asked on
Why does windows group computer policy run every logon
I am trying to understand policy application for our windows 2008 r2 AD .
Why does the a computer policy run every time at startup when nothing changes in that policy? The default policy has password item, and a default banner item, that doesnt change. Yet it takes a full minute to process it everytime someone logs in.
Wouldn't it be more efficient if it didn't apply at startup if it didnt change , that would save all kinds of time. Is there a way to do this?
2) Does your computer have to read every policy even if nothing is configured, How do I make it so it doesn't read my local policy. Won't this save time.
3)When you apply a group policy, does your workstation retain that policy even if logged off the network. For example will my laptop retain those settings?
Why does the a computer policy run every time at startup when nothing changes in that policy? The default policy has password item, and a default banner item, that doesnt change. Yet it takes a full minute to process it everytime someone logs in.
Wouldn't it be more efficient if it didn't apply at startup if it didnt change , that would save all kinds of time. Is there a way to do this?
2) Does your computer have to read every policy even if nothing is configured, How do I make it so it doesn't read my local policy. Won't this save time.
3)When you apply a group policy, does your workstation retain that policy even if logged off the network. For example will my laptop retain those settings?
Windows Server 2008Active Directory
Last Comment
palicos
ASKER
I believe its a minute to run the computer portion of all the policies, because I ran gpresult. When I read the applied time of the computer settings was 1 minute less than the applied time of the user settings.
Default policy was the only thing the computer section ran, and I did change not the default policy.
This occured when I restart computer.
Default policy was the only thing the computer section ran, and I did change not the default policy.
This occured when I restart computer.
What exact info of gpresult shows a minute difference? Anyway, that is no way to judge the situation. You should disable all policies (user- and computer-) and restart your computer to see if it's faster, then.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
1+2) First, you should make clear how you measured that minute it obviously takes. Did you enable GPO logging and you evaluated some log (which, how?)? Or did it just take a minute from password+[enter] to the desktop?
Fact is, by default policies will not process if they haven't changed and we will find out why that's not the case with you.
3)Yes, the settings will retain even when offline.