ayohrling / local_security_policy

Apache License 2.0
6 stars 28 forks source link

18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE' #64

Open pillarsdotnet opened 5 years ago

pillarsdotnet commented 5 years ago

18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'

Info

The 'Do not apply during periodic background processing' option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. The recommended state for this setting is: 'Enabled: FALSE' (unchecked). Rationale: Setting this option to false (unchecked) will ensure that domain policy changes take effect more quickly, as compared to waiting until the next user logon or system restart.

Solution

To establish the recommended configuration via GP, set the following UI path to 'Enabled', then set the 'Do not apply during periodic background processing' option to 'FALSE' (unchecked): Computer Configuration\Policies\Administrative Templates\System\Group Policy\Configure registry policy processing Note: This Group Policy path may not exist by default. It is provided by the Group Policy template 'GroupPolicy.admx/adml' that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer). Impact: Group Policies will be reapplied every time they are refreshed, which could have a slight impact on performance.

See Configure registry policy processing