Information
The 'Do not apply during periodic background processing' option prevents the system from updating affected security policies in the background while the computer is in use. When background updates are disabled, updates to security policies will not take effect until the next user logon or system restart.
This setting affects all policy settings that use the built-in security template of Group Policy (e.g. Windows Settings\Security Settings).
The recommended state for this setting is: Enabled: FALSE (unchecked).
Setting this option to false (unchecked) will ensure that domain security policy changes are applied more quickly, as compared to waiting until the next user logon or system restart.
Solution
To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enabled then set the Do not apply during periodic background processing option to FALSE (unchecked).
Administrative Templates\System\Group Policy\Configure security policy processing
Impact:
Built-in security template settings will be reapplied by Group Policy even when the system is in use, which may have a slight impact on performance.
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.4
Control ID: 3631fb494171fed43dd20be6951f89c61d8fde0b2c566cac74309eff2af646f0