Integration of Group Policy with Enterprise Library Applications

Microsoft Enterprise Library 5.0

DropDown image DropDownHover image Collapse image Expand image CollapseAll image ExpandAll image Copy image CopyHover image

The ManageableConfigurationSource class reads configuration overrides from the registry and applies those overrides to an application configuration file. By reading the registry in this way, this configuration source allows you to use Group Policy to specify the settings. A Group Policy template defines the configuration options for each application that is configured in Group Policy and defines the default options in Group Policy for each configuration option. One Group Policy template is required for each application because a separate registry key represents each application. The key is based on the application name.

To simplify the creation of Group Policy templates, you can use the AdministrativeTemplateGenerator class to generate an AdmContent object, and then write this content to a stream in order to generate ADM files from the Enterprise Library configuration tools. These templates use the settings defined in the application configuration file to determine the default settings for each option. They also determine the structure of the ADM template, which must match the contents of the configuration file.

In this version of Enterprise Library, templates and Group Policy support are available for all the application blocks, except for the Validation Application Block, the Policy Injection Application Block, and Unity. Group Policy is a fairly static and flat mechanism, and the configuration for these application blocks is quite dynamic and usually complex. Therefore, it would be almost impossible to provide a useable user interface implementation for these application blocks.


Note:
Applications that use Group Policy to specify their settings must define and use a ManageableConfigurationSource in the configuration sources section, and set the EnableGroupPolicy flag on that source to true. You can use the configuration tools to configure this setting.


This section contains the following topics:

Group Policy Template Structure

Group Policy templates specify the values described by each policy and the way those values are represented in the user interface of tools used to edit Group Policy objects, such as the Group Policy Management Console (GPMC).


Note:
For information about the format of Group Policy templates, see Group Policy File Formats on MSDN®.


Group Policy templates contain a number of different elements, including the following:

  • CLASS. This determines whether subsequent categories appear under Computer Configuration (CLASS MACHINE) or User Configuration (CLASS USER) in the Group Policy Object Editor. The template generated from the Enterprise Library Configuration Console contains both CLASS MACHINE and CLASS USER.
  • CATEGORY. This determines which categories appear in the Group Policy Editor. Categories may be nested under one another (these may be referred to as sub-categories).
  • POLICY. This identifies an element that can be modified by an administrator. The policy appears in a dialog box with an associated control that an administrator can use to set its state.
  • PART. This specifies options such as drop-down list boxes, text boxes, and text that appear in the lower pane of the Group Policy Object Editor.
  • ITEMLIST. This is a list of items for a drop-down list.
  • ACTIONLIST. This a set of arbitrary changes to the registry that are made in response to a control being in a certain state.

The general format for application Group Policy templates is as follows for both machine policies and user policies:

  • A category represents the application. This category matches the application's name.
  • A sub-category represents each application block.
  • A sub-category for each application block's categories represents each of the collections of configuration elements such as the Logging Application Block's formatters or trace listeners configuration objects.
  • A policy is used for each configuration element in the configuration elements collections on the collection's category, including parts for each of the configuration element’s properties.
  • A policy with parts represents the application block–wide settings on the application block's category. If an application block does not have application block–wide settings, as is true of the Exception Handling Application Block, there will still be policy for it.

General Settings for the Application Blocks

The following ADM code example shows the complete Security Application Block category with the default settings. It shows only the categories and sub-categories for the other application blocks.

Copy Code
CLASS MACHINE
CATEGORY "myapp1"
  CATEGORY "Security"
    CATEGORY "Authorization providers"      POLICY "Specify settings for authorization provider 'RuleProvider'"
        KEYNAME "Software\Policies\myapp1\securityConfiguration\authorizationProviders\RuleProvider"
        VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
        PART "Rules"
          EDITTEXT
          VALUENAME "rules"
          MAXLEN 1024
          REQUIRED
        END PART
      END POLICY
    END CATEGORY; "Authorization providers"
    CATEGORY "Security cache providers"
      POLICY "Specify settings for security cache provider 'Caching Store Provider'"
        KEYNAME "Software\Policies\Application\securityConfiguration\securityCacheProviders\Caching Store Provider"
        VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
        PART "Cache manager"
          DROPDOWNLIST
            VALUENAME "cacheManager"
            ITEMLIST
              NAME "Cache Manager" VALUE "Cache Manager"
            END ITEMLIST
        END PART
        PART "Absolute expiration"
          NUMERIC
          VALUENAME "defaultAbsoluteSessionExpirationInMinutes"
          DEFAULT 60
          MIN 0
        END PART
        PART "Sliding expiration"
          NUMERIC
          VALUENAME "defaultSlidingSessionExpirationInMinutes"
          DEFAULT 10
          MIN 0
        END PART
      END POLICY
    END CATEGORY  ; "Security cache providers"
    POLICY "Specify Security Block Settings"
      KEYNAME "Software\Policies\myapp1\securityConfiguration"
      VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
      PART "Default authorization provider"
        DROPDOWNLIST
        VALUENAME "defaultAuthorizationInstance"
        ITEMLIST
          NAME "None" VALUE "__none__"
          NAME "RuleProvider" VALUE "RuleProvider"
        END ITEMLIST
      END PART
      PART "Default security cache provider"
        DROPDOWNLIST
        VALUENAME "defaultSecurityCacheInstance"
        ITEMLIST
          NAME "None" VALUE "__none__"
        END ITEMLIST
      END PART
    END POLICY
  END CATEGORY  ; "Security"
  CATEGORY "Caching"
    CATEGORY "Cache managers"
    END CATEGORY  ; "Cache managers"
  END CATEGORY  ; "Caching"
  CATEGORY "Instrumentation"
  END CATEGORY  ; "Instrumentation"
  CATEGORY "Database"
    CATEGORY "Oracle packages"
    END CATEGORY  ; "Oracle packages"
  END CATEGORY  ; "Database"
  CATEGORY "Database"
    CATEGORY "Provider mappings"
    END CATEGORY  ; "Provider mappings"
  END CATEGORY  ; "Database"
  CATEGORY "Database"
    CATEGORY "Connection strings"
    END CATEGORY  ; "Connection strings"
  END CATEGORY  ; "Database"
  CATEGORY "Exception handling"
    CATEGORY "Policy1"
    END CATEGORY  ; "Policy1"
    CATEGORY "Policy2"
    END CATEGORY  ; "Policy2"
  END CATEGORY  ; "Exception handling"
  CATEGORY "Logging"
    CATEGORY "Category sources"
    END CATEGORY  ; "Category sources"
    CATEGORY "Special sources"
    END CATEGORY  ; "Special sources"
    CATEGORY "Log filters"
    END CATEGORY  ; "Log filters"
    CATEGORY "Log formatters"
    END CATEGORY  ; "Log formatters"
    CATEGORY "Listeners"
    END CATEGORY  ; "Listeners"
  END CATEGORY  ; "Logging"
  CATEGORY "Cryptography"
    CATEGORY "Hash providers"
    END CATEGORY  ; "Hash providers"
    CATEGORY "Symmetric crypto providers"
    END CATEGORY  ; "Symmetric crypto providers"
  END CATEGORY  ; "Cryptography"
END CATEGORY  ; "myapp1"

Exceptions to the General Template Structure

Most application block categories follow the structure of the Group Policy template, but there are some differences. These differences occur in the following categories:

Instrumentation Category

The instrumentation category determines how an application should be instrumented. This category contains a single policy, which is shown in the following ADM code example.

Copy Code
CATEGORY "Instrumentation"
  POLICY "Specify settings for the instrumentation section"
    KEYNAME "Software\Policies\myapp1\instrumentationConfiguration"
    VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
    PART "Event logging enabled"
      CHECKBOX
      VALUENAME "eventLoggingEnabled"
      VALUEON NUMERIC 1
      VALUEOFF NUMERIC 0
    END PART
    PART "Performance counters enabled"
      CHECKBOX DEFCHECKED
      VALUENAME "performanceCountersEnabled"
      VALUEON NUMERIC 1
      VALUEOFF NUMERIC 0
    END PART
  END POLICY
END CATEGORY  ; "Instrumentation"

Exception Handling Category

The exception handling category simplifies the policies. There is one category for each exception handling policy. Each category contains one policy for each exception type. The policy includes sections for the exception type and for its handlers. The following ADM code example shows the exception handling category in a Group Policy template.

Copy Code
CATEGORY "Exception handling"
CATEGORY "Policy1"
  POLICY "Specify settings for exception type 'ArgumentException'"
    KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy1\exceptionTypes\ArgumentException"
    VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
    PART "Post handling action"
      DROPDOWNLIST
      VALUENAME "postHandlingAction"
      ITEMLIST
        NAME "None" VALUE "None"
        NAME "NotifyRethrow" VALUE "NotifyRethrow"
        NAME "ThrowNewException" VALUE "ThrowNewException"
      END ITEMLIST
    END PART
    PART "Handlers"
      TEXT
    END PART
    PART "Handler: 'Replace Handler'"
      TEXT
    END PART
    PART "Exception message"
      EDITTEXT
      VALUENAME "exceptionMessage"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy1\exceptionTypes\ArgumentException\exceptionHandlers\Replace Handler"
      MAXLEN 1024
      REQUIRED
      DEFAULT "message"
    END PART
    PART "Exception type"
      EDITTEXT
      VALUENAME "replaceExceptionType"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy1\exceptionTypes\ArgumentException\exceptionHandlers\Replace Handler"
      MAXLEN 1024
      REQUIRED
      DEFAULT "Microsoft.Practices.EnterpriseLibrary.Security.SyntaxException, Microsoft.Practices.EnterpriseLibrary.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null"
    END PART
    PART "Handler: 'Wrap Handler'"
      TEXT
    END PART
    PART "Exception message"
      EDITTEXT
      VALUENAME "exceptionMessage"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy1\exceptionTypes\ArgumentException\exceptionHandlers\Wrap Handler"
      MAXLEN 1024
      REQUIRED
      DEFAULT "message2"
    END PART
    PART "Exception type"
      EDITTEXT
      VALUENAME "wrapExceptionType"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy1\exceptionTypes\ArgumentException\exceptionHandlers\Wrap Handler"
      MAXLEN 1024
      REQUIRED
      DEFAULT "Microsoft.Practices.Unity.IncompatibleTypesException, Microsoft.Practices.Unity, Version=1.0.51205.0, Culture=neutral, PublicKeyToken=null"
    END PART
  END POLICY
  POLICY "Specify settings for exception type 'NullReferenceException'"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy1\exceptionTypes\NullReferenceException"
      VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
    PART "Post handling action"
      DROPDOWNLIST
      VALUENAME "postHandlingAction"
      ITEMLIST
        NAME "None" VALUE "None"
        NAME "NotifyRethrow" VALUE "NotifyRethrow"
        NAME "ThrowNewException" VALUE "ThrowNewException"
      END ITEMLIST
    END PART
    PART "Handlers"
      TEXT
    END PART
    PART "Handler: 'Wrap Handler'"
      TEXT
    END PART
    PART "Exception message"
      EDITTEXT
      VALUENAME "exceptionMessage"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy1\exceptionTypes\NullReferenceException\exceptionHandlers\Wrap Handler"
      MAXLEN 1024
      REQUIRED
      DEFAULT "message3"
    END PART
    PART "Exception type"
      EDITTEXT
      VALUENAME "wrapExceptionType"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy1\exceptionTypes\NullReferenceException\exceptionHandlers\Wrap Handler"
      MAXLEN 1024
      REQUIRED
      DEFAULT "Microsoft.Practices.Unity.DependencyMissingException, Microsoft.Practices.Unity, Version=1.0.51205.0, Culture=neutral, PublicKeyToken=null"
    END PART
  END POLICY
END CATEGORY  ; "Policy1"
CATEGORY "Policy2"
  POLICY "Specify settings for exception type 'ArithmeticException'"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy2\exceptionTypes\ArithmeticException"
      VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
    PART "Post handling action"
      DROPDOWNLIST
      VALUENAME "postHandlingAction"
      ITEMLIST
        NAME "None" VALUE "None"
        NAME "NotifyRethrow" VALUE "NotifyRethrow"
        NAME "ThrowNewException" VALUE "ThrowNewException"
      END ITEMLIST
    END PART
    PART "Handlers"
      TEXT
    END PART
    PART "Handler: 'Logging Handler'"
      TEXT
    END PART
    PART "Title"
      EDITTEXT
      VALUENAME "title"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy2\exceptionTypes\ArithmeticException\exceptionHandlers\Logging Handler"
      MAXLEN 255
      REQUIRED
      DEFAULT "Enterprise Library Exception Handling"
    END PART
    PART "Event ID"
      NUMERIC
      VALUENAME "eventId"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy2\exceptionTypes\ArithmeticException\exceptionHandlers\Logging Handler"
      DEFAULT "100"
    END PART
    PART "Severity"
      DROPDOWNLIST
      VALUENAME "severity"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy2\exceptionTypes\ArithmeticException\exceptionHandlers\Logging Handler"
      ITEMLIST
        NAME "Critical" VALUE "Critical"
        NAME "Error" VALUE "Error"
        NAME "Warning" VALUE "Warning"
        NAME "Information" VALUE "Information"
        NAME "Verbose" VALUE "Verbose"
        NAME "Start" VALUE "Start"
        NAME "Stop" VALUE "Stop"
        NAME "Suspend" VALUE "Suspend"
        NAME "Resume" VALUE "Resume"
        NAME "Transfer" VALUE "Transfer"
      END ITEMLIST
    END PART
    PART "Priority"
      NUMERIC
      VALUENAME "priority"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy2\exceptionTypes\ArithmeticException\exceptionHandlers\Logging Handler"
      DEFAULT "0"
    END PART
    PART "Category"
      DROPDOWNLIST
      VALUENAME "logCategory"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy2\exceptionTypes\ArithmeticException\exceptionHandlers\Logging Handler"
      ITEMLIST
        NAME "Category" VALUE "Category"
        NAME "General" VALUE "General"
      END ITEMLIST
    END PART
    PART "Formatter"
      COMBOBOX
      VALUENAME "formatterType"
      KEYNAME "Software\Policies\myapp1\exceptionHandling\exceptionPolicies\Policy2\exceptionTypes\ArithmeticException\exceptionHandlers\Logging Handler"
      REQUIRED
      DEFAULT "Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.XmlExceptionFormatter, Microsoft.Practices.EnterpriseLibrary.ExceptionHandling, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null"
      SUGGESTIONS "Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.TextExceptionFormatter, Microsoft.Practices.EnterpriseLibrary.ExceptionHandling, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null" "Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.XmlExceptionFormatter, Microsoft.Practices.EnterpriseLibrary.ExceptionHandling, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null"
      END SUGGESTIONS
    END PART
  END POLICY
END CATEGORY  ; "Policy2"
  POLICY "Specify settings for the Exception Handling Application Block"
    KEYNAME "Software\Policies\myapp1\exceptionHandling"
    VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
  END POLICY
END CATEGORY  ; "Exception handling"

Caching Category

The Caching category structure differs from the standard template in order to conform to the way the configuration tools display the configuration information. The policies for the cache managers contain the parts for the cache manager itself, its backing store, and the backing store's optional encryption provider.

The following ADM code example shows the Caching category from a Group Policy template.

Copy Code
CATEGORY "Caching"
CATEGORY "Cache managers"
  POLICY "Specify settings for cache manager 'Cache Manager'"
      KEYNAME "Software\Policies\myapp1\cachingConfiguration\cacheManagers\Cache Manager"
      VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
    PART "Expiration poll frequency (secs.)"
      NUMERIC
      VALUENAME "expirationPollFrequencyInSeconds"
      DEFAULT "60"
    END PART
    PART "Maximum elements in cache before scavenging"
      NUMERIC
      VALUENAME "maximumElementsInCacheBeforeScavenging"
      DEFAULT "1000"
    END PART
    PART "Number to remove when scavenging"
      NUMERIC
      VALUENAME "numberToRemoveWhenScavenging"
      DEFAULT "10"
    END PART
    PART "Backing store settings"
      TEXT
    END PART
    PART "Partition name"
      EDITTEXT
      VALUENAME "partitionName"
      KEYNAME "Software\Policies\myapp1\cachingConfiguration\backingStores\Isolated Storage"
      MAXLEN 1024
      REQUIRED
      DEFAULT "test"
    END PART
    PART "Encryption provider settings"
      TEXT
    END PART
    PART "Symmetric provider"
      DROPDOWNLIST
      VALUENAME "symmetricInstance"
      KEYNAME "Software\Policies\myapp1\cachingConfiguration\encryptionProviders\Symmetric Storage Encryption"
      ITEMLIST
        NAME "DESCryptoServiceProvider" VALUE "DESCryptoServiceProvider"
        NAME "DPAPI Symmetric Cryptography Provider" VALUE "DPAPI Symmetric Cryptography Provider"
      END ITEMLIST
    END PART
  END POLICY
  POLICY "Specify settings for cache manager 'Cache Manager1'"
      KEYNAME "Software\Policies\myapp1\cachingConfiguration\cacheManagers\Cache Manager1"
      VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
    PART "Expiration poll frequency (secs.)"
      NUMERIC
      VALUENAME "expirationPollFrequencyInSeconds"
      DEFAULT "60"
    END PART
    PART "Maximum elements in cache before scavenging"
      NUMERIC
      VALUENAME "maximumElementsInCacheBeforeScavenging"
      DEFAULT "1000"
    END PART
    PART "Number to remove when scavenging"
      NUMERIC
      VALUENAME "numberToRemoveWhenScavenging"
      DEFAULT "10"
    END PART
    PART "Backing store settings"
      TEXT
    END PART
    PART "Database instance"
      DROPDOWNLIST
      VALUENAME "databaseInstanceName"
      KEYNAME "Software\Policies\myapp1\cachingConfiguration\backingStores\Data Cache Storage"
      ITEMLIST
        NAME "LocalSqlServer" VALUE "LocalSqlServer"
        NAME "Marketing" VALUE "Marketing"
      END ITEMLIST
    END PART
    PART "Partition name"
      EDITTEXT
      VALUENAME "partitionName"
      KEYNAME "Software\Policies\myapp1\cachingConfiguration\backingStores\Data Cache Storage"
      MAXLEN 255
      REQUIRED
      DEFAULT "db partition"
    END PART
    PART "Encryption provider settings"
      TEXT
    END PART
    PART "Symmetric provider"
      DROPDOWNLIST
      VALUENAME "symmetricInstance"
      KEYNAME "Software\Policies\myapp1\cachingConfiguration\encryptionProviders\Symmetric Storage Encryption1"
      ITEMLIST
        NAME "DESCryptoServiceProvider" VALUE "DESCryptoServiceProvider"
        NAME "DPAPI Symmetric Cryptography Provider" VALUE "DPAPI Symmetric Cryptography Provider"
      END ITEMLIST
    END PART
  END POLICY
  POLICY "Specify settings for cache manager 'Cache Manager2'"
      KEYNAME "Software\Policies\myapp1\cachingConfiguration\cacheManagers\Cache Manager2"
      VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
    PART "Expiration poll frequency (secs.)"
      NUMERIC
      VALUENAME "expirationPollFrequencyInSeconds"
      DEFAULT "60"
    END PART
    PART "Maximum elements in cache before scavenging"
      NUMERIC
      VALUENAME "maximumElementsInCacheBeforeScavenging"
      DEFAULT "1000"
    END PART
    PART "Number to remove when scavenging"
      NUMERIC
      VALUENAME "numberToRemoveWhenScavenging"
      DEFAULT "10"
    END PART
    PART "Backing store settings"
      TEXT
    END PART
    PART "Partition name"
      EDITTEXT
      VALUENAME "partitionName"
      KEYNAME "Software\Policies\myapp1\cachingConfiguration\backingStores\Isolated Storage1"
      MAXLEN 255
      REQUIRED
      DEFAULT "test2"
    END PART
  END POLICY
END CATEGORY; "Cache managers"
  POLICY "Specify settings for caching block"
      KEYNAME "Software\Policies\myapp1\cachingConfiguration"
      VALUENAME "Available" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0
    PART "Default cache manager"
      DROPDOWNLIST
      VALUENAME "defaultCacheManager"
      ITEMLIST
        NAME "Cache Manager" VALUE "Cache Manager"
        NAME "Cache Manager1" VALUE "Cache Manager1"
        NAME "Cache Manager2" VALUE "Cache Manager2"
      END ITEMLIST
    END PART
  END POLICY
END CATEGORY  ; "Caching"

Applying Group Policy Settings

Policies in a Group Policy Object (GPO) can be enabled, disabled, or not configured. Policies that are not configured do not set registry values; they are ignored by the manageable configuration source. Configuration settings related to these policies are unmodified, so the original settings from the configuration file are visible to the consumers of configuration information. If you enable a policy, set values for its parts, and write the values for the policy's parts to the registry, the manageable configuration source retrieves them. The manageable configuration source uses these values to override the properties of the configuration element represented by the policy.

By disabling a policy, you make the configuration elements represented by the policy unavailable. If the policy is associated with a configuration element from a collection, it is removed from the collection, and if the policy represents an entire application block, the configuration section for the application block is removed. The changes originated by GPOs are transient. If policies are updated, the current version of the values for the policies' parts will override the settings from a fresh version of the configuration objects from the configuration file.

In group policies, it is standard for policy settings from machine policies to have precedence over settings from user policies. The application ignores any incorrect values in Group Policy, logs an error, and uses values in the application configuration file instead.

Limitations of Group Policy Support

The user interfaces of the Group Policy Editor and Group Policy Management Console are somewhat limited compared to the flexibility of the configuration tools. For example, it is not possible to select multiple elements from a list or to reference elements from other categories. This limits the configuration overrides that you can perform using Group Policy. Existing configuration objects can be modified or removed, but new ones cannot be created.

Considering the limited user interface alternatives the Group Policy Object Editor provides, some configuration settings that represent multiple elements are edited through a single encoded string. These settings are the following:

  • The attributes for all custom providers. These are the following:
    • CustomLogFilterData
    • CustomFormatterData
    • CustomTraceListenerData
    • CustomProviderData
    • CustomHashProviderData
    • CustomSymmetricCryptoProviderData
    • CustomHandlerData
    • CustomAuthorizationProviderData
    • CustomSecurityCacheProviderData
  • The package mappings for an OracleConnectionSetting
  • The rules for an AuthorizationRuleProviderData

In cases when the settings represent simple name/value pairs, encoded stings are used. The format for the encoded string is: <name = value>(; <name = value>). In this case, the character ';' (a semicolon) must not be part of a name, and it must be escaped in a value with ';;' (two semicolons).

Group Policy provides only simple validations. There is no way to ensure that some policy overrides (such as type names) are correct. For this reason, if a policy value is to be used when overriding a configuration object's properties, there must be a match based on the name.

Because of these limitations, Group Policy templates often have to be regenerated from the configuration tools if changes have been made to the application configuration file.