Electrical computers and digital processing systems: multicomput – Distributed data processing
Reexamination Certificate
1999-04-20
2002-06-18
Meky, Moustafa M. (Department: 2153)
Electrical computers and digital processing systems: multicomput
Distributed data processing
Reexamination Certificate
active
06408326
ABSTRACT:
TECHNICAL FIELD
This invention relates to the application of a system policy for program modules, such as application programs, for storing user preferences and other data in binary format within the registry of an operating system for a computer system. More particularly, this invention relates to applying one or more system policies to end user's machines within an administered network environment for application programs that can write registry parameters in a binary format.
BACKGROUND OF THE INVENTION
A system policy is a method of remotely controlling end users' desktops in an administered network environment. It allows network administrators to control registry parameters such as user preferences or restrictions. A representative tool for defining a system policy is the System Policy Editor, which consists of a single executable (poledit.exe) that runs on “WINDOWS 95,” “WINDOWS 98” and “WINDOWS NT 4.0” operating systems developed and marketed by Microsoft Corporation of Redmond, Wash.
The System Policy Editor works in conjunction with templates, which are text files typically having a certain format and the extension ADM. The policy template is written by the application vendor to expose registry settings of interest to the administrator. The administrator runs the policy editor, opens a policy template, selects a setting, and chooses a value to enforce. The results are stored in a policy (POL) file, which is typically stored on the network logon server or another specified location. When a client computer logs on to the server network, the operating system running on the client computer locates the POL file and applies the policies to the end user's machine.
Prior system policy editors have supported data of types string (REG_SZ), expandable string (REG_EXPAND_SZ), or double-byte numeric (REG_DWORD), but have not supported binary data (REG_BINARY). For programs that store user preferences and other data in binary format, a system administrator has been unable to use an available system policy tool to implement a policy affecting those binary settings. System administrators have been frustrated that registry settings of interest for a policy could not be enforced for programs that store user preferences and other data in binary format within the registry. In view of the foregoing, there is a need in the art for a mechanism that enables a system administrator to enforce a system policy within an administered network environment for programs that store binary-formatted data within the registry of a computer system.
One prior technique for addressing the enforcement of a system policy for registry data maintained in a binary format is the creation of registry “override” data for a selected set of registry values. Registry override data comprises discrete value name/data pairs that correspond to specific bits for registry data maintained in a binary format. Because the registry override data is maintained in string or numeric data format, a system administrator can implement a system policy that affects the registry override settings. During application launch, the application can determine whether a policy file has applied system policy to a registry override value and, if so, the application can change the value for the corresponding bit in the binary formatted data of the registry.
Although the registry override solution allows a system administrator to apply system policy to selected set of binary formatted registry values, this solution is available only for a minimum number of registry values because each registry override affects the launch time of the application. In addition, the registry override solution is not extensible when new registry settings are added to another release of the application. Because the registry override values affected by system policy are written to disk in response to exiting the application, the prior registry values set by the user are “infected” by the system policy values. In other words, the user's preferred assignment of registry values corresponding to the registry override values are effectively overwritten by the application of system policy and are no long available for future application sessions, including those sessions conducted away from the administered computer network. Consequently, there is a need for an extensible mechanism for efficiently applying a system policy to registry data having a binary format. There exists a further need for a mechanism that can apply a system policy binary-formatted registry values without “infecting” user preferences in the registry.
In summary, the prior art has failed to provide an extensible and efficient mechanism for applying a system policy to registry data having a binary format. System administrators have been frustrated by the lack of a commonly available tool for applying a system policy affecting numerous binary registry data values. Likewise, users of machines in an administered computer network do not desire the permanent replacement of user registry values by registry override values that infect the preferred user settings in the registry. The present invention addresses these and other problems in the prior art by using registry data having a predetermined format to alter data maintained in a binary data structure to enforce a particular policy value for each application session.
SUMMARY OF THE INVENTION
The present invention can read alphanumeric data of a registry of a computer system and interpret this data as values of one or more binary bits stored in a global data structure. These values of specific bits for the global data structure can be changed during the run-time of a program module, such as an application, without affecting the other values in the data structure. In this manner, the invention allows system policies, which are normally limited to string or numeric data types, to include data that an application stores in binary format.
The invention also can prevent the writing of temporarily altered bit values to permanent storage when the data structure is saved during normal program module execution or shut-down sequences. The invention can avoid permanently writing policy data to a storage mechanism, such as the hard disk of the user's machine, because the existing values of bits set by a policy are stored in a temporary data structure while the application is running. When the user exits the application, the temporarily stored values are written back into the data structure before it is saved to the hard disk of the user's machine. In this manner, system policies desired by a system administrator may be implemented on a user's machine without permanently altering the setup of a user's machine.
Registry data is typically read by an application when the application is booted. For each global data structure, the application searches a particular location in the registry and enumerates named values. Named values preferably have a format that describes an offset defining a start position in the data structure and the number of affected bits. The value data defines the values applied to the affected bits. The value name is formatted with the information needed to correctly apply the policy.
For one aspect of the present invention, the syntax for value names is <comment>_<offset>_<number of bits>. The <comment> is optional and used primarily for documentation purposes. The <offset> describes the start location in the global data structure for which the policy is intended to control. More precisely, the <offset> describes the number of bits from the beginning of the data structure to the beginning of the region that this policy controls. The <number of bits> describes the size of this particular setting in bits.
Although a policy value can be written to the user's registry when the user logs onto the network, the value has no effect until the user boots the application. During application boot or launch, the application attempts to load policy settings for its binary setting object
Downer Joel W.
Glerum Kirk A.
Larsson Jeffrey E.
Meky Moustafa M.
Merchant & Gould
Microsoft Corporation
LandOfFree
Method and system for applying a policy to binary data does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for applying a policy to binary data, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for applying a policy to binary data will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2920721