Since the changes you make in the group policy editor affect what you see in the registry, it's perfectly logical to assume that the reverse is also true. However, it doesn't work that way.
Local group policy settings (which is what I believe you are referring to in your post) are stored in registry.pol
files located in C:\Windows\system32\GroupPolicy
. These files overwrite the corresponding keys in the registry every time the system performs a group policy refresh. The editor never actually reads the registry to see what settings it contains.
A group policy refresh is triggered whenever one of the following events occurs:
- At a regularly scheduled refresh interval (every 90 minutes by default)
- A user logon or logoff event (user policy only)
- A computer reboot (computer policy only)
- A manually triggered refresh via
gpupdate
- A policy refresh command issued by an admin from the domain controller (if the computer is domain-joined).
It's important to remember that if the computer is domain-joined, domain policies will be applied after the local group policy files are processed (meaning that some settings may get overwritten by domain policy). You will not be able to see domain policies in the local group policy editor.
Nice rundown (+1). I'd only add that
gpupdate /force
may work more reliably sometimes. – dxiv – 2017-03-26T07:23:08.6973@dxiv; That happens because the system caches policy and tries to apply only settings that have changed since the last time a refresh was done. /force makes it reapply all settings. It seems more reliable because you usually only do a gpupdate when you have a problem, and that problem is usually because the cache is bad :-) – Wes Sayeed – 2017-03-26T07:28:54.003