The number of lines of code in a code path really has almost no relevance here. I don't know how your account team even knows less they heard some here-say.
What is the actual question or problem aside from some random bullet point from someone with a Microsoft business card? Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 -----Original Message----- From: Stephen Wimberly [mailto:swimbe...@gmail.com] Sent: Friday, November 05, 2010 8:38 AM To: NT System Admin Issues Subject: Re: Random poll: GPO count James, that would have been a good question, but no, he did indicate that a policy is about 5,000 lines which does take time to parse, but he did not indicate whether it would take longer if there were more values modified in a single policy. On Fri, Nov 5, 2010 at 9:20 AM, James Rankin <kz2...@googlemail.com> wrote: > Did your MS rep happen to tell you whether it takes longer or not to > parse through a GPO with lots of settings, compared to a GPO with just a few? > > I was always an advocate of keeping GPOs as simple as possible, so > that finding an errant setting was more straightforward. However some > people prefer to just create something like "Workstations Policy" and > then chock it full of every setting they can think of. Certainly from > a support perspective the "more GPOs, less settings" works better - > but I was just wondering whether there might be any performance hit from this. > > On 5 November 2010 12:22, Stephen Wimberly <swimbe...@gmail.com> wrote: >> >> We did the same kind of thing a while back, but a different point of >> view. We wanted to limit the number of objects that a particular >> computer would run, we did combine some policies but we also used >> security filtering to limit the number of objects that a particular >> computer would run. >> >> For example when we looked at login times a couple of years ago one >> computer ran an average of 35 Policy Objects. >> >> Now each computer runs about 10 Policy Objects. >> >> The idea came from a Microsoft Rep that came to speak to our company >> about Active Directory organization tactics. The basic idea is that >> it takes about 5,000 lines of code to parse through a single GPO even >> if it's just to get to the item level targeting within the GPP and >> find that it just doesn't apply, but only a moment to attempt to open >> one that it doesn't have access to, record the "Access Denied" and >> move on to the next one. In essence taking 5,000 lines of code down >> to "one line." >> >> Just another viewpoint. >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put > into the machine wrong figures, will the right answers come out?' I am > not able rightly to apprehend the kind of confusion of ideas that > could provoke such a question." > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
