Thank you for the follow-up Bart...much appreciated! -DC ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of bart.schillebeeks@xxxxxxxxxx Sent: Monday, May 07, 2007 4:46 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: How big is your SYSVOL? Hi david, Jason, I've explained in a previous post here. I don't let the ADM's replicate since i'm the only one administering GPO's and i keep my ADM's correct locally. Best thing to do according to me is to * "Turn off automatic updates of ADM files" this will thus not overwrite any sysvol adm templates with local versions. * "When group policy is selecting a DC it should use PRIMARY DOMAIN CONTROLLER" this makes sure you always attach to your PDC role. * Disable ADM in NTFRS replication by setting a filter on the sysvol replication "*.adm" in the registry , this will exclude *.adm files from replicating. here's the KB to remove the ADM replication from sysvol . It's KB81338. http://support.microsoft.com/kb/813338/en-us <http://support.microsoft.com/kb/813338/en-us> You have thus a system that only allows ADM on the PDC , to which you only connect to, your sysvol bloat is gone etc... You now only need to maintain your local ADM files on your GPO administration workstation to make sure they are the latest versions, of course if you have multiple administrators you need to make sure they have the same ADM's. Oh yeah Don't change PDC roles , as you will have to re-assing all adm's again (or copy them over first) Vriendelijke groeten, Cordialement, Kind Regards, Schillebeeks Bart Active Directory Security Consultant Small and Departmental Systems - NT Systems Fortis Bank Bart.schillebeeks@xxxxxxxxxxxxxx AD Internet Consulting BVBA Disclaimer: Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity.This Message is in no way legally binding and has to be viewed as a personal opinion of the sender. This message reflects in no way the views of FORTIS BANK and its associates and AD internet Consulting BVBA and its associates. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation. AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal ON:0470419019 www.adinternet.com mailto:Sales@xxxxxxxxxxxxxx ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of David Cliffe Sent: Friday, May 04, 2007 6:35 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: How big is your SYSVOL? Hi Bart, Out of curiosity, what are the size of the ADM files in your forest(s)? -DaveC ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of bart.schillebeeks@xxxxxxxxxx Sent: Friday, May 04, 2007 4:04 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: How big is your SYSVOL? Hi, i manage a company single-handedly with 60.000+ users and workstations and 8000+ servers. i have about 100 gpo's per domain, 7 domains per forest My production forest user domain has a sysvol of 3.57 megabyte!! , The resource domain (machines) sysvol is only 2.1 megabyte. I would really only use 1 small team at maximum for your gpo administration with 1 responsible that acts as a moderator and manages all of the settings, requests etc.. I guess that you have a lot of overrides in your settings as well as custom ADM's . Furthermore if you're doing software installation all the software should be on a seperate file server share , and not in the sysvol!! By the way , i'm always for hire if you need a good GPO admin ;-) Vriendelijke groeten, Cordialement, Kind Regards, Schillebeeks Bart Active Directory Security Consultant Small and Departmental Systems - NT Systems Fortis Bank Bart.schillebeeks@xxxxxxxxxxxxxx AD Internet Consulting BVBA Disclaimer: Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity.This Message is in no way legally binding and has to be viewed as a personal opinion of the sender. This message reflects in no way the views of FORTIS BANK and its associates and AD internet Consulting BVBA and its associates. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation. AD Internet Consulting BVBA, Hezemeer 7, 2430 Eindhout-Laakdal ON:0470419019 www.adinternet.com mailto:Sales@xxxxxxxxxxxxxx -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [ mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Jason B. Halladay Sent: Thursday, May 03, 2007 10:26 PM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] How big is your SYSVOL? Hello, Having recently become aware of the "sysvol bloat" phenomenon, I've done a bit of reading on the subject. I looked at the size of our sysvol directory and found that it is a whopping 4.6GB! We have a single forest with only one site and domain so thus far this hasn't proved to be a problem (that I'm aware of!) I'm taking steps to clean this up but because of our model with many, many OU admins doing their own things, it's a bit crazy. Out of curiosity, how big is your sysvol? :) And a bonus question: when a GPO is deleted through the GPMC, does the corresponding GPT folder in sysvol get removed at some point? About 30 minutes ago I deleted a GPO but the GPT is still present. Thanks! Jason *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************ This email was sent to you by Reuters, the global news and information company. To find out more about Reuters visit www.about.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Limited. Reuters Limited is part of the Reuters Group of companies, of which Reuters Group PLC is the ultimate parent company. Reuters Group PLC - Registered office address: The Reuters Building, South Colonnade, Canary Wharf, London E14 5EP, United Kingdom Registered No: 3296375 Registered in England and Wales This email was sent to you by Reuters, the global news and information company. To find out more about Reuters visit www.about.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Limited. Reuters Limited is part of the Reuters Group of companies, of which Reuters Group PLC is the ultimate parent company. Reuters Group PLC - Registered office address: The Reuters Building, South Colonnade, Canary Wharf, London E14 5EP, United Kingdom Registered No: 3296375 Registered in England and Wales