Windows Server 2008 and Windows Vista : GPO Replication (part 2) - Client-Side Extensions

Client-side extensions (CSEs) provide much of the intelligence behind Group Policy. CSEs are files that must reside on the computer that is consuming Group Policy settings. The CSEs are divided into logical categories that match the nodes within the GPO, which can be seen in the structure of the GPO in the GPME. For example, the Security Settings node and all of the settings under it are controlled by the security CSE. The Drive Maps policy under the Preferences nodes is controlled by its own CSE, the Group Policy Drive Maps CSE.

The CSEs are .dll files that contain code that applies the settings to the target computer. The settings are delivered from the domain controllers to the computer receiving the policy settings during Group Policy processing. The data delivered to the target computer is the information stored in the files that makes up the GPT of the GPO. When these raw settings are delivered to the target computer, the appropriate CSEs perform the correct action on the target computer. Each CSE is tracked and managed by a GUID. The GUID ensures that the CSE is unique—we saw earlier that the GPC tracks the correct CSE in the gPCMachineExtensionNames and gPCUserExtentionNames attributes.

Table 1 provides information about all of the CSEs that are supported in Windows Server 2008 and Windows Vista. The CSEs are referenced in the registry, where this information is kept and tracked. You can see the full list of CSEs in the registry at HKLM\ Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions.

Table 1. Group Policy Client-Side Extensions

Client-Side Extension	CSE DLL	GUID
Wireless Group Policy	Wlgpclnt.dll	{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}
Group Policy Environment	Gpprefcl.dll	{0E28E245-9368-4853-AD84-6DA3BA35BB75}
Group Policy Local Users and Groups	Gpprefcl.dll	{17D89FEC-5C44-4972-B12D-241CAEF74509}
Group Policy Device Settings	Gpprefcl.dll	{1A6364EB-776B-4120-ADE1-B63A406A76B5}
Folder Restriction	Fdeploy.dll	{25537BA6-77A8-11D2-9B6C-0000F8080861}
Microsoft Disk Quota	Diskquota.dll	{3610eda5-77ef-11d2-8dc5-00c04fa31a66}
Group Policy Network Options	Gpprefcl.dll	{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}
QoS Packet Scheduler	Gptext.dll	{426031c0-0b47-4852-b0ca-ac3d37bfcb39}
Scripts	Gpscript.dll	{42B5FAAE-6536-11d2-AE5A-0000F87571E3}
Internet Explorer Zonemapping	Iedkcs32.dll	{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
Group Policy Drive Maps	Gpprefcl.dll	{5794DAFD-BE60-433f-88A2-1A31939AC01F}
Group Policy Folders	Gpprefcl.dll	{6232C319-91AC-4931-9385-E70C2B099F0E}
Group Policy Network Shares	Gpprefcl.dll	{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}
Group Policy Files	Gpprefcl.dll	{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}
Group Policy Data Sources	Gpprefcl.dll	{728EE579-943C-4519-9EF7-AB56765798ED}
Group Policy Ini Files	Gpprefcl.dll	{74EE6C03-5363-4554-B161-627540339CAB}
Windows Search Group Policy Extension	Srchadmin.dll	{7933F41E-56F8-41d6-A31C-4148A711EE93}
Security	Scecli.dll	{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
Deployed Printer Connections	Gpprnext.dll	{8A28E2C5-8D06-49A4-A08C-632DAA493E17}
Group Policy Services	Gpprefcl.dll	{91FBB303-0CD5-4055-BF42-E512A681B325}
Internet Explorer Branding	Iedkcs32.dll	{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
Group Policy Folder Options	Gpprefcl.dll	{A3F3E39B-5D83-4940-B954-28315B82F0A8}
Group Policy Scheduled Tasks	Gpprefcl.dll	{AADCED64-746C-4633-A97C-D61349046527}
Group Policy Registry	Gpprefcl.dll	{B087BE9D-ED37-454f-AF9C-04291E351182}
EFS Recovery	Scecli.dll	{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}
802.3 Group Policy	Dot3gpclnt.dll	{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}
Group Policy Printers	Gpprefcl.dll	{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}
Group Policy Shortcuts	Gpprefcl.dll	{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}
Microsoft Offline Files	Cscobj.dll	{C631DF4C-088F-4156-B058-4375F0853CD8}
Software Installation	Appmgmts.dll	{c6dc5466-785a-11d2-84d0-00c04fb169f7}
IP Security	Polstore.dll	{e437bc1c-aa7d-11d2-a382-00c04f991e27}
Group Policy Internet Settings	Gpprefcl.dll	{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}
Group Policy Start Menu Settings	Gpprefcl.dll	{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}
Group Policy Regional Options	Gpprefcl.dll	{E5094040-C46C-4115-B030-04FB2E545B00}
Group Policy Power Options	Gpprefcl.dll	{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}
Group Policy Applications	Gpprefcl.dll	{F9C77450-3A41-477E-9310-9ACD617BD9E3}
Enterprise QoS	Gptext.dll	{FB2CA36D-0B40-4307-821B-A13B252DE56C}

You can see from Table 1that some CSEs use the same file to store the code needed to apply settings delivered from the domain controller.

Note

If a target computer is missing a CSE during Group Policy processing, the settings that are delivered from the domain controller will not apply to the computer.

Important

The CSEs for the Group Policy Preferences must be installed on all computers running Windows XP SP2, Windows Server 2003 SP1, and Windows Vista that will consume these settings. You can download the CSEs from here: http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx. The CSEs are all contained in one .dll file. The file is best distributed using Group Policy, because it is wrapped up in an .msi file. The .dll CSE files are stored in the C:\Windows\System32 folder.

Each CSE is defined and tracked in the registry and includes a set of registry values that define and control its behavior. Clicking a CSE GUID in the registry will expose the registry settings that are configured by default and can be modified, as shown in Figure 3. The full list of possible registry value settings is shown in Table 2.

Figure 3. Each CSE in the registry has a set of values that control the behavior of the CSE.

Table 2. Possible Group Policy Extension Registry Values

Registry Value	Value Type	Possible Values
(Default)	REG_SZ	<Name of Group Policy>
DisplayName	REG_EXPAND_SZ	@<CSE DLL>, -1 to -????
DLLName	REG_EXPAND_SZ	Name or path to DLL
EnableSynchronousProcessing	REG_DWORD	<0 or 1>
EnableAsynchronousProcessing	REG_BINARY or REG_DWORD	<0 or 01>
ExtensionDebugLevel	REG_DWORD	<0 or 1>
ExtensionEventSource	REG_SZ	Varies
ExtensionRsopPlanningDebugLevel	REG_DWORD	<0 or 1>
EventSources	REG_MULTI_SZ	Varies
GenerateGroupPolicy	REG_SZ	Varies
MaxNGPListChangesInterval	REG_DWORD	<0 or 1>
NoBackgroundPolicy	REG_DWORD	<0 or 1>
NoGPOListChanges	REG_DWORD	<0 or 1>
NoMachinePolicy	REG_DWORD	<0 or 1>
NoSlowLink	REG_DWORD	<0 or 1>
NotifyLinkTransition	REG_DWORD	<0 or 1>
NoUserPolicy	REG_DWORD	<0 or 1>
PerUserLocalSettings	REG_DWORD	<0 or 1>
ProcessGroupPolicy	REG_SZ	Varies
ProcessGroupPolicyEx	REG_SZ	Varies
RequireSuccessfulRegistry	REG_DWORD	<0 or 1>

Warning

Modifying a registry value for a CSE could cause instability or operating system failure. Be sure to test all changes to any setting in the registry before deploying to any production computer.