locked
Very slow shutdown once I join domain. Is this a GP issue. RRS feed

  • Question

  • Ok once I join my 2 Vista Business machines to the domain it takes 3-4 minutes for them to shutdown or reboot. If I take the machines off the domain they shutdown in under 45 seconds. Is there something in Group Policy that could be affecting this. I only have Office 2003 installed on these machines at the moment. Both machines are Vista Capable. Dell says so on the sticker.

     

    thanks.

     

     

    Thursday, February 15, 2007 5:07 PM

Answers

All replies

  • Add a New OU to your domain and add the Vista computers to them ( this is let you know if you have any Group policies being applied by OU)

    Do you hae any domain GPO's being set besides Password ?

    Thursday, February 15, 2007 6:42 PM
  • So i created a new OU and GPO and disabled my other one. Machine reboots fine.

    I have the following set. I did have clear pagefile set but removed that and still slow.

    Security Settings
    Account Policies/Password Policy
    Policy Setting
    Enforce password history 5 passwords remembered
    Maximum password age 60 days
    Minimum password age 1 days
    Minimum password length 7 characters
    Password must meet complexity requirements Enabled
    Store passwords using reversible encryption Disabled

    Account Policies/Account Lockout Policy
    Policy Setting
    Account lockout duration 30 minutes
    Account lockout threshold 5 invalid logon attempts
    Reset account lockout counter after 30 minutes

    Account Policies/Kerberos Policy
    Policy Setting
    Enforce user logon restrictions Enabled
    Maximum lifetime for service ticket 600 minutes
    Maximum lifetime for user ticket 10 hours
    Maximum lifetime for user ticket renewal 7 days
    Maximum tolerance for computer clock synchronization 5 minutes

    Local Policies/User Rights Assignment
    Policy Setting
    Add workstations to domain P\Domain Admins, P\ProvInfrastructure
    Adjust memory quotas for a process NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE
    Replace a process level token NT AUTHORITY\NETWORK SERVICE, NT AUTHORITY\LOCAL SERVICE

    Local Policies/Security Options
    Audit
    Policy Setting
    Audit: Audit the access of global system objects Enabled

    Devices
    Policy Setting
    Devices: Prevent users from installing printer drivers Disabled

    Interactive Logon
    Policy Setting
    Interactive logon: Do not display last user name Disabled
    Interactive logon: Do not require CTRL+ALT+DEL Disabled
    Interactive logon: Prompt user to change password before expiration 14 days

    Network Security
    Policy Setting
    Network security: Force logoff when logon hours expire Disabled

    Shutdown
    Policy Setting
    Shutdown: Allow system to be shut down without having to log on Enabled

    Event Log
    Policy Setting
    Maximum application log size 10240 kilobytes
    Maximum security log size 10240 kilobytes
    Maximum system log size 10240 kilobytes
    Prevent local guests group from accessing application log Enabled
    Prevent local guests group from accessing security log Enabled
    Prevent local guests group from accessing system log Enabled
    Retention method for application log As needed
    Retention method for security log As needed
    Retention method for system log As needed

    System Services
    Norton AntiVirus Server (Startup Mode: Automatic)
    PermissionsType Name Permission
    Allow BUILTIN\Administrators Full Control
    Allow Everyone Full Control
    Allow NT AUTHORITY\SYSTEM Full Control
    Auditing
    No auditing specified
    Public Key Policies/Autoenrollment Settings
    Policy Setting
    Enroll certificates automatically Enabled
    Renew expired certificates, update pending certificates, and remove revoked certificates Disabled
    Update certificates that use certificate templates Disabled
     

    Public Key Policies/Encrypting File System
    Properties
    Policy Setting
    Allow users to encrypt files using Encrypting File System (EFS) Enabled

    Certificates
    Issued To Issued By Expiration Date Intended Purposes
    Administrator Administrator 1/1/2006 2:48:02 PM File Recovery

    For additional information about individual settings, launch Group Policy Object Editor.
    Public Key Policies/Trusted Root Certification Authorities
    Properties
    Policy Setting
    Allow users to select new root certification authorities (CAs) to trust Enabled
    Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities
    To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only

    Administrative Templates
    Windows Components/Windows Update
    Policy Setting
    Allow non-administrators to receive update notifications Enabled
    Configure Automatic Updates Enabled
    Configure automatic updating: 3 - Auto download and notify for install
    The following settings are only required
    and applicable if 4 is selected.
    Scheduled install day:  0 - Every day
    Scheduled install time: 11:00
     
    Policy Setting
    No auto-restart for scheduled Automatic Updates installations Enabled
    Specify intranet Microsoft update service location Enabled
    Set the intranet update service for detecting updates: http://nana
    Set the intranet statistics server: http://nana
    (example: http://IntranetUpd01)
     

    User Configuration (Enabled)
    Windows Settings
    Remote Installation Services
    Client Installation Wizard options
    Policy Setting
    Custom Setup Disabled
    Restart Setup Disabled
    Tools Disabled

    Internet Explorer Maintenance
    Browser User Interface/Customized Title Bar
    Title Bar Text
    P

    Thursday, February 15, 2007 9:11 PM
  • ARE you using admx file to set the GPO for Vista  Heres a link  of the new GPO settings

    http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1000379&SiteID=17 

    Friday, February 16, 2007 7:25 PM
  • I am not getting the whole ADMX thing. Is there any how to's out there?
    Thursday, February 22, 2007 3:46 PM