| Protect related policies with CriticalPolicySections |
Policies that need to play together should stay together! Windows 2000 can update policies while an application is running, which means that if you want your policies to be read together, you need to protect them with CriticalPolicySections.
CriticalPolicySections prevent the operating system from updating the registry while inside a CriticalPolicySection. Before your application reads the first policy of a group of related policies, you should call EnterCriticalPolicySection, then read the related policies. When done reading the last of the single group of related policies, you should call LeaveCriticalPolicySection. As with any critical section, entry and exit need to happen as close together as possible.
In this section of the code our program needs to read in the settings used to access the database. We need to read in the database name, and the logon ID and password needed to access it. These all go together, so we don't want the system updating the settings part way through reading them.
To keep the system from doing this we apply this guideline and use the CriticalPolicySections. First we enter our critical policy section, then do our reads, and leave the critical policy section.
HANDLE hCritPolicySec = NULL;
hCritPolicySec = EnterCriticalPolicySection(FALSE);
if (NULL == hCritPolicySec)
{
// ... error handling
}
else
{
// ... Read in the Database Name, Logon ID, and Password ...
if (NULL != LeaveCriticalPolicySection(hCritPolicySec))
{
// ... error handling
}
}The CriticalPolicySection APIs are only supported on Windows 2000 and newer platforms.
No UI should be displayed during a CriticalPolicySection.
Entry and exit need to happen as close together as possible.
EnterCriticalPolicySection, LeaveCriticalPolicySection, Using Group Policy