UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Group Policies must be refreshed in the background if the user is logged on.


Overview

Finding ID Version Rule ID IA Controls Severity
V-63613 WN10-CC-000095 SV-78103r1_rule Medium
Description
If this setting is enabled, then Group Policy settings are not refreshed while a user is currently logged on. This could lead to instances when a user does not have the latest changes to a policy applied and is therefore operating in an insecure context.
STIG Date
Windows 10 Security Technical Implementation Guide 2016-06-24

Details

Check Text ( C-64363r1_chk )
The default behavior is for group policy to refresh in the back ground.

If the following registry value name does not exist, this is not a finding.
(This is the expected result from not configuring the policy noted in the Fix section. Selecting "Disabled" for the policy will also result in no registry value).

If the following registry value name exists with a value of "1", this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Microsoft\Windows\Current Version\Policies\System\

Value Name: DisableBkGndGroupPolicy

Value Type: REG_DWORD
Value: (This registry entry will not exist if configured correctly.)
Fix Text (F-69543r1_fix)
The default behavior is for group policy to refresh in the back ground.

If this needs to be corrected, configure the policy value for Computer Configuration >> Administrative Templates >> System >> Group Policy >> "Turn off background refresh of Group Policy" to "Not Configured".

(Selecting "Disabled" results in the same outcome as "Not Configured", the registry value will not exist.)