7 IT & Security

, ,

Windows Server 2012 R2 Group Policy Caching

, , ,

grouppolicy

Hi to all!

I’m glad to come back again !!! This summer will be hot , because I’m on a new Server2012 R2 Master Course on the Madrid University (Udima) . And guess what? I have a lot of new documentation… and Post Ideas

So what’s Group policy caching ?

Well… In basic terms , we have 2 especial moments where machines updates a policy & 2 kinda of policies, I will explain quickly this 2 points

 

1. User policies : When applied ?

– Defined by administrator ( every X time after logon ) , if connection lost applies the same policy until Kerberos tickets expires ( the ticket expires is defined by administrator in domain default policy)

 

2.Machine policies: When applied?

– At machine restart ( some important changes ) and during the logon ( other less  important changes )

 

Policy caching for the win

well , what we get with this option

A windows 8/8.1/2012r2 gets the settings from the domain controller, this policy are stored on a local data store ( ) . At next report the client reads the most recent version of policy and checks it . This reduces the time that takes on the machine boot and the process of policy settings , that’s nice !!

 

Implementation

Easy:

modify / create your policy , navigate to Computer Configuration > Administrative templates > System > Group Policy > “Configure Group Policy Caching” policy setting.

 

caching1caching2

 

Take a look at Slow link values!!

“The slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds”

 

” The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The default is 5000 milliseconds”

Enjoy !