Defining a policy

Extensible Markup Language (XML) files, like a custom administrative template file, are structured documents that contain a set of supported elements enclosed in opening and closing angle (< >) brackets. The elements can be required or optional depending on the requirements of the application.

For each group policy, an administrative template provides elements to do the following:

Place the policy in the computer configuration, in the user configuration, or in both
Place the policy in a category
Define the registry key entries and values to be set
Provide explanatory text for the policy-setting page

The following example illustrates the basic file format:

<class type="Machine">


  <category title="DirectControl Settings" 
  keynameid="CentrifyDCPolicyRegistrySettings">

    <category title="Pam Settings" 
    keynameid="CentrifyDCPolicyRegistryPam">

      <policy title="Set UID conflict resolution"
      valuename="pam.uid.conflict.enabled">

       <page>

        <!--
             UI Definition
         -->
         .
         .
         .

        </page>

        <explainpage textid="CentrifyDCPamUidConflict_Explain" />

      </policy>

      <policy title="Create k5login" valuename="pam.create.k5login">

        <valueon value="true" />

        <valueoff value="false" />

       <explainpage textid="CentrifyDCPamCreateK5Login_Explain" />

      </policy>

    </category>

  </category>

</class>

Use the following keywords to define the policy:

For this type	You can specify
class	Specifies the node in which to place the policy. Use one of the following with the `type` keyword: `Machine`: Computer Configuration node `User`: User Configuration node `Both`: Computer and User Configuration nodes
category	Specifies the folder for the policy. You can place a set of related policies in a single category. You can also nest categories by placing subfolders within a folder. Use `title` or `titleid` to name a category folder.
keyname keynameid	Specifies the registry setting. You can define the registry key at different levels, including category, policy, policy page or UI control, and it applies to all child levels. You can also override the setting at any child level. You should determine whether to use an existing registry key or create a new, custom key. See Defining the user interface for a policy for a discussion of when to use `keynameid` instead of `keyname`.
policy	Defines the policy. Use `title` or `titleid` for the display name, `keyname` or `keynameid` to specify the registry key, and `page` to define the property page user interface.
explainpage	Provides a page on which you can provide an explanation or instructions for the policy. The best practice is to provide a `textid` string for the page, and define the content (the explanatory text) of this and other strings in a separate section of the file. See Defining the user interface for a policy for more information.
page	Defines the property page for the policy. Use `title` or `titleid` for the page title. See Defining the user interface for a policy for a description of the tags you can use within page tags to define the property page.