Share via

3.1.5.2.1 Package Creation

  • Article

When an administrator deploys new software, a new software package is created. The plug-in MUST accomplish this in the following way, using the messages specified in section 2.2.3.2:

  1. The Common LDAP Bind sequence (section 3.2.5.6) MUST be issued.

  2. The client MUST issue a class store creation message, as specified in section 2.2.3.2.1. If this succeeds or returns an ldapResult message indicating that the class store instance of the classStore objectClass already exists, the protocol MUST continue to the next step. If the resultCode field of the addResponse message is non-zero for any other reason, then this protocol sequence MUST proceed to step 9 (LDAP UnBindRequest).

  3. The client MUST issue a package container creation message, as specified in section 2.2.3.2.2.

    1. If this succeeds, the client MUST issue a class store confirmation message as specified in 2.2.3.2.4. If the resultCode field of the modifyResponse message is non-zero, this protocol sequence MUST proceed to step 9 (LDAP UnBindRequest).

    2. If the package container creation message failed because the container already exists, the protocol MUST continue to the next step.

    3. If the resultCode field of the addResponse message is non-zero for any other reason, then this protocol sequence MUST proceed to step 9 (LDAP UnBindRequest).

  4. The client MAY retrieve the packageName of the package to be added.<13> To retrieve the packageName of the package to be added, a Package Search Request (section 2.2.3.1.1) MUST be generated by the client with the following parameters:

    • baseObject: MUST be cn=Packages,cn=Class Store,cn={policy mode},{GPO path}.

    • Scope: MUST be set to 1 (singleLevel).

    • Filter: The following LDAP filter (as specified in [RFC2254]) MUST be used to search the package (the representation given here is what is specified in [RFC2254]). This representation can be mapped to the LDAP protocol representation and wrapped with the AND operator (&):

      • packageName=<name of package to be added>

    • attributes: MUST be packageFlags.

  5. The client MUST issue a package creation message, as specified in section 2.2.3.2.3, setting the attributes of the message according to the administrator's specifications of the software deployment. If the resultCode field of the addResponse message is non-zero, this protocol sequence MUST proceed to step 9 (LDAP UnBindRequest).

  6. The client MUST issue a Class Store Confirmation Message (section 2.2.3.2.4) updating the lastUpdateSequence timestamp. If the resultCode field of the modifyResponse message is non-zero, the protocol MUST proceed to step 9 (LDAP UnBindRequest).

  7. The administrative tool MUST issue a Group Policy Extension Update as specified in [MS-GPOL] section 3.3.4.4. If this message fails, the protocol MUST proceed to step 9 (LDAP UnBindRequest).

  8. For the new software installation package, the client MUST generate a remote file access sequence to create the application advertise script specified in section 2.2.4.

    This sequence MUST be the following:

    1. A file open from client to server.

      The plug-in MUST attempt to open the new application advertise script identified by the value of the msiScriptPath attribute.

    2. A file write sequence.

      One or more file writes MUST be done to write the new application advertise script.

    3. File close.

      A file close operation MUST be issued after the file has been written by the client or an error in writing occurs.

  9. The Common LDAP UnBind sequence (section 3.2.5.7) MUST be issued.