1.3.2 Scripts Extension Encoding Overview
The following diagram depicts the entities that participate in Group Policy: Scripts Extension Encoding:
Figure 1: Group Policy: Scripts Extension Encoding entities
Clients can use either or both of the following modes for this protocol because they address different issues:
-
In this mode, Group Policy Objects (GPOs) are applied for the computer on which the client is running.
The following sequence of operations occurs from both policy administration and policy application modes:
An administrator invokes the Group Policy Administrative tool to administer a GPO (as specified in [MS-GPOL]), using the policy administration mode (as specified in [MS-GPOL] section 1.3.4). Through Group Policy: Scripts Extension Encoding, the presence of the tool extension GUID for computer policy settings for Group Policy: Scripts Extension Encoding is retrieved, and it indicates that the GPO contains policy settings that are to be administered through the policy administration portion of Group Policy: Scripts Extension Encoding. The administrative tool invokes a plug-in specific to Group Policy: Scripts Extension Encoding so that the administrator can administer Group Policy: Scripts Extension Encoding settings. This results in the storage and retrieval of metadata inside a GPO on a Group Policy server. This metadata describes commands that the administrator wants to execute on a client that is affected by the GPO. The administrator views the data and updates it to add a directive to run a command when the client computer starts. The directive can be any action that can be run locally on the client computer.
A client computer affected by that GPO is started (or is connected to the network, if this happens after the client starts), and the Group Policy: Core Protocol is invoked by the client to retrieve policy settings from the Group Policy server. As part of the processing of the Group Policy: Core Protocol (as specified in [MS-GPOL] section 3.2.5.1.10), the Group Policy: Scripts Extension Encoding CSE GUID is read from this GPO, and this instructs the client to invoke a Group Policy: Scripts Extension Encoding plug-in component for policy application.
In processing the policy application portion of Group Policy: Scripts Extension Encoding, the client identifies the directive to run the administrator's command at computer start and configures a command execution subsystem of the underlying operating system on the client computer (logically not a part of Group Policy: Scripts Extension Encoding or the Group Policy: Core Protocol) with this directive. When the computer is in the process of starting, the command execution subsystem invokes the command as required by the administrator. Similarly, when the client later shuts down, the command execution subsystem executes any shutdown commands.
-
In this mode, GPOs are applied for the user who is logged on to the computer on which the client is running.
The following sequence of operations is performed from the policy administration and policy application mode:
Step 1 is the same as the preceding step 1 for computer policy mode, except that a separate tool extension GUID for Group Policy: Scripts Extension Encoding is used, and the administrator can specify commands that are to run at the time a user logs on or off.
Step 2 is the same as the preceding step 2 for computer policy mode, except that it occurs when a user logs on (or when the computer is connected to the network, if this happens after the user logs on).
In processing the policy application portion of Group Policy: Scripts Extension Encoding, the client identifies the directive to run the administrator's command at user logon time and configures the command execution subsystem with this directive. Because the user is in the process of logging on while the protocol is executing, the command execution subsystem invokes the command as needed by the administrator. When the user later logs off, any logoff commands are then executed.