Mike- It is true, but you can override that behavior through Admin. Template policy on a per-policy area basis to force GPO to process during every foreground and background refresh regardless of whether the GPO has changed. The exception to this is that security policy (including file security) is automatically refreshed every 16 hours by default even if the GPO hasn't changed, and you can modify this by tweaking a reg value, which I can relay if you're interested.
If you're planning to use File Security policy then the only thing I would caution on is that it can be fairly expensive from a processing and time perspective to do this in policy, especially if you're recursing lots of files and folders. Unless you absolutely positively need to make sure that those files are constantly at the right set of perms, I wouldn't necessarily recommend doing this in policy--probably better off just scripting it for one time and occasional setting outside of GPO. Darren -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, May 14, 2004 11:16 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] GPO refresh for computer policy? I read somewhere that the computer policy refresh does not periodically apply unless there has been a change to the policy. Is that true? We have a group that is proposing ACL'ing system files on servers in the computer policy. Is this a good idea or bad idea? Our believe is that it's overkill. But, if the above is true, then it negates some of the potential benefit that they're claiming that they could get from having these files ACL'd in the GPO. Thanks, Mike List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
