2.2.2 Central Access Policy File Message Format

All CAP policy files processed by the Group Policy: Central Access Policies Extension are UTF-8 encoded and are based on the following file syntax.

 InfFile = UnicodePreamble VersionPreamble Sections
 UnicodePreamble = *("[Unicode]" LineBreak "Unicode=yes"
        LineBreak)
 VersionPreamble = "[Version]" LineBreak "Signature=" 
        DQUOTE "$Windows NT$" DQUOTE LineBreak "Revision=1" LineBreak
 Sections = Section /  Section Sections
 Section = Header Settings
 Header = "[" HeaderValue "]" LineBreak
 HeaderValue = StringWithSpaces
 Settings = Setting / Setting Settings
 Setting = DQUOTE Value DQUOTE  LineBreak
 Value = String

The preceding syntax is in the Augmented Backus-Naur Form (ABNF) grammar, as specified in [RFC4234], and is augmented by the following rules.

 LineBreak = CRLF
 StringWithSpaces = String / String Wsp StringWithSpaces
 QuotedString = DQUOTE *(%x20-21 / %x23-7E) DQUOTE
 Wsp = *WSP
 ALPHANUM = ALPHA / DIGIT

Each Value string MUST be a valid LDAP distinguished name, as defined in [MS-ADTS] section 3.1.1.3.1.2.

Note  CAP policy files are stored as .inf files in a subfolder (section 3.1.5.1) of the Machine subdirectory in the Group Policy Object (GPO) path.