Solved

Applying group policies over slow links

Posted on 2013-12-03
10
437 Views
Last Modified: 2013-12-04
Hi experts.

First, as with all my latest questions, a "disclaimer": Please only participate if you have met and solved this very problem yourself before.

We use several laptops (win7 x64, domain joined) that connect to our domain via VPN. The network connection can be really slow as it is hotel WLAN or UMTS, sometimes under bad conditions.
Problem: for our users, applying GPOs (computer and user level) takes too long, it takes some time to logon. We would like to apply the GPOs after logon.

My plan was to set the startup type of the Group policy client service to manual and start it after logon via a scheduled task. This works, but introduces a new problem: standard users may not logon any more. I searched, found a hack, http://ayuanx.wordpress.com/2011/08/05/disable-group-policy-win7/ - but that introduces new problems, which I will not spread out here.

Disclaimer, part II: I am also well aware that "slow link detection" exists, but it does not make it any better. Also, using local users, working without the network connection is not an option.

What could I do instead?
0
Comment
Question by:McKnife
10 Comments
 
LVL 18

Assisted Solution

by:sarang_tinguria
sarang_tinguria earned 250 total points
ID: 39693365
Hello McKnife,

Have you checked this.??

Apply Group Policy for computers asynchronously during startup
http://msdn.microsoft.com/en-us/library/ms812908.aspx

Apply Group Policy for users asynchronously during logon
http://msdn.microsoft.com/en-us/library/ms812997.aspx
0
 
LVL 53

Author Comment

by:McKnife
ID: 39693497
Hi Sarang.
Where do I find the user policy you mention on a modern DC (2008 and up)? It seems to have changed since Windows 2000, it is nowhere to be found.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 39693540
It is also known as fast logon optimization (async processing).  It is on by default now  http://technet.microsoft.com/en-us/magazine/gg486839.aspx

Have you downloaded the Windows ADK and tried to analyze the boot time.  Matt Reynolds has a great presentation on it  http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WCA-B317#fbid=LVRiUypTE1s

Thanks

Mike
0
 
LVL 53

Author Comment

by:McKnife
ID: 39693593
Hi Mike.

I know. Fast logon optimization should be at default, that is: on. Nevertheless when logging on, we see policies applying for about a minute at 5mbit per sec umts.

It's not the boot time. That's very fast.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39694645
What policies you have applied can you lets know if is causing delay in time.Check the event log on client computer for any failure og GPO.Have a look at this too.

Group Policy and Logon Impact
http://blogs.technet.com/b/grouppolicy/archive/2013/05/23/group-policy-and-logon-impact.aspx
0
 
LVL 53

Author Comment

by:McKnife
ID: 39694803
Let me "set this on hold". Some misconfiguration was found.
Will be back soon, I think it is soon solved.
0
 
LVL 53

Author Comment

by:McKnife
ID: 39694834
Ok, solved.
Misconfig: For diagnostics, the local policy "always wait for the network" was set, which equals shutting down the fast logon optimization. The option was simply forgotten to be taken back. Duh!

I will split the points as you both helped.

I will ask a related question soon, two even, if you are interested. I'll share the links here soon.
0
 
LVL 53

Author Closing Comment

by:McKnife
ID: 39694835
Thanks!
0
 
LVL 53

Author Comment

by:McKnife
ID: 39694911
See http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_28309822.html
[the second related question mentioned won't follow, also solved]
0
 
LVL 18

Expert Comment

by:sarang_tinguria
ID: 39695147
Glat to hear that specific issue has been resolved
0

Join & Write a Comment

Suggested Solutions

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now