Running Zen 7, no service packs on client or server. Server is Netware 6.5 SP7. Clients are XP SP2.

In the past few days of testing, I've noticed that workstations occasionally will not grab updated policies. For example, I updated the security policy by using MMC to edit the template file. I then went into my workstation policy in C1 and used the import security settings file option. I originally made the workstation policy on 7/9/08. When I imported the new security template file, the only file that changed was ZenSec.inf which now shows a modified date of 7/23/08. So I go over to a machine that originally grabbed the 7/9 policies, reboot it, and expect to see an updated ZenSec.inf with the new date of 7/23 in C:\WINDOWS\system32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit but no, it is not there. So nothing had changed. The reason I modified the security template was to grant users access to systeminfo.exe. So just to make sure, I attempt to run systeminfo.exe, no luck, access denied.

I checked the policy from the server side and it's still associated to the workstation in question. I checked the scheduler from the workstation and the policy is there and it did run at startup. I checked the source on the Netware server to make sure the workstation had rights on the distribution share, and it did. I try another reboot hoping it was just a fluke, still not working. Finally, I just delete all three group policy directories from C:\windows\system32, reboot, and it appears to have grabbed the updated policy file. What would cause this to occur? I've seen it happen on a few occassions. I could understand if there was a corrupt policy but I do have concern if I'm going to have to delete those directories just to force updated policies down.

My initial throught is that Zen just isn't checking for updated version of that file. What does the Zen agent check for when it queries the policy share? Is it just checking for date modified, or is it file size? Either way, it should have grabbed the updated ZenSec.inf. The only other thing I could think of is it's timing out or some file is locked not giving access to either read/write the updated file.

I've attached the wmgrppol log files from the failing machine to this thread in case they help any. I combined the two files into once since it will only let me upload one attachment.