3.10.19.2 (L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'

Information

The 'Process even if the Group Policy objects have not changed' option updates and reapplies registry policies even if the registry policies have not changed.

This setting affects all registry policy settings within the Administrative Templates folder and any other policies that store values in the registry.

The recommended state for this setting is: Enabled: TRUE (checked).

Setting this option to true (checked) will ensure unauthorized local changes are reverted to match the domain-based Group Policy settings.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enabled then set the Process even if the Group Policy objects have not changed option to TRUE (checked).

Administrative Templates\System\Group Policy\Configure registry policy processing

Impact:

Group Policy settings within the Administrative Templates folder (and other policies that store values in the registry) will be reapplied even if they have not been changed, which may cause Group Policy refreshes to take longer.

See Also

https://workbench.cisecurity.org/benchmarks/16853

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.4

Plugin: Windows

Control ID: 95af0027989e6e8470d2a80bae3d90c0c0252f54f235b75a91c194f6d27cb566