Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Applying group policies over slow links

Posted on 2013-12-03
10
Medium Priority
?
461 Views
Last Modified: 2013-12-04
Hi experts.

First, as with all my latest questions, a "disclaimer": Please only participate if you have met and solved this very problem yourself before.

We use several laptops (win7 x64, domain joined) that connect to our domain via VPN. The network connection can be really slow as it is hotel WLAN or UMTS, sometimes under bad conditions.
Problem: for our users, applying GPOs (computer and user level) takes too long, it takes some time to logon. We would like to apply the GPOs after logon.

My plan was to set the startup type of the Group policy client service to manual and start it after logon via a scheduled task. This works, but introduces a new problem: standard users may not logon any more. I searched, found a hack, http://ayuanx.wordpress.com/2011/08/05/disable-group-policy-win7/ - but that introduces new problems, which I will not spread out here.

Disclaimer, part II: I am also well aware that "slow link detection" exists, but it does not make it any better. Also, using local users, working without the network connection is not an option.

What could I do instead?
0
Comment
Question by:McKnife
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 1000 total points
ID: 39693365
Hello McKnife,

Have you checked this.??

Apply Group Policy for computers asynchronously during startup
http://msdn.microsoft.com/en-us/library/ms812908.aspx

Apply Group Policy for users asynchronously during logon
http://msdn.microsoft.com/en-us/library/ms812997.aspx
0
 
LVL 56

Author Comment

by:McKnife
ID: 39693497
Hi Sarang.
Where do I find the user policy you mention on a modern DC (2008 and up)? It seems to have changed since Windows 2000, it is nowhere to be found.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1000 total points
ID: 39693540
It is also known as fast logon optimization (async processing).  It is on by default now  http://technet.microsoft.com/en-us/magazine/gg486839.aspx

Have you downloaded the Windows ADK and tried to analyze the boot time.  Matt Reynolds has a great presentation on it  http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WCA-B317#fbid=LVRiUypTE1s

Thanks

Mike
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 56

Author Comment

by:McKnife
ID: 39693593
Hi Mike.

I know. Fast logon optimization should be at default, that is: on. Nevertheless when logging on, we see policies applying for about a minute at 5mbit per sec umts.

It's not the boot time. That's very fast.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39694645
What policies you have applied can you lets know if is causing delay in time.Check the event log on client computer for any failure og GPO.Have a look at this too.

Group Policy and Logon Impact
http://blogs.technet.com/b/grouppolicy/archive/2013/05/23/group-policy-and-logon-impact.aspx
0
 
LVL 56

Author Comment

by:McKnife
ID: 39694803
Let me "set this on hold". Some misconfiguration was found.
Will be back soon, I think it is soon solved.
0
 
LVL 56

Author Comment

by:McKnife
ID: 39694834
Ok, solved.
Misconfig: For diagnostics, the local policy "always wait for the network" was set, which equals shutting down the fast logon optimization. The option was simply forgotten to be taken back. Duh!

I will split the points as you both helped.

I will ask a related question soon, two even, if you are interested. I'll share the links here soon.
0
 
LVL 56

Author Closing Comment

by:McKnife
ID: 39694835
Thanks!
0
 
LVL 56

Author Comment

by:McKnife
ID: 39694911
See http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_28309822.html
[the second related question mentioned won't follow, also solved]
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 39695147
Glat to hear that specific issue has been resolved
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Here's a look at newsworthy articles and community happenings during the last month.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question