Minimizing GPO-Processing Overhead
I read Darren Mar-Elia's "Optimize GPO-Processing Performance" (March 2002, InstantDoc ID 23831) and was wondering whether you have any advice about my company's situation. We're converting users from Novell Directory Services (NDS) to Active Directory (AD). We have a fairly extensive Novell script that maps drives and printers based on group membership. I was thinking about using Group Policy Objects (GPOs) to do the same thing: I'd create a GPO for every mapped drive and printer, and I'd give only the appropriate groups the right to run Apply group policy for each policy in question. Would this process cause less or more overhead than writing one script that all users would run to map drives and printers?
—Paul Zelmer
pzelmer@manulifeusa.com
The answer depends on how many drive and printer mappings you're talking about. In general, I think you'll have less overhead and a more scalable solution if you perform group membership testing within one or a few GPO-based logon scripts than if you have a GPO for every possible drive or printer requirement that comes up. In terms of performance, checking group membership in AD isn't that expensive. You could even take a middle road. For example, if you know that only certain groups of users will be processing a GPO linked to a particular organizational unit (OU), you can test for only those user groups within that GPO.
—Darren Mar-Elia
Scheduling Win2K Server Maintenance
Sean Daily's articles about recovering essential network services, "Recovering WINS" (March 2002, InstantDoc ID 23833) and "Recovering DHCP" (September 2001, InstantDoc ID 21841), were very informative, especially the suggestions about preparing for disaster. Do you recommend a time interval (e.g., once a month, once a quarter, once a year) for performing the maintenance for those crucial services? Also, have you written any articles about preparing for disaster recovery on Windows 2000 Server or Active Directory (AD)? I'm developing a maintenance schedule and plan to implement the recommendations from your articles.
—Earl Hinkle
earlhinkle@mail.maricopa.gov
How frequently you need to perform the maintenance services I discussed in the articles depends on the size of your organization. Large networks will have an inherently greater use of services such as WINS and DHCP than small networks will have. Thus, performing more frequent maintenance tasks on the databases these services use is important for large networks. In any case, a quarterly maintenance schedule is an absolute minimum*a monthly schedule is a better idea for all but the smallest networks.
Search the archive on Windows & .NET Magazine's Web site (http://www.winnetmag.com/magazine) to find other recovery-oriented articles. Look for the third part of my recovering essential services series, "Recovering AD," in an upcoming issue of the magazine.
—Sean Daily
Cusmgr
Sean Daily's Tricks & Traps: "Daily Answers" (April 2002, InstantDoc ID 24210) describes a way to use the Microsoft Windows 2000 Server Resource Kit's Cusmgr utility to change local Administrator passwords in bulk. Here's what I suggest: Create a batch file similar to the one the author describes in the article, but run the batch file as a domain group policy under the computer configuration startup scripts. This solution doesn't require a list of machine names.
—Scott Kohl
skohl@bus.wisc.edu
End of Article
Register
