2.1.2.3.2 Group Policy Client

The Group Policy client contains the core Group Policy engine and the CSEs that extend Group Policy. The CSEs that extend Group Policy are described in section 2.2.

The core Group Policy engine has the task of managing various functionalities on Group Policy clients and across CSEs, which includes the following:

  • Applying Group Policy at regular intervals, as described in sections 2.8.1 and 2.8.2.

  • Accessing GPO attribute information from the appropriate locations in Active Directory and accessing policy settings on the Group Policy file share.

  • Handling special cases that affect all CSEs, such as loopback mode, are described in [MS-GPOL] section 3.2.1.3.

  • Appropriately filtering and ordering GPOs, as described in [MS-GPOL] sections 3.2.5.1.6 and 3.2.5.1.7.

  • Invoking extension protocol sequences, as described in [MS-GPOL] section 3.2.5.1.10.

  • Maintaining version numbers and histories for all CSEs.

  • Invoking CSEs for the policy application process.

  • Notifying various components of changes made by Group Policy. The core Group Policy engine is responsible for this activity after the completion of policy processing.

The basic communication flow that is associated with the Group Policy client consists of the following:

  1. The Group Policy client locates a domain controller (Group Policy server), as described in [MS-ADOD] (section 3.1.1).

  2. The Group Policy client uses LDAP to query the Group Policy server for a list of GPOs, as described in [MS-GPOL] section 3.2.5.1.5.

  3. For each object in the GPO list, the Group Policy client queries the Group Policy server for the GPO's attributes, using LDAP and a file access protocol, as described in [MS-GPOL] sections 3.2.5.1.5, 3.2.5.1.6, and 3.2.5.1.7.

  4. Based on the GUIDs in the Extension list of GPOs, the core Group Policy engine on the Group Policy client invokes the appropriate CSEs ([MS-GPOL] section 3.2.5.1.10).

  5. In turn, each CSE uses LDAP and a file access protocol to query the Group Policy server and Group Policy file share, respectively, for the retrieval of GPO attributes and policy settings, as described in [MS-GPOL] section 1.3.3.3.