18.8.21.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'

[pillarsdotnet]

18.8.21.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'

Info

The 'Process even if the Group Policy objects have not changed' option updates and reapplies policies even if the policies have not changed.
The recommended state for this setting is: 'Enabled: TRUE' (checked).
Rationale:
Setting this option to true (checked) will ensure unauthorized changes that might have been configured locally are forced to match the domain-based Group Policy settings again.

Solution

To establish the recommended configuration via GP, set the following UI path to 'Enabled', then set the 'Process even if the Group Policy objects have not changed' option to 'TRUE' (checked):
Computer Configuration\Policies\Administrative Templates\System\Group Policy\Configure registry policy processing
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template 'GroupPolicy.admx/adml' that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer).
Impact:
Group Policies will be reapplied even if they have not been changed, which could have a slight impact on performance.

See Configure registry policy processing