A solution for applying policies with troublesome or buggy NIC drivers
jfraisers posts about having trouble with applying group policy made me try a search to see if anyone else has posted about how you can reschedule network driver initalization on XP/2000 clients to make sure the NIC is properly loaded early in the boot process. This helps increase GPO policy success rate considerably and is a 'known trick' so I was a bit suprised it doesn't seem to be posted here yet.
Consider this example with the "VMware Ethernet Adapter Driver" which I use just because its easily accessible, I've never had policy trouble with this driver or vmware clients per se. If you DO have computers in your organization which require several reboots before policies "take", this could be part of the solution.
Using the "sc" utility on the command line gives you this:
This queries the driver service for its configuration. This should look pretty much similar for other NICs. What we're interested in here is the value of the START_TYPE parameter. By default, the vmware NIC has this set to 3, which I believe is the "correct" value for network drivers according to MS. However it is possible to change this value to something that will initialize the driver earlier when booting, and thus decrease problems with policies not being applied at startup.
Some of the possible values are the same as you'd recognize as service startup values accessible from the control panel gui but this gui hides the system level services. You can find the full list in the registry at HKLM\SYSTEM\CurrentControlSet\Services. Rather than scanning that list trying to find something useful, the easiest way to find the service name of a NIC driver would be to use the Details tab in the NIC properties from the Device Manager.
With the SC util its only possible to change the value to SYSTEM_START as SC does some additional checks and denies to set the value if you try BOOT_START. To combat this just write the value directly to the registry, its found as the Start entry under the correct service key.
If someone doubts the usefulness of this you'd just have to take my word for it or go and TEST it [8|] Of course you'd first better know that your problem IS ACTUALLY the NIC driver loading. In my organization we maintain a list of driver versions and NIC services where we know we have experienced trouble earlier, and change the value to 0 for these. So far we have had zero negative effects on standard XP/2000 desktops.
Hope this helps someone!
Edit: Topic title was too long ..
Consider this example with the "VMware Ethernet Adapter Driver" which I use just because its easily accessible, I've never had policy trouble with this driver or vmware clients per se. If you DO have computers in your organization which require several reboots before policies "take", this could be part of the solution.
Using the "sc" utility on the command line gives you this:
C:\Documents and Settings\User>sc qc vmxnet
[SC] GetServiceConfig SUCCESS
SERVICE_NAME: vmxnet
TYPE : 1 KERNEL_DRIVER
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : system32\DRIVERS\vmxnet.sys
LOAD_ORDER_GROUP : NDIS
TAG : 13
DISPLAY_NAME : VMware Ethernet Adapter Driver
DEPENDENCIES :
SERVICE_START_NAME :This queries the driver service for its configuration. This should look pretty much similar for other NICs. What we're interested in here is the value of the START_TYPE parameter. By default, the vmware NIC has this set to 3, which I believe is the "correct" value for network drivers according to MS. However it is possible to change this value to something that will initialize the driver earlier when booting, and thus decrease problems with policies not being applied at startup.
0 BOOT_START
1 SYSTEM_START
2 AUTO_START
3 DEMAND_START
4 DISABLEDSome of the possible values are the same as you'd recognize as service startup values accessible from the control panel gui but this gui hides the system level services. You can find the full list in the registry at HKLM\SYSTEM\CurrentControlSet\Services. Rather than scanning that list trying to find something useful, the easiest way to find the service name of a NIC driver would be to use the Details tab in the NIC properties from the Device Manager.
With the SC util its only possible to change the value to SYSTEM_START as SC does some additional checks and denies to set the value if you try BOOT_START. To combat this just write the value directly to the registry, its found as the Start entry under the correct service key.
If someone doubts the usefulness of this you'd just have to take my word for it or go and TEST it [8|] Of course you'd first better know that your problem IS ACTUALLY the NIC driver loading. In my organization we maintain a list of driver versions and NIC services where we know we have experienced trouble earlier, and change the value to 0 for these. So far we have had zero negative effects on standard XP/2000 desktops.
Hope this helps someone!
Edit: Topic title was too long ..
0 Comments
[ + ] Show comments
Answers (0)
Please log in to answer
Be the first to answer this question
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
