Implementing Policy on the Client

The following diagram illustrates the decision process for implementing policy on the client.

If your data is registry-based, read policy when your applications starts. To ensure that policy is not updated while you are reading the registry, call the EnterCriticalPolicySection function to obtain ownership of the policy section. When the application has finished reading the registry, it should call the LeaveCriticalPolicySection function to release ownership of the policy section, so other applications can resume updating policy.

File-based data requires a policy callback function to apply policy. For more information, see Creating a Policy Callback Function.

If you are writing a service, read policy at service start. When a policy refresh is needed, call the GetGPOList function to retrieve the list of GPOs.

An application, snap-in extension, or service can monitor changes that take place in policy and can apply policy accordingly. The system broadcasts the WM_SETTINGCHANGE message to all desktops when policy has changed. The lParam parameter points to the string "Policy". The wParam parameter is 1 if computer policy was applied or zero if user policy was applied.

Snap-in extensions and applications that do not have a window to receive messages can use the RegisterGPNotification function to receive notification when there is a change in policy.