When you enable the Audit policy change policy in the Default Domain Policy or in the Default Domain Controllers Policy, a Success event 617 is logged, even if no policy change has occurred?

By default, Security policy is progagated:

- Every 5 minutes when the domain controller's GPO is refreshed.

- Every 16 hours, regardless of whether or not a policy change has occurred.

- When you use the SECEDIT /RefreshPolicy machine_policy /enforce command.

If no policy changes occured since the last update, something like the following is logged:

Date: 9/13/2000                   Source:   Security                              Time: 9:30:17 AM                  Category: Policy Change                              Type: Success                     Event ID: 617                              User: NT AUTHORITY\SYSTEM                              Computer: JSI001                              Description:                              "Kerberos Policy Changed:                              Changed By:                               	User Name:	JSI001$                               	Domain Name:	JSIINC                               	Logon ID:	(0x0,0x3E7)                              Changes made:                              ('--' means no changes, otherwise each change is shown as:                              <ParameterName>: <new value> (<old value>))                              --