[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

Why does windows group computer policy run every logon

I am trying to understand policy application for our windows 2008 r2 AD .

Why does the a computer policy run every time at startup when nothing changes in that policy?  The default policy has password item, and a default banner item, that doesnt change.  Yet it takes a full minute to process it everytime someone logs in.

Wouldn't it be more efficient if it didn't apply at startup if it didnt change , that would save all kinds of time.   Is there a way to do this?

2)  Does your computer have to read every policy even if nothing is configured,  How do I make it so it doesn't read my local policy.   Won't this save time.

3)When you apply a group policy, does your workstation retain that policy even if logged off the network.  For example will my laptop retain those settings?
0
rjablonk
Asked:
rjablonk
  • 2
1 Solution
 
McKnifeCommented:
Hi.

1+2) First, you should make clear how you measured that minute it obviously takes. Did you enable GPO logging and you evaluated some log (which, how?)? Or did it just take a minute from password+[enter] to the desktop?
Fact is, by default policies will not process if they haven't changed and we will find out why that's not the case with you.

3)Yes, the settings will retain even when offline.
0
 
rjablonkAuthor Commented:
I believe its a minute to run the computer portion of all the policies, because I ran gpresult.  When I read the applied time of the computer settings was  1 minute less than the applied time of the user settings.  

Default policy was the only thing the computer section ran, and I did change not the default policy.

This occured when I restart computer.
0
 
McKnifeCommented:
What exact info of gpresult shows a minute difference? Anyway, that is no way to judge the situation. You should disable all policies (user- and computer-) and restart your computer to see if it's faster, then.
0
 
palicosCommented:
Please refer to these links.

http://www.youtube.com/watch?v=nmc-saJC6jA

http://www.windowsitpro.com/article/windows-server-20082/new-active-directory-features-in-windows-server-2008-r2

Second for the question you asked you can find the answer on ask-leo.com

http://ask-leo.com/windows.html

Hope it works for you.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now