General discussion

Locked

Slow logon at a domaincontroller console

By joshhansen ·
Our domain controllers are all 2003. When logging on to the console (or by Remote Desktop) of a domain controller, it can take several minutes (even 10min) before the start button apprears after typing in username and password. It seems that the slow down is because of drive mappings that the site gpo is trying to do (mapping to itself) which it isn't really happy with. It eventually runs all scripts but takes a long time to log on. Any ideas? Any way to cause the site GPO to not run when logging on to the DC itself?

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by ewgny In reply to Slow logon at a domaincon ...

Log onto the DC's, with accounts that are set up that don't have log on scripts and roaming profiles etc. Also you can use Group policy that can "allow only local profiles", you can use a "loopback policy" so that any group policies the user usually has won't be enforced on the Domain controllers, but instead only policies that are DC specific will apply ( for example no log on scripts will run etc.)
http://support.microsoft.com/kb/231287/EN-US/

Collapse -

by joshhansen In reply to

The problem is that no matter what domain user logs on, the site gpo (with its logon scripts)that the DC is in runs.

Collapse -

by ewgny In reply to Slow logon at a domaincon ...

Loopback policy IS your answer. In Replace mode the other user based policies will not apply to the user. Only the policy based on the Computer object will apply Read the Link I gave you

Collapse -

by joshhansen In reply to

I resolved the problem by enabling asynchronous login scripts. This enabled the desktop to apprear very quickly after logging in.

Collapse -

by sgt_shultz In reply to Slow logon at a domaincon ...

anything in the event logs?

Collapse -

by sgt_shultz In reply to

i saw this mskb article at support.microsoft.com:

325376 How To Enable Verbose Startup, Shutdown, Logon, and Logoff Status Messages in the Windows Server 2003 Family

HIH

Collapse -

by joshhansen In reply to

Poster rated this answer.

Collapse -

by voldar In reply to Slow logon at a domaincon ...

If you have a site GPO in your domain, and because it is a "user level GPO", you just simply have to go in the GPO console (W2K3) and remove the administrators group from the list to which the GPO is applied. In W2K you had the option to deny the "applicabillity" of a GPO for a specific group of users. Or create another GPO at the DC OU level, and set it to "block inheritance".

Collapse -

by joshhansen In reply to

I had thought about that but I wanted to avoid not do it because currently it applies to authenticated users. I want it to apply to everyone that logs on in this site - on all computers except the domain controller itself.

Collapse -

by wdeklerk In reply to Slow logon at a domaincon ...

To ensure the fastest, disable the Always wait for the network at computer startup and logon policy setting. This setting is in the Computer Configuration\Administrative Templates\System\Logon node of the Group Policy Object Editor.

Set GPO's to run ASynchronously

Back to Windows Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums