Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Internet Explorer GPO not applied (about trusted sites)

597 views
Skip to first unread message

Alex-Z

unread,
Jun 19, 2009, 6:37:06 PM6/19/09
to
Hello,

I try to do 2 things on our computers (XP Pro, IE7 and IE8) through
GPO.
1- In IE, Internet Options, Security tab, force the Trusted sites
security
level to be set to Low and unallow users to change it.
2- Add websites in the list of Trusted sites zone.

Unfortunately, what I did is not working.
Even if I have installed the adm template for IE8 for the Group
Policies
(win2003).
The GPO is reaching the target computers because some parts of the GPO
are
applied (ex: add default favorites...). Only what I tell up here is
not
working.

Here is the GPO (last way I did it. I tried a lot of configurations):

Group Policy Management
Generalhide
Detailshide
Domain MYDOMAIN.com
Owner MYDOMAIN\Domain Admins
Created 6/17/2009 5:44:10 PM
Modified 6/18/2009 5:51:02 PM
User Revisions 6 (AD), 6 (sysvol)
Computer Revisions 19 (AD), 19 (sysvol)
Unique ID {D1D1D373-1A0C-42CD-BB96-C79E705FE54C}
GPO Status Enabled

Linkshide
Location Enforced Link Status Path
MY OU PATH OK

This list only includes links in the domain of the GPO.
Security Filteringhide
The settings in this GPO can only apply to the following groups,
users, and
computers:Name
NT AUTHORITY\Authenticated Users

WMI Filteringhide
WMI Filter Name None
Description Not applicable

Delegationhide
These groups and users have the specified permission for this GPOName
Allowed Permissions Inherited
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Read No
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
MYDOMAIN\Domain Admins Edit settings, delete, modify security No
MYDOMAIN\Enterprise Admins Edit settings, delete, modify security No

Computer Configuration (Enabled)hide
Administrative Templateshide
System/Group Policyhide
Policy Setting
User Group Policy loopback processing mode Enabled
Mode: Replace


Windows Components/Internet Explorer/Internet Control Panel/Security
Pagehide
Policy Setting
Locked-Down Trusted Sites Zone Template Enabled
Locked-Down Trusted Sites

Policy Setting
Trusted Sites Zone Template Enabled
Trusted Sites Low


Windows Components/Internet Explorer/Internet Control Panel/Security
Page/Locked-Down Trusted Sites Zonehide
Policy Setting
Access data sources across domains Enabled
Access data sources across domains Enable

Policy Setting
Allow active scripting Enabled
Allow active scripting Prompt

Policy Setting
Allow binary and script behaviors Enabled
Allow Binary and Script Behaviors Administrator approved

Policy Setting
Allow drag and drop or copy and paste files Enabled
Allow drag and drop or copy and paste files Enable

Policy Setting
Allow file downloads Enabled
Allow file downloads Enable

Policy Setting
Allow font downloads Enabled
Allow font downloads Enable

Policy Setting
Allow installation of desktop items Enabled
Allow installation of desktop items Enable

Policy Setting
Allow META REFRESH Enabled
Allow META REFRESH Enable

Policy Setting
Allow paste operations via script Enabled
Allow paste operations via script Prompt

Policy Setting
Allow script-initiated windows without size or position constraints
Enabled
Allow script-initiated windows without size or position constraints
Disable

Policy Setting
Allow Scriptlets Disabled
Automatic prompting for ActiveX controls Enabled
Automatic prompting for ActiveX controls Disable

Policy Setting
Automatic prompting for file downloads Enabled
Automatic prompting for file downloads Disable

Policy Setting
Display mixed content Enabled
Display mixed content Prompt

Policy Setting
Do not prompt for client certificate selection when no certificates or
only
one certificate exists. Enabled
Do not prompt for client certificate selection when no certificates or
only
one certificate exists. Disable

Policy Setting
Download signed ActiveX controls Enabled
Download signed ActiveX controls Disable

Policy Setting
Download unsigned ActiveX controls Enabled
Download unsigned ActiveX controls Disable

Policy Setting
Initialize and script ActiveX controls not marked as safe Enabled
Initialize and script ActiveX controls not marked as safe Disable

Policy Setting
Java permissions Enabled
Java permissions Disable Java

Policy Setting
Launching applications and files in an IFRAME Enabled
Launching applications and files in an IFRAME Enable

Policy Setting
Logon options Enabled
Logon options Automatic logon with current username and password

Policy Setting
Navigate sub-frames across different domains Enabled
Navigate sub-frames across different domains Enable

Policy Setting
Open files based on content, not file extension Enabled
Open files based on content, not file extension Disable

Policy Setting
Run .NET Framework-reliant components not signed with Authenticode
Enabled
Run .NET Framework-reliant components not signed with Authenticode
Disable

Policy Setting
Run .NET Framework-reliant components signed with Authenticode
Enabled
Run .NET Framework-reliant components signed with Authenticode
Disable

Policy Setting
Run ActiveX controls and plugins Enabled
Run ActiveX controls and plugins Disable

Policy Setting
Script ActiveX controls marked safe for scripting Enabled
Script ActiveX controls marked safe for scripting Enable

Policy Setting
Scripting of Java applets Enabled
Scripting of Java applets Enable

Policy Setting
Software channel permissions Enabled
Software channel permissions Low safety

Policy Setting
Submit non-encrypted form data Enabled
Submit non-encrypted form data Enable

Policy Setting
Use Pop-up Blocker Enabled
Use Pop-up Blocker Disable

Policy Setting
Userdata persistence Enabled
Userdata persistence Enable

Policy Setting
Web sites in less privileged Web content zones can navigate into this
zone
Enabled
Web sites in less privileged Web content zones can navigate into this
zone
Disable


Windows Components/Internet Explorer/Internet Control Panel/Security
Page/Trusted Sites Zonehide
Policy Setting
Access data sources across domains Enabled
Access data sources across domains Enable

Policy Setting
Allow active content over restricted protocols to access my computer
Enabled
Allow active content over restricted protocols to access my computer
Prompt

Policy Setting
Allow active scripting Enabled
Allow active scripting Enable

Policy Setting
Allow binary and script behaviors Enabled
Allow Binary and Script Behaviors Enable

Policy Setting
Allow drag and drop or copy and paste files Enabled
Allow drag and drop or copy and paste files Enable

Policy Setting
Allow file downloads Enabled
Allow file downloads Enable

Policy Setting
Allow font downloads Enabled
Allow font downloads Enable

Policy Setting
Allow installation of desktop items Enabled
Allow installation of desktop items Enable

Policy Setting
Allow META REFRESH Enabled
Allow META REFRESH Enable

Policy Setting
Allow paste operations via script Enabled
Allow paste operations via script Enable

Policy Setting
Allow script-initiated windows without size or position constraints
Enabled
Allow script-initiated windows without size or position constraints
Enable

Policy Setting
Allow Scriptlets Enabled
Automatic prompting for ActiveX controls Enabled
Automatic prompting for ActiveX controls Enable

Policy Setting
Automatic prompting for file downloads Enabled
Automatic prompting for file downloads Enable

Policy Setting
Display mixed content Enabled
Display mixed content Prompt

Policy Setting
Do not prompt for client certificate selection when no certificates or
only
one certificate exists. Enabled
Do not prompt for client certificate selection when no certificates or
only
one certificate exists. Enable

Policy Setting
Download signed ActiveX controls Enabled
Download signed ActiveX controls Enable

Policy Setting
Download unsigned ActiveX controls Enabled
Download unsigned ActiveX controls Prompt

Policy Setting
Initialize and script ActiveX controls not marked as safe Enabled
Initialize and script ActiveX controls not marked as safe Prompt

Policy Setting
Java permissions Enabled
Java permissions Low safety

Policy Setting
Launching applications and files in an IFRAME Enabled
Launching applications and files in an IFRAME Enable

Policy Setting
Logon options Enabled
Logon options Automatic logon with current username and password

Policy Setting
Navigate sub-frames across different domains Enabled
Navigate sub-frames across different domains Enable

Policy Setting
Open files based on content, not file extension Enabled
Open files based on content, not file extension Enable

Policy Setting
Run .NET Framework-reliant components not signed with Authenticode
Enabled
Run .NET Framework-reliant components not signed with Authenticode
Enable

Policy Setting
Run .NET Framework-reliant components signed with Authenticode
Enabled
Run .NET Framework-reliant components signed with Authenticode Enable

Policy Setting
Run ActiveX controls and plugins Enabled
Run ActiveX controls and plugins Enable

Policy Setting
Script ActiveX controls marked safe for scripting Enabled
Script ActiveX controls marked safe for scripting Enable

Policy Setting
Scripting of Java applets Enabled
Scripting of Java applets Enable

Policy Setting
Software channel permissions Enabled
Software channel permissions Low safety

Policy Setting
Submit non-encrypted form data Enabled
Submit non-encrypted form data Enable

Policy Setting
Use Pop-up Blocker Enabled
Use Pop-up Blocker Disable

Policy Setting
Userdata persistence Enabled
Userdata persistence Enable

Policy Setting
Web sites in less privileged Web content zones can navigate into this
zone
Enabled
Web sites in less privileged Web content zones can navigate into this
zone
Prompt


Extra Registry Settingshide
Display names for some settings cannot be found. You might be able to
resolve this issue by updating the .ADM files used by Group Policy
Management.

Setting State
Software\Policies\Microsoft\Internet Explorer\Main\AlwaysShowMenus 1
Software\Policies\Microsoft\Internet Explorer\Main\StatusBarWeb 1
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ListBox_Support_ZoneMapKey 1
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\1206 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\1207 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\1208 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\120a 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\120b 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\1409 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\1605 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\160A 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\1807 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\1808 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\180a 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\180b 1
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\1a02 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\1a03 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\1a05 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\1a06 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\2005 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\2103 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\2104 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\2105 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\2106 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\2301 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\2400 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\2401 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\2402 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\2500 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\2600 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Lockdown_Zones\2\2700 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMapKey\*.MYDOMAIN.com 2
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMapKey\http://mysites 2
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMapKey\http://portal 2
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMapKey\http://project 2
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMapKey\https://test 2
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\1206 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\1207 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\1208 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\120a 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\120b 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\1409 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\1605 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\160A 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\1807 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\1808 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\180a 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\180b 1
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\1a02 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\1a03 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\1a05 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\1a06 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\2005 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\2103 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\2104 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\2105 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\2106 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\2301 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\2400 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\2401 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\2402 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\2500 3
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\2600 0
Software\Policies\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\2\2700 3

User Configuration (Enabled)hide
Windows Settingshide
Internet Explorer Maintenancehide
Browser User Interface/Customized Title Barhide
Title Bar Text
MYCIE, Inc.

URLs/Favorites and Linkshide
Policy Setting
Place favorites and links at the top of the list in the order
specified
below Not configured
Delete existing Favorites and Links, if present Not configured
Delete existing channels, if present Not configured
Favorites
Name URL
MYCIE - Website http://www.website.com ;


Can you help?
Thx,
Alex-Z


0 new messages