Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Using GPOs with IE

Posted on 2004-04-07
13
Medium Priority
?
440 Views
Last Modified: 2012-05-04
Hi,
I have set an OU to have a default homepage under Group Policy |User Configuration|Internet Explorer Maintenance|URLS|Important URLS

But the problem is that users can change this homepage when they like. I would like to enforce this hompage at every login. Where am I going wrong??

Please help

Blogg
0
Comment
Question by:Blogg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 15

Expert Comment

by:Rob Stone
ID: 10775004
You could remove the Tools option so they can't set there own homepage though the internet tools.

Also check the following registry key:
HKEY_USERS\S-1-5-21-237389278-1063468973-5522801-9104\Software\Microsoft\Internet Explorer\Main\

Start Page
Modify it to what you want.

Regarding the GPO, you could also make sure that you have No Override enabled for that policy.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10775703
Blogg

ou're not doing anything wrong, just not quite enough :)

Setting no override will not stop a user from altering the policy (that's not what that setting is for) and getting rid of the entire tools menu is a little extreme for such a small requirement !!

To remove the general tab ONLY on IE options dialog set the following policy:

User Configuration Policy:
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the General page

The reg entry for this is:
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!GeneralTab

Even if the users do reset the home page with your current policy, it will be returned by the next GPO refresh which is every 90 minutes - again this is configurable in the registry

Cheers

JamesDS
0
 

Author Comment

by:Blogg
ID: 10775926
James - I would not like to remove the General TAB. But the thing is -when the user resets the home page, my GPO does not reapply to the machine, ever!
E.G. - If I setup a new pc, put it in the OU to which the GPO is setup in, and login , then IE hompage is defaulted to mine. But If I(or anyone else) was to reset this hompage -the GPO will not default to what I have configured it for.

Thanks,

Blogg
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 
LVL 16

Expert Comment

by:JamesDS
ID: 10776015
Blogg

Take a look in your application event logs for events where the source is SceCli this will tell you when the policy was last applied and what the return code was.

Please post the event log entry for the most recent here

JamesDS
0
 

Author Comment

by:Blogg
ID: 10782000
James- had another look at my GPO. I had the search configured for google in the GPO, when i deleted this entry and rebooted the GPO applied succesfully. But I changed the homepage manually again from with IE rebooted but the GPO did not apply again!
The APP log shows that the source SceLi last applied yesterday...strange...

Event Type:      Information
Event Source:      SceCli
Event Category:      None
Event ID:      1704
Date:            07/04/2004
Time:            18:05:23
User:            N/A
Computer:      IED0xxxxx
Description:
Security policy in the Group policy objects are applied successfully.

SECURITY Log:

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Privilege Use
Event ID:      577
Date:            08/04/2004
Time:            10:13:57
User:            DOMAIN\USER
Computer:      IED0xxxxx
Description:
Privileged Service Called:
       Server:            Security
       Service:            -
       Primary User Name:      user
       Primary Domain:      domain
       Primary Logon ID:      (0x0,0x97A0)
       Client User Name:      -
       Client Domain:      -
       Client Logon ID:      -
       Privileges:      SeIncreaseBasePriorityPrivilege



Thanks,

Blogg
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10782367
ok, lets try this...

Change the homepage manually and then refresh your GPOs from the command line

The command under WXP is GPUPDATE.EXE
I think under W2k its something like GPREFRESH or a switch on SECEDIT, I don't have a W2k box here to check

After a few minutes check your logs again and check the homepage entry and get back to me

Cheers

JamesDS
0
 

Author Comment

by:Blogg
ID: 10783910
James, the command line is : SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE

But what is the 'REFRESHPOLICY USER_POLICY' ? how do I get this info? is it a username?
I'm on W2k
Thanks,

Blogg
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 10784129
Blogg

The command is exactly as you typed it!

The machine policy is refreshed with:
SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE


After a few minutes check your logs again and check the homepage entry and get back to me

I'm starting to run out of ideas here!

Cheers

JamesDS
0
 

Author Comment

by:Blogg
ID: 10784253
i'm such a dumb ass- i thought the 'REFRESHPOLICY MACHINE_POLICY ' was a variable...
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10784288
doh!

it happens to the best of us :)

JamesDS
0
 

Author Comment

by:Blogg
ID: 10784367
Gonna try this in a weeks time, I'm on hols now - Happy Easter!

Blogg
0
 

Author Comment

by:Blogg
ID: 10867839
James, this has worked out well! -No more problems with the GPO. Many thanks for your advice!

Kind regards,

Blogg
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10867849
Blogg
Welcome, glad to help

Cheers

JamesDS
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question