Lccal policies

  • Thread starter Thread starter John
  • Start date Start date
J

John

I've heard that if I change a registry entry, it may not
be reflected in the local policies? What causes this and
what rules, the registry or the local policy? Does it
depend on circumstances? I do not have active directory
running, does that make a difference?
 
In said:
I've heard that if I change a registry entry, it may not
be reflected in the local policies? What causes this and
what rules, the registry or the local policy? Does it
depend on circumstances? I do not have active directory
running, does that make a difference?

Briefly a static manual change to a given value might be overwritten
by a policy. This happens when the policy is applied and if it
happens to conflict with an existing manually set value. Recently
more and more GPO settings are located in ...\Policy\ keys and sub-
keys in the registry. This is a red flag to not do manual edits
there without consideration of the potential issues.

Since Policies can be applied from a domain or locally and further at
system startup or account logon it is best practice to use Policies
to make those changes and forego manually changing them via registry
editing. Otherwise of course they may be changed by future
"configured" policies.

Using a tool like Regmon.exe (Sysinternals) can sometime be helpful
in tracking actual registry changes as a result of a group policy.

A manual change that is equivalent to a policy change may persist
indefinitely so long as that particular rule is "not configured", but
this leaves you with an uncertain result in the future.

IIRC there are a few manual changes that can affect the policies such
as a setting to disable local policies. I am no expert in this area
though.
 
Back
Top