Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bonus #1 (For Geeks) … ADM(x) and Group Policy Preferences “Gotchas” Bonus #2: Special Group Policy Announcements !

Published byDorthy Bryan Modified over 9 years ago

Similar presentations

Presentation on theme: "Bonus #1 (For Geeks) … ADM(x) and Group Policy Preferences “Gotchas” Bonus #2: Special Group Policy Announcements !"— Presentation transcript:

1

2

3 Bonus #1 (For Geeks) … ADM(x) and Group Policy Preferences “Gotchas” Bonus #2: Special Group Policy Announcements !

4

5 “Most popular” would be the Windows 7 machine / GPMC from RSAT Suggest: Always use “Latest Greatest” GPMC available This is different than using “Latest Greatest” ADMX / ADML files / Central Store

6 GPPrefs item for IE10

7 Better Reporting Old Style GPMC broke it up to “Summary” (GPOs you got) and “Settings” (settings in those GPOs.) New Style GPMC “Details” in one-stop shop view Conflicts easier to detect with “Winning GPO”

8 IPv6 options in some GPPrefs items

9 Check Group Policy “Status”

10 Remote Gpupdate Targets must be Windows 7 and later

11

12

13 Lots of GPOs in the Group Policy Objects folder Not Disabling “Unused portion” of GPO Lots of “stuff” inside a GPO Block Inheritance and/or Enforced used Lots and lots of GPOs linked to a user or computer* (see next slide & two slides from now)

14 Login Scripts doing “dumb” things. Login Scripts doing “really dumb” things. Login Scripts doing “ridiculously dumb” things. Startup Scripts doing “dumb” things Having a home drive “far away” Lots and lots of GPOs linked to a user or computer* (see next slide) Profile being built / Downloaded / First Time Other various disk contention during startup & login DNS issues Services hung on client Mapping drives or printers that don’t exist Bad drivers

15 Lots and lots of GPOs linked to a user or computer… but over a slow link. Deploying huuuuge Printer Drivers using Group Policy Preferences Printers Replication issues causing a GPO is malformed and/or broken version number “Overuse” of Group Policy filtering by AD Group Membership Using WMI Filters inappropriately / excessively Actual Group Policy client-side bugs (which typically have actual hotfixes and/or known workarounds)

16 “Improves the processing of Group Policies and Group Policy preferences. The performance of computers is improved after you install this rollup update on Windows 7-based computers that have several Group Policy preferences ” “Improves the Windows Management Instrumentation (WMI) components to reduce the CPU usage and to improve the repository verification performance.” Fixes: “Logon scripts take a long time to run in Windows Vista, in Windows Server 2008, in Windows 7 or in Windows Server 2008 R2” Fixes: “You experience a long logon time when you try to log on to a Windows 7-based or a Windows Server 2008 R2-based client computer that uses roaming profiles”

17 By default, on Windows clients … Group Policy processing is “deferred” until sometime after computer is started (and sometime after the user is logged in.) Good news: Everything feels faster (for startups and logins). Bad news (For Windows 7 clients): If any “part” (CSE) of Group Policy required Sync, the whole login (computer side or user side) must process in Sync mode. Additional bad news: Login scripts only slow you down at login time … when the profile is being built / downloaded, Start Menu getting warmed up, and so on.

18 Windows 8.1 takes a leap forward in reducing what REQUIRES Sync to be necessarily forced Before Windows 8.1Windows 8.1 Folder Redirection Software Installation Group Policy Preferences Drive Maps Disk Quota Folder Redirection Software Installation

19 Windows 8.1 “caches” GPOs locally. When Sync is required, read locally, not from AD. Windows 8.1 flips back to async mode when final CSE requiring sync is done processing. Windows 8.1 reduces LDAP requests to Active Directory during all logons. What this does: Speeds up login when sync is required Speeds up login when you have LOTS of GPOs AND you have slow links. What the caching doesn’t do: Doesn’t keep “ADM(x)-based non-Policies” keys or Group Policy Preferences compliant when working offline.

20 Remember login scripts causing disk contention & LOTS of slowdowns at login time? Windows 8.1 defers login script processing until “later” Windows 8.1 default: 5 minutes after triggered Can turn off if desired. (IMHO, when you’ve got SSD’s it’s A-OK)

21 Best Case: Windows 8.1 All CSEs (including 3rd party ones) run Async Worst Case (But Useful !): Test using Use Always wait for the network at computer startup or login policy setting as enabled And/or First time ever logging on.

22

23

24 Worst way to troubleshoot: Use Group Policy as a scapegoat for all slowness problems. Best way to troubleshoot: Actual facts Ways to get facts: Reporting Eventing Tracing Windows Performance Analyzer

25 “Major news”: Windows Logs | System “Incremental News”: Applications and Services Logs | Microsoft | Windows | Group Policy | Operational

26 “Major news”: Windows Logs | System “Incremental News”: Applications and Services Logs | Microsoft | Windows | Group Policy | Operational

27 New Events when clients are Windows 8.1 EventId Get Applicable GPOs Start 4126 Get Applicable GPOs End Success 5126 Get Applicable GPOs End Fail 7126 GPO process sync mode slowlink detected 6344 GPO Process sync mode NO DC 6345 GPO Process switch sync mode to async 6346 Gpsvc start 4115 Gpsvc stop 5115

28 And even more…New Events when clients are Windows 8.1 EventId Gpsvc stop5115 Gp session start4117 Gp session return winLogon call5351 Gp session end5117 Gp session end with error7117 Gp save to cache start4216 Gp save to cache end5216 Gp save to cache end with error7216 Gp load from cache start4217 Gp load from cache end5217 Gp load from cache end with error7217 Gp cache first WMI query start4218 Gp cache first WMI query end5218 Gp service init start4116 Gp service init end5116 Gp policy download start4257 Gp policy download end5257 Gp policy download end with error7257

29 Get Facts about a particular Group Policy Preferences item CSE

30

31 Get Facts about the whole boot and login process Definitely attend session WIN-B359 2014 Edition: How Many Coffees Can You Drink While Your PC Starts? (Thurs 2:45 PM) (And review 2013 and 2012 sessions on Channel9)

32

33

34 Other tips, tricks and thoughts to consider Always use the latest GPMC (and latest ADMX templates.) … (That’s two separate things.) Jeremy’s Law: “The First Logon doesn’t matter. Heck, the second login doesn’t matter either.” Don’t wait until your systems have “cruft” to start troubleshooting. Just for fun, bring up a Windows 8.1 machine next to a Windows 7 machine. Troubleshooting is part “Art” and part “Science”. But don’t blame something that doesn’t have data around it.

35

36 http://support.microsoft.com/kb/ 2962486

37

38

39 Step 1: Export items as XML

40 Step 2 (SCCM): Use familiar SCCM Application Wizard

41 Step 2 (Intune): Use familiar Managed Software Wizard

42 Step 2 (PolicyPak Cloud): Upload XML items to PolicyPak Cloud

43 GPPrefs and your app’s settings get deployed using YOUR choice: Group Policy SCCM Windows Intune PolicyPak Cloud Results: Downloaded, applied and enforced at Windows client

44

45 100% Free Bonus Stuff for attending ! Go here, then get them via email: TinyURL.com/jmteched1 Doesn’t work for you? Email me directly. jeremym@policypak.com

46

47

48 www.microsoft.com/learning http://microsoft.com/msdn http://microsoft.com/technet http://channel9.msdn.com/Events/TechEd

49

50

51

Download ppt "Bonus #1 (For Geeks) … ADM(x) and Group Policy Preferences “Gotchas” Bonus #2: Special Group Policy Announcements !"

Similar presentations

ACTIVE DIRECTORY GROUP POLICY MAEDS Spring PD Day 2012 Nicholas A. Hay Jefferson Schools

ACTIVE DIRECTORY GROUP POLICY MAEDS Spring PD Day 2012 Nicholas A. Hay Jefferson Schools
Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.

Microsoft Server 2008 R2 Group Policies & AD. Group Policies-Refresher  Policies are “all or nothing”  You cannot selectively choose within a policy.
NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.

NREL is a national laboratory of the U.S. Department of Energy Office of Energy Efficiency and Renewable Energy operated by the Alliance for Sustainable.
Understanding Group Policy on Windows Server 2003.

Understanding Group Policy on Windows Server 2003.
Module 5: Creating and Configuring Group Policy

Module 5: Creating and Configuring Group Policy
Managing User Settings with Group Policy

Managing User Settings with Group Policy
Chapter 8 Configuring Group Policies

Chapter 8 Configuring Group Policies
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Clyde G. Johnson.  Test Environment  Tools of the trade  Demo  Central Store  Show  Group Policy Spreadsheets  Demo  Planning and Deployment.

Clyde G. Johnson.  Test Environment  Tools of the trade  Demo  Central Store  Show  Group Policy Spreadsheets  Demo  Planning and Deployment.
Lesson 16: Creating Group Policy Objects

Lesson 16: Creating Group Policy Objects
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Group Policy – Tips, Tricks and Best Practices

Group Policy – Tips, Tricks and Best Practices
WIN-B331 Get a consistent, personal Windows experience that matches your unique work style Easy for IT to deliver personal, user-defined experiences.

WIN-B331 Get a consistent, personal Windows experience that matches your unique work style Easy for IT to deliver personal, user-defined experiences.
(ITI310) By Eng. BASSEM ALSAID SESSIONS 9-10-11 2008.

(ITI310) By Eng. BASSEM ALSAID SESSIONS
Active Directory: OU Administration December 17th, 2008 1-4pm Daniels 407.

Active Directory: OU Administration December 17th, pm Daniels 407.
Introduction to Active Directory December 10th, 2008 1-3pm Daniels 407.

Introduction to Active Directory December 10th, pm Daniels 407.

Similar presentations

Ads by Google