1.3.1 Background
The Group Policy: Core Protocol allows clients to discover and retrieve policy settings that were created by the administrators of a domain. These settings are stored in Group Policy Objects (GPOs), which are assigned to policy target accounts in Active Directory. By assigning a GPO to policy target accounts, network administrators can ensure that a GPO is associated with certain computer or user accounts in the Active Directory. Each client uses the Lightweight Directory Access Protocol (LDAP) [RFC2251], to determine which GPOs apply to it, by querying the Active Directory objects that correspond to the computer's account and the user accounts of the users who log on to the client computer.
Each GPO is interpreted on each client computer and acted upon by software components known as client-side plug-ins. The client-side plug-ins that are responsible for a given GPO are specified in an attribute of the GPO. This attribute contains a list of globally unique identifier (GUID) pairs. The first GUID of each pair is the client-side extension GUID (CSE GUID) that identifies the client-side plug-in and the second GUID is the tool extension GUID that identifies the administrative tool plug-in (section 3.1).
For each GPO that is applicable to a client, the client consults the CSE GUID listed in the GPO to determine which client-side plug-ins on the client will handle the GPOs. The client then invokes the client-side plug-ins to handle the GPOs. A client-side plug-in uses the contents of the GPOs to retrieve settings that are specific to its class in a manner that is specific to its class. Once its class-specific settings are retrieved, the client-side plug-in uses those settings to perform class-specific processing.