• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 468
  • Last Modified:

Applying group policies over slow links

Hi experts.

First, as with all my latest questions, a "disclaimer": Please only participate if you have met and solved this very problem yourself before.

We use several laptops (win7 x64, domain joined) that connect to our domain via VPN. The network connection can be really slow as it is hotel WLAN or UMTS, sometimes under bad conditions.
Problem: for our users, applying GPOs (computer and user level) takes too long, it takes some time to logon. We would like to apply the GPOs after logon.

My plan was to set the startup type of the Group policy client service to manual and start it after logon via a scheduled task. This works, but introduces a new problem: standard users may not logon any more. I searched, found a hack, http://ayuanx.wordpress.com/2011/08/05/disable-group-policy-win7/ - but that introduces new problems, which I will not spread out here.

Disclaimer, part II: I am also well aware that "slow link detection" exists, but it does not make it any better. Also, using local users, working without the network connection is not an option.

What could I do instead?
2 Solutions
Sarang TinguriaSr EngineerCommented:
Hello McKnife,

Have you checked this.??

Apply Group Policy for computers asynchronously during startup

Apply Group Policy for users asynchronously during logon
McKnifeAuthor Commented:
Hi Sarang.
Where do I find the user policy you mention on a modern DC (2008 and up)? It seems to have changed since Windows 2000, it is nowhere to be found.
Mike KlineCommented:
It is also known as fast logon optimization (async processing).  It is on by default now  http://technet.microsoft.com/en-us/magazine/gg486839.aspx

Have you downloaded the Windows ADK and tried to analyze the boot time.  Matt Reynolds has a great presentation on it  http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WCA-B317#fbid=LVRiUypTE1s


Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

McKnifeAuthor Commented:
Hi Mike.

I know. Fast logon optimization should be at default, that is: on. Nevertheless when logging on, we see policies applying for about a minute at 5mbit per sec umts.

It's not the boot time. That's very fast.
SandeshdubeySenior Server EngineerCommented:
What policies you have applied can you lets know if is causing delay in time.Check the event log on client computer for any failure og GPO.Have a look at this too.

Group Policy and Logon Impact
McKnifeAuthor Commented:
Let me "set this on hold". Some misconfiguration was found.
Will be back soon, I think it is soon solved.
McKnifeAuthor Commented:
Ok, solved.
Misconfig: For diagnostics, the local policy "always wait for the network" was set, which equals shutting down the fast logon optimization. The option was simply forgotten to be taken back. Duh!

I will split the points as you both helped.

I will ask a related question soon, two even, if you are interested. I'll share the links here soon.
McKnifeAuthor Commented:
McKnifeAuthor Commented:
See http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_28309822.html
[the second related question mentioned won't follow, also solved]
Sarang TinguriaSr EngineerCommented:
Glat to hear that specific issue has been resolved
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now