JSI Tip 9746. How do I alter the 16 hour security policy refresh that occurs when there are no Group Policy changes?

If there are no changes to group policy, the client computer refreshes security policy setting every 16 hours plus a randomized offset of up to 30 minutes. When this refresh occurs, the Application event log contains:

Event Type: Information
Event Source: SceCli
Event Category: None
Event ID: 1704
Date: MM/DD/YYYY
Time: HH:MM:SS
User: N/A
Computer: <Computer Name>
Description: Security policy in the Group policy objects are applied successfully.
To alter the default frequency, set the MaxNoGPOListChangesInterval Value Name at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\\{827D319E-6EAC-11D2-A4EA-00C04F79F83A\}.

The default is 0x3c0, 960 minutes (16 hours).

To set the MaxNoGPOListChangesInterval to 7 days, using REG.EXE, built into Windows XP, and Windows Server 2003, or REG.EXE from the Windows 2000 Support Tools on the CD-ROM:

REG ADD "HKLM \SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\\{827D319E-6EAC-11D2-A4EA-00C04F79F83A\}" /V MaxNoGPOListChangesInterval /T REG_DWORD /F /D 0x2760

NOTE: See Windows 2000 Group Policy refresh.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish