System Policies, Windows 2000 Group Policy White Paper, Reflect policy changes in your UI, ShellExecute, ShellExecuteEx| Be aware of and honor system policies |
System policies are a great feature for administrators, but they’re only effective if applications don't override them. Typically, the shell enforces most system policies, but if your program extends the shell or offers shell like functionality, you’ll need to enforce those policies too.
The best way to adhere to system policy is to only use Win32 APIs that are policy aware. A good example is using ShellExecuteEx rather than CreateProcess to launch an application through user initiated means. Whereas ShellExecuteEx automatically checks and enforces system policy settings, CreateProcess does not.
If your application replaces or duplicates Operating System functionality, then you MUST also implement any policies offered by the OS functionality that you are replacing.
To determine if an Operating System component has associated policy:
In addition to checking for User policy, you should also check for Computer policy using the same method. Some components have both user and computer policies.
If you enable policies via the Group Policy snap-in, the client computers will receive the corresponding registry values in one of the following registry keys:
HKLM\Software\Policies
HKCU\Software\Policies
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
It is highly likely that the system policy registry keys will be read-only. Take care to only open the keys with KEY_READ privileges.
Respecting system policies is a requirement for the Windows 2000 Application Specification logo.
System Policies, Windows 2000 Group Policy White Paper, Reflect policy changes in your UI, ShellExecute, ShellExecuteEx