I have been working on speeding up network logins. As part of this process I'm disabling the 'always wait for network' option.
This isn't inherently a problem, but I would really like to be able to pop up a dialog along the lines of "we see your drives aren't mapped / your folders haven't been redirected. please log off and back on to complete the process". This would cut helpdesk calls tremendously.
Is there a good way determine when group needs to run synchronously? A flag in the registry, etc?
My take is "Group policy needs to be run synchronously".
Seriously.
The default in Windows 2000 was to run all Group Policy (computer and user) synchronously. Microsoft had materials in their "Official Curriculum" back then that even describe asynchronous policy application as potentially unreliable.
When asynchronous computer policy application became the default in Windows XP I found that it was unreliable and non-deterministic. From that point on I've been forcing policy application to be synchronous and I've been happy with the results.
I'd like logons to be faster, but at the same time I need things to be reliable. Reliability trumps speed to me.
Found a solution to this issue, without needing to go with a full blown synchronous run. Gotta love procmon.
The registry keys
HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Status\GPExtensions\{guid}\ForceRefreshFGare set to 1 whenever a GPP item needs a synchronous run for the currently logged on user. With a little bit of scripting wizardry we at least have another option.