[gptalk] Re: How big is your SYSVOL?

  • From: "Jason B. Halladay" <jason@xxxxxxxx>
  • To: gptalk@xxxxxxxxxxxxx
  • Date: Mon, 07 May 2007 09:19:32 -0600

Thanks, Bart, for your reply.  I have read your previous post(s) about this and appreciate the information. We'd (well, some of us!) would really like to move to a more centralized GPO creation/management scheme but the local politics make it difficult. 
Thanks again,
Jason

bart.schillebeeks@xxxxxxxxxx wrote, on 5/7/2007 2:46 AM:
Hi david, Jason,
 
I've explained in a previous post here. I don't let the ADM's replicate since i'm the only one administering GPO's and i keep my ADM's correct locally.
 
Best thing to do according to me is to

 

  • "Turn off automatic updates of ADM files"  this will thus not overwrite any sysvol adm templates with local versions.
  • "When group policy is selecting a DC it should use PRIMARY DOMAIN CONTROLLER"  this makes sure you always attach to your PDC role.
  • Disable ADM in NTFRS replication by setting a filter on the sysvol replication "*.adm" in the registry , this will exclude *.adm files from replicating.
    here's the KB  to remove the ADM replication from sysvol .

    You have thus a system that only allows ADM on the PDC , to which you only connect to, your sysvol bloat is gone etc...

     You now only need to maintain your local ADM files on your GPO administration workstation to make sure they are the latest versions, of course if you have multiple administrators you need to make sure they have the same ADM's.

Oh yeah Don't change PDC roles , as you will have to re-assing all adm's again (or copy them over first) 

 Vriendelijke groeten,
Cordialement,
Kind Regards,

Schillebeeks Bart
Active Directory Security Consultant
Small and Departmental Systems - NT Systems Fortis Bank
Bart.schillebeeks@xxxxxxxxxxxxxx
AD Internet Consulting BVBA

Disclaimer:
Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity.This Message is in no way legally binding and has to be viewed as a personal opinion of the sender. This message reflects in no way the views of FORTIS BANK and its associates and AD internet Consulting BVBA and its associates. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation.

AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal ON:0470419019 www.adinternet.com mailto:Sales@xxxxxxxxxxxxxx


 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of David Cliffe
Sent: Friday, May 04, 2007 6:35 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: How big is your SYSVOL?

Hi Bart,
 
    Out of curiosity, what are the size of the ADM files in your forest(s)?
 
-DaveC


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of bart.schillebeeks@xxxxxxxxxx
Sent: Friday, May 04, 2007 4:04 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: How big is your SYSVOL?

Hi,

 i manage a company single-handedly with 60.000+ users and workstations and 8000+ servers. i have about 100 gpo's per domain, 7 domains per forest

My production forest user domain has a sysvol of  3.57 megabyte!! , The resource domain (machines) sysvol is only 2.1 megabyte.

I would really only use 1 small team at maximum for your gpo administration with 1 responsible that acts as a moderator and manages all of the settings, requests etc..
I guess that you have a lot of overrides in your settings as well as custom ADM's

. Furthermore if you're doing software installation all the software should be on a seperate file server share , and not in the sysvol!!

 

By the way , i'm always for hire if you need a good GPO admin ;-)

Vriendelijke groeten,
Cordialement,
Kind Regards,

Schillebeeks Bart
Active Directory Security Consultant
Small and Departmental Systems - NT Systems Fortis Bank
Bart.schillebeeks@xxxxxxxxxxxxxx
AD Internet Consulting BVBA

Disclaimer:
Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity.This Message is in no way legally binding and has to be viewed as a personal opinion of the sender. This message reflects in no way the views of FORTIS BANK and its associates and AD internet Consulting BVBA and its associates. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation.

AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal ON:0470419019 www.adinternet.com mailto:Sales@xxxxxxxxxxxxxx





-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Jason B. Halladay
Sent: Thursday, May 03, 2007 10:26 PM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] How big is your SYSVOL?

Hello,
Having recently become aware of the "sysvol bloat" phenomenon, I've done
a bit of reading on the subject.  I looked at the size of our sysvol
directory and found that it is a whopping 4.6GB! We have a single forest
with only one site and domain so thus far this hasn't proved to be a
problem (that I'm aware of!)  I'm taking steps to clean this up but
because of our model with many, many OU admins doing their own things,
it's a bit crazy.
Out of curiosity, how big is your sysvol?  :)

And a bonus question:  when a GPO is deleted through the GPMC, does the
corresponding GPT folder in sysvol get removed at some point?  About 30
minutes ago I deleted a GPO but the GPT is still present.
Thanks!
Jason


***********************
You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at http://www.freelists.org/archives/gptalk/
************************


This email was sent to you by Reuters, the global news and information company.
To find out more about Reuters visit www.about.reuters.com

Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Limited.

Reuters Limited is part of the Reuters Group of companies, of which Reuters Group PLC is the ultimate parent company. Reuters Group PLC - Registered office address: The Reuters Building, South Colonnade, Canary Wharf, London E14 5EP, United Kingdom
Registered No: 3296375
Registered in England and Wales


= = = = = = = = = = = = = = = = = = = = = = = = = Fortis disclaimer : http://www.fortis.be/legal/disclaimer.htm Privacy policy related to banking activities of Fortis: http://www.fortisbank.be/legal/privacy_policy.htm = = = = = = = = = = = = = = = = = = = = = = = = =


Other related posts: