2.1.3.2.2.2 Updating GPO Properties
Whenever the administrator uses the Administrative tool to modify GPO properties, the tool generates a GPO property update message. This is an LDAP modifyRequest message with specific passed parameters, as described in [MS-GPOL] section 2.2.8.3. The Administrative tool receives a modifyResponse message in reply. This message provides a return value that indicates success or failure of the modify request. A value equal to the integer zero indicates success, whereas any other value indicates failure.
The following tasks are also required after GPO properties are updated:
Open the policy file on the Group Policy file share by using SPNEGO for authentication, as described in [MS-SPNG].
Modify the directory security descriptor.
Close the policy file.