3.2.4.1 Processing Group Policy Callbacks
During policy application, this protocol is invoked after the Group Policy: Core Protocol has computed a list of GPOs for which the IPsec client plug-in is to be invoked, as specified in [MS-GPOL] section 3.2.5, "Message Processing Events and Sequencing Rules".
This extension is launched by the Group Policy: Core Protocol by invoking the Process Group Policy Event as specified in [MS-GPOL], section 3.2.4.1 and section 3.2.5.1.10.
[MS-GPOL] provides the New or Changed GPO list, which is a list of the new or changed GPOs. It also supplies the Deleted GPO list and other parameters. The Deleted GPO list and all the other parameters supplied to the callback are ignored.
The GPOs that are assigned to the client machine are indicated in the callback in the New or Changed GPO list. This list of GPOs MUST be copied to the FilteredGPOList ADM element. The client MUST determine the location of the policy that is assigned to the client as specified by sections 3.2.5.1, 3.2.5.2, and 3.2.5.3.
Once the policy location is known, the client MUST read the policy, as specified in sections 3.2.5.1, 3.2.5.2, and 3.2.5.4.