configSecurityPolicy.exe process invoking group policy service to refresh the group policy

Question

configSecurityPolicy.exe process invoking group policy service to refresh the group policy

Because of that we are seeing heavy traffic on port 445.

Event 4004 is continuously getting triggered in event viewer > operational log.

 

Can anyone tell why this process is triggering GPO update frequently ?

solved 0
Ketan Kamble 2020-05-18T15:28:47+05:30 5 Answers 308 views Beginner
0

Answers ( 5 )

  2. Anoop C Nair
    0
    2020-05-19T10:14:24+05:30
    Reply

    Is this on the server side or client side

    I think this needs more deep level troubleshooting

    And it’s kind of difficult through online forums

    Best answer
  4. Ketan Kamble
    0
    2020-05-19T09:40:16+05:30
    Reply

    No IIS is not optimized.

  6. Harjit Dhaliwal
    0
    2020-05-18T21:55:18+05:30
    Reply

    Do you have your IIS optimized?

  8. Ketan Kamble
    0
    2020-05-18T17:26:17+05:30
    Reply

    I have taken the procmon and logs from windows performance toolkit . By checking the “Transient lifetime by Process” , looking at the command line invoked by the process we isolated “configSecurityPolicy.exe” is invoking “EPAMPolicy.xml” file.

    Further looking at the thread stack of “configSecurityPolicy.exe” In “CPU Usage Precise view” , we observer that “configSecurityPolicy.exe” is readying process “Svchost.exe (1264)”

    We further look at the stack of “Svchost.exe (1264)” and conclude that this is container in which gpsvc.dll is running and refreshing the group policy.

    At this point we conclude configSecurityPolicy.exe Is the process invoking group policy service to refresh the group policy

  10. Anoop C Nair
    0
    2020-05-18T17:14:58+05:30
    Reply

    You need to analyse to processes and thread to get more details.

    Sometimes you need to do more details analysis by taking network traces …netmount etc

Leave an answer

Sorry, you do not have permission to answer to this question .