4. Core ADMX File Concepts
The
creation of custom ADMX files can be made more efficient when you
understand some of the key concepts. Here, you will see how the default
ADMX files can be leveraged with your new ADMX files to ensure
consistency and reduce errors within the GPME. This section also
describes some of the core communication between the ADMX and ADML file
syntax.
One of the default ADMX files is
the Windows.admx file. This file provides baseline settings that define
categories and text that defines the “supported on” text for the
Windows products with which each policy setting can be used. You will
want to reference this file for the defined categories and “supported
on” definitions within it.
Referencing the Windows Base ADMX File
The
Windows base ADMX file must be referenced by the unique namespace that
is contained with the file, which is Microsoft.Policies.Windows, noting
that the string is case sensitive. To reference this aspect of the file
from your ADMX file, use the using element within your policyNamespaces element, as shown here:
<policyNamespaces>
<target prefix="example" namespace="Microsoft.Policies.Example"/>
<using prefix="windows" namespace="Microsoft.Policies.Windows"/>
</policyNamespaces>
The namespace attribute must match the defined namespace entry from the Windows base file. The prefix attribute can be any unique entry that you want; however, as a best practice, it should match the prefix of Windows.
Referencing Category Elements from the Windows Base ADMX File
Default categories are defined within the GPME that organize the policy settings into logical nodes or areas. Figure 3 shows some of the categories that are configured in a default GPO.
These
categories are defined in the Windows.admx base file. If you want your
setting to appear under one of these nodes, you must reference the category elements defined in the Windows base file.
For your custom ADMX file, you can use the category element from the Windows base file as the parentCategory element or a policy
element within your ADMX file. As a best practice, you should place
your categories under the existing Windows base file categories. You
can do this by adding the “windows:” prefix to the ref attribute of the parentCategory element. Here is an example that illustrates how you would reference the Windows base file for the category element to place a Sample category node under the Windows component node:
<category name="SAMPLE" displayName="$(string.SAMPLE)" explainText="$(string.SAMPLEHELP)">
<parentCategory ref="windows:WindowsComponents"/>
</category>
Warning
If you define the category
element name within your custom ADMX file, the GPME will display a
duplicate node. This is because there is a different namespace defined
beyond the default namespace mentioned earlier, and it is evaluated as
a unique element by the GPME. This should be avoided, because it will
cause confusion for those administering the GPO. |
You
can also just add more policies to the existing categories defined in
the Windows base file. This will eliminate the additional node example
from the preceding example. To add a custom policy entry to an existing
category from the Windows base file, you would use coding similar to
the following:
<policy name="Sample_NoParamPolicy" class="Both" displayName="$(string.Sample_NoParamPolicy)"
explainText="$(string.Sample_NoParamPolicy_Help)" key="Software\Policies\Examples"
valueName="Example1NoParam">
<parentCategory ref="windows:WindowsComponents"/>
<supportedOn ref="SUPPORTED_ProductOnly"/>
<enabledValue>
<decimal value="1"/>
</enabledValue>
<disabledValue>
<decimal value="0"/>
</disabledValue>
</policy>
Referencing Category Elements from the Windows Base ADMX File
Because
many changes have been made to Group Policy over the years, every
administrator needs to know the policy settings that correspond to
specific operating system versions. The supportedOn elements help handle this declaration within the GPME.
The
Windows base file dictates the default declarations that the specific
policy settings affect in the operating system. Those default supportedOn values are listed in Table 3.
Table 3. Windows Base File supportedOn Values and Descriptions
| supportOn Value | Description of supportOn Value |
|---|
| SUPPORTED_AllowWebPrinting | Windows 2000 or later, running Internet Information Services; not supported on Windows Server 2003 |
| SUPPORTED_IE6SP1 | At least Microsoft Internet Explorer 6 SP1 |
| SUPPORTED_Win2k | At least Windows 2000 |
| SUPPORTED_Win2kOnly | Windows 2000 only |
| SUPPORTED_Win2kSP1 | At least Windows 2000 SP1 |
| SUPPORTED_Win2kSP3 | At least Windows 2000 SP3 |
| SUPPORTED_Win2kSP3_Or_XPSP1 | At least Windows 2000 SP3 or Windows XP Professional SP1 |
| SUPPORTED_WindowsNET | At least Windows Server 2003 |
| SUPPORTED_WindowsNETOnly | Windows Server 2003 only |
| SUPPORTED_WindowsNET_XP | Windows Server 2003 and Windows XP only |
| SUPPORTED_WindowsPreVista | Windows Server 2003, Windows XP, and Windows 2000 only |
| SUPPORTED_WindowsUpdate | At least Windows 2000 SP3, Windows XP Professional SP1, or Windows Server 2003 family |
| SUPPORTED_WindowsVista | At least Windows Vista |
| SUPPORTED_WindowsXP | At least Windows XP Professional or Windows Server 2003 family |
| SUPPORTED_WindowsXP_Or_Vista | At least Windows XP or Windows Vista |
| SUPPORTED_WindowsXP_ SP1_W2K_SP4_NETSERVER | At least Windows 2000 SP4, Windows XP Professional SP1, or Windows Server 2003 family |
| SUPPORTED_WindowsXP_ SP2_W2K_SP5_NETSERVER_SP1 | At least Windows 2000 SP5, Windows XP Professional SP2, or Windows Server 2003 family SP1 |
| SUPPORTED_WindowsXPOnly | Windows XP Professional only |
| SUPPORTED_WindowsXPSP1 | At least Windows XP Professional SP1 or Windows Server 2003 family |
| SUPPORTED_WindowsXPSP2 | At least Windows XP Professional SP2 |
| SUPPORTED_WindowsXPSP2_Or_ WindowsNET | At least Windows XP Professional SP2 or Windows Server 2003 family |
| SUPPORTED_WindowsXPSP2_Or_ WindowsNETSP1 | At least Windows XP Professional SP2 or Windows Server 2003 family SP1 |
| SUPPORTED_WindowsXPOrServerOnly | Windows Server 2003 and Windows XP only |
To reference the supportOn element from the Windows base file, you simply add the “windows:” prefix to the ref attribute, referencing a predefined supportedOn element within the Windows.admx file.
Warning
If you use an invalid supportedOn
element name, the GPME will not display any information regarding the
operating systems that the policy setting supports. Also, no error
message will be displayed, because the system will ignore the supportedOn element altogether. |
An example of a reference to the supportedOn element from the Windows base file is as follows:
<policy name="Sample_NoParamPolicy" class="Both" displayName="$(string.Sample_NoParamPolicy)"
explainText="$(string.Sample_NoParamPolicy_Help)" key="Software\Policies\Examples"
valueName="Example1NoParam">
<parentCategory ref="SAMPLE"/>
<supportedOn ref="windows:SUPPORTED_WindowsXP"/>
<enabledValue>
<decimal value="1"/>
</enabledValue>
<disabledValue>
<decimal value="0"/>
</disabledValue>
</policy>
