Share via

3.2.1 Abstract Data Model

  • Article

This section describes a conceptual model of possible data organization that an implementation maintains to participate in this protocol. The described organization is provided to facilitate the explanation of how the protocol behaves. This document does not mandate that implementations adhere to this model as long as their external behavior is consistent with that described in this document.

This protocol uses the model outlined in section 3.2.1.1 of [MS-GPREG] to store and retrieve settings on the client. Settings defined by the administrative plug-in 3.1 are populated to a persistent generic database on the client by methods described in [MS-GPREG]. The client then queries the database using the key and value names outlined in sections 2.2.1 - 2.2.7 to retrieve the settings. Based on the data retrieved for these settings, the client modifies the internal state of EFS to conform to the specified settings.

In addition to the collection of settings described above, public elements of the User-Certificate Binding ADM (exposed by [MS-EFSR] section 3.1.1.1) are directly accessed. The following public ADM elements are configured by the clients of the Group Policy: Encrypting File System Extension:

  • RequireV3Template (exposed by [MS-EFSR] section 3.1.1.1)

  • DisallowV3Template (exposed by [MS-EFSR] section 3.1.1.1)

  • RequireSmartCard (exposed by [MS-EFSR] section 3.1.1.1)

  • TemplateName (exposed by [MS-EFSR] section 3.1.1.1)

The listed elements are exposed by the ADM of [MS-EFSR], as specified in [MS-EFSR] section 3.1.1.1.

Public elements of the EFSR Server Control (defined in [MS-EFSR] section 3.1.1.2) are also directly accessed. The following public ADM elements are configured by clients of the Group Policy: Encrypting File System Extension:

  • EfsDisabled (exposed by [MS-EFSR] section 3.1.1.2)

The listed element is exposed by the ADM of [MS-EFSR], as specified in [MS-EFSR] section 3.1.1.2.