Settings That Require Reboot or Logon


The vast majority of registry based Group Policy settings (the ones in Administrative Templates) can be modified on the fly, while a user is logged on and working. However, a relatively small number can only be applied at logon, and a few can only be applied at reboot. The number of settings that can apply only at logon or reboot is quite small, compared to Windows XP.

Few of the ones that are only applied at logon have much to do with security. The only ones that are related are the ones relating to logon hours, and specifically, what to do when logon hours expire.

Settings that require reboot include the option to turn off Windows Defender. That can only be done with a reboot. For a complete list of this group, refer to Microsoft's document on how to deploy Group Policy with Windows Vista.

A significantly larger number of settings in the Security Options portion require a reboot. For instance, any setting that would modify a user security token, such as the settings controlling privileges, require a logon for that user since the token is built at logon. If the token is for NetworkService or LocalService this means the system has to be rebooted-those tokens are built when the system boots and the services running with them are started. Other settings have different application times. For example, the setting controlling whether the LM Hash is generated is applied immediately, but only to new passwords set after the setting was modified. Existing passwords are never modified when that setting gets changed.



Windows Vista Security. Securing Vista Against Malicious Attacks
Windows Vista Security. Securing Vista Against Malicious Attacks
ISBN: 470101555
EAN: N/A
Year: 2004
Pages: 163

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net