[gptalk] Re: How big is your SYSVOL?

  • From: David Cliffe <David.Cliffe@xxxxxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Mon, 07 May 2007 09:37:53 -0400

Thank you for the follow-up Bart...much appreciated!
 
-DC


________________________________

        From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of
bart.schillebeeks@xxxxxxxxxx
        Sent: Monday, May 07, 2007 4:46 AM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] Re: How big is your SYSVOL?
        
        
        Hi david, Jason,
         
        I've explained in a previous post here. I don't let the ADM's
replicate since i'm the only one administering GPO's and i keep my ADM's
correct locally. 
         

                Best thing to do according to me is to 

         

                *       "Turn off automatic updates of ADM files"  this
will thus not overwrite any sysvol adm templates with local versions. 
                *       "When group policy is selecting a DC it should
use PRIMARY DOMAIN CONTROLLER"  this makes sure you always attach to
your PDC role. 
                *       Disable ADM in NTFRS replication by setting a
filter on the sysvol replication "*.adm" in the registry , this will
exclude *.adm files from replicating. 
                        here's the KB  to remove the ADM replication
from sysvol . 
                        It's KB81338.  
http://support.microsoft.com/kb/813338/en-us
<http://support.microsoft.com/kb/813338/en-us>   

                        You have thus a system that only allows ADM on
the PDC , to which you only connect to, your sysvol bloat is gone etc...

                         You now only need to maintain your local ADM
files on your GPO administration workstation to make sure they are the
latest versions, of course if you have multiple administrators you need
to make sure they have the same ADM's. 

                        

        
        Oh yeah Don't change PDC roles , as you will have to re-assing
all adm's again (or copy them over first) 

         Vriendelijke groeten,
        Cordialement,
        Kind Regards, 
        Schillebeeks Bart
        Active Directory Security Consultant
        Small and Departmental Systems - NT Systems Fortis Bank
        Bart.schillebeeks@xxxxxxxxxxxxxx
        AD Internet Consulting BVBA
        
        Disclaimer:
        Any views expressed in this message are those of the individual
sender, except where the message states otherwise and the sender is
authorised to state them to be the views of any such entity.This Message
is in no way legally binding and has to be viewed as a personal opinion
of the sender. This message reflects in no way the views of FORTIS BANK
and its associates and AD internet Consulting BVBA and its associates.
Unless otherwise stated, any pricing information given in this message
is indicative only, is subject to change and does not constitute an
offer to deal at any price quoted. Any reference to the terms of
executed transactions should be treated as preliminary only and subject
to our formal written confirmation.

        AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal
ON:0470419019 www.adinternet.com mailto:Sales@xxxxxxxxxxxxxx


         

________________________________

        From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of David Cliffe
        Sent: Friday, May 04, 2007 6:35 PM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] Re: How big is your SYSVOL?
        
        
        Hi Bart,
         
            Out of curiosity, what are the size of the ADM files in your
forest(s)?
         
        -DaveC


________________________________

                From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of
bart.schillebeeks@xxxxxxxxxx
                Sent: Friday, May 04, 2007 4:04 AM
                To: gptalk@xxxxxxxxxxxxx
                Subject: [gptalk] Re: How big is your SYSVOL?
                
                

                

                Hi,

                 i manage a company single-handedly with 60.000+ users
and workstations and 8000+ servers. i have about 100 gpo's per domain, 7
domains per forest

                My production forest user domain has a sysvol of  3.57
megabyte!! , The resource domain (machines) sysvol is only 2.1 megabyte.

                 

                I would really only use 1 small team at maximum for your
gpo administration with 1 responsible that acts as a moderator and
manages all of the settings, requests etc..
                I guess that you have a lot of overrides in your
settings as well as custom ADM's 

                . Furthermore if you're doing software installation all
the software should be on a seperate file server share , and not in the
sysvol!!

                 

                By the way , i'm always for hire if you need a good GPO
admin ;-)

                Vriendelijke groeten,
                Cordialement,
                Kind Regards, 
                Schillebeeks Bart
                Active Directory Security Consultant
                Small and Departmental Systems - NT Systems Fortis Bank
                Bart.schillebeeks@xxxxxxxxxxxxxx
                AD Internet Consulting BVBA
                
                Disclaimer:
                Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the
sender is authorised to state them to be the views of any such
entity.This Message is in no way legally binding and has to be viewed as
a personal opinion of the sender. This message reflects in no way the
views of FORTIS BANK and its associates and AD internet Consulting BVBA
and its associates. Unless otherwise stated, any pricing information
given in this message is indicative only, is subject to change and does
not constitute an offer to deal at any price quoted. Any reference to
the terms of executed transactions should be treated as preliminary only
and subject to our formal written confirmation.

                AD Internet Consulting BVBA, Hezemeer 7, 2430
Eindhout-Laakdal ON:0470419019 www.adinternet.com 
mailto:Sales@xxxxxxxxxxxxxx

                
                
                
                
                -----Original Message-----
                From: gptalk-bounce@xxxxxxxxxxxxx [
mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Jason B. Halladay
                Sent: Thursday, May 03, 2007 10:26 PM
                To: gptalk@xxxxxxxxxxxxx
                Subject: [gptalk] How big is your SYSVOL?
                
                Hello,
                Having recently become aware of the "sysvol bloat"
phenomenon, I've done
                a bit of reading on the subject.  I looked at the size
of our sysvol
                directory and found that it is a whopping 4.6GB! We have
a single forest
                with only one site and domain so thus far this hasn't
proved to be a
                problem (that I'm aware of!)  I'm taking steps to clean
this up but
                because of our model with many, many OU admins doing
their own things,
                it's a bit crazy.
                Out of curiosity, how big is your sysvol?  :)
                
                And a bonus question:  when a GPO is deleted through the
GPMC, does the
                corresponding GPT folder in sysvol get removed at some
point?  About 30
                minutes ago I deleted a GPO but the GPT is still
present.
                Thanks!
                Jason
                
                
                ***********************
                You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/
                ************************
                


        This email was sent to you by Reuters, the global news and
information company.
        To find out more about Reuters visit www.about.reuters.com 

        Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be the views
of Reuters Limited. 

        Reuters Limited is part of the Reuters Group of companies, of
which Reuters Group PLC is the ultimate parent company. Reuters Group
PLC - Registered office address: The Reuters Building, South Colonnade,
Canary Wharf, London E14 5EP, United Kingdom
        Registered No: 3296375
        Registered in England and Wales 



This email was sent to you by Reuters, the global news and information company. 
To find out more about Reuters visit www.about.reuters.com

Any views expressed in this message are those of the individual sender, 
except where the sender specifically states them to be the views of Reuters 
Limited.

Reuters Limited is part of the Reuters Group of companies, of which Reuters 
Group PLC is the ultimate parent company.
Reuters Group PLC - Registered office address: The Reuters Building, South 
Colonnade, Canary Wharf, London E14 5EP, United Kingdom
Registered No: 3296375
Registered in England and Wales

JPEG image

Other related posts: