Solved

Applying group policies over slow links

Posted on 2013-12-03
10
453 Views
Last Modified: 2013-12-04
Hi experts.

First, as with all my latest questions, a "disclaimer": Please only participate if you have met and solved this very problem yourself before.

We use several laptops (win7 x64, domain joined) that connect to our domain via VPN. The network connection can be really slow as it is hotel WLAN or UMTS, sometimes under bad conditions.
Problem: for our users, applying GPOs (computer and user level) takes too long, it takes some time to logon. We would like to apply the GPOs after logon.

My plan was to set the startup type of the Group policy client service to manual and start it after logon via a scheduled task. This works, but introduces a new problem: standard users may not logon any more. I searched, found a hack, http://ayuanx.wordpress.com/2011/08/05/disable-group-policy-win7/ - but that introduces new problems, which I will not spread out here.

Disclaimer, part II: I am also well aware that "slow link detection" exists, but it does not make it any better. Also, using local users, working without the network connection is not an option.

What could I do instead?
0
Comment
Question by:McKnife
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 250 total points
ID: 39693365
Hello McKnife,

Have you checked this.??

Apply Group Policy for computers asynchronously during startup
http://msdn.microsoft.com/en-us/library/ms812908.aspx

Apply Group Policy for users asynchronously during logon
http://msdn.microsoft.com/en-us/library/ms812997.aspx
0
 
LVL 54

Author Comment

by:McKnife
ID: 39693497
Hi Sarang.
Where do I find the user policy you mention on a modern DC (2008 and up)? It seems to have changed since Windows 2000, it is nowhere to be found.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 39693540
It is also known as fast logon optimization (async processing).  It is on by default now  http://technet.microsoft.com/en-us/magazine/gg486839.aspx

Have you downloaded the Windows ADK and tried to analyze the boot time.  Matt Reynolds has a great presentation on it  http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WCA-B317#fbid=LVRiUypTE1s

Thanks

Mike
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 54

Author Comment

by:McKnife
ID: 39693593
Hi Mike.

I know. Fast logon optimization should be at default, that is: on. Nevertheless when logging on, we see policies applying for about a minute at 5mbit per sec umts.

It's not the boot time. That's very fast.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39694645
What policies you have applied can you lets know if is causing delay in time.Check the event log on client computer for any failure og GPO.Have a look at this too.

Group Policy and Logon Impact
http://blogs.technet.com/b/grouppolicy/archive/2013/05/23/group-policy-and-logon-impact.aspx
0
 
LVL 54

Author Comment

by:McKnife
ID: 39694803
Let me "set this on hold". Some misconfiguration was found.
Will be back soon, I think it is soon solved.
0
 
LVL 54

Author Comment

by:McKnife
ID: 39694834
Ok, solved.
Misconfig: For diagnostics, the local policy "always wait for the network" was set, which equals shutting down the fast logon optimization. The option was simply forgotten to be taken back. Duh!

I will split the points as you both helped.

I will ask a related question soon, two even, if you are interested. I'll share the links here soon.
0
 
LVL 54

Author Closing Comment

by:McKnife
ID: 39694835
Thanks!
0
 
LVL 54

Author Comment

by:McKnife
ID: 39694911
See http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_28309822.html
[the second related question mentioned won't follow, also solved]
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 39695147
Glat to hear that specific issue has been resolved
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question