How to delay security policies from being applied
In Windows 2000, Group Policy updates are dynamic and occur at specific intervals. If there have been no changes to Group Policy, the client computer still refreshes the security policy settings at regular intervals for the Group Policy object (GPO).
If no changes are discovered, GPOs are not processed, but security policies are. For security policies, there is a value that sets a maximum limit of how long a client can function without reapplying non-changed GPOs. By default, this setting is every 16 hours plus the randomized offset of up to 30 minutes. Even when GPOs that contain security policy settings do not change, the policy is reapplied every 16 hours and the following event is logged in the Application event log:
Event Source: SceCli
Event Category: None
Event ID: 1704
Computer: computer name
Description: Security policy in the Group policy objects are applied successfully.
Data: Minutes of delay, entered in hexadecimal
Note If a client computer is switched off for longer than the described interval, the security GPO is applied the next time that the computer is restarted. Depending on the GPO processing, as shown in the ACL settings on Files and Registry, the user may experience an unexpected delay during logon.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
Article ID: 277543 - Last Review: 02/28/2007 21:56:04 - Revision: 4.3
- kbenv kbhowto KB277543