The Ghost Solution Suite console opens very slowly when first opened. This can take anywhere from 30 seconds to a few minutes to open. This occurs only when using AD pass through authentication to access the Ghost Solution Suite console.
The security users may be added to the Ghost Solution Suite console security either through AD group membership, or the users may be added individually. In either case the issue will only occur when users are members of AD groups which are members of other AD groups (that is nested AD groups). The issue is especially pronounced when the AD group nesting goes many layers deep, and each group contains a large number of users and computers
A Ghost Solution Suite console that has security enabled may load slowly when accessing Active Directory (AD) Global Catalog server to verify user group membership.
1. The ability to resolve nested AD group membership for an AD user was added to allow true rights to be evaluated for the user. This feature addition can cause the GSS console to load slower for various reasons:
2. By design, the GSS console checks the Global Catalog to verify the existence of AD users in Universal Groups (either security or distribution). Accessing the Global Catalog server may be slow for two reasons:
To resolve this issue a registry key has been created to set the nesting level of Active Directory groups that will be checked by the console.
Normally, the GSS console traverses all AD group membership for an AD user when verifying security. With the registry value 'ADGroupNestingLevel' & 'ADGroupNestingLevelForGC ' the GSS console can be set to limit the number of nested groups that are checked.
The registry value if not present will be created automatically by the console under 'HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\console'. The default value is set to 0, which means that no limit is set. To set a limit put proper integer from 1 to n (where n is any integer value).
0: No nesting limit
1: Nesting limit set for parent AD groups at level 1
n: Nesting limit set for parent AD groups at level n
Set the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\\Altiris\\eXpress\\console\LookUpGCForMembership" to 0. Setting the registry key to 0 instructs express.exe to not look up AD group membership information in the Global Catalog