Internet Explorer Group Policies

Posted on 2006-04-01
Last Modified: 2010-04-18
Hi there

I have a Windows 2003 server and xp sp2 clients.

I want a single internet policy that permits and disallows certain behaviour for any user logging into the network. My question is, should group policies for Internet Explorer, such activex downloads,meta fresh and the like be configured in the "Internet Explorer Maintence" or under the security page/internet control panel/internet explorer/windows components for the users?

Does it make any difference?
Question by:markf100
    LVL 12

    Accepted Solution

    With the latter, it's easier to read the effective settings and to change settings later. The settings made by importing from the current machine do not appear in GPMC/RSOP.

    Internet Explorer Maintenance is nice if you have a system completely set up the way you like it, including security zones and restrictions, and want to import those into a policy. If you want to change settings later, you'll have to make sure the settings you're importing really reflect what you want.

    Also, on a server that has enhanced security configuration enabled, the settings under IE maintenance are only applied to computers with enhanced security installed. This makes me believe it depends too much on the browser and configuration on the machine you're configuring the policy on.

    I'd use Administrative Templates/Windows components/etc for policies as much as possible.
    LVL 48

    Expert Comment

    Hi markf100,

    i woul tend to agree with rant on this, we have a rather nice policy that locks down users just how we like i and after months of trialling and implementing and finalising the thing across the board, we found that all our policies site under  admintemplates\windows components\etc in regards to internet  - we set proxies and security boundaries etc


    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
    I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now