Re: Group Policy Downloading unchanged GPO's

Thanks for the clarification Darren.

We carried out some test to see the GPO behaviour by capturing the network
traffic. On analysis we understand that if a CSE has multiple GPO's then
even if one of the GPO changes, all the GPO's belonging to that CSE gets
read (Not downloaded).

As for issue #2, are you aware of any plans from MS to resolve this??

Regards


"Darren Mar-Elia" <dmanonymous@xxxxxxxxxxxxx> wrote in message
news:EB01AE7E-4152-41FA-9ED3-6193AB20908E@xxxxxxxxxxxxxxxx
To answer question #1, because GPO settings aren't cached (in other words,
they are not held in some separate place on the client), then yes, all
settings from all 3 GPOs would be read by the client if just one GPO
changes. You also have to be careful with the word "download". GPOs aren't
copied lock, stock and barrel to the client. Let's say, for example, that
the registry extension needs to run. It has a list of GPOs that implement
registry policy and so it read the GPT portion of those GPOs and copies
the registry.pol files from each GPO into memory, where it merges them
according to precedence and then applies them to the registry.

--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related

Speed Group Policy Troubleshooting with the NEW GPHealth Reporter tool at
http://www.sdmsoftware.com/products.php


"Vivin George" <VivinGeorge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:55B2407D-8113-4323-81ED-532FCC524445@xxxxxxxxxxxxxxxx
Thanks Darren for the response.

Regarding Issue #1, I agree that all the policies needs to be reapplied
but
are you also saying that all the 3 GPO's would be downloaded from the DC
even
if only one GPO changes? My understanding was if the version of GPO does
not
match with the client then only the changed GPO's are downloaded. Is this
correct?

Regarding Issue #2, we found an interesting link which talks of a similar
issue.
http://www.minasi.com/forum/topic.asp?TOPIC_ID=20647.
This explains the "Why" part of the issue.

Thanks & Regards
--
Vivin


"Darren Mar-Elia" wrote:

Both are expected behavior. On the first, let's say you have 3 GPOs that
all
implement registry policy for a given user or computer. If you change
one of
them, then they all have to re-apply during the next foreground or
background processing cycle, otherwise the precedence of GP would be
broken.

The second is more subtle but also expected. The effect of transferring
the
FSMO role results in Windows trying to sync up the PDCe with the Default
Domain Policy for account policy. I couldn't tell why MS does this, but
they
do, and I've seen it before.

--
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Training Videos, Whitepapers and Utilities for all things Group
Policy-related

Speed Group Policy Troubleshooting with the NEW GPHealth Reporter tool
at
http://www.sdmsoftware.com/products.php


"Vivin George" <VivinGeorge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1645928E-994F-4AD9-93F5-7CE305883D0F@xxxxxxxxxxxxxxxx
Hi,
We have a Win2k3 SP1 domain with 2003 functional level ( forest and
domain).
The current implementation has GPO's configured at Domain, User and
computer
OU's.
We have noticed 2 isssues related to GPO:

1) When any one GPO linked at OU or domain is changed, the clients on
rebooting downloads the changed GPO and also some of the unchanged
GPO's
event though there are no changes in the GPO or the GPT.ini version.
This
results in large traffic on the WAN.

2) After transfering the FSMO role we find the values of default
domain
policy is modified with the value of the overriding custom domain
policy.

Please let me know if this issue has been noticed by anybody. If so
the
cause and possible resolution.

Thanks & Regards
--
Vivin




.

Relevant Pages

  • Re: Set GPO for specific user group
    ... Click on the domain name in Group Policy Management, select the GPO and then click the arrow to the left to move it to the top of the list ... Filtering: Denied ...
    (microsoft.public.windows.server.sbs)
  • Re: GPO Question
    ... Group Policy Processing ... As described earlier in this paper, Group Policy is processed in the ... Local Group Policy Object, ... Any domain-based GPO may be enforced by using the Enforce ...
    (microsoft.public.win2000.group_policy)
  • Re: group policy preferences
    ... Microsoft Windows XP Operating System Group Policy Result tool v2.0 ... GPO: ShockwaveTest ... GPO: Default Domain Policy ...
    (microsoft.public.windows.server.active_directory)
  • Re: Group Policy
    ... I have a feeling that is where my issue is coming from with the administrators desktops being affected by my group policy. ... Check that the IE version is supported, shown in the settings ... Please post the path to the GPO setting. ... gpupdate /force on the client machine to update the settings. ...
    (microsoft.public.windows.server.setup)
  • Re: Group Policy Downloading unchanged GPOs
    ... Speed Group Policy Troubleshooting with the NEW GPHealth Reporter tool at http://www.sdmsoftware.com/products.php ... On analysis we understand that if a CSE has multiple GPO's then even if one of the GPO changes, all the GPO's belonging to that CSE gets read. ... words, they are not held in some separate place on the client), then yes, all settings from all 3 GPOs would be read by the client if just one GPO changes. ...
    (microsoft.public.win2000.group_policy)
Loading