RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


ASP.NET Configuration and Group Policy, Part 2: Creating and Using Group Policy-Aware Providers  : Page 3

The second installment of this three-article series discusses how to set Windows Group Policy at both the machine and domain levels to control application configuration settings from a central location.

Making Applications Group Policy Aware
To build group policy awareness into your applications, you must:

  • Create an appropriate administrative template that describes the Group Policy Object and the settings it contains.
  • Install the administrative template into Active Directory at forest/domain level, or at computer level if you only want it to apply to a specific computer.
  • Add code to your application that reads the settings from Windows registry, usually as part of the process of loading configuration information.
You will see how to achieve all these tasks in the remainder of this article.

Creating an Administrative Template for a GPO
In Windows Vista, the new .admx file type for administrative templates is—as you would expect—an XML-based format. The classic .adm administrative template format has a more arcane text format that is likely to be unfamiliar. However, it is easy to get used to, as long as you keep a syntax reference guide at hand.

Author's Note: An excellent reference to the syntax and operation of templates is "Using Administrative Template Files with Registry-Based Group Policy."

ADM Template Structure
An .adm file will usually contain three sections, as shown in the following code:

   CATEGORY !!GPConfigExample
     KEYNAME "Software\Policies\Examples\GPConfigExample"
     ... category settings for computer configuration go here ...
   ... more categories here as required ...
   CATEGORY !!GPConfigExample
     KEYNAME "Software\Policies\Examples\GPConfigExample"
     ... category settings for user configuration go here ...
   ... more categories here as required ...
   ... string values referenced from class definitions go here ...
   ... for example, the string used as the category name above:
   GPConfigExample="GP Configuration Example"
As you would expect, categories in the CLASS MACHINE section define policies for the Computer Configuration that gets stored in the HKEY_LOCAL_MACHINE registry hive, while categories in the CLASS USER section define policies for the User Configuration that gets stored in the HKEY_CURRENT_USER registry hive). However, before you use the CLASS USER section in a Web application, be sure to read the section "User Configuration Settings in ASP.NET Web Applications" at the end of this article.

Each category section defines a registry key that will hold the settings for that category, and contains one or more policies, each of which produces a single setting within that category. Notice how you can use two exclamation points (!!) to specify a string value name, and then define the string in the [strings] section. This is especially useful for values that are repeated in the template, and also makes it easier to edit the text strings.

Each policy within a category defines the set of controls (named PARTS) required to edit the setting, and the "explain" text that helps administrators understand what the policy does and how to set the values. For example, this category contains a single policy that defines two settings:

   CATEGORY !!GPConfigExample
     KEYNAME "Software\Policies\Examples\GPConfigExample"
     POLICY !!DefaultUser
       EXPLAIN !!DefaultUserExplain
       END PART
       PART !!DefaultLocationText EDITTEXT VALUENAME 
Figure 7. Generated Dialog Content: The figure shows the policy editor controls and content generated by the sample administrative template file.
END PART END POLICY END CATEGORY [strings] GPConfigExample="GP Configuration Example" DefaultUser="Default User Details" DefaultUserExplain="The default values for the user name and location to use when attempting to connect." DefaultUserNameText="User Name: " DefaultLocationText="Location: "
This policy generates an entry in the GPO named "Default User Details," which—when opened for editing—contains two text boxes with the specified captions ("User Name:" and "Location:"), as shown in Figure 7. The text from the EXPLAIN entry appears in the Explain tab of the editor dialog.

Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date