3.2.5 Message Processing Events and Sequencing Rules

  • Article

For each GPO in the New or Changed GPO list, one file with the format specified in section 2.2 is read from the Group Policy server, as specified later in this section. If any file fails to be read, the plug-in MUST ignore the failure and continue to read files for other GPOs.

Using the SecurityToken passed by the Group Policy: Core Protocol, any remote file access in this section SHOULD be done under impersonation of the policy target as described in [MS-DTYP] section 2.7, Impersonation Abstract Interfaces.

For each GPO in the New or Changed GPO list, the Group Policy: Scripts Extension Encoding client plug-in MUST do the following to process the Scripts Group:

  1. Perform a remote file open on the file specified by "<gpo path>\scripts\scripts.ini", where <gpo path> is the scoped GPO path derived from the gPCFileSysPath attribute of the GPO. If this operation fails due to File Not Found, attempt to process the psscripts.ini in the following sequence. If the operation fails for any other reason, abort processing this GPO and continue with the next GPO.

  2. Perform one or more remote file reads to read the entire contents of the opened file until the entire file has been read or an error in reading occurs.

  3. Perform a remote file close to close the file.

  4. The file is then parsed according to the format in section 2.2.2 to create the Scripts group. If the file does not conform to that format, parsing of the file MUST resume after the next end-of-line character (%0A or %0D in ABNF notation). If the file does conform to that format, the settings MUST be applied to the corresponding parameters in the abstract data model of the command execution subsystem. If the file does not conform to that format, the file MUST NOT be processed further by the client.

    Note The <integer> specified under Keys in section 2.2.2 specifies an order; lower integers indicate that executable paths specified in the same section are to be invoked before those with higher values. The value of <integer>Cmdline becomes the executable path of the executable program, with <integer>Parameters becoming the parameters passed to the executable program.

For each GPO in the New or Changed GPO list, the Group Policy: Scripts Extension Encoding client plug-in SHOULD do the following to process the PSScripts Group:<6>

  1. Perform a remote file open on the file specified by "<gpo path>\scripts\psscripts.ini", where <gpo path> is the scoped GPO path in the GPO. 

      
    If this operation fails due to File Not Found,
          If Scripts Group processing also failed due to File Not Found,
                  abort processing.
          Else
                  Proceed to step 7 assuming empty PSScripts Executable 
                  Group, PSLast Computer Executable order and PSLast User
                  Executable order.
    If this operation fails for any other reason,
          abort processing.
 

  2. Perform one or more remote file reads to read the entire contents of the opened file until the entire file has been read or an error in reading occurs.

  3. Perform a remote file close to close the file.

  4. The file is then parsed according to the format in section 2.2.3 to create the PSScripts group. If the file does not conform to that format, parsing of the file MUST resume after the next end-of-line character (%0A or %0D in ABNF notation). If the file does conform to that format, the settings MUST be applied to the corresponding parameters in the abstract data model of the command execution subsystem.

  5. If the <gpo path> is a Computer-scoped GPO path, determine the Computer Executable order as follows:

    1. If the StartExecutePSFirst key is present in the ScriptsConfig section of the file, get its value. If the value is case-insensitive "true", the Computer Executable Group order is PSFirst. If the value is case-insensitive "false", the Computer Executable Group order is PSLast.

    2. If the StartExecutePSFirst key is not present, the Default Computer Executable Group order is examined. If it equals 1, the Computer Executable Group order is PSFirst.

    3. Otherwise, the Computer Executable Group order is PSLast.

  6. If the <gpo path> is a User-scoped GPO path, determine the User Executable order as follows:

    1. If the StartExecutePSFirst key is present in the ScriptsConfig section of the file, get its value. If the value is case-insensitive "true", the User Executable Group order is PSFirst. If the value is case-insensitive "false", the User Executable Group order is PSLast.

    2. If the StartExecutePSFirst key is not present, the Default User Executable Group order is examined. If it equals 1, the User Executable Group order is PSFirst.

    3. Otherwise, the User Executable Group order is PSLast.

  7. Process scripts in the Scripts and the PSScripts Executable Groups as follows:

    1. If the <gpo-path> is a Computer-scoped GPO path, process the Start up and Shut down scripts in the Scripts and the PSScripts Executable Groups following the Computer Executable Group order.

    2. If the <gpo path> is a User-scoped GPO path, process the Log on and Log off scripts in the Scripts and the PSScripts Executable Groups following the User Executable Group order.

      Note that the <integer> specified under Keys in section 2.2.2 specifies an order; lower integers indicate that executable paths specified in the same section are to be invoked before those with higher values. The value of <integer>Cmdline becomes the executable path of the executable program with <integer>Parameters becoming the parameters passed to the executable program.