Too Many GPOs Monitor Monitor

  • ID:  Microsoft.Windows.GroupPolicy.2008.Runtime.GroupPolicyPreprocessingGeneral.System.ReduceexcessivenumbersoflinkedGroupPolicyobjects.EventBased.UnitMonitor
  • Description:   
  • Target:  Group Policy 2008 Runtime
  • Enabled:  On Essential Monitoring

Operational States

Name State Description
ManualReset Success  
NegativeHealthState Error  

Alert Details

Monitor State Message Priority Severity Auto Resolution
NegativeHealthState (Error) Group Policy Preprocessing (General) Alert Medium Match Monitor Health Yes

Run As Profiles

Name
Default

Monitor Knowledgebase

Summary

Too Many GPOs

The Group Policy service, during the preprocessing phase, ensures that Group Policy is not configured beyond the scope of the service. An improper configuration could prevent Group Policy from applying to a computer or user.

Causes
This unit monitor does not contain any causes.
Resolutions

Reduce excessive numbers of linked Group Policy objects

Group Policy objects can be linked throughout the Active Directory hierarchy. Windows traverse this hierarchy, searching for Group Policy objects that apply to the user or computer. Windows cannot apply more than 999 Group Policy objects to a single user or computer.

To reduce excessive numbers of linked Group Policy objects (GPOs):

  • Determine the total number of Group Policy objects (GPOs) within the scope of the user or computer. You can do this using the Group Policy Results reporting feature from the Group Policy Management Console (GPMC). Expand the Group Policy Objects section in the report to view the list of applied and denied Group Policy objects.

  • Determine the number of GPOs you must remove from the scope of the computer or user to fall under the limit of 999. This is the number of GPOs you must remove from the scope of the computer or user.

  • Analyze each of the policy settings to determine if the computer or user is receiving any GPOs with duplicate settings. You can do this by using the reporting features in GPMC.

  • Perform one or more of the following actions to remove the GPO from the scope of the user:

  • Unlink the GPO from the site, domain, or organizational unit. This removes the GPO from the scope of all users within the site, domain, or organizational unit, respectively.

  • Move the computer or user to a different organizational unit where fewer GPOs are linked. Or consider moving the computer or user to a higher location in the Active Directory hierarchy.

  • Use security filtering to prevent the GPO from being in scope with the computer or user.

External References
This monitor does not contain any external references.

See Also for Windows Server 2003/2008 Group Policy Management Pack


Downloads for Windows Server 2003/2008 Group Policy Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED