Share via

2.2 Message Syntax

  • Article

The Group Policy: Encrypting File System Extension MUST use the message syntaxes as specified in [MS-GPOL] section 2.2 and [MS-GPREG] section 2.2. EFS Group Policy options are implemented as entries in the machine-specific Registry Policy file used by the Group Policy: Registry Extension Encoding. To support a given Group Policy option, the EFS administrative plug-in MUST provide a method to write and query the corresponding entry in the machine-specific Registry Policy file of the relevant GPO.

The following EFS Group Policy options are defined:

  • EFS recovery policy

  • EFS enabled status

  • EFS additional options

  • EFS user template name

  • EFS self-signed certificate key length or algorithm identifier.

These are described in more detail in the following sections. Because all message processing is performed by the Group Policy: Core Protocol, the following sections merely specify the format of the corresponding entries in the machine-specific Registry Policy file. The intent of various settings is also described in the following sections; however, these settings are processed by the EFS in the client, and their descriptions here are only for informative purposes, not for normative purposes.