[gptalk] Re: Authentication

  • From: "Delaney, Doug" <doug.delaney@xxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Fri, 22 Sep 2006 11:39:05 -0400

I have found that DynamicSiteName is not "always" populated or accurate,
as it may be the last successful logon.  I am guessing on the last
successful logon.  But, it is more than 95% accurate.  
 

Doug Delaney
GM Desktop Engineering
Global Client Engineering GM
1075 W. Entrance Dr., MS 2B, Cube 2130
Auburn Hills, MI 48326
Lab: 248-365-9187
Tel: 248-754-7917
Pg: 248-870-0306 pager
Mail: Doug.Delaney@xxxxxxx <mailto:Doug.Delaney@xxxxxxx>  

Note: The information in this email is intended solely for the
addressee. Access to this email by anyone else is unauthorized. If you
are not the intended recipient, any disclosure, copying, distribution or
any action taken or omitted to be taken in reliance on it is prohibited.

 


________________________________

        From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Darren Mar-Elia
        Sent: Friday, September 22, 2006 11:21 AM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] Re: Authentication
        
        
        Others have responded here, but one thing I'll add is that
mapping drives, even remotely, should not really take that long. If that
is where the process is hanging up, then you might want to put some
conditional testing in your logon script that tests as to whether the
user is in their home site. This might involve putting an environment
variable on the machines that list their home site, and then testing
whether the current AD site matches that. The current site name is
stored in the registry at
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DynamicSiteNa
me
         
        Outside of that, I don't know of a way to stop logon scripts
from running with GP because they don't actually run as part of GP
processing. 
         
        Darren
        
________________________________

        From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Attardo, Joe
        Sent: Friday, September 22, 2006 5:31 AM
        To: gptalk@xxxxxxxxxxxxx
        Subject: [gptalk] Re: Authentication
        
        
        Thanks Bart for you feedback. A little more information. We do
not use roaming profiles. Is there a way I can get the login script to
stop running so the users are not trying to map drives from remote
locations? 

                -----Original Message-----
                From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of
bart.schillebeeks@xxxxxxxxxx
                Sent: Friday, September 22, 2006 5:57 AM
                To: gptalk@xxxxxxxxxxxxx
                Subject: [gptalk] Re: Authentication
                
                
                Hi, 
                 
                Logging on to a domain controller in another site
shouldn't make a difference in GPO processing times as they are in that
local site also (DC/sysvol). 
                The gpo processing will check the version and will not
apply unless there is a difference. 
                 
                What i'm suspecting is that you draw the roaming profile
from their "home office" share over the wan. 
                Also folder redirection to home folders on their
"native" file server will slow it down cosiderably. 
                 
                The only way to solve this is to deploy DFS based file
shares for home folders and profiles. 
                 
                Also make sure you son't delete local cached copies of
their profile as this will also force GPO settings to reapply
completely. 

                Vriendelijke groeten, 
                Cordialement, 
                Kind Regards, 

                Schillebeeks Bart 
                Active Directory Security Consultant 
                Small and Departmental Systems - NT Systems Fortis Bank 
                Bart.schillebeeks@xxxxxxxxxxxxxx 
                AD Internet Consulting BVBA
                
                Disclaimer:  
                Any views expressed in this message are those of the
individual sender, except where the  message states otherwise and the
sender is authorised to state them to be the views of any  such
entity.This Message is in no way legally binding and has to be viewed as
a personal  opinion of the sender. This message reflects in no way the
views of FORTIS BANK and its  associates and AD internet Consulting BVBA
and its  associates. Unless otherwise stated, any pricing information
given in this message is  indicative only, is subject to change and does
not constitute an offer to deal at any price  quoted. Any reference to
the terms of executed transactions should be treated as preliminary
only and subject to our formal written confirmation.

                AD Internet Consulting BVBA, Hezemeer 7, 2430
Eindhout-Laakdal ON:0470419019  www.adinternet.com
mailto:Sales@xxxxxxxxxxxxxx

                -----Original Message-----
                From: gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Attardo, Joe
                Sent: Friday, September 22, 2006 11:41 AM
                To: gptalk@xxxxxxxxxxxxx
                Subject: [gptalk] Authentication
                
                

                Good Morning, 

                We have many people who travel to other offices as part
of their jobs and the logon experience when they get there is painfully
slow. Is there a way to set a policy so if a user authenticates to a
domain controller away from their "home office" that they will not
receive any policies such as a logon script or folder redirection.  Any
suggestions would be appreciated. 

                 

                Thanks, 

                Joe

Other related posts:

  1. Home
  2. gptalk
  3. Archive
  4. 09-2006