When you enable the Audit policy change policy in the Default Domain Policy or in the Default Domain Controllers Policy, a Success event 617 is logged, even if no policy change has occurred?

By default, Security policy is progagated:

- Every 5 minutes when the domain controller's GPO is refreshed.

- Every 16 hours, regardless of whether or not a policy change has occurred.

- When you use the SECEDIT /RefreshPolicy machine_policy /enforce command.

If no policy changes occured since the last update, something like the following is logged:

<b>Date: 9/13/2000                   Source:   Security
Time: 9:30:17 AM                  Category: Policy Change
Type: Success                     Event ID: 617
User: NT AUTHORITY\SYSTEM
Computer: JSI001

Description:
"Kerberos Policy Changed:

Changed By:
        User Name:      JSI001$
        Domain Name:    JSIINC
        Logon ID:       (0x0,0x3E7)
Changes made:
('--' means no changes, otherwise each change is shown as:
<ParameterName>: <new value> (<old value>))
-- </b>