Platform SDK: Group Policy

Creating a Policy Callback Function

The system calls registered policy callback functions so they can apply policy. Each callback function receives a pointer to the list of deleted GPOs and a pointer to the list of changed GPOs. For more information, see ProcessGroupPolicyProc and Registering a Policy Callback Function.

The dwFlags parameter indicates whether user or computer policy is being applied. If user policy is being applied and the user logs off, the pbAbort parameter is set to TRUE and the callback function should stop applying policy. Similarly, if computer policy is being applied and the computer is shutting down, pbAbort is set to TRUE and the callback function should stop applying policy.

Policy callback functions can apply policy either synchronously or asynchronously. The following example is a callback function that applies policy synchronously. This is the recommended method for applying policy in a policy callback function.

#include <windows.h>
#include <userenv.h>

DWORD ProcessGroupPolicyProc(
  DWORD dwFlags,
  HANDLE hToken,
  HKEY hKeyRoot,
  PGROUP_POLICY_OBJECT pDeletedGPOList,
  PGROUP_POLICY_OBJECT pChangedGPOList,
  ASYNCCOMPLETIONHANDLE pHandle,
  BOOL *pbAbort,
  PFNSTATUSMESSAGECALLBACK pStatusCallback
)

{
   PGROUP_POLICY_OBJECT pCurGPO;

   // Check dwFlags for settings.

   // ...

   // Process deleted GPOs.

   for( pCurGPO = pDeletedGPOList; pCurGPO; pCurGPO = pCurGPO->pNext )
   {
       if( *pbAbort )
       {
           // Abort.
           break;
       }
       // ...
   }

   // Process changed GPOs.

   for( pCurGPO = pChangedGPOList; pCurGPO; pCurGPO = pCurGPO->pNext )
   {
       if( *pbAbort )
       {
           // Abort.
           break;
       }
       // ...
   }

   return( ERROR_SUCCESS );

}

If your callback function processes policy asynchronously, your implementation of ProcessGroupPolicyProc will differ slightly. The callback function will create a thread to process the GPO lists. When the thread has finished processing the GPOs, the callback function will call the ProcessGroupPolicyCompleted function to indicate that policy has been applied.