Adding RSoP to your Extension Snap-in
If you have an existing extension snap-in to the Group Policy Object Editor, you can add RSoP support with a few modifications.
The UI of the extension snap-in in RSoP mode can be similar to the UI in editing mode except for the following differences:
- In RSoP mode, the UI must be in read-only mode.
- In RSoP mode, the UI requires a property page for Precedence.
Read-only Mode
RSoP mode in the UI must be read-only mode because users cannot make changes while running in RSoP mode. RSoP mode can show users the results of applying Group Policy in a what-if situation or in an actual situation. Therefore, controls for all dialog boxes that your extension snap-in displays must be in read-only mode. You must also remove menu items that offer editing functionality.
Precedence Property Page
A property page is necessary to show what would happen if the current state of a policy were removed and a GPO of lesser importance were to set the final state for the policy. The property page should show all relevant GPOs, and the GPO values for a particular policy, to enable the user to perform a what-if analysis.
For example, assume that there are four relevant GPOs, GPO1 through GPO4, and that GPO4 is the most important GPO.
In each GPO, the registry value NoRun is defined in the following manner:
- GPO1 Enabled
GPO2 Disabled
GPO3 Enabled
GPO4 Disabled
In this example, GPO1 is processed and applied first, GPO2 is applied second, and so on. Because GPO4 is the last GPO processed, the NoRun policy is Disabled for the user. The last GPO that is applied always has the highest precedence. If disabling the NoRun policy is not the desired result for the user, the administrator could eliminate GPO4 for the user. Because GPO3 would then be the last GPO applied, the NoRun policy would be enabled for the user.
For more information, see Implementing RSoP on the Server.