1.3.2 Registry Extension Encoding Overview

Registry-based settings are accessible from a GPO through the Group Policy: Registry Extension Encoding. The protocol provides mechanisms both for administrative tools (or any tool that allows an administrator to view or modify the contents of a GPO) to obtain metadata about registry-based settings and for clients to obtain applicable registry-based settings.

Group Policy: Registry Extension Encoding settings can be administered using administrative templates (as specified in Policy Description Message (section 2.2.2)). An administrative template is a file associated with a GPO that combines information on the syntax of registry-based settings with human-readable descriptions of the settings as well as other information. Administrative tools use administrative templates to allow administrators to configure registry-based settings for applications on clients.

Group Policy: Registry Extension Encoding settings are specified using registry policy files (as specified in Registry Policy Message Syntax (section 2.2.1)). An administrative tool uses the information within the administrative template to write out a registry policy file and associate it with a GPO. The Group Policy: Registry Extension Encoding plug-in on each client reads registry policy files specified by applicable GPOs and applies their contents to its registry.

Only a limited subset of the syntax for registry policy files is supported by administrative templates. As a result, not all registry-based settings can be expressed using administrative templates. Such registry-based settings can be implemented using a custom user-interface that does not rely on administrative templates.

The protocol operates as follows. An administrative tool either implements a custom UI that can author registry policy files or just uses administrative templates, or both administrative templates can be stored on a server and be retrieved (using this protocol) by an administrative tool. Or, the tool can simply use administrative templates that are already on the administrator's computer.

Clients can use either or both of the following cases for this protocol because they address different issues. The Computer Policy Mode is used in scenarios where the policies need to be applied to a computer, and it is applicable for all the users logging on to the computer, whereas the User Policy Mode is used for applying policies to specific users logging on to the computer.

Computer Policy Mode

1. An administrator invokes a Group Policy Administrative tool on the administrator's computer to administer a GPO through the Group Policy Core Protocol using the Policy Administration mode, as specified in [MS-GPOL] section 1.3.2. The Administrative tool invokes a plug-in specific to Group Policy: Registry Extension Encoding so that the administrator can administer the Group Policy: Registry Extension Encoding settings. This results in the storage and retrieval of metadata inside a GPO on a Group Policy server. This metadata describes configuration settings to be applied to a generic settings database (or registry) on a client that is affected by the GPO. The administrator views the data and updates it to add a directive to run a command when the client computer starts up. If they are not already present from a prior update, the CSE GUID and tool extension GUID for Computer Policy Settings for Group Policy: Registry Extension Encoding are written to the GPO.

2. A client computer affected by that GPO is started (or is connected to the network, if this happens after the client starts), and the Group Policy Core Protocol is invoked by the client to retrieve Policy Settings from the Group Policy server. As part of the processing of the Group Policy Core Protocol, the Group Policy: Registry Extension Encoding's CSE GUID is read from this GPO, and this instructs the client to invoke a Group Policy: Registry Extension Encoding plug-in component for Policy Application.

3. In processing the Policy Application portion of the Group Policy: Registry Extension Encoding, the client parses the file of settings, and then saves the settings in the generic settings database (or registry) on the local computer.

User Policy Mode

1. This step is the same as step 1 for Computer Policy Mode except that a separate tool extension GUID for the Group Policy: Registry Extension Encoding is written to the GPO.

2. This step is the same as step 2 for Computer Policy Mode except that it occurs when a user logs on (or when the computer is connected to the network, if this happens after the user logs on).

3. In processing the Policy Application portion of Group Policy: Registry Extension Encoding, the client parses the file of settings, and then saves the settings in a user-specific portion of the generic settings database (registry) on the local computer.