Re: SIDs in Security Tab slow to resolve
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 10/31/03
- Next message: Roger Abell: "Re: Forcing Windows XP date and time"
- Previous message: Roger Abell: "Re: can't decrypt EFS encrypted files"
- In reply to: Mike: "Re: SIDs in Security Tab slow to resolve"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Oct 2003 20:48:23 -0700
Those policies are in the Computer section of local (or
GPO) policy, in the Local Policies / Security Options
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Mike" <switzer12@hotmail.com> wrote in message news:44d001c39f0e$5b512930$7d02280a@phx.gbl... > Roger - where would I go to check this - in the Local > Computer policy (since we're not running AD w/GPOs)? I > don't think I've changed much as far as that goes, but it > definately sounds like something I should check (as well > as any other communications based policies that might be > hindering things). > > I've got several sections w/new XP builds/images that were > all set up to log onto a single generic user too, and > those machines have always had problems with periodic > periods of extreme slowdown, where the apps. seem to have > very slow communications to the servers in question). > We've never been able to nail that down either. Setting > each PC up with it's own domain account (eg. a PC#) seems > to help. This may or may not be a related issue. > Almost seems like the PDC/BDCs get confused when the same > SID is connecting multiple times. But that's just an > from-the-hip guess. > > I'll check that policy if I can find it. > > Thanks Roger! > > Mike > > > >-----Original Message----- > >Mike, > > > >Following up on the idea that the sluggishness you > >experience is due to latency from a failover to an > >alternate method from the preferred.. . . > >Is your XP client set to try to use digital signing > >(when possible) for secure channel and/or for > >communications (these are two security policies)? > >If so, what happens if these are disabled, and the > >client is then refreshed such as by a reboot? > > > >-- > >Roger Abell > >Microsoft MVP (Windows Server System: Security) > >MCSE (W2k3,W2k,Nt4) MCDBA > >"Mike" <switzer12@hotmail.com> wrote in message > >news:042801c39e81$a51236f0$a601280a@phx.gbl... > >> Roger, > >> > >> Thanks for the great message. > >> > >> I just tried this, and it didn't seem to help at all. > It > >> may be my imagination, or just a coincidence, but it > >> almost seemed worse. I think you're onto something > >> thought, I just don't know what goes on in XP's head. > >> 2000 - across the board - is snappier and runs much > >> faster, including our host of apps here. Strange > delays, > >> sluggish performance - I've been developing XP standard > >> desktop images here for the past 12+ months, and it's > like > >> I've had to fight tooth and nail for each little (minor) > >> perforance victory. > >> > >> The name resolution thing, how NetBIOS names resolve vs. > >> DNS, etc. - I think you could be onto something. Our > >> DNS/WINS servers are new too though, and run on 2000. > >> Wierd stuff. > >> > >> Thanks for your help! > >> > >> Mike > >> > >> > >> >-----Original Message----- > >> >One most often sees that type of behavior when the > >> >groups used in the grants (in the Security dialog) are > >> >domain groups, and the client has a misconfigured > >> >networking interface. When this is so, the client > first > >> >tries DNS to locate the domain in order to resolve > >> >what it knows (the SIDs) to user friendly strings (the > >> >account/group names). When the AD supporting DNS > >> >is not used the client first tries and then finally > fails > >> >over to other NetBT based means. > >> > > >> >Now, this is not exactly your circumstance, as you do > >> >not have an Active Directory environment. However > >> >if the client is following the same course of action > this > >> >would explain what you experience. > >> > > >> >One thing that you could try is shutting off the DNS > >> >caching resolver on the client. When this is done, the > >> >client will fall back on the older DNS resolver. > >> >So as a test, try setting the DNS client that shows in > >> >the services mgmt interface to stopped, or at a cmd use > >> >net stop dnscache > >> >Then, try things out. To be fair perhaps set the DNS > >> >client service to manual, and reboot, and see if there > >> >is a significant difference. If so, this hypothesis > has > >> >some value, else it is something else. If this is the > >> issue > >> >and you decide to not use the caching resolver, then by > >> >all means remember to reenable it if/when you move > >> >to an Active Directory environment. > >> >-- > >> >Roger Abell > >> >Microsoft MVP (Windows Server System: Security) > >> >MCSE (W2k3,W2k,Nt4) MCDBA > >> >"Mike" <switzer12@hotmail.com> wrote in message > >> >news:02c501c39e64$71908240$a501280a@phx.gbl... > >> >> NT 4.0 PDC and two BDCs running on new, fast > hardware. > >> >> > >> >> Mix of 9x and XP desktops. > >> >> > >> >> XP performs fairly well, but I have noticed when > doing a > >> >> Properties on resources/folders on network shared > drives > >> >> when I click on the Security tab, I usually see > >> >> (immediately) SYSTEM and then a bunch of SIDs, which > >> >> (slowly) resolve to names. > >> >> > >> >> What could cause these delays? Shouldn't this stuff > >> come > >> >> up immediately? We Two of our DCs (in this 4.0 case, > >> one > >> >> PDC and one BDC) are Gb attached to heavy duty > backbone > >> >> switches, all duplex settings are kosher, the > network is > >> >> fast, as is the main PDC and BDC hardware (new Compaq > >> >> DL360 servers). > >> >> > >> >> Any recommendations would be MUCH appreciated. > >> >> > >> >> Thanks. > >> >> > >> >> Mike > >> >> > >> > > >> > > >> >. > >> > > > > > > >. > >
- Next message: Roger Abell: "Re: Forcing Windows XP date and time"
- Previous message: Roger Abell: "Re: can't decrypt EFS encrypted files"
- In reply to: Mike: "Re: SIDs in Security Tab slow to resolve"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
