 |
|
|
|
| Brien M. Posey | |
|
|
With all of the emphasis on security these days, it's easy to go hog wild and apply every possible security setting to every server and workstation in your entire organization. However, in many cases doing so is unnecessary and hurts overall system performance. Don't get me wrong. I believe security is important; after all, I own a computer security company, but there is such a thing as over doing it.
To illustrate this concept, consider the way Windows 2000 implements group policy settings. Group policy settings are typically applied to users, computers or both. These policies may be assigned at either the domain level or at the local computer level. Policy settings may also be applied on an OU or on a security group basis.
When a user logs in, all of the various group policy elements on all of the different levels combine to determine
Requires Free Membership to View
When you register, my team of editors will also send you the latest expert resources covering pertinent IT topics such as Windows server backup and recovery, server administration, storage management, infrastructure security, virtualization, Hyper-V, Active Directory and Group Policy.
Cathleen A. Gagne, Senior Editorial Director
the user's effective group policy. However, at log-on time, Windows must apply
all of the various group policy elements. That can consume a lot of time, especially if there are
lots of policy elements, lots of settings within a policy or redundant settings. With that in mind,
here are a few suggestions to help you to reduce your users' log-in time while maintaining security
and boosting the overall system performance.
First, disable unnecessary settings within a group policy object. If a setting is set to "Not Configured," then Windows doesn't have to process it, thus saving time and system resources. Another suggestion is not to assign a group policy setting in more than one location. For example, if you make a policy setting at the domain level, then there's no reason to make the same setting at the OU level or at the local computer level. Doing so just means that Windows has to process the setting twice.
Another way you can boost performance is to avoid cross-domain policy assignments. Cross-domain policy assignments require users to get group policy elements from a different domain. Of course, this involves checking trusts and going through the entire authentication process in to the alternate domain. All of this takes time and results in a slower log-on for your users.
Read Brien's other OS Performance tips.
---------------------------
About the author: Brien Posey, CEO of Posey
Enterprises, is a freelance technical writer who has been working with computers for about 15
years. Before going freelance, Brien served as director of information systems at a large,
nationwide healthcare company. He has also served as a network engineer/security consultant for the
Department of Defense. You can access Brien's Web site, which contains hundreds of his articles and
white papers, at http://www.brienposey.com.
This was first published in October 2002