How to use Wireshark to monitor XP bootup Applying computer settings

I'm not very experienced with WireShark but maybe I can help with the other issue. Do you have any GPOs running? Make sure your clients only point to internal DNS servers. Are you getting any errors in the Event logs on the clients and server? Can you give me a quick overview of your network setup?

>However, I can't find any documentation on how to setup Wireshark to run during this period

I don't know if that's even possible... but you could get a small hub (or a switch capable of replicating traffic on a port) and capture the traffic on another machine...

the setup would be something like this:
net---[hub]---[problem computer]
            |
[functional computer running wireshark]

then again, i don't know if wireshark is the tool for diagnosing that kind of problem...

Dariusg-We do have GPOs running and am starting to think that may be causing the issue-although nothing was changed recently.  We have one for domain computers and one for laptop computers.  Seems that the laptop computers are the only ones have the lag on applying computer settings.  Possibly because of the firewall disable entry being in both policies.  Maybe it is conflicting there?  I turned on verbose logging and attached the file.  You'll notice there's almost a 2 minute delay in this area:
USERENV(470.3f4) 12:27:34:897 PolicyChangedThread: Calling UpdateUser with 1.
USERENV(470.3f4) 12:27:35:022 PolicyChangedThread: Broadcast message for 1.
USERENV(40c.410) 12:27:35:116 LibMain: Process Name:  C:\WINDOWS\System32\alg.exe
USERENV(470.3f4) 12:27:35:789 PolicyChangedThread: Leaving
USERENV(2f8.298) 12:27:41:827 LibMain: Process Name:  C:\WINDOWS\system32\wbem\wmiprvse.exe
USERENV(ba0.ba4) 12:28:36:095 LibMain: Process Name:  C:\WINDOWS\system32\userinit.exe
USERENV(470.e58) 12:30:44:796 IsSyncForegroundPolicyRefresh: Synchronous, Reason: policy set to SYNC
USERENV(470.474) 12:30:46:360 LoadUserProfile: Yes, we can impersonate the user. Running as self

We don't do anything with WMI and I'm not sure why the userinit.exe would take so long.  Any ideas?
startup.txt

userinit.exe usually runs the scripts listed in the GPO. See if this link helps out.

https://www.experts-exchange.com/questions/23683948/when-logging-off-a-session-session-hangs-for-1-to-2-minutes-before-shutting-down.html

I have uphclean installed on all our laptops here.  So that doesn't appear to be helping.  

Also, I can't disable autocert enrollment as we do use that for email encryption and I believe that needs to be running in order for our local CA to work properly.  

There is more then one post on EE and google talking about the autoenrollment fixing the issue.

Ok well I'll look into it.  Any idea if disabling Autoenrollment would mess with the Exchange encryption from our CA?  I've been googling that but not having any luck.

Honestly I would think it might but I'm not for sure. You can always test.

It does cause problems with encryption and it didn't fix the issue either.  We have a computer policy and a laptop policy.  In the computer policy the domain profile has the firewall disabled.  In the laptop Policy the firewall is disabled on the standard profile, for some in-house wireless issues.  Removing this laptop policy fixes the issue so I guess that is the problem.  Maybe just trying to read from two different policies is slowing it down.