Complying with Service Level Agreements
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Some IT groups use service level agreements to specify how services should operate. For example, a service-level agreement might stipulate the maximum length of time required for computer startup and logon, how long users can use the computer after they log on, and so on. Service-level agreements often set standards for service responsiveness. For example, a service level agreement might define the amount of time allowed for a user to receive a new software application or gain access to a previously disabled feature. Issues that can affect service responsiveness are the site and replication topology, the positioning of domain controllers, and the location of Group Policy administrators.
To reduce the amount of time required to process a GPO, consider using one of the following options:
If a GPO contains only computer or user settings, disable the portion of the policy that does not apply. The destination computer does not scan the portions of a GPO that you disable, which reduces processing time.
When possible, combine smaller GPOs to form a consolidated GPO. This reduces the number of GPOs that apply to a user or computer. Applying fewer GPOs to a user or computer can reduce startup or logon times and make it easier to troubleshoot the policy structure.
The changes you make to GPOs are replicated to domain controllers and result in new downloads to client or destination computers. If you have large or complex GPOs that require frequent changes, consider creating a new GPO that contains only the sections that you update regularly. Test this approach to determine whether the benefits you get by minimizing the impact on the network and improving the destination computer’s processing time outweigh the increased troubleshooting potential by making the GPO structure more complex.
- You should implement a Group Policy change control process and log any changes made to GPOs. This can help you troubleshoot and correct problems with Group Policy objects. Doing so also helps comply with service level agreements that require keeping logs.