Some things to consider: a) It does take slightly longer to get a longer list of potentially applicable GPOs
b) If there are a lot of applicable GPOs, they all have to be downloaded to be parsed by the GPO processing engine. Each GPO can be 1MB+ (depending on the ADM files loaded for that GPO). ADMX are XML, so compression technologies can help here c) SYSVOL can bloat if you have lots of ADM based GPOs, since each ADM file can be 1MB+ This really only becomes a problem in either (a) larger environment and/or (b) distributed environments in my experience. In all things, a balance is necessary. For Kerberos: maxTokenSize is still an issue - you can increase it. But remember that this needs to be sent for many types of requests. If you are sending a huge amount of data all the time, then things will be slower... Cheers Ken From: Mayo, Bill [mailto:[email protected]] Sent: Thursday, 24 February 2011 1:02 AM To: NT System Admin Issues Subject: RE: GPO application I do not know for sure, but I remember reading somewhere at some time (I know, how helpful) that a lot of little GPO's would result in a longer login time than a few larger ones. I haven't really put that into practice, and we don't have any issues here. I imagine it is more of a problem with people logging in over slow links. From: James Rankin [mailto:[email protected]] Sent: Wednesday, February 23, 2011 8:37 AM To: NT System Admin Issues Subject: Re: GPO application Not necessarily having logon speed issues, but I am trying to make logon as rapid as possible. I have to agree that I don't like the idea of monster GPOs for "all settings", it is much easier to administer and maintain when each GPO does "exactly what it says on the tin". I'm wondering how much effect large numbers of group memberships can have on logon speed as well. I can remember there used to be an issue with Kerberos token sizes, but not sure how this stacks up for modern systems (last time I experienced issues with this was back in 2005 on 2003 R1 systems). On 23 February 2011 13:33, Jeff Steward <[email protected]<mailto:[email protected]>> wrote: There is a small performance impact on processing each GPO and I'm sure there is a point where one can have too many GPOs but unless you are having logon speed issues it is a question of preference. For the record, I prefer more focused GPOs rather than a couple of monster GPOs -- I'm less apt to shoot my own foot when changing something. -Jeff Steward On Wed, Feb 23, 2011 at 4:05 AM, James Rankin <[email protected]<mailto:[email protected]>> wrote: I know I asked this a while back and didn't seem to get a definitive reply, but I am going to try again in case anyone can shed any light on it. Is there any difference in the speed of GPO application, comparing a few GPOs with a lot of settings, against a lot of GPOs with a few settings? I find having lots of GPOs with a few settings is much easier for administration and troubleshooting, but I am wondering if it is creating any overhead with regards to the processing. I have the user settings disabled on my Computer GPOs, and vice versa, so hopefully the objects I have are as streamlined as possible, but I am just keen to understand which way (if any) is the most effective method of processing. TIA, JRR -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
