A week ago I altered the permissions on my c:\winnt folder to remove "Authenticated Users" from the winnt directory and any subdirectories. Well, it screwed me over, of course, because the Sysvol share was in there and noone in the domain had read rights to the Group Policy objects. I already fixed it, but my question is: Why did the problem not present itself until over a week later?! This is really unnerving. any ideas?

Hard to say. Depends on if the GPO was changed or if a new user accessed it or whatever. It would be more unnerving to have an admin that changes default NTFS permissions of system folders. :) Hopefully, you've learned your lesson. I've heard of people doing this on the root of the C: drive too. Asking for even bigger trouble there.

You don't give any detail about the problem that occured a week after you made the change but like Glen said, the delay could have been caused by any number of things from GP refresh to the client connection state- the most likely reason is probably the cache settings, the clients may be set to process policies only if they've changed since the last application, etc. Really, only you would know that for sure, though cleo