[gptalk] Re: How big is your SYSVOL?
- From: <bart.schillebeeks@xxxxxxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Mon, 7 May 2007 10:46:16 +0200
Hi david, Jason,
I've explained in a previous post here. I don't let the ADM's replicate since
i'm the only one administering GPO's and i keep my ADM's correct locally.
Best thing to do according to me is to
* "Turn off automatic updates of ADM files" this will thus not
overwrite any sysvol adm templates with local versions.
* "When group policy is selecting a DC it should use PRIMARY
DOMAIN CONTROLLER" this makes sure you always attach to your PDC role.
* Disable ADM in NTFRS replication by setting a filter on the
sysvol replication "*.adm" in the registry , this will exclude *.adm files from
replicating.
here's the KB to remove the ADM replication from sysvol .
It's KB81338. http://support.microsoft.com/kb/813338/en-us
<http://support.microsoft.com/kb/813338/en-us>
You have thus a system that only allows ADM on the PDC , to
which you only connect to, your sysvol bloat is gone etc...
You now only need to maintain your local ADM files on your GPO
administration workstation to make sure they are the latest versions, of course
if you have multiple administrators you need to make sure they have the same
ADM's.
Oh yeah Don't change PDC roles , as you will have to re-assing all adm's again
(or copy them over first)
Vriendelijke groeten,
Cordialement,
Kind Regards,
Schillebeeks Bart
Active Directory Security Consultant
Small and Departmental Systems - NT Systems Fortis Bank
Bart.schillebeeks@xxxxxxxxxxxxxx
AD Internet Consulting BVBA
Disclaimer:
Any views expressed in this message are those of the individual sender, except
where the message states otherwise and the sender is authorised to state them
to be the views of any such entity.This Message is in no way legally binding
and has to be viewed as a personal opinion of the sender. This message reflects
in no way the views of FORTIS BANK and its associates and AD internet
Consulting BVBA and its associates. Unless otherwise stated, any pricing
information given in this message is indicative only, is subject to change and
does not constitute an offer to deal at any price quoted. Any reference to the
terms of executed transactions should be treated as preliminary only and
subject to our formal written confirmation.
AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal ON:0470419019
www.adinternet.com mailto:Sales@xxxxxxxxxxxxxx
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of David Cliffe
Sent: Friday, May 04, 2007 6:35 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: How big is your SYSVOL?
Hi Bart,
Out of curiosity, what are the size of the ADM files in your forest(s)?
-DaveC
________________________________
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of bart.schillebeeks@xxxxxxxxxx
Sent: Friday, May 04, 2007 4:04 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: How big is your SYSVOL?
Hi,
i manage a company single-handedly with 60.000+ users and workstations
and 8000+ servers. i have about 100 gpo's per domain, 7 domains per forest
My production forest user domain has a sysvol of 3.57 megabyte!! , The
resource domain (machines) sysvol is only 2.1 megabyte.
I would really only use 1 small team at maximum for your gpo
administration with 1 responsible that acts as a moderator and manages all of
the settings, requests etc..
I guess that you have a lot of overrides in your settings as well as
custom ADM's
. Furthermore if you're doing software installation all the software
should be on a seperate file server share , and not in the sysvol!!
By the way , i'm always for hire if you need a good GPO admin ;-)
Vriendelijke groeten,
Cordialement,
Kind Regards,
Schillebeeks Bart
Active Directory Security Consultant
Small and Departmental Systems - NT Systems Fortis Bank
Bart.schillebeeks@xxxxxxxxxxxxxx
AD Internet Consulting BVBA
Disclaimer:
Any views expressed in this message are those of the individual sender,
except where the message states otherwise and the sender is authorised to state
them to be the views of any such entity.This Message is in no way legally
binding and has to be viewed as a personal opinion of the sender. This message
reflects in no way the views of FORTIS BANK and its associates and AD internet
Consulting BVBA and its associates. Unless otherwise stated, any pricing
information given in this message is indicative only, is subject to change and
does not constitute an offer to deal at any price quoted. Any reference to the
terms of executed transactions should be treated as preliminary only and
subject to our formal written confirmation.
AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal
ON:0470419019 www.adinternet.com mailto:Sales@xxxxxxxxxxxxxx
-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Jason B. Halladay
Sent: Thursday, May 03, 2007 10:26 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] How big is your SYSVOL?
Hello,
Having recently become aware of the "sysvol bloat" phenomenon, I've done
a bit of reading on the subject. I looked at the size of our sysvol
directory and found that it is a whopping 4.6GB! We have a single forest
with only one site and domain so thus far this hasn't proved to be a
problem (that I'm aware of!) I'm taking steps to clean this up but
because of our model with many, many OU admins doing their own things,
it's a bit crazy.
Out of curiosity, how big is your sysvol? :)
And a bonus question: when a GPO is deleted through the GPMC, does the
corresponding GPT folder in sysvol get removed at some point? About 30
minutes ago I deleted a GPO but the GPT is still present.
Thanks!
Jason
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at //www.freelists.org/archives/gptalk/
************************
This email was sent to you by Reuters, the global news and information company.
To find out more about Reuters visit www.about.reuters.com
Any views expressed in this message are those of the individual sender, except
where the sender specifically states them to be the views of Reuters Limited.
Reuters Limited is part of the Reuters Group of companies, of which Reuters
Group PLC is the ultimate parent company. Reuters Group PLC - Registered office
address: The Reuters Building, South Colonnade, Canary Wharf, London E14 5EP,
United Kingdom
Registered No: 3296375
Registered in England and Wales
= = = = = = = = = = = = = = = = = = = = = = = = =
Fortis disclaimer :
http://www.fortis.be/legal/disclaimer.htm
Privacy policy related to banking activities of Fortis:
http://www.fortisbank.be/legal/privacy_policy.htm
= = = = = = = = = = = = = = = = = = = = = = = = =
Other related posts:
