Using Group Policy with Enterprise Library
Group Policy provides a centralized one-to-many management capability for Windows that allows administrators to define settings that apply to a group of computers, systems, services, or applications. Group Policy relies on the Active Directory® service to manage the settings applied at run time to members of the Active Directory forest, domain, or subgroup. For more information about Group Policy, see Group Policy on MSDN.
Enterprise Library includes a manageable configuration source. This allows you to use Group Policy to manage an Enterprise Library application. You do not need to write any application code to use these features. This topic provides information about the following tasks for using Group Policy:
- Adding a Manageable Configuration Source
- Generating and Installing Group Policy Templates
- Troubleshooting Group Policy
If you want to use Group Policy with an application, you must first add a manageable configuration source. Although the procedures shown here use the configuration console, you can use the same procedures with the configuration editor that is integrated with Visual Studio. For more information about the configuration editor, see Using the Configuration Tools.
To add a manageable configuration source
- Start the Enterprise Library configuration console or the Visual Studio configuration editor.
- On the Blocks menu click Add Configuration Settings.
- In the Sources pane click the plus sign icon, point to Add Sources and click Add Manageable Configuration Source.
- Click the chevron arrow in the Configuration Sources title bar to display the properties pane.
- In the properties pane, set the Selected Source property by selecting Manageable Configuration Source from the drop-down list.
- Next, you must set the properties of the manageable configuration source. You can view these properties by clicking the Selected Source expander arrow in the Configuration Sources section, or within the section for the manageable configuration source itself.
- Enter a unique value for the Application Name property to identify your application within the Group Policy rules.
- Provide an entry for the File Path property.
- Check that Group Policy Enabled is set to True. This is the default.
- Right-click the System Configuration Source item and then click Delete System Configuration Source. This is not strictly necessary, but it tidies up the configuration.
- On the File menu, click Save or Save As to save your configuration.
|Do not use a password in a connection string or other sensitive information with Group Policy; the values can be exposed in an unencrypted format. Although the password and other information can be encrypted in the configuration file, the configuration file information is used in an unencrypted format by Group Policy and could be exposed.|
To use Group Policy to manage an Enterprise Library application, you must first generate a Group Policy template and then use Group Policy to configure the application. Although the procedures in this section use the configuration console, you can use the same procedures with the configuration editor that is integrated with Visual Studio.
To generate a Group Policy template for the application
- Ensure that you have completed all other configuration tasks for the application.
- Open the configuration console.
- In the left pane of the Enterprise Library configuration console, right-click Manageable Configuration Source, and then click Generate ADM Template.
- In the Save As box, type a name for the template, and then click Save.
|The templates generated by the configuration tools use the Windows Server® 2003 ADM format for maximum compatibility with all existing operating system versions. Windows Vista® and Windows Server 2008 use the new ADMX format for Group Policy templates. However, they will also read and use ADM format templates.|
To configure the application using Group Policy
- Ensure that you have administrative privileges to configure the application.
- Ensure that you have installed a suitable version of the Group Policy management console (GPMC), as shown in the following list:
- Windows Server 2008 includes the GPMC.
- For Windows 7, download and install the Remote Server Administration Tools for Windows 7 from the Microsoft Download Center.
- For Windows Vista SP1, download and install the Microsoft Remote Server Administration Tools for Windows Vista from the Microsoft Download Center.
- For Windows Server 2003 and Windows XP Service Pack 2, download and install the Group Policy Management Console with Service Pack 1 from the Microsoft Download Center.
- Click Start, and then click Run. In the Run dialog box, type gpmc.msc, and then click OK. This opens the Group Policy Management Console (GPMC) and shows the complete forest for your domain.
- Expand the Domains node to show the Group Policy Objects section within your domain.
- Right-click Group Policy Objects, click New, type a name for the new Group Policy object, and then click OK.
- In the left tree view, right-click your new Group Policy object entry, and then click Edit.
- Expand the Computer Configuration or User Configuration section of the Group Policy Object. Right-click Administrative Templates, and then click Add/Remove Templates.
- In the Add/Remove templates dialog box, click Add.
- Browse to the template you created in the Enterprise Library Configuration Console, select it, and then click Open. The template appears in the Add/Remove templates dialog box.
- In the Add/Remove templates dialog box, click Close.
- Expand the Administrative Templates section, and then locate the section corresponding to the template that you just added. Expand this section and each section within it. As you select a section, the settings available for that section appear in the right-side window.
- To open the Settings dialog box, double-click the setting you want to edit.
- The Settings dialog box allows you to enter an initial value if you have not already configured it, or enable or disable an existing setting.
- When you select Enabled, the controls in the central section of the dialog box allow you to specify the setting. Depending on the type of value and the way the ADM file declares the setting details, you will see a text box, a drop-down list, or another standard Windows control.
- Use the Previous Setting and Next Setting buttons to navigate through the settings without having to open each one individually from the main Group Policy window, or click OK to commit this setting and close the Settings dialog box.
This section discusses the following problems that you may encounter while using Group Policy with Enterprise Library:
Group Policy administrative tools, such as the Group Policy Editor and the Group Policy management console, do not perform custom validations, so they will allow an administrator to enter an invalid value in a string field, such as an incorrect type name.
Only policies having valid values on all settings are applied, so when an invalid value is detected, an entry is written to the event log and the entire policy is ignored. The problem is logged to the event log.
If the application is modified, some configuration elements may be replaced with new elements that have the same names, but different types. In this case, the manageable configuration source will look for the policies of the new element, but it will find policy settings for the original configuration elements, which may not match. Typically, this will result in missing values.
It is possible for different policies to conflict with one another. If this is the case, it will result in an invalid configuration after the Group Policy overrides are applied. This type of problem can easily occur, because different polices may be applied in different Group Policy Objects. In this case, the ManageableConfigurationSource instance does not detect an error. Typically, the consumer of the configuration settings logs the error.