6 Appendix A: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include released service packs.

  • Windows 2000 operating system

  • Windows XP operating system

  • Windows Server 2003 operating system

  • Windows Vista operating system

  • Windows Server 2008 operating system

  • Windows 7 operating system

  • Windows Server 2008 R2 operating system

  • Windows 8 operating system

  • Windows Server 2012 operating system

  • Windows 8.1 operating system

  • Windows Server 2012 R2 operating system

  • Windows 10 operating system

  • Windows Server 2016 operating system

Exceptions, if any, are noted below. If a service pack or Quick Fix Engineering (QFE) number appears with the product version, behavior changed in that service pack or QFE. The new behavior also applies to subsequent service packs of the product unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms SHOULD or SHOULD NOT implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term MAY implies that the product does not follow the prescription.

<1> Section 1.6:  The Group Policy: Core Protocol is not applicable on Windows NT operating system.

<2> Section 2.2.1: When the formatDesired field is set to 1, Windows Group Policy clients only ask for one DS_NAME_RESULT_ITEMW value in the array in DS_NAME_RESULTW. If a value other than 1 is specified in formatDesired, Windows-based Group Policy servers return names according to the values that are specified in [MS-DRSR] section 4.1.4.1.3. The Group Policy clients referred to here cannot be using Windows NT.

<3> Section 2.2.2: The timeLimit option is 0 (infinite) in the following Windows versions:

  • Windows XP

  • Windows 2000

  • Windows Server 2003

<4> Section 2.2.3: The timeLimit option is 0 (infinite) in the following Windows versions:

  • Windows XP

  • Windows Server 2003

  • Windows 2000

<5> Section 2.2.3: The timeLimit option is 0 (infinite) in the following Windows versions:

  • Windows XP

  • Windows Server 2003

  • Windows 2000

<6> Section 2.2.4: The timeLimit option is 0 (infinite) in the following Windows versions:

  • Windows XP

  • Windows Server 2003

  • Windows 2000

<7> Section 2.2.5: This message is not generated by clients that run Windows 2000.

<8> Section 2.2.6: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 use normal protocol traffic via the Network Location Awareness Service Provider (NLA) [MSDN-NLA] to determine link speed. Windows 2000, Windows XP, and Windows Server 2003 use ICMP to determine the link speed between the client and the domain controller. The following algorithm is used to determine the link speed when ICMP is used.

  1. An ICMP Echo request with a packet size between 500–2,048 bytes is formed.

  2. The request is sent to the domain controller three times, and the round-trip time for each of the echo responses is computed.

  3. The packet size divided by average response time is used as the estimate of the link speed between the client and the domain controller.

<9> Section 2.2.7: In Windows, the administrative tool specifies no attributes. This causes the Group Policy server to return the entire GPO and all its attributes.

<10> Section 3.2.1.2: In Windows, the default value of User Policy Source Mode is read from the machine-specific Registry Policy file in the following location. If that value is missing, the default value of User Policy Source Mode is Normal Mode.

Key: Software\Policies\Microsoft\Windows\System

Value: UserPolicyMode

Type: REG_WORD

Size: 4

Data:

  • Normal mode: 0x0

  • Loopback merge mode: 0x1

  • Loopback replace mode: 0x2

<11> Section 3.2.1.14: In Windows, an administrator can configure the Configured Computer Base Frequency by setting the base frequency value (in minutes) in the computer-specific Registry Policy file in the following location. If a value of 0 is configured, Windows ignores it and uses 7 seconds as the base frequency value.

Key: Software\Policies\Microsoft\Windows\System

Value: GroupPolicyRefreshTimeDC (for computers that are domain controllers)

GroupPolicyRefreshTime (for computers that are not domain controllers)

Type: REG_WORD

Size: 4

Data: A number in the range 0 – 64800 (decimal).

<12> Section 3.2.1.15: In Windows, an administrator can configure Configured Computer Random Offset by setting the offset value (in minutes) in the computer-specific Registry Policy file in the following location.

Key: Software\Policies\Microsoft\Windows\System

Value: GroupPolicyRefreshTimeOffsetDC (for computers that are domain controllers)

GroupPolicyRefreshTimeOffset (for computers that are not domain controllers)

Type: REG_WORD

Size: 4

Data: A number in the range 0 – 1440 (decimal).

<13> Section 3.2.1.18: In Windows, an administrator can configure the Configured User Base Frequency by setting the base frequency value (in minutes) in the user-specific Registry Policy file in the following location. If a value of 0 is configured, Windows ignores it and uses 7 seconds as the base frequency value.

Key: Software\Policies\Microsoft\Windows\System

Value: GroupPolicyRefreshTime

Type: REG_WORD

Size: 4

Data: A number in the range 0 – 64800 (decimal).

<14> Section 3.2.1.19: In Windows, an administrator can configure the Configured User Random Offset by setting the offset value (in minutes) in the user-specific Registry Policy file in the following location.

Key: Software\Policies\Microsoft\Windows\System

Value: GroupPolicyRefreshTimeOffset

Type: REG_WORD

Size: 4

Data: A number in the range 0 – 1440 (decimal).

<15> Section 3.2.1.21: In Windows, periodic refresh of Group Policy is enabled by default. An administrator can modify the default behavior by configuring Configured Disable Periodic Refresh in the computer-specific Registry Policy file in the following location.

Key: Software\Microsoft\Windows\CurrentVersion\Policies\System

Value: DisableBkGndGroupPolicy

Type: REG_WORD

Size: 4

Data:

  • Disable periodic refresh: 0x1

  • Enable periodic refresh: 0x0

<16> Section 3.2.1.24: In Windows, the MaxNoGPOListChangesInterval value for each client-side extension is maintained in the computer-specific registry location:

Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPEExtensions\<CSE-GUID>

Value: MaxNoGPOListChangesInterval

Type: REG_WORD

Size: 4

Data: A number in the range 1 – 4294967295 (decimal).

<17> Section 3.2.5.1: Windows clients determine the FQDN of a user account by calling the GetUserNameEx method with the following parameters:

  • The decimal value 12 for NameFormat.

  • A pointer to the output buffer for lpNameBuffer.

  • The size of the output buffer.

Upon success, the method returns a string in the output buffer, which has the format "<FQDN>\<User Name>". The string is parsed to obtain the FQDN.

<18> Section 3.2.5.1: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<19> Section 3.2.5.1.1: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<20> Section 3.2.5.1.1: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<21> Section 3.2.5.1.1: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<22> Section 3.2.5.1.1: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<23> Section 3.2.5.1.1: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<24> Section 3.2.5.1.2: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<25> Section 3.2.5.1.3: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<26> Section 3.2.5.1.4: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<27> Section 3.2.5.1.5: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<28> Section 3.2.5.1.5: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<29> Section 3.2.5.1.5: Windows clients obtain a reference to the security token by using InitializeSecurityContext (ISC) [MSDN-InitializeSecurityContext] and AcceptSecurityContext (ASC) [MSDN-AcceptSecurityContext].

<30> Section 3.2.5.1.5: Windows clients obtain a reference to the security token by calling OpenThreadToken (see [MSDN-OpenThreadToken]) on the current operating thread. A token is created with security impersonation level SecurityImpersonation as described in [MS-LSAD] section 2.2.3.5, Security Impersonation Level.

<31> Section 3.2.5.1.5: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<32> Section 3.2.5.1.6: Windows clients perform access checking by calling the AccessCheckByType Win32 API (see [MSDN-AccessCheckByType].

<33> Section 3.2.5.1.7: When policy application is terminated, Windows clients log an event to a Windows Event Log.

<34> Section 3.2.5.1.10: By default, Windows clients (versions Windows 2000, Windows XP, and Windows Server 2003) do not invoke the Software Installation, as specified in [MS-GPSI], and Folder Redirection, as specified in [MS-GPFR], if the link speed is less than 500 kilobytes per second. An administrator can use Group Policy to modify the threshold speed and the set of Group Policy extensions to be skipped.

<35> Section 3.2.5.2: In Windows, the Local Group Policy Object is stored in the local file system under <Root-Windows-Directory>\System32\GroupPolicy (for example, C:\Windows\System32\GroupPolicy). Once created, the Local Group Policy Object persists until deleted.

<36> Section 3.2.7.1: In Windows, clients invoke policy application when a computer regains network connectivity to a Group Policy server after a prior policy application failure due to the lack of network connectivity to a Group Policy server.

This information is not applicable to Windows 2000, Windows XP, and Windows Server 2003.

<37> Section 3.3.5.1: Windows uses the SetNamedSecurityInfo Win32 API (see [MSDN-SetNamedSecurityInfo]).

<38> Section 3.3.5.3: Windows uses the SetNamedSecurityInfo Win32 API (see [MSDN-SetNamedSecurityInfo]).

<39> Section 4.6: Windows uses the SetNamedSecurityInfo Win32 API (see [MSDN-SetNamedSecurityInfo]).

<40> Section 4.8: Windows uses the SetNamedSecurityInfo Win32 API (see [MSDN-SetNamedSecurityInfo]).

Show: