1.1.5 Group Policy Data Storage
The Group Policy protocols read and write policy information to and from the Group Policy data store, which contains the following components:
Active Directory data store: This store is part of AD DS implemented on the Group Policy server and serves as a repository for GPOs. GPOs are maintained in Active Directory as type groupPolicyContainer objects within a Group Policy Objects container and are accessed via LDAP calls. A GPO maintains policy configuration settings that apply to policy targets, such as a user that is interactively logged on to a Group Policy client.
Some policy configuration settings that are stored in GPOs can be regarded as Group Policy metadata because this information (section 1.1.7.3), embedded in the attributes of Active Directory objects, is used to identify Group Policy configurations such as SOM, extension applicability, and the policy file location, rather than the actual policy settings that are applied to Group Policy clients. For example, a GPO contains attributes that specify a user extension list and computer extension list that are specific to that particular GPO configuration. These lists specify the extension protocols that apply to target users and computers, for which the GPO is configured. The actual settings for these extensions are stored in the Group Policy file share and comprise the actual policy settings that CSEs apply on the Group Policy client. However, it is a GPO attribute in Active Directory that holds the pointer to the file share location where the CSE policy settings reside.
Group Policy file share data store: This store persists user and computer policy settings and also maintains a file that specifies GPO version information. If a GPO has registry settings, the Group Policy file share data store will contain the file registry.pol, which stores the registry settings that are generated by configuring Administrative template items with a management tool such as the Group Policy Management Console (GPMC). The Group Policy file share store can exist locally on the Group Policy server or remotely on a file share, where policy data is retrieved via a file access protocol. The Group Policy protocols use file access protocols, as described in [MS-FASOD] for file access operations
Policy settings for Group Policy extensions are persisted in extension policy files on the Group Policy file share and/or in a GPO. These settings are retrieved for the application of extension policy settings on the Group Policy client. For more information about how extension settings are applied to a Group Policy client, refer to section 1.1.7.4.