Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The Administrative tool facilitates the creation, deletion, and modification of Group Policy settings. It also enables the Group Policy administrator to define the manner in which policy settings are to be applied, by creating the SOM configuration and GPO precedence order.
The Administrative tool uses the same set of protocols to discover the Group Policy server and the same extensions when authoring policy as the Group Policy client uses to discover the Group Policy server and apply policy settings. An overview of communication and authoring processes is provided in section 2.1.3.2.1.
The basic communication flow associated with the Administrative tool consists of the following:
The Administrative tool locates the domain controller (Group Policy server) as specified in [MS-ADOD] section 3.1.1.
The Administrative tool uses LDAP to query Active Directory on the Group Policy server for the retrieval of GPO attributes.
The core Group Policy engine on the computer that hosts the Administrative tool invokes an Administrative tool extension, via a GUID that is specified in the GPO Extension list.
The Administrative tool extension retrieves Group Policy attributes from the logical component of a GPO by using LDAP to query Active Directory on the Group Policy server, as described in section 1.1.6.
The Administrative tool extension retrieves policy settings from the file system component of the GPO by using a file access protocol to query the appropriate Group Policy file share directory locations.
The extension uses LDAP or a file access protocol to update Group Policy attributes in Active Directory on the Group Policy server and extension and template setting changes on the Group Policy file share, respectively.
The Administrative tool uses LDAP to update version information for the GPO in Active Directory and uses a file access protocol to update version information in the gpt.ini file on the Group Policy file share. This is described in detail in [MS-GPOL] section 3.3.4.1.