- On every Group Policy (or cloud policy / ppupdate) update, we evaluate / re-evaluate ILT.
- We store the result of the ILT query until the next Group Policy (or policy) update.
- There’s no point in re-evaluating ILT every time in realtime anyway, because the engine (Group Policy engine) doesn’t work that way. So we store them after we know we have a good value.
Note1: If the ILT evaluation takes MORE than 2 minutes for ANY REASON, we just “give up” and assume the ILT is TRUE.)
Note2: Cached values are stored permanently until we know they are changed .. that is, Group Policy or policy updates occur *AND* ILT re-evaluation succeeds.)
So when you re-launch an application managed by PolicyPak, or do a PolicyPak action that requires an ILT decision., PolicyPak is not evaluating ILT in realtime. PolicyPak is using the cached ILT evaluation’s value the last time policy processing *AND* ILT evaluation succeeded.
- Now, the next time ILT is attempted to be evaluated, we wait for results for 500ms when Group Policy is doing SYNC or 5 seconds when Group Policy is doing ASYNC.
- If ILT evaluation completes in time, we use the results. If it DOES NOT COMPLETE IN TIME, we use CACHED results and continue anyway.
If you want to manipulate how long the ILT timeout occurs, we have a policy setting in the PolicyPak ADMX settings here.