1.8 Vendor-Extensible Fields

The Group Policy: Core Protocol allows vendors to define Group Policy extensions to the protocol. These Group Policy extensions enable vendors to store vendor-specific data in a GPO on the Group Policy server. For the Group Policy client to access that data, it needs to be able to identify a system component that can retrieve and interpret that data.

To facilitate this, the GPO Active Directory object schema has two attributes, gPCMachineExtensionNames and gPCUserExtensionNames, in which a vendor can append both a CSE GUID (as specified in [MS-DTYP] section 2.3.4.3) that identifies that GPO as having that vendor's particular extra Group Policy extension data stored inside it, and a tool extension GUID that allows the vendor to associate an administrative tool that can update the data. The vendor obtains the UUIDs of the CSE GUID and the tool extension GUID by generating them according to the standard GUID algorithm, as specified in [C706]. After they are generated, the vendor includes the GUID in these attributes, as specified in section 2.2. Vendors do not need to collaborate or obtain GUIDs from a central authority; the GUID generation algorithm ensures that no two vendors make use of the same GUID. Vendors can specify a NULL GUID for the tool extension GUID.

Each CSE GUID and tool extension GUID defined by a vendor MUST be treated as a standards assignment to the gPCMachineExtensionNames and gPCUserExtensionNames attributes that MUST be declared in the Group Policy extension documentation that is associated with the CSE GUID and tool extension GUID.