Solved

Very slow applying security policies before logon prompt - Win2K

Posted on 2003-11-10
4
279 Views
Last Modified: 2010-04-13
Hi,
I have recently joined a Windows 2000 Pro laptop to our new Win2K server domain. It was previously joined to an NT4 domain. The change-over went fine, until the first boot up when the laptop took 10 minutes to get to the logon prompt, claiming all along that it was applying the security policy. It did eventually get there and once logged in all was well.
I just thought that this was taking forever because it was the intial log in. However, every subsequent log on takes this long!
When I remove the network connection the laptop loads up in an instant. This delay happens only when it is plugged into the network. Network speeds are 100Mb/s between it and the domain controller, so does anyone have any ideas why it is taking so long?
Another spanner in the works is that it's the only machine that has this problem on my network, which incidentally has no security policies set yet... oh yes, and it's the managing director's laptop!
So can anyone help?!
Many thanks...

Additional info: laptop is running SP4, is a P4 Toshiba; server is a Xeon Proliant running at 10% capacity. i have tried adding a blank security policy to see what that does but it makes no difference.
0
Comment
Question by:thomasleng
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 84

Expert Comment

by:oBdA
ID: 9720939
Logon issues with W2k/XP clients in a W2k AD are mostly DNS problems.
The most important stuff in short (check the FAQ for a verbose version): On your DC, the DNS entry should point *only* to itself. On your clients, the DNS entry should point *only* to your DC. This makes sure your internal name resoultion works properly. For external resolution to function, delete the "." forward lookup zone if present (and configure forwarders).
Those should help:

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

How Domain Controllers Are Located in Windows
http://support.microsoft.com/?kbid=247811

HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows 2000
http://support.microsoft.com/?kbid=316341

HOW TO: Configure DNS for Internet Access in Windows 2000
http://support.microsoft.com/?kbid=300202

Troubleshooting Common Active Directory Setup Issues in Windows 2000
http://support.microsoft.com/?kbid=260371

How to Verify the Creation of SRV Records for a Domain Controller
http://support.microsoft.com/?kbid=241515

HOW TO: Use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000
http://support.microsoft.com/?kbid=321708
0
 
LVL 6

Accepted Solution

by:
Casca1 earned 175 total points
ID: 9723165
Are you using Security policies? If not, you migh want to apply the compatws.inf; Not terribly secure, but sets all the settings to minimal.
Sounds like the Laptop may have had security settings applied through NT4 policy files. If this is so, that should resolve the issue.
0
 
LVL 6

Expert Comment

by:Casca1
ID: 10727013
Thanks for the points and score.
I assume that resolved your issue?
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question