1.3.2 Group Policy Extension Overview

NAP client configuration Group Policy settings are accessible from a GPO through the Group Policy: NAP Extension to the Group Policy: Core Protocol. The extension provides a mechanism for administrative tools to obtain metadata about registry-based settings.

The process of configuring and applying the NAP Group Policy settings consists of the following steps:

  1. An administrator invokes a Group Policy administrative tool to administer the NAP client configuration settings through the Group Policy: NAP Extension. The NAP Extension reads and updates a generic settings database using the Group Policy: Registry Extension Encoding, as specified in [MS-GPREG] section 3.1.5.8, which results in the storage and retrieval of settings on a Group Policy server. These settings describe configuration parameters to be applied to a generic settings database on a client that is affected by the GPO.

    The administrator views the data and updates it as desired.

  2. A client computer affected by that GPO is started (or is connected to the network, if this happens after the client starts), and the Group Policy: Core Protocol is invoked by the client to retrieve Policy Settings from the Group Policy server. As part of this processing, the registry extension's CSE GUID (as specified in [MS-GPREG] section 1.9) is read from the GPO.

  3. The presence of the registry extension's CSE GUID (as specified in [MS-GPREG] section 1.9) in the GPO instructs the client to invoke a registry extension plug-in component for policy application. This component parses the file of settings and saves them in the generic settings database (registry) on the local machine.

  4. The NAP subsystem on the client recognizes that its configuration has been updated and takes the appropriate actions.

This document specifies the behavior of the administrative plug-in mentioned in step 1. The operation of the Group Policy: Core Protocol in step 2 is specified in [MS-GPOL] section 3.2. The process of retrieving the settings in step 3 is specified in [MS-GPREG] section 3.2. Step 4 is specific to a NAP client implementation.