2.2.2.1 ADM-Based Policy Description Message
ADM-Based Policy Description Messages are encapsulated in Unicode files that are transmitted using remote file access. The names of these files MUST end in ".adm".
The following ABNF specifies the ADM file format.
-
AdmFile = AdmStatements AdmStrings WhiteSpaceClass = CR / LF / WSP WhiteSpace = *WhiteSpaceClass SpaceDelimiter = 1*WhiteSpaceClass Dash = %x002D LineBreak = CRLF AdmStatements = *AdmStatement AdmStatement = ( AdmClass / AdmCategory / AdmPolicy / AdmPart / AdmItemList / AdmActionList ) [AdmComment] AdmQuotedCharacter = %x0020-0021 / %x0023-007E ; space to tilde except double-quote AdmTokenCharacter = %x0021 / %x0023-003A / %x003C-007E ; Exclamation to tilde except double-quote and semi-colon AdmToken = 1*AdmTokenCharacter AdmComment = [LineBreak] TokSemi *(VCHAR / SP) LineBreak AdmClass = TokClass ( TokUser / TokMachine ) AdmCategory = TokCategory AdmString [AdmKeyName] [AdmExplain] (1*AdmCategory / 1*AdmPolicy / (1*AdmCategory 1*AdmPolicy) / (1*AdmPolicy 1*AdmCategory)) TokEnd TokCategory AdmString = ( WhiteSpace AdmToken SpaceDelimiter ) / TokQuotedString / AdmStringId AdmKey = AdmString AdmKeyName = TokKeyName AdmKey AdmExplain = TokExplain AdmString AdmSupported = TokSupported AdmString AdmPolicy = TokPolicy AdmString [AdmKeyName] [AdmExplain] [AdmValueOnOff] [AdmActionListOnOff] [AdmSupported] [AdmClientExt] [AdmParts] TokEnd TokPolicy AdmValueName = TokValueName AdmString AdmValueOn = TokValueOn ( AdmNumericValue / AdmString ) AdmValueOff = TokValueOff ( AdmNumericValue / AdmString ) AdmValueOnOff = AdmValueName [AdmValueOn] [AdmValueOff] AdmValue = AdmValueName [AdmValueData] AdmKeyValuePair = [AdmKeyName] AdmValue AdmNumericValue = TokNumeric TokDigits AdmValueData = TokValue (TokDelete / AdmString / AdmNumericValue) AdmClientExt = TokClientExt AdmGuid AdmGuid = TokLeftCurly 8HEXDIG Dash 4HEXDIG Dash 4HEXDIG Dash 4HEXDIG Dash 12HEXDIG TokRightCurly AdmParts = 1*AdmPart AdmPart = TokPart AdmString AdmUIControl TokEnd TokPart AdmActionList = TokActionList 1*AdmKeyValuePair TokEnd TokActionList AdmActionListOn = TokActionListOn 1*AdmKeyValuePair TokEnd TokActionListOn AdmActionListOff = TokActionListOff 1*AdmKeyValuePair TokEnd TokActionListOff AdmActionListOnOff = [AdmActionListOn] [AdmActionListOff] AdmItemList = TokItemList AdmItems TokEnd TokItemList AdmItems = 1*AdmItem AdmItem = TokName AdmString AdmValueData [TokDefault] [AdmActionList] AdmDefaultString = TokDefault AdmString AdmDefaultNumeric = TokDefault TokDigits AdmMin = TokMin TokDigits AdmMax = TokMax TokDigits AdmMaxLen = TokMaxlen TokDigits AdmNoSort = TokNosort AdmRequired = TokRequired AdmCheckbox = TokCheckbox AdmCheckBoxArguments AdmCombobox = TokCombobox AdmComboBoxArguments AdmDropdownlist = TokDropdownlist AdmDropdownListArguments AdmEditText = TokEditText AdmEditTextArguments AdmListbox = TokListbox AdmListBoxArguments AdmNumeric = TokNumeric AdmNumericArguments AdmOemConvert = TokOEMConvert AdmExpandableText = TokExpandableText AdmAdditive = TokAdditive AdmExplicitValue = TokExplicitValue AdmValuePrefix = TokValueprefix TokALPHA AdmSpin = TokSpin TokDigits AdmTextConvert = TokTxtConvert AdmDefChecked = TokDefchecked AdmUIControl = ( AdmCheckbox / AdmCombobox / AdmDropdownlist / AdmEditText / AdmListbox / AdmNumeric / TokText ) AdmCheckBoxArguments = <These occur in any order> [AdmKeyName] AdmValueOnOff [AdmDefChecked] [AdmActionListOn AdmActionListOff] [AdmClientExt] AdmEditTextArguments = <These occur in any order> [AdmKeyName] AdmValueName [AdmDefaultString] [AdmMaxLen] [AdmRequired] [AdmOemConvert] [AdmClientExt] [AdmExpandableText] AdmNumericArguments = <These occur in any order> [AdmKeyName] AdmValueName [AdmDefaultNumeric] [AdmMax] [AdmMin] [AdmRequired] [AdmSpin] [AdmClientExt] [AdmTextConvert] AdmComboBoxArguments = <These occur in any order> AdmEditTextArguments [AdmSuggestions] [AdmNoSort] AdmDropdownListArguments = <These occur in any order> [AdmKeyName] AdmValueName [ AdmItemList] [AdmRequired] [AdmClientExt] [AdmNoSort] AdmListBoxArguments = <These occur in any order> [AdmKeyName] [AdmAdditive] [AdmExplicitValue] [AdmValuePrefix] [AdmClientExt] [AdmNoSort] [AdmExpandableText] AdmStrings = [ TokStrings AdmStringStatements ] AdmStringStatements = 1*AdmStringStatement AdmStringStatement = WhiteSpace AdmToken TokIs TokQuotedString AdmSuggestions = TokSuggestions 1*AdmString TokEnd TokSuggestions AdmBangBang = WhiteSpace "!!" AdmStringId = AdmBangBang AdmToken SpaceDelimiter TokALPHA = WhiteSpace 1*ALPHA SpaceDelimiter TokActionList = WhiteSpace "ActionList" SpaceDelimiter TokActionListOff = WhiteSpace "ActionListOff" SpaceDelimiter TokActionListOn = WhiteSpace "ActionListOn" SpaceDelimiter TokAdditive = WhiteSpace "additive" SpaceDelimiter TokCategory = WhiteSpace "category" SpaceDelimiter TokCheckbox = WhiteSpace "checkbox" SpaceDelimiter TokClass = WhiteSpace "class" SpaceDelimiter TokClientExt = WhiteSpace "clientext" SpaceDelimiter TokCombobox = WhiteSpace "combobox" SpaceDelimiter TokDefault = WhiteSpace "default" SpaceDelimiter TokDefchecked = WhiteSpace "defchecked" SpaceDelimiter TokDelete = WhiteSpace "delete" SpaceDelimiter TokDigits = WhiteSpace 1*DIGIT SpaceDelimiter TokDropdownlist = WhiteSpace "dropdownlist" SpaceDelimiter TokEditText = WhiteSpace "EditText" SpaceDelimiter TokEnd = WhiteSpace "end" SpaceDelimiter TokExpandableText = WhiteSpace "expandabletext" SpaceDelimiter TokExplain = WhiteSpace "Explain" SpaceDelimiter TokExplicitValue = WhiteSpace "explicitvalue" SpaceDelimiter TokIs = WhiteSpace "=" WhiteSpace TokItemList = WhiteSpace "ItemList" SpaceDelimiter TokKeyName = WhiteSpace "KeyName" SpaceDelimiter TokLeftCurly = WhiteSpace "{" WhiteSpace TokListbox = WhiteSpace "listbox" SpaceDelimiter TokMachine = WhiteSpace "Machine" SpaceDelimiter TokMax = WhiteSpace "max" SpaceDelimiter TokMaxlen = WhiteSpace "maxlen" SpaceDelimiter TokMin = WhiteSpace "min" SpaceDelimiter TokNE = WhiteSpace "!=" SpaceDelimiter TokName = WhiteSpace "name" SpaceDelimiter TokNosort = WhiteSpace "nosort" SpaceDelimiter TokNumeric = WhiteSpace "numeric" SpaceDelimiter TokOEMConvert = WhiteSpace "oemconvert" SpaceDelimiter TokPart = WhiteSpace "Part" SpaceDelimiter TokQuotedString = WhiteSpace DQUOTE 1*AdmQuotedCharacter DQUOTE WhiteSpace TokPolicy = WhiteSpace "policy" SpaceDelimiter TokRequired = WhiteSpace "required" SpaceDelimiter TokRightCurly = WhiteSpace "}" SpaceDelimiter TokSemi = WhiteSpace ";" WhiteSpace TokSpin = WhiteSpace "spin" SpaceDelimiter TokStrings = WhiteSpace "[strings]" SpaceDelimiter TokSuggestions = WhiteSpace "suggestions" SpaceDelimiter TokSupported = WhiteSpace "supported" SpaceDelimiter TokText = WhiteSpace "text" SpaceDelimiter TokTxtConvert = WhiteSpace "TxtConvert" SpaceDelimiter TokUser = WhiteSpace "User" SpaceDelimiter TokValue = WhiteSpace "value" SpaceDelimiter TokValueName = WhiteSpace "ValueName" SpaceDelimiter TokValueOff = WhiteSpace "valueoff" SpaceDelimiter TokValueOn = WhiteSpace "valueon" SpaceDelimiter TokValueprefix = WhiteSpace "valueprefix" SpaceDelimiter
The file specifies both presentation information for administrative plug-in and serialization/deserialization for administrative tools.
The key directive for user interface presentation is the AdmUIControl production in the preceding ABNF; it can begin with one of the following terminal strings with the following meanings:
|
Value |
Meaning |
|---|---|
|
CheckBox |
Policy Administration plug-ins are expected to present a control that allows the user to select a single check box. |
|
EditText |
Policy Administration plug-ins are expected to present a simple string control for viewing and editing this setting. |
|
ComboBox |
Policy Administration plug-ins are expected to present a simple list control that also allows manual editing for viewing and editing this setting. |
|
DropDownList |
Policy Administration plug-ins are expected to present a control that allows the user to select a single item from a drop-down list. |
|
Numeric |
Policy Administration plug-ins are expected to present a simple numeric control for viewing and editing this setting. |
|
ListBox |
Policy Administration plug-ins are expected to present a list user interface control for viewing and editing this setting. If not modified with "additive", this MUST be serialized to the format specified in Registry Policy Message Syntax (section 2.2.1) with an instruction that is preceded by an instruction using the "***DeleteKeys" value (the quoted value string MUST be taken literally), as specified in Client Plug-In Details (section 3.2). |
|
Text |
Policy Administration plug-ins are expected to just display the characters, following this literally. There is no user input to serialize or deserialize. |
The following nonterminal symbols imply important semantics for presentation or serialization:
AdmOemConvert:
If present, indicates that the string value associated with this part MUST be converted to ASCII before serialization. ASCII refers to a single 8-bit ASCII character or an array of 8-bit ASCII characters with the high bit of each character set to zero.
AdmExpandableText:
If present, indicates that, for this associated part, the Registry Policy Message Data Type from Registry Policy Message Syntax (section 2.2.1) MUST be serialized using type 0x02 from Registry Policy Message Syntax (section 2.2.1).
AdmAdditive:
If present, indicates that for AdmListBox controls, the Policy Setting MUST be serialized into Registry Policy format without being preceded by an instruction to delete all values (see section Registry Policy Message Sequencing (section 3.2.5.1)).
AdmExplicitValue:
If present, indicates that for AdmListBox controls, both the Value and Data to serialize to, from the Registry Policy Message specification (as specified in Registry Policy Message Syntax (section 2.2.1)), MUST come from an administrative tool's user input. If AdmValuePrefix is also specified, it is ignored.
AdmValuePrefix <prefix>:
Specifies that any registry values associated with this part MUST be prepended with <prefix> when serialized to the Registry Policy message format.
AdmSpin <spinvalue>:
Specifies that the Policy Administration plug-ins are expected to present the associated part in the user interface using a type of control that allows the user to increment or decrement integer values through the control. A <spinvalue> of 0 removes the spin control. A <spinvalue> of 1 is the default.
AdmTextConvert:
If present, indicates that the Policy Administration plug-ins MUST serialize the associated value into the Registry Policy format using type 0x01 (string), as specified in Registry Policy Message Syntax (section 2.2.1), even if the value is numeric.
AdmDefChecked:
If present, indicates that the administrative plug-in MUST enable their associated AdmCheckBox control when a user initially attempts to enable the associated setting.
AdmMax <maxvalue>:
Specifies that the administrative plug-in that consume this format to edit a GPO MUST enforce a maximum value for the number. This value is a 32-bit integer and can be set to a maximum of 2^32 - 1. If this value is not specified, then the default value is 9999.
AdmMin <minvalue>:
Specifies that the administrative plug-in that consumes this format to edit a GPO MUST enforce a minimum value for the number. This value is a 32-bit integer and can be set to a maximum of 2^32 - 1. If this value is not specified, then the default value is 0.
AdmSupported <descriptive string>:
Specifies that the administrative plug-in MUST display a descriptive string describing any other requirements for the associated part to be supported.
AdmClientExt <extension GUID>:
Specifies that for each AdmClient <extension GUID> occurrence, the administrative plug-in MUST send a GPO Extension Update Message (as specified in [MS-GPOL] section 2.2.8.2) to increment the GPO version and add the <Tool Extension GUID> (as defined in section 1.9) and <extension GUID> to either of the following attributes:
The gPCUserExtensionNames attribute if the GPO's user settings are being updated.
The gPCMachineExtensionNames attribute if the computer settings are being updated.
These attributes are updated on the current GPO. They provide for the application of policy to the client by the Registry Extension.
These attributes also provide for additional processing by a second client extension. The second client extension has the opportunity to process the entire GPO.
AdmMaxLen <maxlength>:
Specifies that the Policy Administration plug-in MUST limit the text in the associated part to be, at most, <maxlength> characters.
AdmNoSort:
If present, indicates that the administrative plug-in MUST NOT sort the entries when displaying the associated AdmCombobox, AdmDropdownlist, or AdmListbox.
AdmRequired:
Specifies that the administrative plug-in that consume this format MUST NOT allow updates of the GPO for the registry key unless a value has been provided in the user interface.