3.10.19.1 (L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'

Information

The 'Do not apply during periodic background processing' option prevents the system from updating affected registry policies in the background while the computer is in use. When background updates are disabled, registry policy changes will not take effect until the next user logon or system restart.

This setting affects all policy settings within the Administrative Templates folder and any other policies that store values in the registry.

The recommended state for this setting is: Enabled: FALSE (unchecked).

Setting this option to false (unchecked) will ensure that domain registry policy changes are applied more quickly, as compared to waiting until the next user logon or system restart.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to `Disabled.

Administrative Templates\MSS (Legacy)\

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enabled then set the Do not apply during periodic background processing option to FALSE (unchecked).

Administrative Templates\System\Group Policy\Configure registry policy processing

Impact:

Group Policy settings within the Administrative Templates folder (and other policies that store values in the registry) will be reapplied even when the system is in use, which may have a slight impact on performance.

See Also

https://workbench.cisecurity.org/benchmarks/16853

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.4

Plugin: Windows

Control ID: 8ea9cc649de97cc19763a822427521397f24bf4249dd6a64cd406e1ea237eef7