Sysadmins LV
Vadims Podāns
Vadims Podāns
  • I work at
PKI Solutions
Microsoft Most Valuable Professional: Windows PowerShell
Protected by Copyscape DMCA Takedown Notice Search Tool

Historical Content Alert

This is a historical content for Windows NT 4.0 product and is presented for informative purposes only. All content in this directory is copyrighted and owned by Microsoft.

Writing Policy Modules in Visual Basic

To build a policy module in Microsoft® Visual Basic® version 5.0, build a class module called CertificateAuthority.Policy. This naming convention must be followed in order for RegSvr32 to store the GUID in the correct location in the system registry when it is run on the policy module DLL. To be sure of this, complete the following steps:

  1. Tools.Options.Project.ProjectName must be set to CertificateAuthority.

  2. Tools.Options.Project.Startup Form must be set to Sub Main.

  3. Tools.Options.Project.StartMode must be set to OLE Server.

  4. You must have a creatable class module named Policy. To create the module you must insert a class module, select View.Properties and edit all three fields: set Name to Policy, set Public to True and set Instancing to 2 (Creatable MultiUse.)

  5. Check the Tools.Options.Project.Advanced.OLE DLL.Use OLE DLL Restrictions check box

  6. If you call the Set/Get Property routines, you must run RegSvr32 Certif.dll prior to compiling the Visual Basic module, and you must also find Certif.dll in the Tools.References list box and make sure Certif.dll's "Certif 1.0 Type Library" check box is checked.

  7. Then use File.Make OLE DLL File to build the DLL.

The Class Module must have one method, named VerifyRequest. The VerifyRequest method will receive a request from the server and authorize or deny the request.

Note VerifyRequest is free to spawn off other processes or access an external database to do the request verification. If the verification requires out-of-band processing or human intervention, VerifyRequest can notify another process or leave any notice of the incoming request required. After the out-of-band processing is complete, a call to the Administration API can be made, or the provided administration utility can be used to resubmit the request to the policy module. The policy module can examine the request again, access any necessary external data and return a value to indicate the certificate should be issued or denied.

Share this article: