3.1.5.2 Update Policy
To update the policy settings in a GPO using administrative tool plug-ins, the state of that GPO on the Group Policy server MUST be updated with an update policy message. This MUST be accomplished with the following message sequence:
SMB file open from client to server:
The plug-in MUST get a GPO path from the Group Policy: Core Protocol, as specified in [MS-GPOL] section 2.2.4 and attempt to write a GptTmpl.inf file to the following location: "<gpo path>\Machine\Microsoft\Windows NT\SecEdit\", where "<gpo path>" is the GPO path.
The SMB file open MUST request write permission and request that the file be created if it does not exist.
If the open request returns a failure status, the Group Policy: Security Protocol Extension sequence MUST be terminated.
SMB file write sequences:
The administrative add-in MUST perform a series of SMB file writes to overwrite the contents of the opened file with new settings. These writes MUST continue until the entire file is written or an error is encountered.
If an error is encountered, the protocol sequence MUST be terminated.
File close:
The tool MUST then issue an SMB file close operation.
The administrative tool invokes the Group Policy Extension Update task ([MS-GPOL] section 3.3.4.4).
File names and paths SHOULD be regarded as case-insensitive. If the write fails, the administrative-side plug-in MUST display to the user that the operation failed.