name
-        self.printer = pobj.to_json()
-
-    def update_fields(self):
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['name'] = self.name
-        fields['printer'] = self.printer.to_json()
-
-        return fields
-
-class drive_entry(object):
-    '''
-    Object mapping representing Samba share bound to drive letter
-    '''
-    def __init__(self, sid, dobj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.login = dobj.login
-        self.password = dobj.password
-        self.dir = dobj.dir
-        self.path = dobj.path
-        self.action = dobj.action
-        self.thisDrive = dobj.thisDrive
-        self.allDrives = dobj.allDrives
-        self.label = dobj.label
-        self.persistent = dobj.persistent
-        self.useLetter = dobj.useLetter
-
-
-    def update_fields(self):
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['login'] = self.login
-        fields['password'] = self.password
-        fields['dir'] = self.dir
-        fields['path'] = self.path
-        fields['action'] = self.action
-        fields['thisDrive'] = self.thisDrive
-        fields['allDrives'] = self.allDrives
-        fields['label'] = self.label
-        fields['persistent'] = self.persistent
-        fields['useLetter'] = self.useLetter
-
-        return fields
-
-class folder_entry(object):
-    '''
-    Object mapping representing file system directory
-    '''
-    def __init__(self, sid, fobj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.path = fobj.path
-        self.action = fobj.action.value
-        self.delete_folder = str(fobj.delete_folder)
-        self.delete_sub_folders = str(fobj.delete_sub_folders)
-        self.delete_files = str(fobj.delete_files)
-        self.hidden_folder = str(fobj.hidden_folder)
-
-    def update_fields(self):
-        '''
-        Return list of fields to update
-        '''
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['action'] = self.action
-        fields['delete_folder'] = self.delete_folder
-        fields['delete_sub_folders'] = self.delete_sub_folders
-        fields['delete_files'] = self.delete_files
-        fields['hidden_folder'] = self.hidden_folder
-
-
-        return fields
-
-class envvar_entry(object):
-    '''
-    Object mapping representing environment variables
-    '''
-    def __init__(self, sid, evobj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.name = evobj.name
-        self.value = evobj.value
-        self.action = evobj.action.value
-
-    def update_fields(self):
-        '''
-        Return list of fields to update
-        '''
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['action'] = self.action
-        fields['value'] = self.value
-
-        return fields
-
-class script_entry(object):
-    '''
-    Object mapping representing scripts.ini
-    '''
-    def __init__(self, sid, scrobj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.action = scrobj.action
-        self.number = scrobj.number
-        self.path = scrobj.path
-        self.arg = scrobj.args
-
-    def update_fields(self):
-        '''
-        Return list of fields to update
-        '''
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['action'] = self.action
-        fields['number'] = self.number
-        fields['path'] = self.path
-        fields['arg'] = self.arg
-
-        return fields
-
-class file_entry(object):
-    '''
-    Object mapping representing FILES.XML
-    '''
-    def __init__(self, sid, fileobj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.action = fileobj.action
-        self.fromPath = fileobj.fromPath
-        self.targetPath = fileobj.targetPath
-        self.readOnly = fileobj.readOnly
-        self.archive = fileobj.archive
-        self.hidden = fileobj.hidden
-        self.suppress = fileobj.suppress
-        self.executable = fileobj.executable
-
-    def update_fields(self):
-        '''
-        Return list of fields to update
-        '''
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['action'] = self.action
-        fields['fromPath'] = self.fromPath
-        fields['targetPath'] = self.targetPath
-        fields['readOnly'] = self.readOnly
-        fields['archive'] = self.archive
-        fields['hidden'] = self.hidden
-        fields['suppress'] = self.suppress
-        fields['executable'] = self.executable
-
-        return fields
-
-class ini_entry(object):
-    '''
-    Object mapping representing INIFILES.XML
-    '''
-    def __init__(self, sid, iniobj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.action = iniobj.action
-        self.path = iniobj.path
-        self.section = iniobj.section
-        self.property = iniobj.property
-        self.value = iniobj.value
-
-
-    def update_fields(self):
-        '''
-        Return list of fields to update
-        '''
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['action'] = self.action
-        fields['path'] = self.path
-        fields['section'] = self.section
-        fields['property'] = self.property
-        fields['value'] = self.value
-
-        return fields
-
-class networkshare_entry(object):
-    '''
-    Object mapping representing NETWORKSHARES.XML
-    '''
-    def __init__(self, sid, networkshareobj, policy_name):
-        self.sid = sid
-        self.policy_name = policy_name
-        self.name = networkshareobj.name
-        self.action = networkshareobj.action
-        self.path = networkshareobj.path
-        self.allRegular = networkshareobj.allRegular
-        self.comment = networkshareobj.comment
-        self.limitUsers = networkshareobj.limitUsers
-        self.abe = networkshareobj.abe
-
-
-    def update_fields(self):
-        '''
-        Return list of fields to update
-        '''
-        fields = dict()
-        fields['policy_name'] = self.policy_name
-        fields['name'] = self.name
-        fields['action'] = self.action
-        fields['path'] = self.path
-        fields['allRegular'] = self.allRegular
-        fields['comment'] = self.comment
-        fields['limitUsers'] = self.limitUsers
-        fields['abe'] = self.abe
-
-        return fields
--- a/gpoa/storage/sqlite_cache.py
+++ b/gpoa/storage/sqlite_cache.py
@@ -1,101 +0,0 @@
-#
-# GPOA - GPO Applier for Linux
-#
-# Copyright (C) 2019-2020 BaseALT Ltd.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-from .cache import cache
-
-import os
-
-from sqlalchemy import (
-    create_engine,
-    Table,
-    Column,
-    Integer,
-    String,
-)
-
-from sqlalchemy.orm import sessionmaker
-from .sqlite_registry_compat import sqlite_registry_compat
-
-from util.logging import log
-from util.paths import cache_dir
-
-def mapping_factory(mapper_suffix):
-    exec(
-        '''
-class mapped_id_{}(object):
-    def __init__(self, str_id, value):
-        self.str_id = str_id
-        self.value = str(value)
-        '''.format(mapper_suffix)
-    )
-    return eval('mapped_id_{}'.format(mapper_suffix))
-
-class sqlite_cache(cache):
-    def __init__(self, cache_name):
-        self.cache_name = cache_name
-        self.mapper_obj = mapping_factory(self.cache_name)
-        self.storage_uri = os.path.join('sqlite:///{}/{}.sqlite'.format(cache_dir(), self.cache_name))
-        logdata = dict({'cache_file': self.storage_uri})
-        log('D20', logdata)
-        self.db_cnt = create_engine(self.storage_uri, echo=False)
-        self.__compat = sqlite_registry_compat(self.db_cnt)
-        self.__metadata = self.__compat.metadata()
-        self.cache_table = Table(
-            self.cache_name,
-            self.__metadata,
-            Column('id', Integer, primary_key=True),
-            Column('str_id', String(65536), unique=True),
-            Column('value', String)
-        )
-
-        self.__metadata.create_all(self.db_cnt)
-        Session = sessionmaker(bind=self.db_cnt)
-        self.db_session = Session()
-        mapper_reg = self.__compat
-        mapper_reg.map_imperatively(self.mapper_obj, self.cache_table)
-
-    def store(self, str_id, value):
-        obj = self.mapper_obj(str_id, value)
-        self._upsert(obj)
-
-    def get(self, obj_id):
-        result = self.db_session.query(self.mapper_obj).filter(self.mapper_obj.str_id == obj_id).first()
-        return result
-
-    def get_default(self, obj_id, default_value):
-        result = self.get(obj_id)
-        if result == None:
-            logdata = dict()
-            logdata['object'] = obj_id
-            log('D43', logdata)
-            self.store(obj_id, default_value)
-            return str(default_value)
-        return result.value
-
-    def _upsert(self, obj):
-        try:
-            self.db_session.add(obj)
-            self.db_session.commit()
-        except Exception as exc:
-            self.db_session.rollback()
-            logdata = dict()
-            logdata['msg'] = str(exc)
-            log('D44', logdata)
-            self.db_session.query(self.mapper_obj).filter(self.mapper_obj.str_id == obj.str_id).update({ 'value': obj.value })
-            self.db_session.commit()
-
--- a/gpoa/storage/sqlite_registry.py
+++ b/gpoa/storage/sqlite_registry.py
@@ -1,621 +0,0 @@
-#
-# GPOA - GPO Applier for Linux
-#
-# Copyright (C) 2019-2020 BaseALT Ltd.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-import os
-
-from sqlalchemy import (
-    create_engine,
-    Table,
-    Column,
-    Integer,
-    String,
-    UniqueConstraint
-)
-
-from sqlalchemy.orm import sessionmaker
-from .sqlite_registry_compat import sqlite_registry_compat
-
-from util.logging import log
-from util.paths import cache_dir
-from .registry import registry
-from .record_types import (
-      samba_preg
-    , samba_hkcu_preg
-    , ad_shortcut
-    , info_entry
-    , printer_entry
-    , drive_entry
-    , folder_entry
-    , envvar_entry
-    , script_entry
-    , file_entry
-    , ini_entry
-    , networkshare_entry
-)
-
-class sqlite_registry(registry):
-    def __init__(self, db_name, registry_cache_dir=None):
-        self.db_name = db_name
-        cdir = registry_cache_dir
-        if cdir == None:
-            cdir = cache_dir()
-        self.db_path = os.path.join('sqlite:///{}/{}.sqlite'.format(cdir, self.db_name))
-        self.db_cnt = create_engine(self.db_path, echo=False)
-        self.__compat = sqlite_registry_compat(self.db_cnt)
-        self.__metadata = self.__compat.metadata()
-        self.__info = Table(
-            'info',
-            self.__metadata,
-            Column('id', Integer, primary_key=True),
-            Column('name', String(65536), unique=True),
-            Column('value', String(65536))
-        )
-        self.__hklm = Table(
-              'HKLM'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('hive_key', String(65536, collation='NOCASE'),
-                unique=True)
-            , Column('keyname', String(collation='NOCASE'))
-            , Column('valuename', String(collation='NOCASE'))
-            , Column('policy_name', String)
-            , Column('type', Integer)
-            , Column('data', String)
-        )
-        self.__hkcu = Table(
-              'HKCU'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('hive_key', String(65536, collation='NOCASE'))
-            , Column('keyname', String(collation='NOCASE'))
-            , Column('valuename', String(collation='NOCASE'))
-            , Column('policy_name', String)
-            , Column('type', Integer)
-            , Column('data', String)
-            , UniqueConstraint('sid', 'hive_key')
-        )
-        self.__shortcuts = Table(
-              'Shortcuts'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('path', String)
-            , Column('policy_name', String)
-            , Column('shortcut', String)
-            , UniqueConstraint('sid', 'path')
-        )
-        self.__printers = Table(
-              'Printers'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('name', String)
-            , Column('policy_name', String)
-            , Column('printer', String)
-            , UniqueConstraint('sid', 'name')
-        )
-        self.__drives = Table(
-              'Drives'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('login', String)
-            , Column('password', String)
-            , Column('dir', String)
-            , Column('policy_name', String)
-            , Column('path', String)
-            , Column('action', String)
-            , Column('thisDrive', String)
-            , Column('allDrives', String)
-            , Column('label', String)
-            , Column('persistent', String)
-            , Column('useLetter', String)
-            , UniqueConstraint('sid', 'dir')
-        )
-        self.__folders = Table(
-              'Folders'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('path', String)
-            , Column('policy_name', String)
-            , Column('action', String)
-            , Column('delete_folder', String)
-            , Column('delete_sub_folders', String)
-            , Column('delete_files', String)
-            , Column('hidden_folder', String)
-            , UniqueConstraint('sid', 'path')
-        )
-        self.__envvars = Table(
-              'Envvars'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('name', String)
-            , Column('policy_name', String)
-            , Column('action', String)
-            , Column('value', String)
-            , UniqueConstraint('sid', 'name')
-        )
-        self.__scripts = Table(
-              'Scripts'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('policy_name', String)
-            , Column('number', String)
-            , Column('action', String)
-            , Column('path', String)
-            , Column('arg', String)
-            , UniqueConstraint('sid', 'path', 'arg')
-        )
-        self.__files = Table(
-              'Files'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('policy_name', String)
-            , Column('action', String)
-            , Column('fromPath', String)
-            , Column('targetPath', String)
-            , Column('readOnly', String)
-            , Column('archive', String)
-            , Column('hidden', String)
-            , Column('suppress', String)
-            , Column('executable', String)
-            , UniqueConstraint('sid', 'policy_name', 'targetPath', 'fromPath')
-        )
-        self.__ini = Table(
-              'Ini'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('policy_name', String)
-            , Column('action', String)
-            , Column('path', String)
-            , Column('section', String)
-            , Column('property', String)
-            , Column('value', String)
-            , UniqueConstraint('sid', 'action', 'path', 'section', 'property', 'value')
-        )
-        self.__networkshare = Table(
-              'Networkshare'
-            , self.__metadata
-            , Column('id', Integer, primary_key=True)
-            , Column('sid', String)
-            , Column('policy_name', String)
-            , Column('name', String)
-            , Column('action', String)
-            , Column('path', String)
-            , Column('allRegular', String)
-            , Column('comment', String)
-            , Column('limitUsers', String)
-            , Column('abe', String)
-            , UniqueConstraint('sid', 'name', 'path')
-        )
-
-        self.__metadata.create_all(self.db_cnt)
-        Session = sessionmaker(bind=self.db_cnt)
-        self.db_session = Session()
-        mapper_reg = self.__compat
-        try:
-            mapper_reg.map_imperatively(info_entry, self.__info)
-            mapper_reg.map_imperatively(samba_preg, self.__hklm)
-            mapper_reg.map_imperatively(samba_hkcu_preg, self.__hkcu)
-            mapper_reg.map_imperatively(ad_shortcut, self.__shortcuts)
-            mapper_reg.map_imperatively(printer_entry, self.__printers)
-            mapper_reg.map_imperatively(drive_entry, self.__drives)
-            mapper_reg.map_imperatively(folder_entry, self.__folders)
-            mapper_reg.map_imperatively(envvar_entry, self.__envvars)
-            mapper_reg.map_imperatively(script_entry, self.__scripts)
-            mapper_reg.map_imperatively(file_entry, self.__files)
-            mapper_reg.map_imperatively(ini_entry, self.__ini)
-            mapper_reg.map_imperatively(networkshare_entry, self.__networkshare)
-        except:
-            pass
-            #logging.error('Error creating mapper')
-
-    def _add(self, row):
-        try:
-            self.db_session.add(row)
-            self.db_session.commit()
-        except Exception as exc:
-            self.db_session.rollback()
-            raise exc
-
-    def _info_upsert(self, row):
-        try:
-            self._add(row)
-        except:
-            (self
-                .db_session.query(info_entry)
-                .filter(info_entry.name == row.name)
-                .update(row.update_fields()))
-            self.db_session.commit()
-
-    def _hklm_upsert(self, row):
-        try:
-            self._add(row)
-        except:
-            (self
-                .db_session
-                .query(samba_preg)
-                .filter(samba_preg.hive_key == row.hive_key)
-                .update(row.update_fields()))
-            self.db_session.commit()
-
-    def _hkcu_upsert(self, row):
-        try:
-            self._add(row)
-        except Exception as exc:
-            (self
-                .db_session
-                .query(samba_hkcu_preg)
-                .filter(samba_hkcu_preg.sid == row.sid)
-                .filter(samba_hkcu_preg.hive_key == row.hive_key)
-                .update(row.update_fields()))
-            self.db_session.commit()
-
-    def _shortcut_upsert(self, row):
-        try:
-            self._add(row)
-        except:
-            (self
-                .db_session
-                .query(ad_shortcut)
-                .filter(ad_shortcut.sid == row.sid)
-                .filter(ad_shortcut.path == row.path)
-                .update(row.update_fields()))
-            self.db_session.commit()
-
-    def _printer_upsert(self, row):
-        try:
-            self._add(row)
-        except:
-            (self
-                .db_session
-                .query(printer_entry)
-                .filter(printer_entry.sid == row.sid)
-                .filter(printer_entry.name == row.name)
-                .update(row.update_fields()))
-            self.db_session.commit()
-
-    def _drive_upsert(self, row):
-        try:
-            self._add(row)
-        except:
-            (self
-                .db_session
-                .query(drive_entry)
-                .filter(drive_entry.sid == row.sid)
-                .filter(drive_entry.dir == row.dir)
-                .update(row.update_fields()))
-            self.db_session.commit()
-
-    def set_info(self, name, value):
-        ientry = info_entry(name, value)
-        logdata = dict()
-        logdata['varname'] = name
-        logdata['value'] = value
-        log('D19', logdata)
-        self._info_upsert(ientry)
-
-    def _delete_hklm_keyname(self, keyname):
-        '''
-        Delete PReg hive_key from HKEY_LOCAL_MACHINE
-        '''
-        logdata = dict({'keyname': keyname})
-        try:
-            (self
-                .db_session
-                .query(samba_preg)
-                .filter(samba_preg.keyname == keyname)
-                .delete(synchronize_session=False))
-            self.db_session.commit()
-            log('D65', logdata)
-        except Exception as exc:
-            log('D63', logdata)
-
-    def add_hklm_entry(self, preg_entry, policy_name):
-        '''
-        Write PReg entry to HKEY_LOCAL_MACHINE
-        '''
-        pentry = samba_preg(preg_entry, policy_name)
-        if not pentry.valuename.startswith('**'):
-            self._hklm_upsert(pentry)
-        else:
-            logdata = dict({'key': pentry.hive_key})
-            if pentry.valuename.lower() == '**delvals.':
-                self._delete_hklm_keyname(pentry.keyname)
-            else:
-                log('D27', logdata)
-
-    def _delete_hkcu_keyname(self, keyname, sid):
-        '''
-        Delete PReg hive_key from HKEY_CURRENT_USER
-        '''
-        logdata = dict({'sid': sid, 'keyname': keyname})
-        try:
-            (self
-                .db_session
-                .query(samba_hkcu_preg)
-                .filter(samba_hkcu_preg.sid == sid)
-                .filter(samba_hkcu_preg.keyname == keyname)
-                .delete(synchronize_session=False))
-            self.db_session.commit()
-            log('D66', logdata)
-        except:
-            log('D64', logdata)
-
-    def add_hkcu_entry(self, preg_entry, sid, policy_name):
-        '''
-        Write PReg entry to HKEY_CURRENT_USER
-        '''
-        hkcu_pentry = samba_hkcu_preg(sid, preg_entry, policy_name)
-        logdata = dict({'sid': sid, 'policy': policy_name, 'key': hkcu_pentry.hive_key})
-        if not hkcu_pentry.valuename.startswith('**'):
-            log('D26', logdata)
-            self._hkcu_upsert(hkcu_pentry)
-        else:
-            if hkcu_pentry.valuename.lower() == '**delvals.':
-                self._delete_hkcu_keyname(hkcu_pentry.keyname, sid)
-            else:
-                log('D51', logdata)
-
-    def add_shortcut(self, sid, sc_obj, policy_name):
-        '''
-        Store shortcut information in the database
-        '''
-        sc_entry = ad_shortcut(sid, sc_obj, policy_name)
-        logdata = dict()
-        logdata['link'] = sc_entry.path
-        logdata['sid'] = sid
-        log('D41', logdata)
-        self._shortcut_upsert(sc_entry)
-
-    def add_printer(self, sid, pobj, policy_name):
-        '''
-        Store printer configuration in the database
-        '''
-        prn_entry = printer_entry(sid, pobj, policy_name)
-        logdata = dict()
-        logdata['printer'] = prn_entry.name
-        logdata['sid'] = sid
-        log('D40', logdata)
-        self._printer_upsert(prn_entry)
-
-    def add_drive(self, sid, dobj, policy_name):
-        drv_entry = drive_entry(sid, dobj, policy_name)
-        logdata = dict()
-        logdata['uri'] = drv_entry.path
-        logdata['sid'] = sid
-        log('D39', logdata)
-        self._drive_upsert(drv_entry)
-
-    def add_folder(self, sid, fobj, policy_name):
-        fld_entry = folder_entry(sid, fobj, policy_name)
-        logdata = dict()
-        logdata['folder'] = fld_entry.path
-        logdata['sid'] = sid
-        log('D42', logdata)
-        try:
-            self._add(fld_entry)
-        except Exception as exc:
-            (self
-                ._filter_sid_obj(folder_entry, sid)
-                .filter(folder_entry.path == fld_entry.path)
-                .update(fld_entry.update_fields()))
-            self.db_session.commit()
-
-    def add_envvar(self, sid, evobj, policy_name):
-        ev_entry = envvar_entry(sid, evobj, policy_name)
-        logdata = dict()
-        logdata['envvar'] = ev_entry.name
-        logdata['sid'] = sid
-        log('D53', logdata)
-        try:
-            self._add(ev_entry)
-        except Exception as exc:
-            (self
-                ._filter_sid_obj(envvar_entry, sid)
-                .filter(envvar_entry.name == ev_entry.name)
-                .update(ev_entry.update_fields()))
-            self.db_session.commit()
-    def add_script(self, sid, scrobj, policy_name):
-        scr_entry = script_entry(sid, scrobj, policy_name)
-        logdata = dict()
-        logdata['script path'] = scrobj.path
-        logdata['sid'] = sid
-        log('D153', logdata)
-        try:
-            self._add(scr_entry)
-        except Exception as exc:
-            (self
-                ._filter_sid_obj(script_entry, sid)
-                .filter(script_entry.path == scr_entry.path)
-                .update(scr_entry.update_fields()))
-            self.db_session.commit()
-
-    def add_file(self, sid, fileobj, policy_name):
-        f_entry = file_entry(sid, fileobj, policy_name)
-        logdata = dict()
-        logdata['targetPath'] = f_entry.targetPath
-        logdata['fromPath'] = f_entry.fromPath
-        log('D162', logdata)
-        try:
-            self._add(f_entry)
-        except Exception as exc:
-            (self
-                ._filter_sid_obj(file_entry, sid)
-                .filter(file_entry.targetPath == f_entry.targetPath)
-                .update(f_entry.update_fields()))
-            self.db_session.commit()
-
-
-    def add_ini(self, sid, iniobj, policy_name):
-        inientry = ini_entry(sid, iniobj, policy_name)
-        logdata = dict()
-        logdata['path'] = inientry.path
-        logdata['action'] = inientry.action
-        log('D177', logdata)
-        try:
-            self._add(inientry)
-        except Exception as exc:
-            (self
-                ._filter_sid_obj(ini_entry, sid)
-                .filter(ini_entry.path == inientry.path)
-                .update(inientry.update_fields()))
-            self.db_session.commit()
-
-    def add_networkshare(self, sid, networkshareobj, policy_name):
-        networkshareentry = networkshare_entry(sid, networkshareobj, policy_name)
-        logdata = dict()
-        logdata['name'] = networkshareentry.name
-        logdata['path'] = networkshareentry.path
-        logdata['action'] = networkshareentry.action
-        log('D186', logdata)
-        try:
-            self._add(networkshareentry)
-        except Exception as exc:
-            (self
-                ._filter_sid_obj(networkshare_entry, sid)
-                .filter(networkshare_entry.path == networkshareentry.path)
-                .update(networkshareentry.update_fields()))
-            self.db_session.commit()
-
-
-    def _filter_sid_obj(self, row_object, sid):
-        res = (self
-            .db_session
-            .query(row_object)
-            .filter(row_object.sid == sid))
-        return res
-
-    def _filter_sid_list(self, row_object, sid):
-        res = (self
-            .db_session
-            .query(row_object)
-            .filter(row_object.sid == sid)
-            .order_by(row_object.id)
-            .all())
-        return res
-
-    def get_shortcuts(self, sid):
-        return self._filter_sid_list(ad_shortcut, sid)
-
-    def get_printers(self, sid):
-        return self._filter_sid_list(printer_entry, sid)
-
-    def get_drives(self, sid):
-        return self._filter_sid_list(drive_entry, sid)
-
-    def get_folders(self, sid):
-        return self._filter_sid_list(folder_entry, sid)
-
-    def get_envvars(self, sid):
-        return self._filter_sid_list(envvar_entry, sid)
-
-    def _filter_scripts_list(self, row_object, sid, action):
-        res = (self
-            .db_session
-            .query(row_object)
-            .filter(row_object.sid == sid)
-            .filter(row_object.action == action)
-            .order_by(row_object.id)
-            .all())
-        return res
-
-    def get_scripts(self, sid, action):
-        return self._filter_scripts_list(script_entry, sid, action)
-
-    def get_files(self, sid):
-        return self._filter_sid_list(file_entry, sid)
-
-    def get_networkshare(self, sid):
-        return self._filter_sid_list(networkshare_entry, sid)
-
-    def get_ini(self, sid):
-        return self._filter_sid_list(ini_entry, sid)
-
-    def get_hkcu_entry(self, sid, hive_key):
-        res = (self
-            .db_session
-            .query(samba_hkcu_preg)
-            .filter(samba_hkcu_preg.sid == sid)
-            .filter(samba_hkcu_preg.hive_key == hive_key)
-            .first())
-        # Try to get the value from machine SID as a default if no option is set.
-        if not res:
-            machine_sid = self.get_info('machine_sid')
-            res = self.db_session.query(samba_hkcu_preg).filter(samba_hkcu_preg.sid == machine_sid).filter(samba_hkcu_preg.hive_key == hive_key).first()
-        return res
-
-    def filter_hkcu_entries(self, sid, startswith):
-        res = (self
-            .db_session
-            .query(samba_hkcu_preg)
-            .filter(samba_hkcu_preg.sid == sid)
-            .filter(samba_hkcu_preg.hive_key.like(startswith)))
-        return res
-
-    def get_info(self, name):
-        res = (self
-            .db_session
-            .query(info_entry)
-            .filter(info_entry.name == name)
-            .first())
-        return res.value
-
-    def get_hklm_entry(self, hive_key):
-        res = (self
-            .db_session
-            .query(samba_preg)
-            .filter(samba_preg.hive_key == hive_key)
-            .first())
-        return res
-
-    def filter_hklm_entries(self, startswith):
-        res = (self
-            .db_session
-            .query(samba_preg)
-            .filter(samba_preg.hive_key.like(startswith)))
-        return res
-
-    def wipe_user(self, sid):
-        self._wipe_sid(samba_hkcu_preg, sid)
-        self._wipe_sid(ad_shortcut, sid)
-        self._wipe_sid(printer_entry, sid)
-        self._wipe_sid(drive_entry, sid)
-        self._wipe_sid(script_entry, sid)
-        self._wipe_sid(file_entry, sid)
-        self._wipe_sid(ini_entry, sid)
-        self._wipe_sid(networkshare_entry, sid)
-
-    def _wipe_sid(self, row_object, sid):
-        (self
-            .db_session
-            .query(row_object)
-            .filter(row_object.sid == sid)
-            .delete())
-        self.db_session.commit()
-
-    def wipe_hklm(self):
-        self.db_session.query(samba_preg).delete()
-        self.db_session.commit()
-
--- a/gpoa/storage/sqlite_registry_compat.py
+++ b/gpoa/storage/sqlite_registry_compat.py
@@ -1,45 +0,0 @@
-#
-# GPOA - GPO Applier for Linux
-#
-# Copyright (C) 2024 BaseALT Ltd.
-# Copyright (C) 2024 Evgeny SInelnikov <sin@altlinux.org>.
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-__compat__ = False
-
-from sqlalchemy import MetaData
-
-try:
-    from sqlalchemy.orm import registry
-except:
-    from sqlalchemy.orm import mapper
-    __compat__ = True
-
-class sqlite_registry_compat:
-    def __init__(self, db_cnt):
-        if not __compat__:
-            self.__registry = registry()
-            self.__metadata = MetaData()
-        else:
-            self.__metadata = MetaData(db_cnt)
-
-    def metadata(self):
-        return self.__metadata
-
-    def map_imperatively(self, obj, table):
-        if __compat__:
-            mapper(obj, table)
-        else:
-            self.__registry.map_imperatively(obj, table)
--- a/gpoa/templates/autofs_auto.j2
+++ b/gpoa/templates/autofs_auto.j2
@@ -16,5 +16,5 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
-{{ home_dir }}/{{mntTarget}}	{{ mount_file }}	-t 120  --browse
+{{ home_dir }}/{{mntTarget}}	{{ mount_file }}	-t {{timeout}}  --browse

--- a/gpoa/templates/autofs_auto_hide.j2
+++ b/gpoa/templates/autofs_auto_hide.j2
@@ -16,5 +16,5 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
-{{ home_dir }}/.{{mntTarget}}	{{ mount_file }}	-t 120
+{{ home_dir }}/.{{mntTarget}}	{{ mount_file }}	-t {{timeout}}

--- a/gpoa/templates/autofs_mountpoints.j2
+++ b/gpoa/templates/autofs_mountpoints.j2
@@ -19,9 +19,9 @@
 {%- for drv in drives %}
 {% if (drv.thisDrive != 'HIDE') %}
 {% if drv.label %}
-"{{ drv.label }}"	-fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl	:{{ drv.path }}
+"{{ drv.label }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
 {% else %}
-"{{ drv.dir }}"	-fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl	:{{ drv.path }}
+"{{ drv.dir }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
 {% endif %}
 {% endif %}
-{% endfor %}
+{% endfor %}
--- a/gpoa/templates/autofs_mountpoints_hide.j2
+++ b/gpoa/templates/autofs_mountpoints_hide.j2
@@ -19,9 +19,9 @@
 {%- for drv in drives %}
 {% if (drv.thisDrive == 'HIDE') %}
 {% if drv.label %}
-"{{ drv.label }}"	-fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl	:{{ drv.path }}
+"{{ drv.label }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
 {% else %}
-"{{ drv.dir }}"	-fstype=cifs,cruid=$USER,sec=krb5,noperm,cifsacl	:{{ drv.path }}
+"{{ drv.dir }}" -fstype=cifs,cruid=$USER,sec=krb5,noperm{% if drv.username %}{% else %},multiuser{% endif %}{% if drv.cifsacl %},cifsacl{% endif %} :{{ drv.path }}
 {% endif %}
 {% endif %}
 {% endfor %}
--- a/gpoa/util/arguments.py
+++ b/gpoa/util/arguments.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,10 +18,9 @@

 import logging
 import logging.handlers
-from enum import IntEnum
+from enum import IntEnum, Enum

-from messages import message_with_code
-from .logging import slogm
+from .logging import log


 def set_loglevel(loglevel_num=None):
@@ -70,7 +69,7 @@ def process_target(target_name=None):
        target = target_name

    logdata = dict({'target': target})
-    logging.debug(slogm(message_with_code('D10'), logdata))
+    log('D10', logdata)

    return target.upper()

@@ -84,3 +83,20 @@ class ExitCodeUpdater(IntEnum):
    FAIL_GPUPDATE_USER_NOREPLY = 3
    EXIT_SIGINT = 130

+class FileAction(Enum):
+    CREATE = 'C'
+    REPLACE = 'R'
+    UPDATE = 'U'
+    DELETE = 'D'
+
+    def __str__(self):
+        return self.value
+
+def action_letter2enum(letter):
+    if letter in ['C', 'R', 'U', 'D']:
+        if letter == 'C': return FileAction.CREATE
+        if letter == 'R': return FileAction.REPLACE
+        if letter == 'U': return FileAction.UPDATE
+        if letter == 'D': return FileAction.DELETE
+
+    return FileAction.CREATE
--- a/gpoa/util/dbus.py
+++ b/gpoa/util/dbus.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,6 +20,7 @@ import dbus

 from .logging import log
 from .users import is_root
+from storage import Dconf_registry


 class dbus_runner:
@@ -72,6 +73,7 @@ class dbus_runner:
        if self.username:
            logdata = dict({'username': self.username})
            log('D6', logdata)
+            gpupdate = 'gpupdate' if not Dconf_registry._force else 'gpupdate_force'
            if is_root():
                # oddjobd-gpupdate's ACL allows access to this method
                # only for superuser. This method is called via PAM
@@ -95,7 +97,7 @@ class dbus_runner:
                    result = self.system_bus.call_blocking(self.bus_name,
                        self._object_path,
                        self.interface_name,
-                        'gpupdate',
+                        gpupdate,
                        None,
                        [],
                        timeout=self._synchronous_timeout)
@@ -106,11 +108,12 @@ class dbus_runner:
                    raise exc
        else:
            log('D11')
+            gpupdate_computer = 'gpupdate_computer' if not Dconf_registry._force else 'gpupdate_computer_force'
            try:
                result = self.system_bus.call_blocking(self.bus_name,
                    self._object_path,
                    self.interface_name,
-                    'gpupdate_computer',
+                    gpupdate_computer,
                    None,
                    # The following positional parameter is called "args".
                    # There is no official documentation for it.
@@ -118,7 +121,6 @@ class dbus_runner:
                    timeout=self._synchronous_timeout)
                print_dbus_result(result)
            except dbus.exceptions.DBusException as exc:
-                print(exc)
                logdata = dict({'error': str(exc)})
                log('E22', logdata)
                raise exc
--- a/gpoa/util/paths.py
+++ b/gpoa/util/paths.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2021 BaseALT Ltd. <org@basealt.ru>
+# Copyright (C) 2019-2024 BaseALT Ltd. <org@basealt.ru>
 # Copyright (C) 2019-2021 Igor Chudov <nir@nir.org.ru>
 #
 # This program is free software: you can redistribute it and/or modify
@@ -93,7 +93,14 @@ def local_policy_cache():

    return lpcache

+
 def get_dconf_config_path(uid = None):
+    if uid:
+        return f'/etc/dconf/db/policy{uid}.d/'
+    else:
+        return '/etc/dconf/db/policy.d/'
+
+def get_dconf_config_file(uid = None):
    if uid:
        return f'/etc/dconf/db/policy{uid}.d/policy{uid}.ini'
    else:
@@ -116,7 +123,7 @@ class UNCPath:
    def get_uri(self):
        path = self.path
        if self.type == 'unc':
-            path = self.path.replace('\\', '/')
+            path = self.path.replace('\\\\', '/')
            path = path.replace('//', 'smb://')
        else:
            pass
--- a/gpoa/util/preg.py
+++ b/gpoa/util/preg.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,7 +18,6 @@


 from xml.etree import ElementTree
-from storage import registry_factory
 from storage.dconf_registry import load_preg_dconf

 from samba.gp_parse.gp_pol import GPPolParser
@@ -81,22 +80,15 @@ def preg_keymap(preg):
    return keymap


-def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None, policy_name='Unknown', username='Machine', version=None):
+def merge_polfile(preg, sid=None, reg_name='registry', reg_path=None, policy_name='Unknown', username='Machine', gpo_info=None):
    pregfile = load_preg(preg)
    if sid is None and username == 'Machine':
-        load_preg_dconf(pregfile, preg, policy_name, None, version)
+        load_preg_dconf(pregfile, preg, policy_name, None, gpo_info)
    else:
-        load_preg_dconf(pregfile, preg, policy_name, username, version)
+        load_preg_dconf(pregfile, preg, policy_name, username, gpo_info)
    logdata = dict({'pregfile': preg})
    log('D32', logdata)
-    #log dconf
-    return
-    storage = registry_factory(reg_name, reg_path)
-    for entry in pregfile.entries:
-        if not sid:
-            storage.add_hklm_entry(entry, policy_name)
-        else:
-            storage.add_hkcu_entry(entry, sid, policy_name)
+


 class entry:
--- a/gpoa/util/sid.py
+++ b/gpoa/util/sid.py
@@ -2,7 +2,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2020 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,7 +20,6 @@
 from enum import Enum

 import pwd
-import logging
 import subprocess
 import pysss_nss_idmap

--- a/gpoa/util/users.py
+++ b/gpoa/util/users.py
@@ -1,7 +1,7 @@
 #
 # GPOA - GPO Applier for Linux
 #
-# Copyright (C) 2019-2021 BaseALT Ltd.
+# Copyright (C) 2019-2024 BaseALT Ltd.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -19,8 +19,6 @@
 import os
 import pwd

-from .logging import log
-

 def is_root():
    '''
--- a/gpoa/util/util.py
+++ b/gpoa/util/util.py
@@ -196,3 +196,61 @@ def get_uid_by_username(username):
        return user_info.pw_uid
    except KeyError:
        return None
+
+def add_prefix_to_keys(dictionary: dict, prefix: str='Previous/') -> dict:
+    """
+    Adds a prefix to each key in the dictionary.
+    Args: Input dictionary whose keys need to be modified
+    prefix string to be added to each key. Defaults to 'Previous/'
+    Returns: New dictionary with modified keys having the specified prefix
+    """
+    result = {}
+    for key, value in dictionary.items():
+        new_key = f'{prefix}{key}'
+        if isinstance(value, dict):
+            result[new_key] = {deep_key:clean_data(val) if isinstance(val, str) else val for deep_key, val in value.items()}
+        else:
+            result[new_key] = value
+    return result
+
+
+def remove_keys_with_prefix(dictionary: dict, prefix: tuple=('Previous/', 'Source/')) -> dict:
+    """
+    Removes all keys that start with the specified prefix from the dictionary.
+    By default, removes keys starting with 'Previous/' and 'Source/' prefix.
+    """
+    return {key: value for key, value in dictionary.items() if not key.startswith(prefix)}
+
+def remove_prefix_from_keys(dictionary: dict, prefix: str) -> dict:
+    """
+    Removes the specified prefix from the keys of the dictionary.
+    If a key starts with the prefix, it is removed.
+    """
+    return {key[len(prefix):] if key.startswith(prefix) else key: value for key, value in dictionary.items()}
+
+
+def get_trans_table():
+    return str.maketrans({
+                    '\n': '',
+                    '\r': '',
+                    '"': "'",
+                    '\\': '\\\\'
+                    })
+
+def clean_data(data):
+    try:
+        cleaned_string = data.translate(get_trans_table())
+        return cleaned_string
+    except:
+        return None
+
+def check_local_user_exists(username):
+    """
+    Checks if a local user with the given username exists on a Linux system.
+    """
+    try:
+        # Try to get user information from the password database
+        pwd.getpwnam(username)
+        return True
+    except:
+        return False
--- a/gpoa/util/windows.py
+++ b/gpoa/util/windows.py
@@ -18,8 +18,8 @@


 import os
-import subprocess
-from samba import getopt as options
+from pathlib import Path
+from samba.credentials import Credentials
 from samba import NTSTATUSError

 try:
@@ -28,12 +28,13 @@ except ImportError:
    from samba.gp.gpclass import get_dc_hostname, check_refresh_gpo_list

 from samba.netcmd.common import netcmd_get_domain_infos_via_cldap
+from storage.dconf_registry import Dconf_registry, extract_display_name_version
 import samba.gpo

 from .xdg import (
      xdg_get_desktop
 )
-from .util import get_homedir
+from .util import get_homedir, get_uid_by_username
 from .exceptions import GetGPOListFail
 from .logging import log
 from .samba import smbopts
@@ -50,10 +51,13 @@ class smbcreds (smbopts):

    def __init__(self, dc_fqdn=None):
        smbopts.__init__(self, 'GPO Applier')
-        self.credopts = options.CredentialsOptions(self.parser)
-        self.creds = self.credopts.get_credentials(self.lp, fallback_machine=True)
+
+        self.creds = Credentials()
+        self.creds.guess(self.lp)
+        self.creds.set_machine_account()
+
        self.set_dc(dc_fqdn)
-        self.sDomain =  SiteDomainScanner(self.creds, self.lp, self.selected_dc)
+        self.sDomain = SiteDomainScanner(self.creds, self.lp, self.selected_dc)
        self.dc_site_servers = self.sDomain.select_site_servers()
        self.all_servers = self.sDomain.select_all_servers()
        [self.all_servers.remove(element)
@@ -109,7 +113,11 @@ class smbcreds (smbopts):
        hostname
        '''
        gpos = list()
-
+        if Dconf_registry.get_info('machine_name') == username:
+            dconf_dict = Dconf_registry.get_dictionary_from_dconf_file_db(save_dconf_db=True)
+        else:
+            dconf_dict = Dconf_registry.get_dictionary_from_dconf_file_db(get_uid_by_username(username), save_dconf_db=True)
+        dict_gpo_name_version = extract_display_name_version(dconf_dict, username)
        try:
            log('D48')
            ads = samba.gpo.ADS_STRUCT(self.selected_dc, self.lp, self.creds)
@@ -121,13 +129,19 @@ class smbcreds (smbopts):
                for gpo in gpos:
                    # These setters are taken from libgpo/pygpo.c
                    # print(gpo.ds_path) # LDAP entry
+                    if gpo.display_name in dict_gpo_name_version.keys() and dict_gpo_name_version.get(gpo.display_name, {}).get('version') == str(getattr(gpo, 'version', None)):
+                        if Path(dict_gpo_name_version.get(gpo.display_name, {}).get('correct_path')).exists():
+                            gpo.file_sys_path = ''
+                            ldata = dict({'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path_cache': True})
+                            log('I11', ldata)
+                            continue
                    ldata = dict({'gpo_name': gpo.display_name, 'gpo_uuid': gpo.name, 'file_sys_path': gpo.file_sys_path})
                    log('I2', ldata)

        except Exception as exc:
            if self.selected_dc != self.pdc_emulator_server:
                raise GetGPOListFail(exc)
-            logdata = dict({'username': username, 'dc': self.selected_dc})
+            logdata = dict({'username': username, 'dc': self.selected_dc, 'exc': exc})
            log('E17', logdata)

        return gpos
@@ -198,6 +212,7 @@ class smbcreds (smbopts):
 class SiteDomainScanner:
    def __init__(self, smbcreds, lp, dc):
        self.samdb = SamDB(url='ldap://{}'.format(dc), session_info=system_session(), credentials=smbcreds, lp=lp)
+        Dconf_registry.set_info('samdb', self.samdb)
        self.pdc_emulator = self._search_pdc_emulator()

    @staticmethod
--- a/gpupdate.spec
+++ b/gpupdate.spec
@@ -8,7 +8,10 @@
 %add_python3_req_skip gpt.gpt
 %add_python3_req_skip gpt.printers
 %add_python3_req_skip gpt.shortcuts
+%add_python3_req_skip gpt.gpo_dconf_mapping
+%add_python3_req_skip gpt.dynamic_attributes
 %add_python3_req_skip messages
+%add_python3_req_skip plugin
 %add_python3_req_skip storage
 %add_python3_req_skip storage.fs_file_cache
 %add_python3_req_skip storage.dconf_registry
@@ -33,7 +36,7 @@
 %add_python3_req_skip util.gpoa_ini_parsing

 Name: gpupdate
-Version: 0.10.3
+Version: 0.13.3
 Release: alt1

 Summary: GPT applier
@@ -49,12 +52,17 @@ BuildRequires: gettext-tools
 Requires: python3-module-rpm
 Requires: python3-module-dbus
 Requires: python3-module-configobj
-Requires: oddjob-%name >= 0.2.0
+Requires: python3-module-gssapi
+Requires: python3-module-krb5
+Requires: oddjob-%name >= 0.2.3
 Requires: libnss-role >= 0.5.0
 Requires: local-policy >= 0.4.9
 Requires: pam-config >= 1.9.0
 Requires: autofs
 Requires: dconf-profile
+Requires: packagekit
+Requires: dconf
+Requires: libgvdb-gir
 # This is needed by shortcuts_applier
 Requires: desktop-file-utils
 # This is needed for smb file cache support
@@ -191,6 +199,85 @@ fi
 %exclude %python3_sitelibdir/gpoa/test

 %changelog
+* Sat Jul 26 2025 Evgeny Sinelnikov <sin@altlinux.org> 0.13.3-alt1
+- Fixed machine account credentials initialization (closes: 55324)
+
+* Thu Apr 03 2025 Valery Sinelnikov <greh@altlinux.org> 0.13.2-alt1
+- Fixed: Check directory existence before cleanup to avoid errors(closes:53703)
+
+* Fri Mar 14 2025 Valery Sinelnikov <greh@altlinux.org> 0.13.1-alt1
+- Refined registry key handling: LAPS enablement and user presence check
+
+* Thu Mar 06 2025 Valery Sinelnikov <greh@altlinux.org> 0.13.0-alt1
+- Implemented Local Administrator Password Solution (LAPS) functionality,
+  including support for Group Policy Object (GPO) keys to
+  configure LAPS settings
+- Added support for disabling cifsacl in autofs mounts (closes:52333)
+- Implemented the ability to merge computer and user GPO shortcuts
+- Added access restrictions to network directories of other users
+- Added cleaning functionality for the autofs configuration catalog
+- Added ability to configure KDE 6 files
+
+* Tue Jan 14 2025 Valery Sinelnikov <greh@altlinux.org> 0.12.2-alt1
+- Fixed interpretation of boolean values (closes:52683)
+
+* Fri Jan 10 2025 Valery Sinelnikov <greh@altlinux.org> 0.12.1-alt1
+- Fixed checking the path for existence (closes:52597)
+
+* Tue Dec 10 2024 Valery Sinelnikov <greh@altlinux.org> 0.12.0-alt1
+- Special thanks to Andrey Belgorodtsev (andrey@net55.su)
+  for valuable pre-release testing and feedback
+- Added applier thunderbird
+- Added environment file cleaning (closes: 51016)
+- Added the ability to set the name of the directory to automount
+- Added the ability to remove the prefix from a sylink
+  to the catalog in automount
+- Added the ability to set the timeout in automount
+- Added messages using the force mode
+- Improved KDE update logic
+- Added preservation of previous keys
+
+* Fri Oct 11 2024 Valery Sinelnikov <greh@altlinux.org> 0.11.4-alt1
+- Added skip plugin (closes: 51631)
+- Fixed getting the network path (closes:51606)
+- The _appliers sequence has been changed,
+  package_applier has been moved to the end
+
+* Fri Sep 06 2024 Valery Sinelnikov <greh@altlinux.org> 0.11.3-alt1
+- Optimized string cleaning using str.translate()
+
+* Wed Sep 04 2024 Valery Sinelnikov <greh@altlinux.org> 0.11.2-alt1
+- Fixed data type handling in kde_applier
+- Removing legacy unused code
+- Added saving policy data without polfile
+- Added escaping of special characters in data (closes: 51201)
+
+* Tue Aug 27 2024 Valery Sinelnikov <greh@altlinux.org> 0.11.1-alt1
+- Fixed setting links in shortcuts (closes: 51275)
+
+* Fri Aug 09 2024 Valery Sinelnikov <greh@altlinux.org> 0.11.0-alt1
+- Added saving preferences in dconf
+- Added versioning support for gpt
+- Added the ability to force gpt download
+- Added completions for --force
+- Added new exceptions for Chromium 126
+- Added information to the man pages
+- Fixed handling of incorrect valuename
+
+* Mon Jul 08 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.6-alt1
+- Fixed firefox_applier errors
+
+* Fri Jun 28 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.5-alt1
+- Correction of missing entries with a upper case
+- Fixed string processing in date (closes: 50782)
+- Fixed getting correct data for the user for pkcon_runner
+
+* Thu Jun 27 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.4-alt1
+- Fixed the definition of the module activation check (closes: 50755)
+- Fixed sorting of scripts (closes: 50756)
+- Fixed reading key values from dconf
+- Changed the method for getting the list of packages for pkcon_runner
+
 * Wed Jun 19 2024 Valery Sinelnikov <greh@altlinux.org> 0.10.3-alt1
 - Added autocompletion for gpoa, gpupdate, gpupdate-setup
 - Added correct work with json data in keys for the Firefox browser
Author	SHA1	Message	Date
Evgeny Sinelnikov	868140cbff	Cleaned code not needed for samba backend manual machine_kinit	2025-07-26 04:14:13 +04:00
Evgeny Sinelnikov	9325c241ef	0.13.3-alt1 - Fixed machine account credentials initialization (closes: 55324)	2025-07-26 01:10:09 +04:00
Evgeny Sinelnikov	3c0c722818	Fixed machine account credentials initialization	2025-07-26 01:08:00 +04:00
Valery Sinelnikov	9424c2c8e8	0.13.2-alt1 - Fixed: Check directory existence before cleanup to avoid errors(closes:53703)	2025-04-03 10:52:48 +04:00
Valery Sinelnikov	9065352bb0	Added directory existence check before cleanup	2025-04-03 10:47:26 +04:00
Valery Sinelnikov	9034d4ba4c	0.13.1-alt1 - Refined registry key handling: LAPS enablement and user presence check	2025-03-14 17:44:20 +04:00
Valery Sinelnikov	2e6c76337b	Refined registry key handling: LAPS enablement and user presence check	2025-03-14 17:44:08 +04:00
Valery Sinelnikov	a3398e0307	0.13.0-alt1 - Implemented Local Administrator Password Solution (LAPS) functionality, including support for Group Policy Object (GPO) keys to configure LAPS settings - Added support for disabling cifsacl in autofs mounts (closes:52333) - Implemented the ability to merge computer and user GPO shortcuts - Added access restrictions to network directories of other users - Added cleaning functionality for the autofs configuration catalog - Added ability to configure KDE 6 files	2025-03-07 12:24:28 +04:00
Danila Skachedubov	c7192773fd	Added ability to configure KDE 6 files	2025-03-07 12:22:46 +04:00
Valery Sinelnikov	93bcac5f19	Added exclude desktop_file_template and desktop_file from dict(obj)	2025-03-06 15:52:26 +04:00
Valery Sinelnikov	967687497c	Implemented the ability to merge computer GPO shortcuts with user GPO shortcuts	2025-03-06 15:45:19 +04:00
Valery Sinelnikov	3797993209	Fixed unintended escaping in critical data	2025-03-05 10:29:10 +04:00
Valery Sinelnikov	04831c4dbd	Added support for disabling cifsacl	2025-03-04 14:22:16 +04:00
Valery Sinelnikov	316c0881a9	Updated templates to support disabling cifsacl in autofs mounts	2025-03-04 14:20:09 +04:00
Valentin Sokolov	22d0c87538	Added handling of spaces in package names	2025-03-04 11:35:22 +04:00
Valery Sinelnikov	2c66ad9bc1	Added restriction of access to the connected network catalogs of other users	2025-03-04 11:33:19 +04:00
Valery Sinelnikov	5fe0b6f418	Added cleaning the autofs configuration catalog and logs for it	2025-03-04 11:19:06 +04:00
Valery Sinelnikov	829825060b	Lower logging level in ncrypt_protect_secret to reduce log verbosity	2025-02-28 16:27:59 +04:00
Valery Sinelnikov	463620ff25	Added verification of target user existence and logging message for cases when user is not found	2025-02-28 15:39:29 +04:00
Valery Sinelnikov	ab632a8177	Added function to check if a local user exist	2025-02-28 15:22:10 +04:00
Valery Sinelnikov	5c47ebb6c5	Added the use of laps in frontend_manager	2025-02-28 13:59:04 +04:00
Valery Sinelnikov	6a840674ca	Replaced prints for new logs	2025-02-28 12:35:31 +04:00
Valery Sinelnikov	a6f6b021fa	Added translations to messages of new logs	2025-02-28 12:33:53 +04:00
Valery Sinelnikov	0f4066e0f0	Added identifiers and messages to logs	2025-02-28 12:32:22 +04:00
Valery Sinelnikov	030e69cb86	Refactor code with better naming and comments for clarity	2025-02-27 15:15:46 +04:00
Valery Sinelnikov	5f94fad90b	Added implementation of actions in case of used password	2025-02-27 11:46:51 +04:00
Valery Sinelnikov	156918ad3b	Added accounting of group policies	2025-02-26 13:22:12 +04:00
Valery Sinelnikov	6df5a5754f	Added usage of fixed implementations	2025-02-25 12:55:13 +04:00
Valery Sinelnikov	dda57ed179	Fixed password change and added time after changing it	2025-02-25 12:23:42 +04:00
Valery Sinelnikov	99595c85d3	Improved saving of password change time	2025-02-25 11:51:32 +04:00
Valery Sinelnikov	e25c5844a9	Improving get_last_login_hours_ago	2025-02-21 12:55:36 +04:00
Valery Sinelnikov	8e1a76552f	Inaccuracies have been corrected	2025-02-14 14:08:28 +04:00
Valery Sinelnikov	1f6776912d	Added password change logic	2025-02-13 17:04:21 +04:00
Valery Sinelnikov	3e889622b1	Added implementation for generating password and searching for elapsed login time	2025-02-11 16:13:45 +04:00
Valery Sinelnikov	1c827d4533	Added part of laps implementation	2025-02-10 18:36:13 +04:00
Valery Sinelnikov	ce660afcbd	Added laps sketch	2025-02-07 18:37:18 +04:00
Valery Sinelnikov	5b1a928291	Added saving samdb to Dconf_registry	2025-02-07 17:59:19 +04:00
Valery Sinelnikov	a77a6e3c6f	Added function remove_prefix_from_keys in util	2025-02-06 14:26:36 +04:00
Valery Sinelnikov	25a784fa2e	Added new applier for laps	2025-02-04 17:09:44 +04:00
Valery Sinelnikov	6378c8c78b	Added a branch for storing locks and installing them	2025-02-04 11:47:31 +04:00
Valery Sinelnikov	9ad7440c8b	Added support for distr profile layer	2025-02-04 11:47:23 +04:00
Valery Sinelnikov	2a5642a76d	Added multiuser for machine templates	2025-02-04 11:47:17 +04:00
Danila Skachedubov	dbff83050b	Added function to call a method on dbus	2025-02-04 11:45:49 +04:00
Danila Skachedubov	ed1b2aa39e	Code refactoring and optimization	2025-02-04 11:45:43 +04:00
Valery Sinelnikov	02701136c0	0.12.2-alt1 - Fixed interpretation of boolean values (closes:52683)	2025-01-14 12:10:00 +04:00
Valery Sinelnikov	408d221c3d	Fixed interpretation of boolean values	2025-01-14 12:08:15 +04:00
Valery Sinelnikov	67a02a4623	0.12.1-alt1 - Fixed checking the path for existence (closes:52597)	2025-01-10 10:37:12 +04:00
Danila Skachedubov	7a0af6ab9b	Fixed checking the path for existence	2025-01-09 15:55:40 +04:00
Valery Sinelnikov	ce6e49443f	0.12.0-alt1 - Special thanks to Andrey Belgorodtsev (andrey@net55.su) for valuable pre-release testing and feedback - Added applier thunderbird - Added environment file cleaning (closes: 51016) - Added the ability to set the name of the directory to automount - Added the ability to remove the prefix from a sylink to the catalog in automount - Added the ability to set the timeout in automount - Added messages using the force mode - Improved KDE update logic - Added preservation of previous keys	2024-12-10 10:49:01 +04:00
Valery Sinelnikov	433d312c0f	Prevention of removing the register keys in case --nodomain	2024-12-09 18:49:01 +04:00
Valery Sinelnikov	2ec68dd95a	Added preservation of mod_previous_value in the Source registry branch	2024-12-09 14:17:02 +04:00
Valery Sinelnikov	3990f876a4	Added the mod_previous_value field in metadata policies	2024-12-09 14:13:41 +04:00
Valery Sinelnikov	1f541914cd	Added clarification to the log	2024-12-05 17:14:56 +04:00
Valery Sinelnikov	dc054008fd	The autofs restart condition has been clarified	2024-12-05 17:13:21 +04:00
Valery Sinelnikov	aa4bf9a7c8	Added prevention of unnecessary startup of the gpupdate.service	2024-12-05 17:10:42 +04:00
Valery Sinelnikov	99a6e85ccf	Fixed the preservation of previous keys	2024-12-03 14:34:49 +04:00
Valery Sinelnikov	79ef884f7d	Fixed loss of value 0 from dconfdb	2024-11-29 12:37:25 +04:00
Valery Sinelnikov	0abc5b0282	Managing version absence in gpo	2024-11-28 16:34:29 +04:00
Danila Skachedubov	dce52c4d9c	Fixed handling of not configured state for plasma update	2024-11-27 11:35:22 +04:00
Valery Sinelnikov	4d5969a5fa	Added messages using the force mode	2024-11-20 10:53:23 +04:00
Valery Sinelnikov	3263a4cfd3	The usage of the ADB plugin is commented out	2024-11-20 10:38:44 +04:00
Valery Sinelnikov	0685b9e492	Added use of data from Previous branch	2024-11-18 10:18:32 +04:00
Valery Sinelnikov	7188c70a77	The function clean_data moved	2024-11-15 18:10:48 +04:00
Valery Sinelnikov	2edc5c326c	The envvar_applier moved to admin_context_apply	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	39b92ce763	The save_dconf moved to the required stage	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	620010e1ab	Improved link removal logic	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	b87e8b218f	Removed unborrowed code	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	df0f806035	Added preservation of previous values of the registry in the register	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	7e8657939f	Added dict key prefix management functions: - add_prefix_to_keys() to prefix dictionary keys - remove_keys_with_prefix() to filter prefixed keys	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	a879d5ad52	Replaced the _true_strings list with set and added dict previous_global_registry_dict	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	c097769681	Improved correct removal of links	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	a85158ce3c	Brought cifs_applier into working condition	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	f79b283574	Added reading data from applier storage	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	b791f3d5eb	Added the ability to write and read from applier storage	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	b16460309a	Added a new log with translation	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	40cf97989e	Added the ability to get the path predefined applier storage	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	71eeb1d5a0	Added the ability to specify a specific file in get_dictionary_from_dconf_file_db	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	f45fc7092d	Fixed cifs_applie for check_enable_key.	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	e537b3846a	Added the ability to query get_entry as data	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	64581f60d2	Added the ability to remove the prefix from a symlink and set the name of the directory to mount	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	1436ee201e	Added new classmethod check_enable_dconf_key	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	0051e001a8	Added the use of keys to configure the name and timeout	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	d4eb4263fa	Added use of timeout setting	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	a99ed2db2a	Added timeout variable to autofs templates	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	8bc4375339	Removed unnecessary imports	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	f24038b288	Changed the way the log is output	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	96ec5cc690	Removing unclaimed imports	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	e88278fb47	Added environment file cleaning	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	4be89029aa	Updated dates	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	b981744d75	Cleaned up code and updated date	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	760a1d8b90	Added to use thunderbird_applier	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	cb035fd56e	Added logs for Thunderbird	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	e56293e768	Updated dates	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	0c0f7d223b	Cleaned up code	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	3c09737aa7	Added thunderbird applier	2024-11-14 13:54:36 +04:00
Valery Sinelnikov	0027b5aa96	Functions moved from class to outside	2024-11-14 13:54:36 +04:00
Danila Skachedubov	df8984dd65	Fixed frequent updating of plasmashell service	2024-11-13 15:41:22 +04:00
ValeraSin	5f8c75e27c	Merge pull request #208 from altlinux/fix_file_cache Fix wallpaper for KDE	2024-10-25 15:40:52 +04:00
ValeraSin	03b031734a	Merge pull request #207 from alxvmr/quote_fix Added handling of quotation marks in Preference values	2024-10-25 15:32:03 +04:00
Danila Skachedubov	77c0d60b7d	Fixed desktop image caching mechanism in KDE	2024-10-22 13:14:11 +04:00
Danila Skachedubov	51b744f94b	Added check for the existence of the cached file and logs about it	2024-10-11 17:17:31 +04:00
Danila Skachedubov	cdd9d84037	Added function for changing rights to caching directories	2024-10-11 17:17:28 +04:00
Valery Sinelnikov	4de1946e32	0.11.4-alt1 - Added skip plugin (closes: 51631) - Fixed getting the network path (closes:51606) - The _appliers sequence has been changed, package_applier has been moved to the end	2024-10-11 12:24:23 +04:00
Valery Sinelnikov	73759857b3	The _appliers sequence has been changed, package_applier has been moved to the end	2024-10-11 12:06:09 +04:00
Valery Sinelnikov	b3e222ae55	Fixed getting the network path	2024-10-11 12:04:38 +04:00
Maria Alexeeva	8a2c9554f7	Added handling of quotation marks in Preference values	2024-09-27 13:16:18 +04:00
Valery Sinelnikov	862b3b358b	0.11.3-alt1 - Optimized string cleaning using str.translate()	2024-09-06 15:06:06 +04:00
Valery Sinelnikov	0d2c70da35	Optimized string cleaning using str.translate() for multiple character replacements	2024-09-06 15:05:27 +04:00
Valery Sinelnikov	2953e4b0c6	0.11.2-alt1 - Fixed data type handling in kde_applier - Removing legacy unused code - Added saving policy data without polfile - Added escaping of special characters in data (closes: 51201)	2024-09-05 10:39:51 +04:00
Valery Sinelnikov	c8585ac932	Added accounting for empty policies	2024-09-05 10:37:15 +04:00
Valery Sinelnikov	981d883ed0	Added escaping of special characters in data	2024-09-04 13:04:30 +04:00
Valery Sinelnikov	3ddd9462ea	The location to add policy data has been moved	2024-09-04 10:33:43 +04:00
Valery Sinelnikov	ab79f169e8	Changed the function of adding policy data	2024-09-04 10:25:36 +04:00
Danila Skachedubov	5a3ba30910	Fixed data type handling	2024-09-02 12:13:53 +04:00
Valery Sinelnikov	d554b1fdf9	Removing Unused Code	2024-08-29 14:44:36 +04:00
Valery Sinelnikov	3960c4b094	0.11.1-alt1 - Fixed setting links in shortcuts (closes: 51275)	2024-08-27 11:54:00 +04:00
Valery Sinelnikov	5f178651f7	Fixed setting links in shortcuts	2024-08-27 11:34:45 +04:00
Valery Sinelnikov	674e1d176b	Removed unused code	2024-08-27 11:23:45 +04:00
Valery Sinelnikov	afe6ef04d4	0.11.0-alt1 - Added saving preferences in dconf - Added versioning support for gpt - Added the ability to force gpt download - Added completions for --force - Added new exceptions for Chromium 126 - Added information to the man pages - Fixed handling of incorrect valuename	2024-08-09 17:12:05 +04:00
Valery Sinelnikov	fa98fef5a3	Del print	2024-08-09 16:48:19 +04:00
Valery Sinelnikov	c6c34accff	Added --force key management via Group Policy	2024-08-09 16:02:49 +04:00
Valery Sinelnikov	dba6a58c6a	Added completions for --force	2024-08-09 12:05:14 +04:00
Valentin Sokolov	a02969c686	Added new exceptions for Chromium 126	2024-08-09 12:00:58 +04:00
Olga Kamaeva	e040bbbd69	Added information to the man pages	2024-08-09 11:59:43 +04:00
Valery Sinelnikov	1775bfa08c	Added "force" for gpupdate switch to force gpt download	2024-08-09 11:56:59 +04:00
Valery Sinelnikov	165f4bfc83	Added --force for gpoa switch to force gpt download	2024-08-09 11:56:06 +04:00
Valery Sinelnikov	316f5d1e49	Added class field _force	2024-08-09 11:52:55 +04:00
Valery Sinelnikov	150f3441fd	Added rectification to check_module_enabled	2024-08-08 15:03:15 +04:00
Valery Sinelnikov	769b520d47	Added tracking of attempts to read from the dconf database in the log	2024-08-07 11:58:57 +04:00
Valery Sinelnikov	517ed6d56b	Added number attribute to scriptsini for incorrect paths	2024-08-06 14:00:36 +04:00
Valery Sinelnikov	40635f9a01	Removed premature call to fill_cache	2024-08-05 17:22:45 +04:00
Valery Sinelnikov	2eb6e0c632	Added ignoring of policies without versions	2024-08-05 17:19:46 +04:00
Valery Sinelnikov	710b78b79f	Added conversion of key value to list	2024-07-29 17:34:41 +04:00
Valery Sinelnikov	f308539a5a	Changed the way to read package lists	2024-07-25 16:57:51 +04:00
Valery Sinelnikov	ca8cb9ce78	Storing versions and policy paths has been changed to a dictionary	2024-07-25 11:00:41 +04:00
Valery Sinelnikov	3c7d45cd52	Added reading cached gpt	2024-07-24 12:50:58 +04:00
Valery Sinelnikov	6e77d54aa3	Added checking for cached gpt	2024-07-24 12:08:51 +04:00
Valery Sinelnikov	3c72786bd8	Added now log D211	2024-07-23 17:13:51 +04:00
Valery Sinelnikov	8a36e01fbb	Added explicit conversion to uid string to form filename	2024-07-22 17:14:39 +04:00
Valery Sinelnikov	32cb959f0b	Corrected operation of _check_sysvol_present	2024-07-22 17:10:34 +04:00
Valery Sinelnikov	3fb24dbd99	Added GPO version mapping in caches and removed the file_sys_path attribute to prevent reloading	2024-07-22 11:47:41 +04:00
Valery Sinelnikov	b737c9f0aa	Added saving of policy data in a class field, which does not require downloading	2024-07-22 11:34:37 +04:00
Valery Sinelnikov	48d94ae046	Added method for reading keys and binary file	2024-07-19 15:58:26 +04:00
Valery Sinelnikov	4ed05cb481	Added check for empty value	2024-07-18 17:56:25 +04:00
Valery Sinelnikov	cddc7d70fb	Changed the way the dconf database is created	2024-07-15 10:41:49 +04:00
Valery Sinelnikov	64c305c544	Added get_dconf_config_path	2024-07-12 13:23:01 +04:00
Valery Sinelnikov	4ee10c1560	Renamed the get_dconf_config_path function to get_dconf_config_file	2024-07-12 13:20:15 +04:00
Valery Sinelnikov	5e5c5d45a6	Added saving policy_name for preferences	2024-07-11 12:05:48 +04:00
Valery Sinelnikov	56ee1334af	Added a new field for the DynamicAttributes class	2024-07-11 12:04:01 +04:00
Valery Sinelnikov	de5ef65c16	Added list mark	2024-07-09 18:44:21 +04:00
Valery Sinelnikov	453934621d	Renamed the variable	2024-07-09 15:51:13 +04:00
Valery Sinelnikov	2132c3676f	Added use of RegistryKeyMetadat	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	e9adb9b298	Added RegistryKeyMetadata class for storage in dconf	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	3e3957d693	Renamed the function for clarity	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	554147b57f	Simplifying Enum Display	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	6b632e851c	Updated to message W17	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	3e99bfcb60	Added saving data about sources in keys	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	2c48b3a6a4	Changed the gpo priority key and added the use of gpo_info	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	2e22d7abc9	Added gpo counter for saving in dconf	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	e645fa4e86	Changed base class after renaming	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	cdcac9e4db	Added use of GpoInfoDconf object to save policy data	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	d3a316c1c0	Renamed base class	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	f081ec6454	Added a class to represent gpo attributes in dconf	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	60d6996db2	Transferring the use of FileAction	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	ea52e9671b	Clean code	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	92df692559	Using FileAction from util	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	3b4f92997e	FileAction moved to util	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	98d02a4da0	Added use of add_preferences_to_global_registry_dict	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	eb951cbd5e	Added functions to convert preference objects to dconf keys	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	9ce68f2acc	Added base class inheritance	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	54239c339c	Added base class for preference	2024-07-09 14:02:42 +04:00
Valery Sinelnikov	2b108e2029	0.10.6-alt1 - Fixed firefox_applier errors	2024-07-08 16:51:46 +04:00
Valery Sinelnikov	2a21983b13	Personalized data extraction	2024-07-08 16:30:38 +04:00
Valery Sinelnikov	b6e84b3d9e	Removed Convert_string_dconf from valuename	2024-07-08 16:29:00 +04:00
Valery Sinelnikov	bb314fb553	0.10.5-alt1 - Correction of missing entries with a upper case - Fixed string processing in date (closes: 50782) - Fixed getting correct data for the user for pkcon_runner	2024-07-02 14:27:19 +04:00
Valery Sinelnikov	28718e8ad6	Update getting correct data for the user	2024-07-02 11:29:54 +04:00
Valery Sinelnikov	2857cfb899	Fixed getting correct data for the user	2024-06-28 18:46:24 +04:00
Danila Skachedubov	8717e1b9a3	Fixed string processing in date	2024-06-28 18:44:21 +04:00
Danila Skachedubov	d3c9b95331	Correction of missing entries with a upper case	2024-06-28 18:44:11 +04:00
Valery Sinelnikov	4d6a5d750c	0.10.4-alt1 - Fixed the definition of the module activation check (closes: 50755) - Fixed sorting of scripts (closes: 50756) - Fixed reading key values from dconf - Changed the method for getting the list of packages for pkcon_runner	2024-06-27 16:48:27 +04:00
Valery Sinelnikov	84e1340362	Fixed sorting of scripts Reported-by: Sergey Sysoev <sysoevsa@surgut.gazprom.ru>	2024-06-27 16:43:18 +04:00
Danila Skachedubov	5ee05df574	Fixed the definition of the module activation check Reported-by: Sergey Sysoev <sysoevsa@surgut.gazprom.ru>	2024-06-27 14:26:37 +04:00
Valery Sinelnikov	2a993f0400	Fixed reading key values from dconf	2024-06-27 12:14:59 +04:00
Valery Sinelnikov	b878b7e1b3	Changed the method for getting the list of packages for pkcon_runner	2024-06-27 12:13:08 +04:00