3.2.5.2 Client-Side Extension Sequences

When invoked by the Process Group Policy event, the CSE attempts to retrieve the list of applicable GPOs from the New or changed GPOs logical parameter of the event. The CSE MUST then iterate through this list and locate and retrieve the central access policy file (CAP.inf) in the path specified by the gPCFileSysPath attribute of each GPO. For each GPO, one file with the format specified in section 2.2 MUST be copied from the Group Policy file share to the local computer.

For each GPO, the CSE of this protocol MUST generate the following file access sequences when processing each CAP.inf file: 

Sequence	Description
File Open	The CSE MUST attempt to open the file specified in the following location: <scoped gpo path>\Microsoft\Windows NT\CAP\cap.inf.
File Read	Until an error occurs, one or more file reads MUST be performed to read the entire contents of the opened file.
File Close	A file close operation MUST be performed.

Note  If any file cannot be read, the CSE MUST log information about the failure and continue to process CAP.inf files specified by other GPOs.

Each file MUST be parsed according to the format specified in section 2.2. If the file does not conform to the specified format, the entire operation for that file MUST be ignored. If the file does conform to the specified format, each distinguished name Value specified in Settings in the CAP.inf file (section 2.2.2) MUST be added to the CentralAccessPolicyDNList ADM element described in section 3.2.1.1.