Detecting slow links

LAN connections are fast. Usually, when plugged in to the network in your office, you are connected back to the servers (including Domain Controllers) at a 1 GB link speed, give or take. This kind of speed means that you can interact with Group Policy very quickly, and any GPOs that need to come down the pipe to your computer will process ultra fast.

What about slower connections? Can you really expect a 700 MB application-installation package to successfully install over a VPN connection? This package is going to attempt to install during login, and that installation could take a long time. I hope you had plans to go outside and run a half marathon after typing in your password, because your computer may not get to the desktop for a while.

Domain-joined computers that are reaching into Group Policy self-determine when they are on a fast link or a slow link. Slow links are often detected when users are connected remotely, via VPN or DirectAccess connections. Additionally, slow-link detection may be triggered for branch office computers that are connecting back to the corporate data center through MPLS circuits, or site-to-site VPNs.

When your computer communicates to a Domain Controller, the Network Location Awareness (NLA) mechanism built into the Windows operating system determines the current link speed between you and that DC. When NLA decides it is a fast link, Group Policy processes normally. When NLA determines you to be connected via a slow link, however, GP processing changes and some types of GPO settings will be ignored.

Some GPO settings are always processed. Most security-related policy settings, as well as registry settings, are considered mandatory and will process the same whether the client is connected via fast link or slow link. Other items, however, are deemed less important by Microsoft. When your client computer self-determines to be on a slow link, the following items will be ignored for the sake of login speed:

  • Disk Quota
  • Scripts
  • Folder Redirection
  • Software Installation
  • Wireless and Wired Network Policies
  • Internet Explorer Maintenance

While it might appear super lame that Microsoft would disallow certain policies from running simply for being connected at a slower speed, there is actually great benefit to slow-link detection. Without throttling down the amount of work that Group Policy is doing over these poor connections, the login process could seriously take minutes and minutes to finish when the user tries to log in. Slow-link detection exists for a very good reason.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.149.243.131