Ghost Solution Suite 3.X console

1. The ability to resolve nested AD group membership for an AD user was added to allow true rights to be evaluated for the user.  This feature addition can cause the GSS console to load slower for various reasons:

• An Active directory user who logs into the GSS console is a member of many groups directly or indirectly.
• Global catalog and domain server machines are located on different sites or remotely from the machine where GSS console is installed.
• Network or Active directory is slow.

2. By design, the GSS console checks the Global Catalog to verify the existence of AD users in Universal Groups (either security or distribution). Accessing the Global Catalog server may be slow for two reasons:

• The Global Catalog server is present at a different site or far from the computer where GSS console is installed
• The LAN/WAN connectivity to Global Catalog is slow.

To resolve this issue a registry key has been created to set the nesting level of Active Directory groups that will be checked by the console.

Normally, the GSS console traverses all AD group membership for an AD user when verifying security. With the registry value 'ADGroupNestingLevel' & 'ADGroupNestingLevelForGC ' the GSS console can be set to limit the number of nested groups that are checked.

 The registry value if not present will be created automatically by the console under 'HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\console'. The default value is set to 0, which means that no limit is set. To set a limit put proper integer from 1 to n (where n is any integer value).

ADGroupNestingLevel
ADGroupNestingLevelForGC

0: No nesting limit
1: Nesting limit set for parent AD groups at level 1
n: Nesting limit set for parent AD groups at level n

Set the registry key "HKEY_LOCAL_MACHINE\SOFTWARE\\Altiris\\eXpress\\console\LookUpGCForMembership" to 0. Setting the registry key to 0 instructs express.exe to not look up AD group membership information in the Global Catalog