McAmner | Official Website

View Original

Windows Enterprise Client Boot and logon tips


I will share some advice on what can slow down your Boot and logon times on Windows Enterprise Clients. Not cool if your new Windows 10 clients have almost the same boot and logon time as your Windows 7 clients in your production. The first thing you should check is your Group Policy. I won't show you the tools that you can use in this post like Windows Performance Toolkit or BootXray. Windows Performance Toolkit is included with the Windows Assessment and Deployment Kit (ADK) that you can download from Microsoft. BootXray is another great tool that is available for premier customers as an onsite engagement from Microsoft Services. I have used BootXray and it is a cool service from Microsoft. So what should you look for? You should find out if your GPOs are processed synchronously or asynchronously.

If your GPOs are processed synchronously you can try to optimize some of the steps below.

  • Wait for the network (always wait for network, GPO setting)

  • Discover a Domain Controller

  • Enumerate GPOs that are applied based on organizational unit (OU)

  • Apply Security and WMI filtering to enumerated GPOs

  • Create the final list of GPOs that apply

  • For each client side extension, list applicable GPOs

  • If a client side extension (CSE) has changed in any GPOs

  • Repeat for each client side extension that has a change

  • Finish

  • Execute scripts (Powershell, vbs, etc)

Check if you can optimize some of the steps. I usually check if some of the steps below are possible to change in production.

  • The Domain Controller is critical because each GPO must be read from SYSVOL. The first tip, try to see if you can have fewer GPOs with more settings. That performs better than more GPOs with fewer settings.

  • Try to use only the OU hierarchy to determine the policies that apply to the computer /user if you can. Because Security filtering and WMI filtering will come with performance cost and WMI filtering can FAIL if WMI repository is corrupt.

  • Try to apply configuration for a particular CSE from a single GPO like folder redirections.

  • Disable computer settings in user GPOs and vice versa.

  • Try to eliminate scripts and try to use Group Policy Preferences. GPP item level targeting is more granular than group policy and filtering allows flexibility, without the use of WMI. If you are using a script, remember that PowerShell script must load .Net libraries which takes times.

Triggers for synchronous GPO processing that are good to know:

  • Always wait for the network (GPO setting)

  • Folder redirection

  • Roaming User Profiles

  • GPP Printers (using replace mode)

  • Software installation (GPO setting)

Always wait for the network setting can slow down login time. But it can be tricky to remove if you are using GPOs to install applications. You should use ConfigMgr to deploy applications. If you can, try to use newer technologies such as OneDrive for Business, Work Folder, and UE-V (User Environment Virtualization) instead of Folder Redirection and Roaming User Profiles. I hope you got some ideas from this post.