[gptalk] Re: Authentication

  • From: "Darren Mar-Elia" <darren@xxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 22 Sep 2006 08:20:31 -0700

Others have responded here, but one thing I'll add is that mapping drives,
even remotely, should not really take that long. If that is where the
process is hanging up, then you might want to put some conditional testing
in your logon script that tests as to whether the user is in their home
site. This might involve putting an environment variable on the machines
that list their home site, and then testing whether the current AD site
matches that. The current site name is stored in the registry at
Outside of that, I don't know of a way to stop logon scripts from running
with GP because they don't actually run as part of GP processing. 


From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Attardo, Joe
Sent: Friday, September 22, 2006 5:31 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Authentication

Thanks Bart for you feedback. A little more information. We do not use
roaming profiles. Is there a way I can get the login script to stop running
so the users are not trying to map drives from remote locations? 

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of bart.schillebeeks@xxxxxxxxxx
Sent: Friday, September 22, 2006 5:57 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Authentication

Logging on to a domain controller in another site shouldn't make a
difference in GPO processing times as they are in that local site also
The gpo processing will check the version and will not apply unless there is
a difference. 
What i'm suspecting is that you draw the roaming profile from their "home
office" share over the wan. 
Also folder redirection to home folders on their "native" file server will
slow it down cosiderably. 
The only way to solve this is to deploy DFS based file shares for home
folders and profiles. 
Also make sure you son't delete local cached copies of their profile as this
will also force GPO settings to reapply completely. 

Vriendelijke groeten, 
Kind Regards, 

Schillebeeks Bart 
Active Directory Security Consultant 
Small and Departmental Systems - NT Systems Fortis Bank 
AD Internet Consulting BVBA

Any views expressed in this message are those of the individual sender,
except where the  message states otherwise and the sender is authorised to
state them to be the views of any  such entity.This Message is in no way
legally binding and has to be viewed as a personal  opinion of the sender.
This message reflects in no way the views of FORTIS BANK and its  associates
and AD internet Consulting BVBA and its  associates. Unless otherwise
stated, any pricing information given in this message is  indicative only,
is subject to change and does not constitute an offer to deal at any price
quoted. Any reference to the terms of executed transactions should be
treated as preliminary  only and subject to our formal written confirmation.

AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal ON:0470419019
www.adinternet.com  mailto:Sales@xxxxxxxxxxxxxx

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Attardo, Joe
Sent: Friday, September 22, 2006 11:41 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Authentication

Good Morning, 

We have many people who travel to other offices as part of their jobs and
the logon experience when they get there is painfully slow. Is there a way
to set a policy so if a user authenticates to a domain controller away from
their "home office" that they will not receive any policies such as a logon
script or folder redirection.  Any suggestions would be appreciated. 




Other related posts: