Re: Group Policy refresh behavior

From: Glenn L (the.only(delete)_at_gmail)
Date: 02/17/05 

Date: Wed, 16 Feb 2005 17:25:02 -0800

B is correct.
GPO refresh happens at reboot, login, and in the background every 90 minutes
(clock starts at boot for computer side background refresh. clock starts at
login for user side background refresh)

GPOs will only truly be reapplied when there are changes. (this is
controllable through CSE registry settings on the workstation)

Just to clarify,
A GPO refresh is when the client goes out, detects what GPOs should be
applied, compares the list to what was last applied, and compares the
version of the GPO to the version of the GPO last applied. If there are any
new GPOs to apply, or if one of the GPOs (Site, Domain, or OU based) have a
higher version number, then the GPO will be applied to the workstation or
user.

The security CSE will reapply the GPO security settings every 16 hours even
if there are no changes (same version number) 

-- 
Glenn L
CCNA, MCSE 2000/2003 + Security
"D.P. Roberts" <dproberts@pbride.com> wrote in message 
news:euuHb%23DFFHA.2568@TK2MSFTNGP10.phx.gbl...
> The default time interval for group policy background refreshing is 90 
> minutes. But I'm curious: is it a fixed 90 minute schedule for all 
> machines in the domain, or is it variable depending on when a particular 
> machine last received the update? In other words, what is the outcome of 
> this scenario:
>
> A background GP refresh occurs on my machine at 9:00. I reboot and login 
> at 9:30, which triggers another GP refresh. When will the next background 
> GP refresh (ignoring randomization) occur?
>
> A. 10:30 (90 minutes after the original 9:00 refresh)
> B. 11:00 (90 minutes after the user-triggered 9:30 refresh)
>
>
> If A is correct, it would mean all machines in your domain are always on 
> the same refresh schedule.
> If B is correct, it would mean domain machines are on different refresh 
> schedules.
>
> Anyone know?
>

Relevant Pages

  • Re: Network interruption whenever GPO updates (event log SciCli Event ID 1704)
    ... added same to DNS forwarder entries. ... So simply waiting for the refresh or simply restart the machine. ... Using the /force will probably require a restart, depending on what;s in the GPO. ... Give it some time and just monitor your machines to make sure they are all working. ...
    (microsoft.public.windows.server.general)
  • Re: Auto Update
    ... not giving the computer enough time to refresh the ... >User object are in the same container as the GPO applies ... >gpresult shows that the policy isn't applied to the ... >> where the GPO is linked. ...
    (microsoft.public.win2000.group_policy)
  • Re: Custom ADM not resetting value
    ... GPO settings of any kind are not refreshed unless the GPO itself has ... during background refresh, which is every 90 minutes +- for workstations and ... The policy to enable this is ... > POLICY!!EnableAuth ...
    (microsoft.public.win2000.group_policy)
  • Re: Force GP update manually
    ... of the GPO are derived from the version numbers, ... way for something as regular as a GP refresh. ... > if you have to reset a DefDomPol or DefDomConPol ... > Mark Heitbrink - MVP Windows Server ...
    (microsoft.public.windows.group_policy)
  • Re: Can SP2 Firewall be configured with Login Script in AD?
    ... The machines will refresh their policies within hours. ... but is used to force refresh of that machine's ... To test the policy, use the following command once for each state (network ... >I used my XP SP2 machine created a new GPO in AD Users and Computers ...
    (microsoft.public.win2000.active_directory)