Share via

3.1.5.2.2 Package Modification

  • Article

After software has been deployed in a GPO as a software package, an administrator might want to change properties of the software package, such as its display name in administrative tools, whether it is published or assigned, and so on. If specified by an administrator, this MUST be accomplished with the following protocol sequences:

  1. The Common LDAP Bind sequence (section 3.2.5.6) MUST be issued.

  2. Retrieve the GUID string, as defined in [RFC4122] section 3, of the package to be modified. A Package Search Request (section 2.2.3.1.1) MUST be generated by the client with the following parameters:

    • baseObject: MUST be a DN of the form CN=Packages,CN=Class Store,<scoped gpo dn>, where <scoped gpo dn> is a scoped GPO DN.

    • scope: MUST be set to 1 (singleLevel).

    • Filter: The following LDAP filter (as specified in [RFC2254]) MUST be used to search the Packages container of the GPO (the representation given here is what is specified in [RFC2254]). This representation can be mapped to the LDAP protocol representation and wrapped with the AND operator (&):

      • packageName=<name of package to be modified>

    • attributes: MUST be objectclass and packageFlags.

      The reply MUST be a Package Search Reply (section 2.2.3.1.2) containing the ObjectName of the package and the objectclass and packageFlags attributes.

  3. Retrieve the packageFlags of the package to be modified. A Package Search Request (section 2.2.3.1.1) MUST be generated by the client with the following parameters:

    • baseObject: MUST be the DN of the package returned as the ObjectName from step 2.

    • scope: MUST be set to 0 (base Object).

    • Filter: The following LDAP filter (as specified in [RFC2254]) MUST be used to search the package (the representation given here is what is specified in [RFC2254]). This representation can be mapped to the LDAP protocol representation and wrapped with the AND operator (&):

      • objectClass=*

    • attributes: MUST be packageFlags.

      The reply MUST be a Package Search Reply (section 2.2.3.1.2) containing the packageFlags attribute.

  4. The client MUST issue a package update message (specifying the attributes of the PackageRegistration object) as specified in section 2.2.3.2.5 that corresponds to properties of the software package that the administrator wants to modify. If the resultCode field of the modifyResponse message is non-zero, this protocol sequence MUST proceed to step 7 (LDAP UnBindRequest).

  5. The client MUST issue a class store confirmation message as specified in 2.2.3.2.4. If the resultCode field of the modifyResponse message is non-zero, this protocol sequence MUST proceed to step 7 (LDAP UnBindRequest).

  6. Issue the Group Policy Extension Update event ([MS-GPOL] section 3.3.4.4).

  7. The Common LDAP UnBind sequence (section 3.2.5.7) MUST be issued. If the returned resultCode value in step 4 was non-zero, the protocol sequence MUST be terminated. Otherwise, the protocol MUST continue to step 8.

  8. If the revision attribute was successfully modified in step 2, the client MAY generate a remote file access sequence to update the application advertise script file for this PackageRegistration object.<14> This sequence MUST be the following:

    1. A file open from client to server.

      The plug-in MUST attempt to open the application advertise script file identified by the value of the msiScriptPath attribute.

    2. A file write sequence.

      One or more file writes MUST be done to replace the entire contents of the opened file with the new application advertise script file content or until an error is encountered.

    3. File close.

      A file close operation MUST be issued after the file has been replaced by the client or an error in writing occurs.