3.1.5.2 Update Policy

The Update Policy event occurs when the Group Policy administrator updates the policy settings in the file system component of a GPO by using the Administrative tool. When policy settings are modified, the state of the GPO MUST be updated via the following Update Policy message  sequence:

  1.  File access File Open sequence:

    The Administrative tool extension MUST first invoke the core Group Policy engine to obtain the <gpo path>, as specified in [MS-GPOL] section 2.2.4, to locate the CAP.inf file.

    The file access File Open operation MUST request write permissions and MUST create the file if it does not exist. If it does not exist, the operation MUST attempt to write a CAP.inf file to the following location:

    <gpo path>\Machine\Microsoft\Windows NT\CAP\

    If the File Open request returns an implementation-specific failure status, the entire Group Policy: Central Access Policies Extension sequence MUST be terminated.

  2. File access File Write sequences:

    The Administrative tool extension MUST perform a series of file writes to overwrite the contents of the opened file with new policy settings. These file writes MUST continue until the entire file is written or an error is encountered.

    If the File Write request returns an implementation-specific failure status, the entire Group Policy: Central Access Policies Extension sequence MUST be terminated.

  3. File access File Close:

    The Administrative tool extension MUST then issue a File Close operation.

  4. Providing that no failures occurred, the Administrative tool extension MUST invoke the Group Policy Extension Update event ([MS-GPOL] section 3.3.4.4).