3.1.4 Higher-Layer Triggered Events

The Firewall and Advanced Security Group Policy administrative plug-in is invoked when an administrator launches the Group Policy Protocol Administrative Tool, as specified in [MS-GPOL] section The Group Policy Protocol Administrative Tool passes the following parameters to the plug-in, as specified in [MS-GPOL] section




The distinguished name (DN) for the GPO that is being updated. This is the Administered GPO (Public) ADM element, as specified in section 3.1.1.

Is User Policy

A Boolean value indicating whether this update is for user policy mode. If set to FALSE, this update is for computer policy mode. This parameter is ignored.

The plug-in displays the current settings to the administrator, and when the administrator requests a change in settings, it updates the stored configuration appropriately as specified in section 2.2, after performing additional checks and actions as noted in this section.

The administrative plug-in SHOULD<9> take measures in its UI to ensure that the user cannot unknowingly set the Firewall and Advanced Security policy settings to an invalid value. It SHOULD also make sure all references necessary for an object to work are appropriately configured (for example: ensure that non-default sets, which a connection security rule references, are also configured in the policy).