Link to home
Start Free TrialLog in
Avatar of lacroix_al

asked on

long start up in windows

I have a W2K3 server/client network.
I have many GPOs created for different OUs.
the client machines take a long time (5-8 min) to get to a login screen.
they sit on the applying computer policy screen the longest

how should I start to troubleshoot this?
what is the issue?

Thank you
Avatar of MISOperations
Flag of United States of America image

Run some malware scans, defragment the hard drive.
go to start>run>msconfig>then to startup tab, uncheck all items except antivirus and try
Avatar of DedPoet

Do the workstations have their DNS servers set to local dns servers on your DC(s)?  
Avatar of Sudeep Sharma
Get a copy of Autoruns from Microsoft and search for the C:\documents

Remove it once found, or else if you face any difficulty working with the autoruns then you could just save the autorun entries of you system and post it here. To save the autorun entries do the following:
Click --> File --> Save.
Name the file "filename.arn" (filename could be any name)

Post the .arn file here for further analysis

Avatar of lacroix_al


Thank you all for the replies

We run malwarebytes, and Deepfreeze on these systems.
an older version of deepfreeze had insuses with fragmanting the HD.
I'll have to look at that

good tip. will try it

the systems are set for DCHP and yes the DNS is a local DC

yes, I agree that is why I posted the question, hoping someone could point me in the right direction.

could you explain this more

Thank you

Well all the meant was to get the copy of the Autoruns from Micorosoft website and run it. It would tell you what is it loading on startup, so by analyzing the it we would be able to see if there is something fishy we should be bother about.

I explained you the process of saving your startup items from autoruns in my previous post.

thank you for the clarification.
this is what I thought you meant but wanted to be sure.

great blogs!
I think these are the steps that will help me troubleshoot this issue.
having a baseline and realistic expectations are a must.

just a question-
what do you feel is a reasonable start up time?
this would be from the time you push the power button to the time you could be on the internet at your home page.
Is 3 - 5 minutes unreasonable or should it be closer to 8 - 10? I know every network is diff, I am just wondering what you guys think?
Those blogs gives you a good place to start and will probably help you solve the problem.

I think 8-10 minutes is way too long but it all depends on many factors (startup programs, hw and drivers, disc, GPOs, asyncron/syncron GPO etc.)

I feel 1-4 minutes is a acceptable baseline.

If the "basic" troubleshooting steps don't bring you any closer, you could enable USERENV logging on a client (XP). Then you'll see  if ie. a GPO takes a long time to deploy.

and a "must have tool" to read the log:
Wow! 1 - 4 min ???
I tested my PC this morning and it took 6 mins from the push of the power button until outlook was open.

Thanks for the policy reporter
Well, I would say "Wow!" to 6 minutes. If I was a domain user and it took 6 minutes before my startpage in IE was ready, I would complain.

I think around 50 seconds is the fastest I have clocked my PC (XP, workstation). My laptop, Lenovo T-series w/Win7 takes around 3 minutes.
If you're dealing with laptops you should increase the baseline.

The policy reporter is handy since it splits User settings from the Computer settings and with a time stamp on each "event".

Happy hunting :)
They are complaining.
ok, so I just went and disabled all services and startups except MS stuff.
here is what I found
BIOS completes - 1 min
Network connection - 15 sec
appling computer settings - 3 minutes
logon - 3-5 sec
desktop - 10-15 sec
Outlook - 30 sec

I think I see the issue or a good place to start.
I have multiple GPOs in this domain, so I will see if I can consolodate them.
if I can get the GPO to load within 1 min I think that will help a lot

Three minutes for processing computer GPOs is much.

It's easy to track down to which GPO is stalling *IF* you don't have all settings in one huge Computer GPO (or all put down in the Default domain policy).

You should check to see how many GPOs you got and create a test OU with block inheritance, move a test computer in it, and link the GPOs one by one.

Also if you have multiple GPO, the userenv.log will show you the GPO that is eating the time.
By the way. The Group Management Consol is a "must have tool" to generate a report of which setting a GPO have.

(If you have 2008 DCs you already have it installed)
Yes, That is the plan.
I enabled userenv.log

I have the Group Management Console installed on a Vista machine
ok I have been reading blogs on slow login times.
one blog I read said to add the domain computer group to the permissions tab of the GPO with read access.
does this make since to anyone?
That is not a default setting. As long as the Authenticated Users and the DCs have read you should be fine.
that is what I was thinking.

I did find the following GPO on my system
this GPO isn't on either of my AD servers.
I think it was from an old AD server that no longer exists.
by deleteing it my logon time from bootup went from 6 min to 2 1/2.
I have created an seperate OU with blocked inharitance, placed my PC into it.
I am adding the GPOs one at a time and rebooting my system.

Correct me if I am wrong, but doesn't it take three reboots for the GPO to take affect?
I know I can use gpupdate /force but does that also take more then one reboot?
GPOs are refreshed every 90 minutes on a domain member. No need for three reboots.

When you start your computer the Computer settings are applied. When it's finished the "CTRL+ALT+DEL" will appear. When the user authenticates, the User settings are applied.
This happens every time you reboot.

"gpupdate /force" will apply the GPOs without the need for a reboot. Run the command followed by a "gpresult /v" to see what is applied.

Thank you for the clarification.
on my machine with a 2 1/2 min login time 1 min of that is the BIOS completing POST.

I found two GPOs that were conflicting with each other.
after finding these two GPO, I desided to see how many I could consolidate.
It turns out that I was able to consolidate 6 of them into one.
after consolidation I linked this GPO to an OU for a moble lab.
the mobile lab has thirty laptops in it all running 802.11b and connecting to one AP.
I tested one of the laptops, it booted to login prompt within 1 1/2 min.
I am still testing to see how it does when all thirty of the laptops come on.
I hope it is much faster then the 5 - 13 min login before.

I'll keep you posted

Avatar of snusgubben
Flag of Norway image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial