Re: Assigning File and Folder Permissions Via Group Policy
- From: "Thomas M." <NoEmailReplies@xxxxxxxxxx>
- Date: Wed, 26 Dec 2007 16:17:07 -0700
Mark,
Thanks for the feedback. I thought that it would work that way, but I am
still pretty new to group policies and so wanted to double-check my
assumption.
You touched on another subject that I have been wondering about, and that's
the issue of performance. I anticipate that as an organization we'll end up
with 8 or 10 applications where we will need to tweak file system
permissions in order to make those applications run under a standard user
account. All of those applications will be used by only a small handful of
people--say 20 out of about 530 users--because, for example, our HR
employees don't use the same software that our GIS employees use.
I've heard that optimizing the performance of group policies is something of
a balancing act. I'm told that complexity can slow down the processing of
group policies, so a few policies with a lot of settings in each policy may
not be the best approach. I'm also told that the sure number of policies
can slow things down, so a lot of smaller policies each containing only one
or two settings also may not be the best solution. The implication being
that a "medium" (how ever you choose to define that term) number of policies
with a "medium" number of settings in each policy is the best overall
solution in terms of group policy processing.
In my situation, if we load up all the file system permissions changes into
one policy and then push that policy to every machine, the policy will try
to apply settings that the vast majority of machines will not need, and I
would think that would slow down the processing of group policies. On the
other hand, breaking all those settings out into a number of smaller
policies would allow us to apply the settings to just those machines that
need them, but it also multiplies the number of policies required to do the
job.
So, in general, would it be better to load up all of our file system
permissions changes into one group policy that gets pushed out to everyone,
or would it be better to have 10 separate group policies that each contain
only one or two settings and that get pushed down to only the machines
needing those policies?
--Tom
"Mark Heitbrink [MVP]" <spam-only@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ujf41GvRIHA.280@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
Thomas M. schrieb:
[...] I'm fairly new to group policies, and I am wondering what happens
if that
group policy pushes down to a machine that does not have the files and
folders specified in the policy.
No worry, it jsut will not apply, but will not take a "long login process"
as a effect. BUT, The Clients Side Extension "Security" will apply every
16 hours (it´s forced, even if settings have not changed)
If you have defined a very lot of settings, it can cause in longer login
process, if you replce security settings on the whole disc , e.g.: C:\
But usually, there is no big problem or timing issue with it.
Mark
--
Mark Heitbrink - MVP Windows Server - Group Policy
Homepage: www.gruppenrichtlinien.de - deutsch
Blog: gpupdate.spaces.live.com - english
.
- Follow-Ups:
- Re: Assigning File and Folder Permissions Via Group Policy
- From: Mark Heitbrink [MVP]
- Re: Assigning File and Folder Permissions Via Group Policy
- References:
- Assigning File and Folder Permissions Via Group Policy
- From: Thomas M.
- Re: Assigning File and Folder Permissions Via Group Policy
- From: Mark Heitbrink [MVP]
- Assigning File and Folder Permissions Via Group Policy
- Prev by Date: Re: slow network connection and Windows 2000
- Next by Date: Re: problems publishing software install via GPO
- Previous by thread: Re: Assigning File and Folder Permissions Via Group Policy
- Next by thread: Re: Assigning File and Folder Permissions Via Group Policy
- Index(es):
Relevant Pages
|
