This policy setting determines when registry policies are updated. This policy setting affects all policies in the Administrative Templates folder and any other policies that store values in the registry. It overrides customized settings that the program implementing a registry policy set when it was installed. If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system. The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it. Vulnerability: You can enable this setting and then select the Process even if the Group Policy objects have not changed option to ensure that the policies will be reprocessed even if none have been changed. This way, any unauthorized changes that might have been configured locally are forced to match the domain -based Group Policy settings again. Counter Measure: Configure the setting to Enabled. Then clear the Do not apply during periodic background processing check box, and select the Process even if the Group Policy objects have not changed check box. Potential Impact: Group Policies will be reapplied every time they are refreshed, which could have a slight impact on performance. Fix: (1) GPO: Computer ConfigurationAdministrative TemplatesSystemGroup PolicyConfigure registry policy processing (2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsGroup Policy{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy

[enable/disable, enable/disable]

(1) GPO: Computer Configuration\Administrative Templates\System\Group Policy\Configure registry policy processing (2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy