configSecurityPolicy.exe process invoking group policy service to refresh the group policy
Question
configSecurityPolicy.exe process invoking group policy service to refresh the group policy
Because of that we are seeing heavy traffic on port 445.
Event 4004 is continuously getting triggered in event viewer > operational log.
Can anyone tell why this process is triggering GPO update frequently ?
Answers ( 5 )
Is this on the server side or client side
I think this needs more deep level troubleshooting
And it’s kind of difficult through online forums
No IIS is not optimized.
Do you have your IIS optimized?
I have taken the procmon and logs from windows performance toolkit . By checking the “Transient lifetime by Process” , looking at the command line invoked by the process we isolated “configSecurityPolicy.exe” is invoking “EPAMPolicy.xml” file.
Further looking at the thread stack of “configSecurityPolicy.exe” In “CPU Usage Precise view” , we observer that “configSecurityPolicy.exe” is readying process “Svchost.exe (1264)”
We further look at the stack of “Svchost.exe (1264)” and conclude that this is container in which gpsvc.dll is running and refreshing the group policy.
At this point we conclude configSecurityPolicy.exe Is the process invoking group policy service to refresh the group policy
You need to analyse to processes and thread to get more details.
Sometimes you need to do more details analysis by taking network traces …netmount etc