3.2.1.1 Policy Setting State

  • Article

The Group Policy: Registry Extension Encoding client plug-in itself maintains no state. However, it is assumed that a local database of settings (registry) exists that can be updated by the client plug-in.

  • Registry:

     Database assumed to be a list of records, each with a key or a record identifier. In addition to the key, each record has a list of name/value pairs, and each value has a type. The database SHOULD support concurrent Read/Write operations and SHOULD apply Write transactions on a first-come/first-serve basis while allowing concurrent Read/Write operations. Access to name/value pairs for a deleted key SHOULD be read-only until the delete operation is completed.

The protocol models a set of actions to take on that database so that clients can respond to the resulting database. The model is as follows:

  • Database Scope:

     The Database Scope identifies what database on the client is affected by any operation. The client maintains separate databases for the client operating system itself, and it maintains one for each user account that logs on interactively to the computer. When the protocol is processed as part of Computer Policy Mode, all operations described here occur as part of the operating system's scope. For User Policy Mode, all operations described here occur as part of the scope for the user account of the Policy Target.

  • Database OperationList:

     A list of Database Operations to take on the database.

  • Database Operation:

     A Database key and a Key Operation.

  • Database Key:

     A unique identifier in the database. This key is determined by a specific application vendor. It is assumed that other components on the client will look for this key in the database to check for actions for that process.

  • Key Operation:

     An action and a Value List. The client plug-in is to take the action against that key for the values in the Value List. The operations allowed are to add values and delete values.

  • Value List:

     A list of Name Value Pairs.

  • Name Value Pair:

     A Value Name and a Policy Value.

  • Value Name:

     A name defined by some application or system component vendor and used by the application or component on the client to obtain a value that signifies the behavior it is to adopt to conform to the administrator's policy.

  • Policy Value:

     A Data Type and a Data Value.

  • Data Type:

     The commonly understood concept of data type that describes how the Data Value is to be interpreted, whether as a string, integer, multiple-valued string, or a binary stream.

  • Data Value:

     Physical data that is to be interpreted according to the Data Type specification. It is assumed that other components on the client will act on this interpretation of the Data Value to determine its behavior.