Specifying Group Policy for Slow Link Detection
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Administrators can partially control which Group Policy extensions are processed over a slow link. By default, when processing over a slow link, not all components of Group Policy are processed.
Table 2.6 shows the default settings for processing Group Policy over slow links.
Table 2.6 Default Settings for Processing Group Policy over Slow Links
| Setting | Default |
|---|---|
Security Settings |
ON (cannot be turned off) |
IP Security |
ON |
EFS |
ON |
Software Restriction Policies |
ON |
Wireless |
ON |
Administrative Templates |
ON (cannot be turned off) |
Software Installation |
OFF |
Scripts |
OFF |
Folder Redirection |
OFF |
IE maintenance |
ON |
Administrators can use a Group Policy setting to define a slow link for the purposes of applying and updating Group Policy. The default value defines a rate slower than 500 Kbps as a slow link.
To specify settings for Group Policy slow link detection for computers, use the Group Policy slow link detection policy setting in the Computer Configuration\Administrative Templates\System\Group Policy item of the Group Policy Object Editor. The unit of measurement for connection speed is Kbps.
To set this for users, use the Group Policy slow link detection policy setting in User Configuration\Administrative Templates\System\Group Policy.
For User Profiles, the Slow network connection timeout for user profiles setting is located in the Computer Configuration\Administrative Templates\System\User Profiles item. This setting allows users to ping the server and to check the performance of the file system. This is because user profiles can be stored anywhere, and the server might or might not have IP support. Therefore, the user profile first tries to ping the server. If the server does not have IP support, it falls back to measuring the performance of the file system. You must specify connection speeds in both Kbps and milliseconds when you set this policy.
Notes
If the Do not detect slow network connections policy setting is enabled, the Slow network connection timeout for user profiles policy setting is ignored.
If Delete cached copies of roaming profiles is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection.
Setting Computer Policy for Client-Side Extensions for Processing Across Slow Links
Group Policy is implemented almost entirely as a series of client-side extensions, such as security, administrative templates, and folder redirection. There is a computer policy that allows configuring slow-link behavior for each client-side extension. You can use these policy settings to specify the behavior of client-side extensions when processing Group Policy. There is a maximum of three options for each policy setting. The Allow processing across a slow network connection policy option controls processing policy settings across slow links. The other two options can be used to specify that policy should not be processed in the background, or that policy be updated and reapplied even if policy settings have not changed. For more information about policy for client-side extensions, see "Specifying Group Policy for Slow Link Detection" earlier in this chapter.
Some extensions move large amounts of data, so processing across a slow link can affect performance. By default, only the administrative templates and security-related settings are processed over a slow link.
You can set the options for processing the following:
IP Security policy
EFS recovery policy
Internet Explorer Maintenance policy
Scripts policy
Folder Redirection policy
Group Policy and Remote Access Connections
Processing of Group Policy over a remote access connection differs from processing over a slow link. Group Policy is applied during a remote access connection as follows:
When users click to select the Logon using dial-up connection check box at the logon prompt, both user and computer Group Policy are applied if the computer is a member of the domain that the remote access server belongs to or trusts. However, computer-based software installation settings are not processed, nor are computer-based startup scripts executed, because computer policy is normally processed before the logon screen appears. However, in the case of using a dial-up connection, the application of computer policy is done as a background refresh during the logon process.
When the processing of cached credentials is completed and a remote access connection is established, Group Policy is not applied, except during a background refresh.
Group Policy is not applied to computers that are members of a workgroup, because computer policy is never applied to computers that are in a workgroup.