[gptalk] Re: How big is your SYSVOL?

  • From: <bart.schillebeeks@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Mon, 7 May 2007 10:46:16 +0200

Hi david, Jason,
 
I've explained in a previous post here. I don't let the ADM's replicate since 
i'm the only one administering GPO's and i keep my ADM's correct locally. 
 

        Best thing to do according to me is to 

 

        *       "Turn off automatic updates of ADM files"  this will thus not 
overwrite any sysvol adm templates with local versions. 
        *       "When group policy is selecting a DC it should use PRIMARY 
DOMAIN CONTROLLER"  this makes sure you always attach to your PDC role. 
        *       Disable ADM in NTFRS replication by setting a filter on the 
sysvol replication "*.adm" in the registry , this will exclude *.adm files from 
replicating. 
                here's the KB  to remove the ADM replication from sysvol . 
                It's KB81338.  http://support.microsoft.com/kb/813338/en-us 
<http://support.microsoft.com/kb/813338/en-us>   

                You have thus a system that only allows ADM on the PDC , to 
which you only connect to, your sysvol bloat is gone etc...

                 You now only need to maintain your local ADM files on your GPO 
administration workstation to make sure they are the latest versions, of course 
if you have multiple administrators you need to make sure they have the same 
ADM's. 

                

Oh yeah Don't change PDC roles , as you will have to re-assing all adm's again 
(or copy them over first) 

 Vriendelijke groeten,
Cordialement,
Kind Regards, 
Schillebeeks Bart
Active Directory Security Consultant
Small and Departmental Systems - NT Systems Fortis Bank
Bart.schillebeeks@xxxxxxxxxxxxxx
AD Internet Consulting BVBA

Disclaimer:
Any views expressed in this message are those of the individual sender, except 
where the message states otherwise and the sender is authorised to state them 
to be the views of any such entity.This Message is in no way legally binding 
and has to be viewed as a personal opinion of the sender. This message reflects 
in no way the views of FORTIS BANK and its associates and AD internet 
Consulting BVBA and its associates. Unless otherwise stated, any pricing 
information given in this message is indicative only, is subject to change and 
does not constitute an offer to deal at any price quoted. Any reference to the 
terms of executed transactions should be treated as preliminary only and 
subject to our formal written confirmation.

AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal ON:0470419019 
www.adinternet.com mailto:Sales@xxxxxxxxxxxxxx


 

________________________________

From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On 
Behalf Of David Cliffe
Sent: Friday, May 04, 2007 6:35 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: How big is your SYSVOL?


Hi Bart,
 
    Out of curiosity, what are the size of the ADM files in your forest(s)?
 
-DaveC


________________________________

        From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] 
On Behalf Of bart.schillebeeks@xxxxxxxxxx
        Sent: Friday, May 04, 2007 4:04 AM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] Re: How big is your SYSVOL?
        
        

        

        Hi,

         i manage a company single-handedly with 60.000+ users and workstations 
and 8000+ servers. i have about 100 gpo's per domain, 7 domains per forest

        My production forest user domain has a sysvol of  3.57 megabyte!! , The 
resource domain (machines) sysvol is only 2.1 megabyte.

         

        I would really only use 1 small team at maximum for your gpo 
administration with 1 responsible that acts as a moderator and manages all of 
the settings, requests etc..
        I guess that you have a lot of overrides in your settings as well as 
custom ADM's 

        . Furthermore if you're doing software installation all the software 
should be on a seperate file server share , and not in the sysvol!!

         

        By the way , i'm always for hire if you need a good GPO admin ;-)

        Vriendelijke groeten,
        Cordialement,
        Kind Regards, 
        Schillebeeks Bart
        Active Directory Security Consultant
        Small and Departmental Systems - NT Systems Fortis Bank
        Bart.schillebeeks@xxxxxxxxxxxxxx
        AD Internet Consulting BVBA
        
        Disclaimer:
        Any views expressed in this message are those of the individual sender, 
except where the message states otherwise and the sender is authorised to state 
them to be the views of any such entity.This Message is in no way legally 
binding and has to be viewed as a personal opinion of the sender. This message 
reflects in no way the views of FORTIS BANK and its associates and AD internet 
Consulting BVBA and its associates. Unless otherwise stated, any pricing 
information given in this message is indicative only, is subject to change and 
does not constitute an offer to deal at any price quoted. Any reference to the 
terms of executed transactions should be treated as preliminary only and 
subject to our formal written confirmation.

        AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal 
ON:0470419019 www.adinternet.com mailto:Sales@xxxxxxxxxxxxxx

        
        
        
        
        -----Original Message-----
        From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] 
On Behalf Of Jason B. Halladay
        Sent: Thursday, May 03, 2007 10:26 PM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] How big is your SYSVOL?
        
        Hello,
        Having recently become aware of the "sysvol bloat" phenomenon, I've done
        a bit of reading on the subject.  I looked at the size of our sysvol
        directory and found that it is a whopping 4.6GB! We have a single forest
        with only one site and domain so thus far this hasn't proved to be a
        problem (that I'm aware of!)  I'm taking steps to clean this up but
        because of our model with many, many OU admins doing their own things,
        it's a bit crazy.
        Out of curiosity, how big is your sysvol?  :)
        
        And a bonus question:  when a GPO is deleted through the GPMC, does the
        corresponding GPT folder in sysvol get removed at some point?  About 30
        minutes ago I deleted a GPO but the GPT is still present.
        Thanks!
        Jason
        
        
        ***********************
        You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
        ************************
        


This email was sent to you by Reuters, the global news and information company.
To find out more about Reuters visit www.about.reuters.com 

Any views expressed in this message are those of the individual sender, except 
where the sender specifically states them to be the views of Reuters Limited. 

Reuters Limited is part of the Reuters Group of companies, of which Reuters 
Group PLC is the ultimate parent company. Reuters Group PLC - Registered office 
address: The Reuters Building, South Colonnade, Canary Wharf, London E14 5EP, 
United Kingdom
Registered No: 3296375
Registered in England and Wales 

JPEG image

= = = = = = = = = = = = = = = = = = = = = = = = =
Fortis disclaimer :
http://www.fortis.be/legal/disclaimer.htm

Privacy policy related to banking activities of Fortis:
http://www.fortisbank.be/legal/privacy_policy.htm
= = = = = = = = = = = = = = = = = = = = = = = = =

Other related posts: