Re: File System Security Setting Causes Slow Logon
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 11/16/05
- Previous message: siljaline: "Re: Identity Theft"
- Next in thread: karl levinson, mvp: "Re: File System Security Setting Causes Slow Logon"
- Reply: karl levinson, mvp: "Re: File System Security Setting Causes Slow Logon"
- Reply: BlenderStyle: "Re: File System Security Setting Causes Slow Logon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Nov 2005 22:20:12 -0700
You may find that a better approach would be such as use of a temp
sub-OU with GPO that carries the file system permissioning.
IMO the intent of filesystem ACLs in GPO is for only the very important
storage areas for which you have need to guarantee the DACL/SACL
will be just so, and if changed locally will again become just so.
You are likely seeing the occassional slow login because the GPO that
carries the filesystem ACLing is seen to have a new version number,
and so it gets pulled from the DC and reapplied.
Moving a machine to which filesystem ACLing has been applied in this
way out from under the scope of the applying GPO will not result in
the ACLing reverting. It gets imprinted into the filesystem, unlike GPO
based Security Settings for which the "Policy" reg keys are defined to
allow avoidance of the imprinting effect. Hence, the opening suggesting
of a temp sub-OU used just to set the ACLing, so that in its normal
state (OU location) the occassional slowdown is not seen, again,
assuming your objective is not to enforce guarantee of just so.
-- Roger Abell Microsoft MVP (Windows Server : Security) MCDBA, MCSE W2k3+W2k+Nt4 "BlenderStyle" <BlenderStyle@discussions.microsoft.com> wrote in message news:5C619F11-B405-46F4-96A5-78A5489B872A@microsoft.com... > I'm using a group policy object that sets Computer Configuration\Windows > Settings\Security Settings\File System. I use this because there were some > problems with applications not working without write access to certain > folders (including the Windows folders). I wanted to set the permissions > on > several machines at once so I put them all in an Organizational Unit, > applied > my Group Policy, and rebooted the machines. They took a long time to login > (because it was setting the new NTFS permissions) but it worked. They > logged > in again and it was normal speed. Now for the problem. > > Every so often when someone logs on to one of these machines it will take > a > long time to logon. This doesn't happen all the time, just occasionally. > I'm > assuming the cached settings on the machine need to be updated from the > domain so it reapplies the settings, thus reapplying the new NTFS > permissions. > > Is there another Group Policy setting that will override this? If I move > these machines to a different OU without File System Security Settings > will > it keep the settings applied by my GPO even though it's no longer being > applied? Is there a better way to set a bunch of NTFS permissions on > remote > machines?
- Previous message: siljaline: "Re: Identity Theft"
- Next in thread: karl levinson, mvp: "Re: File System Security Setting Causes Slow Logon"
- Reply: karl levinson, mvp: "Re: File System Security Setting Causes Slow Logon"
- Reply: BlenderStyle: "Re: File System Security Setting Causes Slow Logon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
