3.1.4 Higher-Layer Triggered Events

The higher-layer triggered events are: policy creation, policy modification, policy deletion, reading the policy, and assigning the policy to a GPO.

The administrator triggers each of these events by using the administrative plug-in.

On the policy creation/modify, the IPsec Protocol plug-in MUST generate the messages to create or modify the IPsec policy in the Active Directory store, as specified in IPsec Policy Creation/Modification (section 2.2.1).

On policy reading, the IPsec Protocol plug-in MUST generate the messages specified in section 3.1.5.4.

On policy deleting, the IPsec Protocol plug in MUST generate the messages specified in section 3.1.5.7.

For assigning policy to a GPO, the IPsec Protocol plug-in MUST generated the messages as specified in section 3.1.5.8.

In all cases, if this fails, the administrator MUST be informed so that they can determine the appropriate action to take.