Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


ASP.NET Configuration and Group Policy, Part 3: Using the Enterprise Library Manageable Configuration Extensions  : Page 2

This last installment of a three-article series discusses how to apply centrally imposed Windows Group Policy settings using the Manageable Configuration Provider.

Adding the Manageable Configuration Source
The first step in using the Manageable Configuration Source provider is to create the application you want to manage. Each time you add or remove application blocks, providers, and other Enterprise Library features within the application configuration, you change the requirements of the administrative template that the Manageable Configuration Source uses. Therefore, you should build, test, and debug your application before adding the manageability features.

After the application is complete, follow this procedure:

  1. Open the Web.config file into one of the two configuration editors (the Configuration Console or the Visual Studio Configuration Editor). See the sidebar "Editing Enterprise Library 3.0 Configuration Files" for more information.
  2. Right-click the application node (the node immediately below the "Enterprise Library Configuration" node), select "New...," and then click Configuration Sources. Doing that adds a Configuration Sources node and a child System Configuration Source node to the configuration tree.
  3. Right-click on the new Configuration Sources node, select "New...," and then click Manageable Configuration Source.
  4. Right-click on the System Configuration Source child node added in step two, and click "Remove" to remove it from the configuration.
Figure 2. Sample Application Configuration: Here's the configuration for the Enterprise Library Manageable Configuration example open in the Visual Studio Configuration Editor.
Figure 2 shows the final configuration of the sample application, including the Configuration Sources section containing the Manageable Configuration Source. The next step is to set the properties of the Manageable Configuration Source provider.

Configuring the Manageable Configuration Source
The Manageable Configuration Source has six properties, five of which you can set using the configuration tools. At a minimum, you must set the ApplicationName and File properties. The ApplicationName property defines the name of the root registry key (within the HKEY_LOCAL_MACHINE\Software\Policies\ section) that the provider will read to find Group Policy configuration values. The default is "Application."

The File property defines the full path to the configuration file (Web.config in this example) from which the provider will read local configuration values. You can also specify the name for the provider.

Two other properties, EnableGroupPolicies and EnableWmi, specify whether the provider will read Group Policy values and/or emit details of the configuration through WMI. By default, both are set to True, though you can disable them as required. For example, you can turn off property and event generation for WMI if you do not require this feature, or disable Group Policy while you test and experiment with your application configuration.

You must also set the SelectedSource property of the parent Configuration Sources node to specify the Manageable Configuration Source you are using. You can select this from the drop-down list in the SelectedSource property of the Configuration Sources node.

If you want to encrypt this section of the configuration file, select a value in the drop-down list for the ProtectionProvider property of the Configuration Sources node. Finally, if you intend to run your application in partial trust mode, set the RequirePermission property of this node to False.

Now save your configuration file and test your application to ensure that it reads the configuration information correctly, and that there are no errors. You may find that you need to add references to other application block assemblies (or copy the assemblies to your bin folder) for blocks and features that the manageable provider uses. Visual Studio generates an exception that indicates any missing assemblies when you run the application.

Creating the Group Policy Administrative Template
With the application complete, and the Manageable Configuration Source added to the configuration, you can create the Administrative Template that defines the Group Policy Object required to administer the application through Group Policy. The configuration tools can automatically generate a suitable template, which you can edit afterwards if required.

To create the template, right-click on the Manageable Configuration Source node in the configuration editor tree, and click Generate ADM Template. Specify the file name and location in the Save As dialog. The configuration editor generates the file automatically. Afterwards, you can open it in a text editor (or Visual Studio) to view the contents.

Notice that the file contains a CLASS MACHINE section and a CLASS USER section containing the same content. For an ASP.NET Web application (as discussed in the previous article in this series), you will probably not require the CLASS USER section, and so you can remove it from the ADM file.

The configuration tool generates a full set of PARTS (controls) for each configuration setting, including drop-down lists where appropriate. However, it does not generate any EXPLAIN text other than the very brief note of the section that the settings apply to. You may wish to expand this, perhaps using a [strings] section within the file as demonstrated in the previous article. The template files (named EntLibManageable.adm) included with the sample application have not been edited, so that you can see the default content that the configuration tools generate.

To give you a feel for the kind of content in the administrative template, the following listing shows the category that defines the settings for the Caching Application Block. Notice that it uses nested categories to give a structure of multiple levels within the root key named "EntLibManageableSample:"

CLASS MACHINE CATEGORY "EntLibManageableSample" CATEGORY "Caching" CATEGORY "Cache managers" POLICY "Specify settings for cache manager 'Cache Manager'" KEYNAME "Software\Policies\EntLibManageableSample \cachingConfiguration\cacheManagers\Cache Manager" VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 PART "Expiration poll frequency (secs.)" NUMERIC VALUENAME "expirationPollFrequencyInSeconds" DEFAULT 60 MIN 0 END PART PART "Maximum elements in cache before scavenging" NUMERIC VALUENAME "maximumElementsInCacheBeforeScavenging" DEFAULT 1000 MIN 0 END PART PART "Number to remove when scavenging" NUMERIC VALUENAME "numberToRemoveWhenScavenging" DEFAULT 10 MIN 0 END PART PART "Backing store settings" TEXT END PART PART "Partition name" EDITTEXT VALUENAME "partitionName" KEYNAME "Software\Policies\EntLibManageableSample \cachingConfiguration\backingStores\Isolated Storage" MAXLEN 255 REQUIRED

Figure 3. Machine-level Settings Generated by the Sample Application Administrative Template: Notice how the nested categories in the template create a nested hierarchy of settings.
DEFAULT "ASPNET-EntLib" END PART END POLICY ... more settings for caching ... ... application block here ... END CATEGORY ; "Cache managers" END CATEGORY ; "Caching" END CATEGORY ; "EntLibManageableSample"
The policies defined in the section of the template shown above provide the controls to set the configuration of the Caching Application Block for any application that has "EntLibManageableSample" as the ApplicationName property of its Manageable Configuration Source provider. You can see that this provides a useful opportunity for managing multiple applications from one policy. However, bear in mind that you can only configure one Manageable Configuration Source provider for an application.

Figure 3 shows the Group Policy Object Editor displaying the settings for the section of the administrative template shown earlier, together with the sections for the other application blocks defined within the sample application.

Author's Note: For details of how to install administrative templates into Group Policy, and their effects as local or domain-wide policies, see the previous article in this series.

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.