Policy retrieval and enforcement involves the use of a network access control system to control operations in a network. One example is the control of access to networked client machines. The criteria for whether a client machine is allowed to access the network, whether a particular user is allowed to access a given client machine, etc. are specified in a set of rules or parameters known as a policy. A policy is a set of usage rules, a set of parameters to be used by a specific authorized user, or a set of system criteria that is used to precisely define the rules that should be complied with before the system is allowed to access the network or the user is allowed to access the system. The policy may be contained in a policy description language. Policy objects typically consist of two parts: policy metadata that is stored in a directory server, and policy data that is stored in a file server. A directory server is the software system that stores, organizes and provides access to information in a directory. A file server is the software system that stores, organizes, and provides access to information in a file system. In essence, a directory is a map between names and values. In an example computing domain, the directory server and file server may be managed by a domain controller and may be accessed by various client devices in the domain. Software on the client devices can make requests of the directory server (e.g., by using the name of the client device or the identifier of an intended directory server) for the values in the directory associated with the name. Software on the client devices can also make requests of the file server (e.g. by using the identifier of an intended file server). In one example, the values in the directory server and files in the file server are associated with the policies that will be used with policy retrieval and enforcement. This set-up allows for the centralized storage of policy information which can be accessed by multiple clients, thereby preventing the need to store a copy of the policy information locally on each client device.