What is LDAP?

The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs directly over the
TCP/IP stack. The information model (both for data and namespaces) of LDAP is similar to that of the
X.500 OSI directory service, but with fewer features and lower resource requirements than X.500. Unlike
most other Internet protocols, LDAP has an associated API that simplifies writing Internet directory service
applications. The LDAP API is applicable to directory management and browser applications that do not
have directory service support as their primary function. LDAP cannot create directories or specify how a
directory service operates.

Group Policy
Purpose

Group Policy enables policy-based administration using Microsoft Active Directory directory services.
Group Policy uses directory services and security group membership to provide flexibility and support
extensive configuration information. Policy settings are specified by an administrator. This is in contrast to
profile settings, that are specified by a user. Policy settings are created using the Microsoft Management
Console (MMC) snap-in for Group Policy.

Resultant Set of Policy (RSoP) is an enhanced Group Policy infrastructure that uses Windows Management
Instrumentation (WMI) to enable administrators to determine the policy settings that apply to, or will
apply to, a user or computer.

Group Policy preferences enable administrators to configure, deploy, and manage greater numbers of
operating system and application settings while still allowing the user to change their configuration.

Where Applicable

All Windows-based applications can use the Group Policy infrastructure to configure their policy settings.

Note You cannot call the Group Policy Interfaces from managed code using COM interop.

Developer Audience

The Group Policy API is designed for use by C/C ++ programmers. Familiarity with Active Directory and
MMC is required.

Run-Time Requirements

Applications that use Group Policy require Windows 2000 or later. RSoP requires Windows XP Professional
or later. Group Policy preference administration requires Windows Vista or later. For more information
about which operating systems are required to use a particular interface, see the Requirements section of
the documentation for the interface.

In This Section

Topic Description
About Group Policy General information and code examples about Group Policy architecture
and processing.

About Group Policy General information and code examples about extending the Group Policy
Preferences preference Applications Snap-in.

Using Group Policy General information and code examples about implementing Group Policy
and RSoP.

Reference Documentation of the Group Policy functions, interfaces, file formats, and
RSoP WMI classes.

See Also

Active Directory
Microsoft Management Console

Group Policy Management Console

Purpose

The Group Policy Management Console (GPMC) unifies Group Policy management across an enterprise.
Before GPMC, administrators were required to use several tools to manage Group Policy; tools included
the Microsoft Active Directory Users and Computers snap-in, the Active Directory Sites and Services snap-
in, the Resultant Set of Policy snap-in, the Delegation Wizard, and the ACL Editor. The GPMC integrates
the existing Group Policy functionality exposed in these tools into a single console, along with the following
new capabilities:

• A user interface that makes it easier to use and manage Group Policy.

• Backup, restore, import, and copy Group Policy Objects (GPOs).

• Simplified management of Group Policy-related security

• Reporting for GPO settings and Resultant Set of Policy (RSoP) data.

• Programmatic access to the above GPO operations. Note that it is not possible to

programmatically set individual policy settings within a GPO.

Where Applicable

Windows-based applications can use the Group Policy infrastructure to manage Group Policy in Active
Directory. Programmatic access is enabled by the GPMC, which consists of a new Microsoft Management
Console (MMC) snap-in and a set of programmable interfaces for managing Group Policy. GPMC and its
interfaces can manage domains using Active Directory.

Developer Audience

The GPMC includes a set of programmable interfaces designed for use by administrators writing scripts as
well as C/C++ programmers. Familiarity with Active Directory is required. The sample scripts provided
when you install GPMC form the basis for a scripting toolkit that Group Policy administrators can use to
manage an organization.
Run-Time Requirements

The computer on which the GPMC interfaces are used must be running Windows XP SP1 or later versions
of Windows. To run on Windows XP SP1, you must also install Quick Fix Engineering update Q326469 and
the Microsoft .NET Framework.

GPMC is available as a free download from http://www.microsoft.com/downloads, for users with a licensed
copy of a Windows server operating system.

In This Section