Defining a policy

Extensible Markup Language (XML) files, like a custom administrative template file, are structured documents that contain a set of supported elements enclosed in opening and closing angle (< >) brackets. The elements can be required or optional depending on the requirements of the application.

For each group policy, an administrative template provides elements to do the following:

  • Place the policy in the computer configuration, in the user configuration, or in both
  • Place the policy in a category
  • Define the registry key entries and values to be set
  • Provide explanatory text for the policy-setting page

The following example illustrates the basic file format:

<class type="Machine">

<category title="DirectControl Settings"
    <category title="Pam Settings" 
      <policy title="Set UID conflict resolution"
             UI Definition
        <explainpage textid="CentrifyDCPamUidConflict_Explain" /> 
      <policy title="Create k5login" valuename="pam.create.k5login">
        <valueon value="true" /> 
        <valueoff value="false" /> 
       <explainpage textid="CentrifyDCPamCreateK5Login_Explain" /> 

Use the following keywords to define the policy:

For this type You can specify


Specifies the node in which to place the policy. Use one of the following with the type keyword:

Machine: Computer Configuration node

User: User Configuration node

Both: Computer and User Configuration nodes


Specifies the folder for the policy. You can place a set of related policies in a single category. You can also nest categories by placing subfolders within a folder.

Use title or titleid to name a category folder.



Specifies the registry setting. You can define the registry key at different levels, including category, policy, policy page or UI control, and it applies to all child levels. You can also override the setting at any child level.

You should determine whether to use an existing registry key or create a new, custom key.

See Defining the user interface for a policy for a discussion of when to use keynameid instead of keyname.


Defines the policy. Use title or titleid for the display name, keyname or keynameid to specify the registry key, and page to define the property page user interface.


Provides a page on which you can provide an explanation or instructions for the policy. The best practice is to provide a textid string for the page, and define the content (the explanatory text) of this and other strings in a separate section of the file. See Defining the user interface for a policy for more information.


Defines the property page for the policy. Use title or titleid for the page title. See Defining the user interface for a policy for a description of the tags you can use within page tags to define the property page.