Group Policy and Network Bandwidth

When Group Policy detects a slow link, it sets a flag to indicate this to client-side extensions.

The default settings for whether policy is applied over a slow link are shown below. ON indicates that processing occurs even if the link is judged to be slow.

  • Security Settings — ON (and cannot be turned off)

  • Administrative Templates — ON (and cannot be turned off)

  • Software Installation — OFF

  • Scripts — OFF

  • Folder Redirection — OFF

  • Internet Explorer Maintenance — OFF

For all but the Administrative Templates and Security snap-ins, a policy is provided for toggling the settings.

Setting Policy for Slow-Link Definition

You can use Group Policy to set the definition of a slow link for computers and users, and for user profiles.

note-icon Note

Windows 2000 adds an IP algorithm to ping the server, whereas Windows NT 4.0 just measures the file system performance.

The following algorithm is used to determine whether the link should be considered slow:

Ping the server with 0 bytes of data and time the number of milliseconds. Call this value time#1. If it is less than 10 milliseconds, then assume it is a fast link, and exit.

Ping the server with an uncompressible 2 kilobytes (KB) of data, and time the number of milliseconds. Call this value time#2. The algorithm uses an already compressed .jpg file. If it used a compressible file, the modem would compress it and make the network appear faster than it is.

DELTA = time#2 - time#1. This removes the overhead of session setup. DELTA is the time in milliseconds to move 2 KB.

DELTA is measured three times, and the average of the three values of DELTA obtained is called AVG.

Then the connection speed Z, measured in kilobits per second (Kbps), is:

Z = 32000/AVG.

The correctness of this formula is more apparent with the units in place:

(Z kilobits / second) = 2 * (2 KB) * (8 bits/ byte) * (1000 milliseconds / second) / ( AVG milliseconds).

2 KB of data have moved through each modem, Ethernet card or other device in the loop once in each direction, so this equation for calculating the one-way bandwidth has a leading factor of 2 on the right side.

note-icon Note

The speed Z used here is the average of the upload and download speeds. In most cases, this average is the same as the download speed itself. However, in some cases the upload and download speeds are different enough that you should take this into account. An example of this is Asymmetric Digital Subscriber Line (ADSL). Using ADSL you might have upload speeds of 128 Kbps and download speeds of 768 Kbps.

Z is compared with 500 Kbps (or an alternative threshold of your choice if you change from the default Group Policy setting of 500 Kbps).

If Z is less than 500 Kbps the connection is considered slow, otherwise it is considered fast.

You can set the default value of 500 Kbps in the Group Policy console under < Group Policy object name >/Computer Configuration/Administrative Templates/System/Group Policy/Group Policy slow link detection.

To specify policy settings for Group Policy slow link detection for computers, you use the Computer Configuration\Administrative Templates\System\Group Policy node. To set this policy for users, you use the User Configuration\Administrative Templates\System\Group Policy node.

For User Profiles, the Slow network connection time-out for user profiles policy is located in the Computer Configuration\Administrative Templates\System\Logon node. The user profile code first tries to contact (or ping) the server. If the server does not have IP support, it falls back to measuring the file system's performance. You specify a threshold connection speed in kilobits per seconds, and a threshold transit time in milliseconds, when configuring this policy setting.

Registry Reads

Group Policy snap-in extensions can temporarily claim (or lock) a mutex (mutual exclusive) for policy, and then release that mutex. APIs exist to allow a client-side extension to claim the mutex, read the required values, then release the critical section. If it is not released in 10 minutes, the client-side extension is forced to release it. This ensures that the background refresh of Group Policy does not occur during the read process.

For more information about the Windows 2000 Group Policy APIs, see the Microsoft Platform SDK link on the Web Resources page at .