Sal,
I'm
likely to get seriously flamed on a piece of this, but - to first answer
directly.
Don't
worry about disabling pieces that you are not going to use. Given
the wording, you may be ENABLING some that you won't use. Regardless, if
it is configured, it's being applied. Not Configured means change nothing
- so no cycles are wasted applying changes that you really don't want in the
first place.
<flame proof underwear>
Secondly, GPO is pretty streamlined. It applies very fast and is
quite optimized. As a testament to this, when proving GPO to a client, we
created ~ 200 gpo's and applied them to various OUs and configurations.
The client asked us what the upper limit of GPO is. Eh, never really
checked. Well, long story short, we started applying GP 10 at a time to
the OU where the user that we were using for testing resided. From 1 GP to
100 GP's (mind you - with all different kinds of settings) the time to (reboot,
apply computer settings, enter creds, to desktop) login varied by 5
secs.
</flame proof underwear>
Don't
get too hung up on disabling or enabling pieces you WON'T use. If
you aren't going to use Computer settings in one GP, disable the processing of
the ENTIRE Computer section. Same goes for the User
section.
Hope
this helps.
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Khan, Salman
Sent: Friday, February 21, 2003 1:27 PM
To: [EMAIL PROTECTED]Question about GPO:
As part of best practices for Windows 2000 Active Directory Policy is there a benefit to disabling settings that are not used in a policy rather than leaving them as "Not Configured" Does the policy apply quicker if it is set to disabled or not configured ?
Thanks
