Defining the user interface for a policy

You define the user interface for a group policy property page using the page tag. The template provides a number of tags that enable you to define a variety of controls, buttons, and dialogs for finding and entering Active Directory information to set group policies. Place any of the following tags within the page /page tags to define the user interface:

Note:   This chapter is not intended as a complete reference to the xml schema for an administrative template file, but rather shows how tags are commonly used to define a policy. For example, the current section shows how to construct the user interface to a group policy property page; specifically, it shows the tags used to create the user interface of the group policy property page. A complete reference would also show all the elements that could go into creating a dialog box, but this is not generally relevant to creating a property page and hence is not covered in this chapter.

For this type You can specify

text

Defines a text label control. Use text or textid to define the text to be displayed in the text label.

groupbox

Groups a set of UI controls on a policy page. Use text or textid to provide a name for the box. Use keyname or keynameid to specify the registry setting. Setting the registry key at this level overrides any setting at a higher level, for example, at the category level.

edittext

Creates a box in which a user can enter text. It requires the valuename keyword and value. The value should be the name used in the registry, if applicable. You can also use the following with edittext:

  • text or textid to display a name for the box.
  • default to display a default value when the policy is first enabled.
  • keyname or keynameid to specify the registry setting. Setting the registry key at this level overrides any setting at a higher level, for example, at the category level.
  • maxlength value maximum length of the string
  • charcasing to specify whether to leave the case of characters in the box as is or convert them to lowercase or uppercase. The default is to leave them as is (Normal).
  • required to require a value be set.
  • readonly to specify whether the value can be changed. The default is to allow the value to be changed (false).
  • button to define a button to be displayed after the text control box.
  • validation to define validation for user input.

numeric

Creates a numeric text box control that allows a user to adjust a numeric value up or down. It requires the valuename keyword and value. The value should be the name used in the registry, if applicable. You can also use the following with numeric:

  • text or textid to display a name for the box.
  • keyname or keynameid to specify the registry setting. Setting the registry key at this level overrides any setting at a higher level, for example, at the category level.
  • valuetype to display the type of the value in the registry setting.
  • default to display a default value when the policy is first enabled.
  • min value to set the minimum value allowed.
  • max value to set the maximum value allowed.
  • spin to define the amount to increment or decrement on each button click. The default increment is 1.
  • decimalplaces to specify the number of decimal places for the value to be filled in. The default is 0.
  • required to specify that the user must enter a value. The default is false, that is, the field is not required.
  • validation to define validation for user input.

listbox

Provides a list view in which a user may add, remove, or edit setting values. Use dialog to associate a dialog box that enables a user to add a new entry or edit an existing entry in the list box. Specify the type of the listbox (listboxtype) to specify the kind of values the listbox generates:

  • Single The box contains one column and generates a single value that is a concatenation of values from all rows separated by the separator attribute.
  • Prefix The box contains one column and generates a list of registry values. The registry value name is defined by the prefix attribute and with a row number appended to the prefix name.
  • Explicit The box contains two columns and generates a list of registry values. The first column contains the registry value name while the second column contains the registry value.

You can also use the following with listbox:

  • text or textid to display a name for the box.
  • keyname or keynameid to specify the registry setting. Setting the registry key at this level overrides any setting at a higher level, for example, at the category level.
  • prefix to define the prefix of the value name of the registry setting. Use this attribute with a listtype of Prefix.
  • separator to separate values when the listtype is Single.
  • min to set the minimum number of rows allowed.
  • max to set the maximum number of rows allowed.
  • sort to specify whether sorting is enabled in the list box.

checkbox

Boolean values. This keyword requires the valuename keyword and value, and the valuetype. The value should be the name used in the registry, if applicable. You can also use the following with this checkbox:

  • text or textid to display a name for the box.
  • keyname or keynameid to specify the registry setting. Setting the registry key at this level overrides any setting at a higher level, for example, at the category level.
  • checked to set the check box to checked when the policy is first enabled. Without this keyword, the check box is not checked by default.
  • valueon to define the registry setting when the check box is checked.
  • valueoff to define the registry setting when the check box is not checked.

radiogroup

Defines a set of two or more radio buttons (radiobutton) from which a user must make a single choice. This keyword requires the valuename keyword and value, and the valuetype. The value should be the name used in the registry, if applicable.

You can also use the following with radiogroup:

  • text or textid to display a name for the box.
  • keyname or keynameid to specify the registry setting. Setting the registry key at this level overrides any setting at a higher level, for example, at the category level.
  • radiobutton to define radio buttons for the control. Use checked=true to specify the default radio button.

radiobutton

A list of suggestions to allow the user to select or type a value. It requires the valuename keyword and value. The value should be the name used in the registry, if applicable. You can also use the following with combobox:

  • text or textid to display a name for the box.
  • checked to define the default state for the radio button. The default is false (not checked).
  • valueon to specify a value to be written to the registry when the radio button is checked.

dropdownlist

A list of suggestions to allow the user to select a value. It requires the valuename keyword and value. The value should be the name used in the registry, if applicable. You can also use the following attributes with dropdownlist:

  • valuetype to define the type of value in the registry setting.
  • text or textid to display a name for the box.
  • keyname or keynameid to specify the registry setting. Setting the registry key at this level overrides any setting at a higher level, for example, at the category level.
  • editable to specify whether the value in the dropdown list may be edited. The default is false (cannot be edited).
  • required to require a value be set.
  • sort to specify whether sorting is enabled in the dropdown list box.

You can use the following tags within dropdownlist:

  • listitem to define an item in the drop-down list.
  • validation to define validation for user input.

button

Creates a button for a text field defined by edittext.

Use the dialog or adbrowse tags with button to define a dialog box to be shown when a user clicks the button.

You can also use the following attributes with button:

  • text or textid to display a name for the box.
  • valueid to identify the value returned from the dialog box that is launched by clicking the button.

dialog

Provides a dialog box. You associate a dialog box to a button or to a listbox. Use title or titleid to specify the title for the dialog.

You can use the following child tags to define a dialog box:

  • groupbox to define a group box control in the dialog.
  • text to define a text control in the dialog.
  • edittext to define a text edit box control in the dialog.
  • numeric to define a numeric up down control in the dialog.
  • listbox to define a list box control in the dialog.
  • checkbox to define a check box control in the dialog.
  • radiogroup to define a group of radio button controls in the dialog.
  • dropdownlist to define a drop down list control in the dialog.
  • validation to define the validation on the user inputs in the dialog.

 

adbrowse

Provides a dialog box for browsing. You associate an adbrowse dialog box to a button or to a listbox. Use text or textid to specify the title for the dialog.

To browse Active Directory, use adbrowse type to identify the type of browsing:

  • FindADUser
  • FindADGroup
  • FindUnixUser
  • FindUnixGroup
  • FindComputer

Use multiselect to define whether a user can select multiple search results in the Active Directory browse dialog.

Use separator to specify the separator for multiple results.

You can use the following child tags to define an adbrowse dialog box:

  • groupbox to define a group box control in the dialog.
  • text to define a text control in the dialog.
  • edittext to define a text edit box control in the dialog.
  • numeric to define a numeric up down control in the dialog.
  • listbox to define a list box control in the dialog.
  • checkbox to define a check box control in the dialog.
  • radiogroup to define a group of radio button controls in the dialog.
  • dropdownlist to define a drop down list control in the dialog.

Using string IDs

When entering strings, such as text, keynames, and titles, you have the choice of using strings or string IDs. String IDs offer several advantages, such as a cleaner, more modular design, and the ability to customize the text if you plan to port to different languages.

The best practice is to put the string IDs in a ‘Strings’ section of the template file, which makes them easy to locate and modify in case of porting to other languages.

For example, the following segment from a template file shows how the explainpage tag specifies a string ID to attach explanatory text for a policy to the policy dialog box, while the actual text is defined in a ‘Strings’ section at a different place in the template:

- <!-- 
            Set login password prompt
  --> 
- <policy title="Set login password prompt"                   valuename="pam.password.enter.enabled">
- <page>
  - <edittext text="Set login password prompt"                   valuename="pam.password.enter.mesg"
      maxlength="1024" default="Password:">
    </edittext>
  </page>
<explainpage textid="CentrifyDCPasswordPrompt_Explain" /> 
  </policy>
- <!-- 
        .
        .
        .
- <!-- 
  ==========================================================
  Strings
  ==========================================================
<string id="CentrifyDCPasswordPrompt_Explain">The prompt that is displayed when an Active Directory user attempts to log in. Environment variables may be used in the form $VARNAME if a '$' character is desired, escape it: \$</string> 
  <string id="CentrifyDCPasswordChangeNotify_Explain">The message that is displayed to an Active Directory user when they attempt to change their password. Environment variables may be used in the form $VARNAME if a '$' character is desired, escape it: \$</string> 
        .
        .
        .