Very slow applying security policies before logon prompt - Win2K

Hi,
I have recently joined a Windows 2000 Pro laptop to our new Win2K server domain. It was previously joined to an NT4 domain. The change-over went fine, until the first boot up when the laptop took 10 minutes to get to the logon prompt, claiming all along that it was applying the security policy. It did eventually get there and once logged in all was well.
I just thought that this was taking forever because it was the intial log in. However, every subsequent log on takes this long!
When I remove the network connection the laptop loads up in an instant. This delay happens only when it is plugged into the network. Network speeds are 100Mb/s between it and the domain controller, so does anyone have any ideas why it is taking so long?
Another spanner in the works is that it's the only machine that has this problem on my network, which incidentally has no security policies set yet... oh yes, and it's the managing director's laptop!
So can anyone help?!
Many thanks...

Additional info: laptop is running SP4, is a P4 Toshiba; server is a Xeon Proliant running at 10% capacity. i have tried adding a blank security policy to see what that does but it makes no difference.
thomaslengAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
Logon issues with W2k/XP clients in a W2k AD are mostly DNS problems.
The most important stuff in short (check the FAQ for a verbose version): On your DC, the DNS entry should point *only* to itself. On your clients, the DNS entry should point *only* to your DC. This makes sure your internal name resoultion works properly. For external resolution to function, delete the "." forward lookup zone if present (and configure forwarders).
Those should help:

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202

Troubleshooting Common Active Directory Setup Issues in Windows 2000
http://support.microsoft.com/?kbid=260371

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

HOW TO: Use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000
http://support.microsoft.com/?kbid=321708
Casca1Commented:
Are you using Security policies? If not, you migh want to apply the compatws.inf; Not terribly secure, but sets all the settings to minimal.
Sounds like the Laptop may have had security settings applied through NT4 policy files. If this is so, that should resolve the issue.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Casca1Commented:
Thanks for the points and score.
I assume that resolved your issue?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.