CCE-41701-4Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Disable: 'Configure registry policy processing' for NoBackgroundPolicy
This policy setting determines when registry policies are updated.
This policy setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed.
If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system.
The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart.
The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
Counter Measure:
Configure the setting to Enabled. Then clear the Do not apply during periodic background processing check box, and select the Process even if the Group Policy objects have not changed check box.
Potential Impact:
Group Policies will be reapplied every time they are refreshed, which could have a slight impact on performance.
Parameter:
[enable/disable, enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesSystemGroup PolicyConfigure registry policy processing
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsGroup Policy{35378EAC-683F-11D2-A89A-00C04FBBCFA2}NoBackgroundPolicy,NoGPOListChanges
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.0 | Attack Vector: LOCAL |
Exploit Score: 1.0 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35012 |