Share via

3.1.5 Processing Events and Sequencing Rules

  • Article

The EFS Group Policy administrative plug-in reads extension-specific data from the remote storage location and will then pass that information to a UI to display the current settings to an administrator.

It will also write the extension-specific configuration data to the remote storage location if the administrator makes any changes to the existing configuration.

Any additional entries in the configuration data that do not pertain to the configuration options specified in section 2.2, or that are not supported by the particular implementation, MUST be ignored by the plug-in. The plug-in MUST NOT overwrite, delete, or otherwise modify any settings that it does not support.

The EFS Group Policy administrative plug-in queries and persists these settings in the "registry.pol" registry policy file under the computer-scoped Group Policy Object path.

The EFS Group Policy administrative plug-in MUST invoke the following event to load the "registry.pol" file:

The EFS Group Policy administrative plug-in MUST invoke the following events to update the "registry.pol" file:

  1. Update Policy Settings event specified in [MS-GPREG] section 3.1.4.2

  2. Group Policy Extension Update event described in [MS-GPOL] section 3.3.4.4 with the following parameters:

    • "GPO DN" is set to the distinguished name of the Administered GPO

    • "Is User Policy" is set to FALSE

    • "CSE GUID" is set to the Group Policy: Encrypting File System CSE GUID (defined in section 1.9)

    • "TOOL GUID" is set to the Group Policy: Encrypting File System Tool extension GUID (computer policy settings) (defined in section 1.9)

  3. Group Policy Extension Update event described in [MS-GPOL] section 3.3.4.4 with the following parameters:

    • "GPO DN" is set to the distinguished name of the Administered GPO

    • "Is User Policy" is set to FALSE

    • "CSE GUID" is set to the Group Policy: Registry Extension Encoding CSE GUID (defined in [MS-GPREG] section 1.9)

    • "TOOL GUID" is set to the Group Policy: Encrypting File System Tool extension GUID (computer policy settings) (defined in section 1.9)

In all cases, the <gpo path> is set to computer-scoped Group Policy Object path, and the settings contained in the "registry.pol" file are used for the Policy Setting State. No other policy files are accessed by this plug-in. The plug-in MUST use the registry policy file format specified in [MS-GPREG] section 2.2.1 to query and update the policy entries described in section 2.2 in the "registry.pol" file.