Partager via


2.2.2.1 ADM-Based Policy Description Message

ADM-Based Policy Description Messages are encapsulated in Unicode files that are transmitted using remote file access. The names of these files MUST end in ".adm".

The following ABNF specifies the ADM file format.

            
 AdmFile = AdmStatements AdmStrings
 WhiteSpaceClass = CR / LF / WSP
 WhiteSpace = *WhiteSpaceClass
 SpaceDelimiter = 1*WhiteSpaceClass
 Dash = %x002D
 LineBreak = CRLF
 AdmStatements = *AdmStatement
 AdmStatement = ( AdmClass / AdmCategory / AdmPolicy / AdmPart / AdmItemList / AdmActionList ) [AdmComment]
 AdmQuotedCharacter = %x0020-0021 / %x0023-007E   ; space to tilde except double-quote
 AdmTokenCharacter = %x0021 / %x0023-003A / %x003C-007E   ; Exclamation to tilde except double-quote and semi-colon
 AdmToken = 1*AdmTokenCharacter
 AdmComment = [LineBreak] TokSemi *(VCHAR / SP) LineBreak
 AdmClass = TokClass ( TokUser / TokMachine )
 AdmCategory = TokCategory AdmString [AdmKeyName] [AdmExplain] (1*AdmCategory / 1*AdmPolicy / (1*AdmCategory 1*AdmPolicy) / (1*AdmPolicy 1*AdmCategory)) TokEnd TokCategory
 AdmString = ( WhiteSpace AdmToken SpaceDelimiter ) / TokQuotedString / AdmStringId
 AdmKey = AdmString
 AdmKeyName =  TokKeyName AdmKey
 AdmExplain = TokExplain AdmString
 AdmSupported = TokSupported AdmString
 AdmPolicy = TokPolicy AdmString [AdmKeyName] [AdmExplain] [AdmValueOnOff] [AdmActionListOnOff] [AdmSupported] [AdmClientExt] [AdmParts] TokEnd TokPolicy
 AdmValueName = TokValueName AdmString
 AdmValueOn = TokValueOn ( AdmNumericValue / AdmString )
 AdmValueOff = TokValueOff ( AdmNumericValue / AdmString )
 AdmValueOnOff = AdmValueName [AdmValueOn] [AdmValueOff]
 AdmValue = AdmValueName [AdmValueData]
 AdmKeyValuePair = [AdmKeyName] AdmValue
 AdmNumericValue = TokNumeric TokDigits
 AdmValueData = TokValue (TokDelete / AdmString / AdmNumericValue)
 AdmClientExt = TokClientExt AdmGuid
 AdmGuid = TokLeftCurly 8HEXDIG Dash 4HEXDIG Dash 4HEXDIG Dash 4HEXDIG Dash 12HEXDIG TokRightCurly
 AdmParts = 1*AdmPart
 AdmPart = TokPart AdmString AdmUIControl TokEnd TokPart
 AdmActionList = TokActionList 1*AdmKeyValuePair TokEnd TokActionList
 AdmActionListOn = TokActionListOn 1*AdmKeyValuePair TokEnd TokActionListOn
 AdmActionListOff = TokActionListOff 1*AdmKeyValuePair TokEnd TokActionListOff
 AdmActionListOnOff = [AdmActionListOn] [AdmActionListOff]
 AdmItemList = TokItemList AdmItems TokEnd TokItemList
 AdmItems = 1*AdmItem
 AdmItem = TokName AdmString AdmValueData [TokDefault] [AdmActionList]
 AdmDefaultString = TokDefault AdmString
 AdmDefaultNumeric = TokDefault TokDigits
 AdmMin = TokMin TokDigits
 AdmMax = TokMax TokDigits
 AdmMaxLen = TokMaxlen TokDigits
 AdmNoSort = TokNosort
 AdmRequired = TokRequired
 AdmCheckbox = TokCheckbox AdmCheckBoxArguments
 AdmCombobox = TokCombobox AdmComboBoxArguments
 AdmDropdownlist = TokDropdownlist AdmDropdownListArguments
 AdmEditText = TokEditText AdmEditTextArguments
 AdmListbox = TokListbox AdmListBoxArguments
 AdmNumeric = TokNumeric AdmNumericArguments
 AdmOemConvert = TokOEMConvert
 AdmExpandableText = TokExpandableText
 AdmAdditive = TokAdditive
 AdmExplicitValue = TokExplicitValue
 AdmValuePrefix = TokValueprefix TokALPHA
 AdmSpin = TokSpin TokDigits
 AdmTextConvert = TokTxtConvert
 AdmDefChecked = TokDefchecked
 AdmUIControl = (
         AdmCheckbox /
         AdmCombobox /
         AdmDropdownlist /
         AdmEditText /
         AdmListbox /
         AdmNumeric /
         TokText )
 AdmCheckBoxArguments = <These occur in any order>  [AdmKeyName] AdmValueOnOff [AdmDefChecked] [AdmActionListOn AdmActionListOff] [AdmClientExt]
 AdmEditTextArguments = <These occur in any order>  [AdmKeyName] AdmValueName [AdmDefaultString] 
         [AdmMaxLen] [AdmRequired] [AdmOemConvert] [AdmClientExt] [AdmExpandableText]
 AdmNumericArguments = <These occur in any order>  [AdmKeyName] AdmValueName [AdmDefaultNumeric] [AdmMax] 
         [AdmMin] [AdmRequired] [AdmSpin] [AdmClientExt] [AdmTextConvert]
 AdmComboBoxArguments = <These occur in any order>  AdmEditTextArguments [AdmSuggestions] [AdmNoSort]
 AdmDropdownListArguments = <These occur in any order>  [AdmKeyName] AdmValueName [ AdmItemList] 
         [AdmRequired] [AdmClientExt] [AdmNoSort]
 AdmListBoxArguments = <These occur in any order>  [AdmKeyName] [AdmAdditive] [AdmExplicitValue] 
         [AdmValuePrefix] [AdmClientExt] [AdmNoSort] [AdmExpandableText]
 AdmStrings = [ TokStrings AdmStringStatements ]
 AdmStringStatements = 1*AdmStringStatement
 AdmStringStatement = WhiteSpace AdmToken TokIs TokQuotedString
 AdmSuggestions = TokSuggestions 1*AdmString TokEnd TokSuggestions
 AdmBangBang =       WhiteSpace "!!"
 AdmStringId =       AdmBangBang AdmToken SpaceDelimiter
            
 TokALPHA =          WhiteSpace 1*ALPHA               SpaceDelimiter
 TokActionList =     WhiteSpace "ActionList"          SpaceDelimiter
 TokActionListOff =  WhiteSpace "ActionListOff"       SpaceDelimiter
 TokActionListOn =   WhiteSpace "ActionListOn"        SpaceDelimiter
 TokAdditive =       WhiteSpace "additive"            SpaceDelimiter
 TokCategory =       WhiteSpace "category"            SpaceDelimiter
 TokCheckbox =       WhiteSpace "checkbox"            SpaceDelimiter
 TokClass =          WhiteSpace "class"               SpaceDelimiter
 TokClientExt =      WhiteSpace "clientext"           SpaceDelimiter
 TokCombobox =       WhiteSpace "combobox"            SpaceDelimiter
 TokDefault =        WhiteSpace "default"             SpaceDelimiter
 TokDefchecked =     WhiteSpace "defchecked"          SpaceDelimiter
 TokDelete =         WhiteSpace "delete"              SpaceDelimiter
 TokDigits =         WhiteSpace 1*DIGIT               SpaceDelimiter
 TokDropdownlist =   WhiteSpace "dropdownlist"        SpaceDelimiter
 TokEditText =       WhiteSpace "EditText"            SpaceDelimiter
 TokEnd =            WhiteSpace "end"                 SpaceDelimiter
 TokExpandableText = WhiteSpace "expandabletext"      SpaceDelimiter
 TokExplain =        WhiteSpace "Explain"             SpaceDelimiter
 TokExplicitValue =  WhiteSpace "explicitvalue"       SpaceDelimiter
 TokIs =             WhiteSpace "="                   WhiteSpace
 TokItemList =       WhiteSpace "ItemList"            SpaceDelimiter
 TokKeyName =        WhiteSpace "KeyName"             SpaceDelimiter
 TokLeftCurly =      WhiteSpace "{"                   WhiteSpace
 TokListbox =        WhiteSpace "listbox"             SpaceDelimiter
 TokMachine =        WhiteSpace "Machine"             SpaceDelimiter
 TokMax =            WhiteSpace "max"                 SpaceDelimiter
 TokMaxlen =         WhiteSpace "maxlen"              SpaceDelimiter
 TokMin =            WhiteSpace "min"                 SpaceDelimiter
 TokNE =             WhiteSpace "!="                  SpaceDelimiter
 TokName =           WhiteSpace "name"                SpaceDelimiter
 TokNosort =         WhiteSpace "nosort"              SpaceDelimiter
 TokNumeric =        WhiteSpace "numeric"             SpaceDelimiter
 TokOEMConvert =     WhiteSpace "oemconvert"          SpaceDelimiter
 TokPart =           WhiteSpace "Part"                SpaceDelimiter
 TokQuotedString =   WhiteSpace DQUOTE 1*AdmQuotedCharacter DQUOTE WhiteSpace
 TokPolicy =         WhiteSpace "policy"              SpaceDelimiter
 TokRequired =       WhiteSpace "required"            SpaceDelimiter
 TokRightCurly =     WhiteSpace "}"                   SpaceDelimiter
 TokSemi =           WhiteSpace ";"                   WhiteSpace
 TokSpin =           WhiteSpace "spin"                SpaceDelimiter
 TokStrings =        WhiteSpace "[strings]"           SpaceDelimiter
 TokSuggestions =    WhiteSpace "suggestions"         SpaceDelimiter
 TokSupported =      WhiteSpace "supported"           SpaceDelimiter
 TokText =           WhiteSpace "text"                SpaceDelimiter
 TokTxtConvert =     WhiteSpace "TxtConvert"          SpaceDelimiter
 TokUser =           WhiteSpace "User"                SpaceDelimiter
 TokValue =          WhiteSpace "value"               SpaceDelimiter
 TokValueName =      WhiteSpace "ValueName"           SpaceDelimiter
 TokValueOff =       WhiteSpace "valueoff"            SpaceDelimiter
 TokValueOn =        WhiteSpace "valueon"             SpaceDelimiter
 TokValueprefix =    WhiteSpace "valueprefix"         SpaceDelimiter
            

The file specifies both presentation information for administrative plug-in and serialization/deserialization for administrative tools.

The key directive for user interface presentation is the AdmUIControl production in the preceding ABNF; it can begin with one of the following terminal strings with the following meanings:

 Value

 Meaning

CheckBox

Policy Administration plug-ins are expected to present a control that allows the user to select a single check box.

EditText

Policy Administration plug-ins are expected to present a simple string control for viewing and editing this setting.

ComboBox

Policy Administration plug-ins are expected to present a simple list control that also allows manual editing for viewing and editing this setting.

DropDownList

Policy Administration plug-ins are expected to present a control that allows the user to select a single item from a drop-down list.

Numeric

Policy Administration plug-ins are expected to present a simple numeric control for viewing and editing this setting.

ListBox

Policy Administration plug-ins are expected to present a list user interface control for viewing and editing this setting. If not modified with "additive", this MUST be serialized to the format specified in Registry Policy Message Syntax (section 2.2.1) with an instruction that is preceded by an instruction using the "***DeleteKeys" value (the quoted value string MUST be taken literally), as specified in Client Plug-In Details (section 3.2).

Text

Policy Administration plug-ins are expected to just display the characters, following this literally. There is no user input to serialize or deserialize.

The following nonterminal symbols imply important semantics for presentation or serialization:

  • AdmOemConvert:

    If present, indicates that the string value associated with this part MUST be converted to ASCII before serialization. ASCII refers to a single 8-bit ASCII character or an array of 8-bit ASCII characters with the high bit of each character set to zero.

  • AdmExpandableText:

    If present, indicates that, for this associated part, the Registry Policy Message Data Type from Registry Policy Message Syntax (section 2.2.1) MUST be serialized using type 0x02 from Registry Policy Message Syntax (section 2.2.1).

  • AdmAdditive:

    If present, indicates that for AdmListBox controls, the Policy Setting MUST be serialized into Registry Policy format without being preceded by an instruction to delete all values (see section Registry Policy Message Sequencing (section 3.2.5.1)).

  • AdmExplicitValue:

    If present, indicates that for AdmListBox controls, both the Value and Data to serialize to, from the Registry Policy Message specification (as specified in Registry Policy Message Syntax (section 2.2.1)), MUST come from an administrative tool's user input. If AdmValuePrefix is also specified, it is ignored.

  • AdmValuePrefix <prefix>:

    Specifies that any registry values associated with this part MUST be prepended with <prefix> when serialized to the Registry Policy message format.

  • AdmSpin <spinvalue>:

     Specifies that the Policy Administration plug-ins are expected to present the associated part in the user interface using a type of control that allows the user to increment or decrement integer values through the control. A <spinvalue> of 0 removes the spin control. A <spinvalue> of 1 is the default.

  •  AdmTextConvert:

     If present, indicates that the Policy Administration plug-ins MUST serialize the associated value into the Registry Policy format using type 0x01 (string), as specified in Registry Policy Message Syntax (section 2.2.1), even if the value is numeric.

  • AdmDefChecked:

     If present, indicates that the administrative plug-in MUST enable their associated AdmCheckBox control when a user initially attempts to enable the associated setting.

  • AdmMax <maxvalue>:

     Specifies that the administrative plug-in that consume this format to edit a GPO MUST enforce a maximum value for the number. This value is a 32-bit integer and can be set to a maximum of 2^32 - 1. If this value is not specified, then the default value is 9999.

  • AdmMin <minvalue>:

    Specifies that the administrative plug-in that consumes this format to edit a GPO MUST enforce a minimum value for the number. This value is a 32-bit integer and can be set to a maximum of 2^32 - 1. If this value is not specified, then the default value is 0.

  • AdmSupported <descriptive string>:

    Specifies that the administrative plug-in MUST display a descriptive string describing any other requirements for the associated part to be supported.

  • AdmClientExt <extension GUID>:

    Specifies that for each AdmClient <extension GUID> occurrence, the administrative plug-in MUST send a GPO Extension Update Message (as specified in [MS-GPOL] section 2.2.8.2) to increment the GPO version and add the <Tool Extension GUID> (as defined in section 1.9) and <extension GUID> to either of the following attributes:

    • The gPCUserExtensionNames attribute if the GPO's user settings are being updated.

    • The gPCMachineExtensionNames attribute if the computer settings are being updated.

      These attributes are updated on the current GPO. They provide for the application of policy to the client by the Registry Extension.

      These attributes also provide for additional processing by a second client extension. The second client extension has the opportunity to process the entire GPO.

  • AdmMaxLen <maxlength>:

    Specifies that the Policy Administration plug-in MUST limit the text in the associated part to be, at most, <maxlength> characters.

  • AdmNoSort:

    If present, indicates that the administrative plug-in MUST NOT sort the entries when displaying the associated AdmCombobox, AdmDropdownlist, or AdmListbox.

  • AdmRequired:

     Specifies that the administrative plug-in that consume this format MUST NOT allow updates of the GPO for the registry key unless a value has been provided in the user interface.