Group Policy – Interactive Logon


Group Policy Scenario – Interactive Logon

Interactive Logon

You are administrator of domain. You have been asked to implement a group policy to all computers so that users should get an interactive Welcome screen with caution message, while logging into the systems.

Your message Title should be: Welcome

Your message Text should be: Please do not save files on desktop, please move it to my documents


Launch Group Policy management console in domain controller. Type GPMC.msc in run command and hit enter.


Create a new Group Policy Object, name it Interactive Logon Policy. Right Click it and select Edit.


  • Navigate to Computer Configuration>Windows Settings>Security Settings>Local Policies>Security Options
  • Here Select Interactive Logon: Message Text
  • Double click it, check the box “Define this policy setting in the template”
  • And enter your message in the text area and click OK


Similarly, select Interactive Long: Message Title, enable the policy, enter the Title and click OK


  • Group policy has been configured, now you can close the console and run below command to update the policy.
  • In run command type gupdate /force /boot /boot
  • Once command is executed, log off from your domain controller system.


Verify your results by logging into a remote system. You should see the message in the logon window.

You can connect to us via Facebook:


Active Directory Database and Log Files


Active Directory files and their functions


Ntds.dit is the main AD database file. NTDS stands for NT Directory Services. The DIT stands for Directory Information Tree. The Ntds.dit file on a particular domain controller contains all naming contexts hosted by that domain controller, including the Configuration and Schema naming contexts. A Global Catalog server stores the partial naming context replicas in the Ntds.dit right along with the full Domain naming context for its domain.


Edb.log is a transaction log. Any changes made to objects in Active Directory are first saved to a transaction log. During non-peak times in CPU activity, the database engine commits the transactions into the main Ntds.dit database. This ensures that the database can be recovered in the event of a system crash. Entries that have not been committed to Ntds.dit are kept in memory to improve performance. Transaction log files used by the ESE (Extensible Storage Engine is an Indexed Sequential Access Method (ISAM) data storage technology from Microsoft. ESE is the core of Microsoft Exchange Server and Active Directory.) engine are always 10MB.


These are auxiliary transaction logs used to store changes if the main Edb.log file gets full before it can be flushed to Ntds.dit. The xxxxx stands for a sequential number in hex. When the Edb.log file fills up, an Edbtemp.log file is opened. The original Edb.log file is renamed to Edb00001.log, and Edbtemp.log is renamed to Edb.log file, and the process starts over again. Excess log files are deleted after they have been committed. You may see more than one Edbxxxxx.log file if a busy domain controller has many updates pending.


Edb.chk is a checkpoint file. It is used by the transaction logging system to mark the point at which updates are transferred from the log files to Ntds.dit. As transactions are committed, the checkpoint moves forward in the Edb.chk file. If the system terminates abnormally, the pointer tells the system how far along a given set of commits had progressed before the termination.

Res1.log and Res2.log

Res1.log and Res2.log are reserve log files. If the hard drive fills to capacity just as the system is attempting to create an Edbxxxxx.log file, the space reserved by the Res log files is used. The system then puts a dire warning on the screen prompting you to take action to free up disk space quickly before Active Directory gets corrupted. You should never let a volume containing Active Directory files get even close to being full. File fragmentation is a big performance thief, and fragmentation increases exponentially as free space diminishes. Also, you may run into problems as you run out of drive space with online database defragmentation (compaction). This can cause Active Directory to stop working if the indexes cannot be rebuilt.


This is a scratch pad used to store information about in-progress transactions and to hold pages pulled out of Ntds.dit during compaction.


This file is used to initialize the Ntds.dit during the initial promotion of a domain controller. It is not used after that has been accomplished

Garbage Collection Logging Level


When you delete an object from AD, it gets tombstoned i.e. not deleted but stored in tombstone for a period of time in case you want to restore it back (180 days in win 2008 by default). Once 180 days completes that object is considered to be of no use any more and can be cleaned from the database and free up some space. The cleanup process is done by Garbage Collection. Garbage collection in Active Directory Domain Services (AD DS) is the process of removing deleted objects (tombstones) from the directory database. This process results in free disk space in the directory database.

By default, this free space is not reported in Event Viewer. To see the amount of free disk space that can be made available to the file system by offline defragmentation, you can change the garbage collection logging level so that the disk space is reported in the Directory Service event log. After you change the logging level, check the Directory Service event log for Event ID 1646, which reports the amount of disk space that you can recover by performing offline defragmentation.

The garbage collection logging level is an NTDS diagnostics setting in the registry. You can use this procedure to change the garbage collection logging level to 1 so that you can view Event ID 1646 in Event Viewer.

How to change the garbage collection logging level

  1. Click Start, click Run, type regedit, and then press ENTER.
  2. In Registry Editor, navigate to the Garbage Collection entry inHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics.
  3. Double-click Garbage Collection. In the Value data box, type 1, and then click OK.

Now you must wait for the on-line defrag to occur on the NTDS.dit database. Then Event 1646 shows up in the Directory Service Log.