Solved

Using GPOs with IE

Posted on 2004-04-07
13
431 Views
Last Modified: 2012-05-04
Hi,
I have set an OU to have a default homepage under Group Policy |User Configuration|Internet Explorer Maintenance|URLS|Important URLS

But the problem is that users can change this homepage when they like. I would like to enforce this hompage at every login. Where am I going wrong??

Please help

Blogg
0
Comment
Question by:Blogg
  • 6
  • 6
13 Comments
 
LVL 15

Expert Comment

by:Rob Stone
ID: 10775004
You could remove the Tools option so they can't set there own homepage though the internet tools.

Also check the following registry key:
HKEY_USERS\S-1-5-21-237389278-1063468973-5522801-9104\Software\Microsoft\Internet Explorer\Main\

Start Page
Modify it to what you want.

Regarding the GPO, you could also make sure that you have No Override enabled for that policy.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10775703
Blogg

ou're not doing anything wrong, just not quite enough :)

Setting no override will not stop a user from altering the policy (that's not what that setting is for) and getting rid of the entire tools menu is a little extreme for such a small requirement !!

To remove the general tab ONLY on IE options dialog set the following policy:

User Configuration Policy:
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the General page

The reg entry for this is:
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!GeneralTab

Even if the users do reset the home page with your current policy, it will be returned by the next GPO refresh which is every 90 minutes - again this is configurable in the registry

Cheers

JamesDS
0
 

Author Comment

by:Blogg
ID: 10775926
James - I would not like to remove the General TAB. But the thing is -when the user resets the home page, my GPO does not reapply to the machine, ever!
E.G. - If I setup a new pc, put it in the OU to which the GPO is setup in, and login , then IE hompage is defaulted to mine. But If I(or anyone else) was to reset this hompage -the GPO will not default to what I have configured it for.

Thanks,

Blogg
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10776015
Blogg

Take a look in your application event logs for events where the source is SceCli this will tell you when the policy was last applied and what the return code was.

Please post the event log entry for the most recent here

JamesDS
0
 

Author Comment

by:Blogg
ID: 10782000
James- had another look at my GPO. I had the search configured for google in the GPO, when i deleted this entry and rebooted the GPO applied succesfully. But I changed the homepage manually again from with IE rebooted but the GPO did not apply again!
The APP log shows that the source SceLi last applied yesterday...strange...

Event Type:      Information
Event Source:      SceCli
Event Category:      None
Event ID:      1704
Date:            07/04/2004
Time:            18:05:23
User:            N/A
Computer:      IED0xxxxx
Description:
Security policy in the Group policy objects are applied successfully.

SECURITY Log:

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Privilege Use
Event ID:      577
Date:            08/04/2004
Time:            10:13:57
User:            DOMAIN\USER
Computer:      IED0xxxxx
Description:
Privileged Service Called:
       Server:            Security
       Service:            -
       Primary User Name:      user
       Primary Domain:      domain
       Primary Logon ID:      (0x0,0x97A0)
       Client User Name:      -
       Client Domain:      -
       Client Logon ID:      -
       Privileges:      SeIncreaseBasePriorityPrivilege



Thanks,

Blogg
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10782367
ok, lets try this...

Change the homepage manually and then refresh your GPOs from the command line

The command under WXP is GPUPDATE.EXE
I think under W2k its something like GPREFRESH or a switch on SECEDIT, I don't have a W2k box here to check

After a few minutes check your logs again and check the homepage entry and get back to me

Cheers

JamesDS
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:Blogg
ID: 10783910
James, the command line is : SECEDIT /REFRESHPOLICY USER_POLICY /ENFORCE

But what is the 'REFRESHPOLICY USER_POLICY' ? how do I get this info? is it a username?
I'm on W2k
Thanks,

Blogg
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 125 total points
ID: 10784129
Blogg

The command is exactly as you typed it!

The machine policy is refreshed with:
SECEDIT /REFRESHPOLICY MACHINE_POLICY /ENFORCE


After a few minutes check your logs again and check the homepage entry and get back to me

I'm starting to run out of ideas here!

Cheers

JamesDS
0
 

Author Comment

by:Blogg
ID: 10784253
i'm such a dumb ass- i thought the 'REFRESHPOLICY MACHINE_POLICY ' was a variable...
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10784288
doh!

it happens to the best of us :)

JamesDS
0
 

Author Comment

by:Blogg
ID: 10784367
Gonna try this in a weeks time, I'm on hols now - Happy Easter!

Blogg
0
 

Author Comment

by:Blogg
ID: 10867839
James, this has worked out well! -No more problems with the GPO. Many thanks for your advice!

Kind regards,

Blogg
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10867849
Blogg
Welcome, glad to help

Cheers

JamesDS
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now